Ana içeriğe geç

windows-exploit-suggester

Referanslar

Zafiyetleri ve Metasploit modüllerini bulmak için Windows'da analizlerinizi yapın.

Çalıştırma Örneği

Hedefe systeminfo yürütmenin bir yolunu bulun.

$ windows-exploit-suggester --update
[*] initiating winsploit version 3.3...
[+] writing to file 2019-06-02-mssb.xls
[*] done

$ windows-exploit-suggester --database 2019-06-02-mssb.xls --systeminfo systeminfo.txt
[*] initiating winsploit version 3.3...
[*] database file detected as xls or xlsx based on extension
[*] attempting to read from the systeminfo input file
[+] systeminfo input file read successfully (ascii)
[*] querying database file for potential vulnerabilities
[*] comparing the 2 hotfix(es) against the 24 potential bulletins(s) with a database of 137 known exploits
[*] there are now 24 remaining vulns
[+] [E] exploitdb PoC, [M] Metasploit module, [*] missing bulletin
[+] windows version identified as 'Windows 2003 SP1 32-bit'
[*] 
[M] MS09-043: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) - Critical
[M] MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) - Important
[M] MS09-002: Cumulative Security Update for Internet Explorer (961260) (961260) - Critical
[M] MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Critical
[M] MS08-078: Security Update for Internet Explorer (960714) - Critical
[M] MS08-070: Vulnerabilities in Visual Basic 6 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) - Critical
[*] done

Son Güncelleme: May 28, 2020