feat: add exploitdb and payload plugins, complete wave 4

ExploitDB: search local exploit-db CSV mirror by keyword, EDB ID,
or CVE identifier. In-bot update command downloads the latest CSV
from GitLab. Also added to the update-data.sh script.

Payload: built-in template library with 52 payloads across 6
categories (sqli, xss, ssti, lfi, cmdi, xxe). Supports browsing,
numeric index, and keyword search within categories.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

scripts/update-data.sh

@@ -106,6 +106,25 @@ update_geolite2() {
     done
 }
 
+# -- Exploit-DB CSV -----------------------------------------------------------
+update_exploitdb() {
+    local dest_dir="$DATA_DIR/exploitdb"
+    local dest="$dest_dir/files_exploits.csv"
+    local url="https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv"
+    mkdir -p "$dest_dir"
+    dim "Downloading exploit-db CSV..."
+    if curl -sS -fL --max-time 60 -o "$dest.tmp" "$url"; then
+        local count
+        count=$(wc -l < "$dest.tmp")
+        mv "$dest.tmp" "$dest"
+        info "Exploit-DB: $count entries"
+    else
+        rm -f "$dest.tmp"
+        err "Failed to download exploit-db CSV"
+        ((FAILURES++)) || true
+    fi
+}
+
 # -- Main ---------------------------------------------------------------------
 printf "${DIM}derp data update${RST}\n"
 printf "${DIM}%s${RST}\n" "$(date -u '+%Y-%m-%d %H:%M UTC')"
@@ -113,6 +132,7 @@ echo
 
 update_tor
 update_iprep
+update_exploitdb
 update_geolite2
 
 echo