Windows Exploit Suggester

The tool can be targeted system patch installation and Microsoft vulnerability database for comparison, and then detect the potential of the target system is not fixed vulnerabilities. At the same time this tool will also inform the user for this vulnerability whether there is a public exp and available Metasploit module.
At the same time it can use the -update parameter to automatically download patch database from Microsoft, and save it as an Excel spreadsheet.
Note that this tool will first assume that the target system there are all the vulnerabilities, and then based on system patches to selectively remove the patched vulnerabilities. So the tool may cause some false positives, so you first need to know what the target machine installed software. For example, if the machine does not have a patch for IIS, the tool would think the vulnerability exists even if there is no IIS on the machine.

How to use

0. Download Windows exploit suggester from GitHub
root@kali:~/Desktop# git clone https://github.com/GDSSecurity/Windows-Exploit-Suggester.git
1. First, install the program relies install python-xlrd
root@kali:~/Desktop# apt-get install python-xlrd
2. Then, we need to update the vulnerability database
root@kali:~/Desktop/Windows-Exploit-Suggester# python windows-exploit-suggester.py –update
3. Continue, in the target machine systeminfo implementation, and output to the file and specify the database location (that is, excel file).
root@kali:~/Desktop/Windows-Exploit-Suggester# python windows-exploit-suggester.py –database 2016-10-15-mssb.xls –systeminfo Windows10-info.txt

The following instruction to list all the possible EXP specified operating system version exists (assuming the target system does not make any patch)
[*] initiating winsploit version 3.2…
[*] database file detected as xls or xlsx based on extension
[*] attempting to read from the systeminfo input file
[+] systeminfo input file read successfully (utf-8)
[*] querying database file for potential vulnerabilities
[*] comparing the 3 hotfix(es) against the 122 potential bulletins(s) with a database of 133 known exploits
[*] there are now 114 remaining vulns
[+] [E] exploitdb PoC, [M] Metasploit module, [*] missing bulletin
[+] windows version identified as ‘Windows 10 64-bit’
[*]
[M] MS16-075: Security Update for Windows SMB Server (3164038) – Important
[E] MS16-074: Security Update for Microsoft Graphics Component (3164036) – Important
[E] MS16-063: Cumulative Security Update for Internet Explorer (3163649) – Critical
[E] MS16-032: Security Update for Secondary Logon to Address Elevation of Privile (3143141) – Important
[M] MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041) – Important
[E] MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228) – Important
[E] MS16-007: Security Update for Microsoft Windows to Address Remote Code Execution (3124901) – Important
[E] MS15-132: Security Update for Microsoft Windows to Address Remote Code Execution (3116162) – Important
[E] MS15-112: Cumulative Security Update for Internet Explorer (3104517) – Critical
[E] MS15-111: Security Update for Windows Kernel to Address Elevation of Privilege (3096447) – Important
[E] MS15-102: Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657) – Important
[E] MS15-097: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656) – Critical
[*] done

Share