wesng v0.96 releases: Windows Exploit Suggester

Windows Exploit Suggester – Next Generation (WES-NG)

WES-NG is a tool which based on the output of Windows’ systeminfo utility provides you with the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported.

This GitHub repository will regularly update the database of vulnerabilities so running wes.py with the --update parameter will get you the latest version. In case for some reason you want to generate the .csv file with hotfix information yourself, use the scripts from the /collector folder to compile the database. Read the comments at the top of each script and execute them in the order as they are listed below. After executing these scripts you will end up with the CVEs.csv file. The WES-NG collector pulls information from various sources:

  • Microsoft Security Bulletin Data: KBs for older systems [1]
  • MSRC: The Microsoft Security Update API of the Microsoft Security Response Center (MSRC) is nowadays the standardized way to obtain information about Microsoft updates [2]
  • NIST National Vulnerability Database (NVD): Complement vulnerabilities with Exploit-DB links [3] These are combined into a single .csv file which is compressed and hosted in this GitHub repository.

Changelog v0.96

  • Support for Windows 10 Redstone 6 (1903)
  • Added option to filter on severity
  • Fixup for French systeminfo file

Download

git clone https://github.com/bitsadmin/wesng.git

Use

Copyright (c) 2019, Arris Huijgen
All rights reserved.

Source: https://github.com/bitsadmin/

Share