feat: add exploitdb and payload plugins, complete wave 4

ExploitDB: search local exploit-db CSV mirror by keyword, EDB ID,
or CVE identifier. In-bot update command downloads the latest CSV
from GitLab. Also added to the update-data.sh script.

Payload: built-in template library with 52 payloads across 6
categories (sqli, xss, ssti, lfi, cmdi, xxe). Supports browsing,
numeric index, and keyword search within categories.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/CHEATSHEET.md

@@ -107,6 +107,28 @@ IRC operators are auto-detected via WHO. Hostmask patterns use fnmatch.
 !note clear                     # Clear all notes (admin)
 ```
 
+## Exploit-DB
+
+```
+!exploitdb search apache        # Search by keyword
+!exploitdb 12345                # Lookup by EDB ID
+!exploitdb cve CVE-2024-1234    # Search by CVE
+!exploitdb update               # Download latest CSV
+!exploitdb stats                # Show index size
+```
+
+## Payloads
+
+```
+!payload list                   # List categories
+!payload sqli                   # Show SQLi payloads
+!payload xss 3                  # Show XSS payload #3
+!payload ssti jinja             # Search SSTI for 'jinja'
+!payload lfi all                # Show all LFI payloads
+```
+
+Categories: sqli, xss, ssti, lfi, cmdi, xxe
+
 ## Red Team
 
 ```

docs/USAGE.md

@@ -94,6 +94,8 @@ level = "info"                # Logging level: debug, info, warning, error
 | `!note <set\|get\|del\|list\|clear>` | Per-channel key-value notes |
 | `!subdomain <domain> [brute]` | Subdomain enumeration (crt.sh + DNS) |
 | `!headers <url>` | HTTP header fingerprinting |
+| `!exploitdb <search\|id\|cve\|update>` | Search local Exploit-DB mirror |
+| `!payload <type> [variant]` | Web vuln payload templates |
 
 ### Command Shorthand