MS13 -090: Cumulative Security Update of ActiveX Kill Bits ( 2900986) - Critical MS13 -101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege ( 2880430) - Important MS14 -012: Cumulative Security Update for Internet Explorer ( 2925418) - Critical windows version identified as 'Windows 7 SP1 32-bit' comparing the 15 hotfix(es) against the 173 potential bulletins(s) querying database file for potential vulnerabilities database file detected as xls or xlsx based on extension windows-exploit-suggester.py -database 2014 -06 -06-mssb.xlsx -systeminfo win7sp1-systeminfo.txt
#METASPLOIT LOCAL EXPLOIT SUGGESTER INSTALL#
(install python-xlrd, $ pip install xlrd -upgrade)įeed it "systeminfo" input, and point it to the microsoft database $.
It was heavily inspired by Linux_Exploit_Suggester by Pentura.īlog Post: "Introducing Windows Exploit Suggester", USAGE The output shows either public exploits (E), or Metasploit modules (M) as Known IIS exploits it will flag them even if IIS is not running on the Software is actually running on the target host. This can result in many false-positives, and it is key to know what When looking at the command output, it is important to note that it assumesĪll vulnerabilities and then selectively removes them based upon the hotfixĭata. It has the ability to automatically download the security bulletin databaseįrom Microsoft with the -update flag, and saves it as an Excel spreadsheet. It requires the 'systeminfo' command output from a Windows host in order toĬompare that the Microsoft security bulletin database and determine the
Notifies the user if there are public exploits and Metasploit modules
0 kommentar(er)
