patch-checker: Web-based check for Windows privesc vulnerabilities
This is the code base for the service running on here. In short, PatchChecker is a web application (running on flask) that provides output similar to that of Watson. However, by using PatchChecker, one is not required to execute a binary on the target machine. Included in this project is also a web scraper that will automatically update the database for PatchChecker using information present on Microsoft sites, this allows for a more scalable and easier to use solution to the problem of finding CVEs to which a Windows system is (or is not) patched against. Additionally, any other CVEs can be added to the data collector input and checked for as long as they have an entry on https://portal.msrc.microsoft.com. You can also use this to get the data to update Watson.
git clone https://github.com/deadjakk/patch-checker.git
pip install -r requirements.txt
To use the patchchecker, you can either go to the publicly hosted website here at patchchecker.com or you can git clone this repo, install the required libraries, makes sure patches.db is in the same directory as app.py and then start the application with python3 ./app.py. Once the application is started you can open the included “index.html” file in a browser to actually use the service and get the list of patches to which the system being tested is vulnerable.
Additional information can be found here.
Getting KB data:
Expected output from a webpage:
Expected output from the webpage when vulnerabilities are found:
Alternatively, you can use a curl command and do something like this: Request:
note: you can use any delimiter you wish, I’m using spaces here:
note: used some fake KBs so it’s showing vuln to everything, i.e. I have nothing installed
note: output is truncated
To run the code in this repo yourself don’t forget to run: python3 -m pip install -r requirements.txt and run with python3. For reference, I used python 3.7.3.
Data Collection: patchdata_collector.py
The patchdata_collector.py script is the pyppeteer scraper that iterates through several Microsoft sites to get the desired data for the cves specified in the –cve-list arg file. For an example of the expected format see the cves.txt file within the samples directory. Basically it’s a line-separated file with each line containing the following CVE-XXXX-XXXX|https://website.com/resource-pertaining-to-CVE,http://second_resource.com you get the idea. An example of the resulting output can be found in the patches.db file included.
The code isn’t perfect but it gets the data and works for the time being. As a reference, with 9 CVEs, it should take about 11 minutes to complete, YMMV.
Running time ./patchdata_collector.py –cve-list cves.txt –db antest.db –new-db yields the following output: