aoncyberlabs / windows-exploit-suggester Goto Github PK

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

License: GNU General Public License v3.0

Python 100.00%

windows-exploit-suggester's Introduction

DESCRIPTION

It requires the 'systeminfo' command output from a Windows host in order to compare that the Microsoft security bulletin database and determine the patch level of the host.

It has the ability to automatically download the security bulletin database from Microsoft with the --update flag, and saves it as an Excel spreadsheet.

When looking at the command output, it is important to note that it assumes all vulnerabilities and then selectively removes them based upon the hotfix data. This can result in many false-positives, and it is key to know what software is actually running on the target host. For example, if there are known IIS exploits it will flag them even if IIS is not running on the target host.

The output shows either public exploits (E), or Metasploit modules (M) as indicated by the character value.

It was heavily inspired by Linux_Exploit_Suggester by Pentura.

Blog Post: "Introducing Windows Exploit Suggester", https://blog.gdssecurity.com/labs/2014/7/11/introducing-windows-exploit-suggester.html

USAGE

update the database

$ ./windows-exploit-suggester.py --update
[*] initiating...
[*] successfully requested base url
[*] scraped ms download url
[+] writing to file 2014-06-06-mssb.xlsx
[*] done

install dependencies

(install python-xlrd, $ pip install xlrd --upgrade)

feed it "systeminfo" input, and point it to the microsoft database

$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt 
[*] initiating...
[*] database file detected as xls or xlsx based on extension
[*] reading from the systeminfo input file
[*] querying database file for potential vulnerabilities
[*] comparing the 15 hotfix(es) against the 173 potential bulletins(s)
[*] there are now 168 remaining vulns
[+] windows version identified as 'Windows 7 SP1 32-bit'
[*] 
[M] MS14-012: Cumulative Security Update for Internet Explorer (2925418) - Critical
[E] MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430) - Important
[M] MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986) - Critical
[M] MS13-080: Cumulative Security Update for Internet Explorer (2879017) - Critical
[M] MS13-069: Cumulative Security Update for Internet Explorer (2870699) - Critical
[M] MS13-059: Cumulative Security Update for Internet Explorer (2862772) - Critical
[M] MS13-055: Cumulative Security Update for Internet Explorer (2846071) - Critical
[M] MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) - Critical
[M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical
[M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important
[*] done

possible exploits for an operating system can be used without hotfix data

$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --ostext 'windows server 2008 r2' 
[*] initiating...
[*] database file detected as xls or xlsx based on extension
[*] getting OS information from command line text
[*] querying database file for potential vulnerabilities
[*] comparing the 0 hotfix(es) against the 196 potential bulletins(s)
[*] there are now 196 remaining vulns
[+] windows version identified as 'Windows 2008 R2 64-bit'
[*] 
[M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical
[M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important
[E] MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Important
[M] MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) - Important
[M] MS10-061: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) - Critical
[E] MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) - Important
[E] MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) - Important
[M] MS10-002: Cumulative Security Update for Internet Explorer (978207) - Critical
[M] MS09-072: Cumulative Security Update for Internet Explorer (976325) - Critical

LIMITATIONS

Currently, if the 'systeminfo' command reveals 'File 1' as the output for the hotfixes, it will not be able to determine which are installed on the target. If this occurs, the list of hotfixes will need to be retrieved from the target host and passed in using the --hotfixes flag

It currently does not seperate 'editions' of the Windows OS such as 'Tablet' or 'Media Center' for example, or different architectures, such as Itanium-based only

False positives also occur where it assumes EVERYTHING is installed on the target Windows operating system. If you receive the 'File 1' output, try executing 'wmic qfe list full' and feed that as input with the --hotfixes flag, along with the 'systeminfo'

LICENSE

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

windows-exploit-suggester's People

Stargazers

Watchers

Forkers

lucabongiorni pentestit cyl0ng kissthink b-rich syphersec loonghu debug-orz linkp2p rmusser01 ksmaheshkumar joaquimcorrea ralfzhb theralfbrown johnjohnsp1 hackerbolt akiraaisha shalekesan sgabe edebernis ph0urce justwee blackhatethicalhacking nersle chubbymaggie team-firebugs rajivraj conjuringtricks kaboramb chinalover yas3r gr3yr0n1n idkwim kulminati jbarcia qardeneden gurdzain hxp2k6 le31ei z0x010 jack51706 yuang1516 kiang70 wflk tuian 0x90n rainism suduma yeyintminthuhtut ntgnst fork42541 ver007 neomatrixcode fabiand93 keepcurious pyraaryp gowabby ouxinyang eniac888 rocke pang-w bluexray diggold pythonone j-xiansheng uncia hi-kk tzubal raslin777 cbrdiv gajasurve bwry allwithfly walkinreeds pabit neo23x0 qiyeboy orangetw johnhubcr psuedoelastic wmswu ra0mb1er pollysu cryptedwolf m-smith-contact caineqt nikamajinkya jonaslejon rwboy yanghypp awesome-security ahjkk fallenangel3k 0x13337 ninjenir ankushgoel27 witchfindertr 3mrgnc3 thecripple hpxpat

windows-exploit-suggester's Issues

ERROR: No sheet named <'Export Bulletin Search Spreadsh'>

Hi I get the following error:

./windows-exploit-suggester.py -u
[*] initiating winsploit version 3.2...
[+] writing to file 2016-10-12-mssb.xls
[*] done

./windows-exploit-suggester.py -i systeminfo.txt -d 2016-10-12-mssb.xls 
[*] initiating winsploit version 3.2...
[*] database file detected as xls or xlsx based on extension
Traceback (most recent call last):
  File "./windows-exploit-suggester.py", line 1530, in <module>
    main()
  File "./windows-exploit-suggester.py", line 414, in main
    sh = wb.sheet_by_name('Export Bulletin Search Spreadsh')
  File "/usr/lib/python2.7/dist-packages/xlrd/book.py", line 441, in sheet_by_name
    raise XLRDError('No sheet named <%r>' % sheet_name)
xlrd.biffh.XLRDError: No sheet named <'Export Bulletin Search Spreadsh'>

However, the tool works with a db file i created about 2 weeks ago. Any suggestions?

xlrd.biffh.XLRDError: Excel xlsx file; not supported

The latest version of xlrd is not working fine with this tool

Instead, we have to install an old version of xlrd

pip2 uninstall xlrd
pip2 install xlrd==1.2.0

Getting Error : please install and upgrade the python-xlrd library

I am unable to use windows exploit suggester, and getting below error and unable the locate python-xlrd, I have updated and upgraded version of xlrd library and still unable to use.

python2.7 windows-exploit-suggester.py -d 2020-10-19-mssb.xls -i /root/Desktop/Grandpa\ htb/systeminfo.txt
[] initiating winsploit version 3.3...
[] database file detected as xls or xlsx based on extension
[-] please install and upgrade the python-xlrd library

I have search every where for the solution, but no luck, please help with this issue

Inability to parse non-English language systeminfo input

Plans to fix are forthcoming and should be released shortly. Ideal situation would allow for dynamic parsing of systeminfo input regardless of language.

suggester does not find an exploit

Hello,
first of all thanks for this great tool;
I am doing a virtual lab PE, systeminfo of targeted machine is the following:

Hostname                    TESTING
OS Name:                   Microsoft Windows 7 Ultimate N 
OS Version:                6.1.7601 Service Pack 1 Build 7601
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          Admin
Registered Organization:   
Product ID:                00432-020-0000007-85048
Original Install Date:     1/8/2017, 4:21:34 AM
System Boot Time:          3/6/2018, 5:29:32 PM
System Manufacturer:       VMware, Inc.
System Model:              VMware Virtual Platform
System Type:               X86-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: x64 Family 6 Model 63 Stepping 2 GenuineIntel ~2597 Mhz
BIOS Version:              Phoenix Technologies LTD 6.00, 9/21/2015
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory:     1,024 MB
Available Physical Memory: 622 MB
Virtual Memory: Max Size:  1,815 MB
Virtual Memory: Available: 1,264 MB
Virtual Memory: In Use:    551 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    WORKGROUP
Logon Server:              \\TESTING
Hotfix(s):                 10 Hotfix(s) Installed.
                           [01]: KB968771
                           [02]: KB971033
                           [03]: KB2305420
                           [04]: KB2425227
                           [05]: KB2533552
                           [06]: KB2534366
                           [07]: KB3045171
                           [08]: KB958488
                           [09]: KB976902
                           [10]: KB976932
Network Card(s):           1 NIC(s) Installed.
                           [01]: Intel(R) PRO/1000 MT Network Connection
                                 Connection Name: Local Area Connection
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 10.1.1.5

I launch the script:

python windows-exploit-suggester.py -d 2017-12-16-mssb.xls  -i hotfix.txt

The output MS list is the following:

MS16-135
MS16-098
MS16-075
MS16-074
MS16-063
MS16-059
MS16-056
MS16-032
MS16-016
MS16-014
MS16-007
MS15-134
MS15-132
MS15-112
MS15-111
MS15-102
MS15-100
MS15-097
MS15-078
MS15-001
MS14-068
MS14-064
MS14-060
MS14-040
MS14-035
MS14-029
MS14-026
MS14-012
MS14-009
MS13-097
MS13-090
MS13-080
MS13-069
MS13-059
MS13-055
MS13-009
MS12-037

Anyway the right exploit to do privilege escalation was the simple ms11-046 (adf.sys). Am I wrong something ? Why I am not able to detect this MS with the script?

Thanks in advance

Bulletin URL has changed

After looking at the script and seeing what it was doing, it seems it needs to be updated to pull *.xls not *.xlsx. After changing that in the code, I was able to update.

Run WES on Macbook ARM64

line 390 : error
fix
except (IOError, Exception) as e:
line 679 : error
fix
except (csv.Error) as e:
line 847
if not ARGS.duplicates: alerted.add(lmsid)
fix :
space instead of tab
line 1567 :
fix:
except (urllib2.URLError, Exception) as e:

line 1607 :
print(message)

line 330 import module StringIO error :
replace module by : io.StringIO

line 333 about module urllib
just change theses lines :
import urllib.request
...
opener = urllib.request.build_opener()

Server 2016 is not supported

Command output

$ ./windows-exploit-suggester.py -d 2018-12-21-mssb.xls -i systeminfo.txt
[*] initiating winsploit version 3.3...
[*] database file detected as xls or xlsx based on extension
[*] attempting to read from the systeminfo input file
[+] systeminfo input file read successfully (ascii)
[-] unable to determine the windows versions from the input file specified. consider using --ostext option to force detection (example: --ostext 'windows 7 sp1 64-bit')

Input file

Host Name:                 DC1
OS Name:                   Microsoft Windows Server 2016 Datacenter
OS Version:                10.0.14393 N/A Build 14393
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Additional/Backup Domain Controller
OS Build Type:             Multiprocessor Free
Registered Owner:          Windows User
Registered Organization:   
Product ID:                00376-40000-00000-AA947
Original Install Date:     5/1/2018, 1:18:31 PM
System Boot Time:          12/20/2018, 4:00:31 PM
System Manufacturer:       VMware, Inc.
System Model:              VMware Virtual Platform
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 45 Stepping 2 GenuineIntel ~3096 Mhz
BIOS Version:              Phoenix Technologies LTD 6.00, 4/5/2016
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC-06:00) Central Time (US & Canada)
Total Physical Memory:     8,191 MB
Available Physical Memory: 6,643 MB
Virtual Memory: Max Size:  9,471 MB
Virtual Memory: Available: 8,001 MB
Virtual Memory: In Use:    1,470 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    lab.local
Logon Server:              \\DC1
Hotfix(s):                 8 Hotfix(s) Installed.
                           [01]: KB3186568
                           [02]: KB3199986
                           [03]: KB4023834
                           [04]: KB4035631
                           [05]: KB4049065
                           [06]: KB4132216
                           [07]: KB4465659
                           [08]: KB4483229
Network Card(s):           1 NIC(s) Installed.
                           [01]: vmxnet3 Ethernet Adapter
                                 Connection Name: Ethernet
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 10.0.0.10
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.

Greppable database file

Any chance you can make the output xls file into a greppable format? Something that you could manipulate with cut?

Awesome tool by the way - super helpful finding those privilege escalations.

UnboundLocalError: local variable 'lmsid' referenced before assignment

C:\Python>python.exe windows-exploit-suggester.py -i systeminfo_result.txt -d 2018-06-01-mssb.xls
[] initiating winsploit version 3.3...
[] database file detected as xls or xlsx based on extension
[] attempting to read from the systeminfo input file
[+] systeminfo input file read successfully (utf-8)
[] querying database file for potential vulnerabilities
[] comparing the 203 hotfix(es) against the 266 potential bulletins(s) with a database of 137 known exploits
[] there are now 111 remaining vulns
[+] [E] exploitdb PoC, [M] Metasploit module, [] missing bulletin
[+] windows version identified as 'Windows 2012 R2 64-bit'
[]
Traceback (most recent call last):
File "windows-exploit-suggester.py", line 1639, in
main()
File "windows-exploit-suggester.py", line 451, in main
elif ARGS.systeminfo or ARGS.ostext: run(database)
File "windows-exploit-suggester.py", line 847, in run
if not ARGS.duplicates: alerted.add(lmsid)
UnboundLocalError: local variable 'lmsid' referenced before assignment

SyntaxError: multiple exception types must be parenthesized

File "/home/tsuki/Windows-Exploit-Suggester/windows-exploit-suggester.py", line 390
except IOError, e:
^^^^^^^^^^
SyntaxError: multiple exception types must be parenthesized

"unable to determine the windows versions from the input file specified"

./windows-exploit-suggester.py --database 2014-07-14-mssb.xlsx --systeminfo sysinfo.txt
[*] initiating...
[*] database file detected as xls or xlsx based on extension
[*] reading from the systeminfo input file
[-] unable to determine the windows versions from the input file specified

My systeminfo output is as follows:

Host Name:                 TEST-VM
OS Name: Microsoft Windows 7 Professional 
OS Version:                6.1.7601 Service Pack 1 Build 7601
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Member Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          test
Registered Organization:   
Product ID:                00000-000-000000-00000
Original Install Date:     10/11/2012, 3:40:57 PM
System Boot Time:          7/13/2014, 7:28:52 PM
System Manufacturer:       Parallels Software International Inc.
System Model:              Parallels Virtual Platform
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~2294 Mhz
BIOS Version:              Parallels Software International Inc. 8.0.18619.1001606, 10/26/2007
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC-05:00) Eastern Time (US & Canada)
Total Physical Memory:     1,024 MB
Available Physical Memory: 363 MB
Virtual Memory: Max Size:  2,785 MB
Virtual Memory: Available: 1,305 MB
Virtual Memory: In Use:    1,480 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    test.local
Logon Server:              \\SPUTNIK
Hotfix(s):                 272 Hotfix(s) Installed.
                           [01]: KB2849697
                           [02]: KB2849696
                           [03]: KB2841134
                           [04]: KB2670838
                           [05]: KB971033
                           [06]: KB2425227
                           [07]: KB2479943
                           [08]: KB2484033
                           [09]: KB2488113
                           [10]: KB2491683
                           [11]: KB2492386
                           [12]: KB2503665
                           [13]: KB2505438
                           [14]: KB2506014
                           [15]: KB2506212
                           [16]: KB2506928
                           [17]: KB2507618
                           [18]: KB2508272
                           [19]: KB2509553
                           [20]: KB2510531
                           [21]: KB2511250
                           [22]: KB2511455
                           [23]: KB2515325
                           [24]: KB2518869
                           [25]: KB2522422
                           [26]: KB2529073
                           [27]: KB2532531
                           [28]: KB2533552
                           [29]: KB2536275
                           [30]: KB2536276
                           [31]: KB2539635
                           [32]: KB2541014
                           [33]: KB2544893
                           [34]: KB2545698
                           [35]: KB2547666
                           [36]: KB2552343
                           [37]: KB2556532
                           [38]: KB2560656
                           [39]: KB2562937
                           [40]: KB2563227
                           [41]: KB2564958
                           [42]: KB2567680
                           [43]: KB2570791
                           [44]: KB2570947
                           [45]: KB2572077
                           [46]: KB2579686
                           [47]: KB2584146
                           [48]: KB2585542
                           [49]: KB2586448
                           [50]: KB2588516
                           [51]: KB2603229
                           [52]: KB2604115
                           [53]: KB2607576
                           [54]: KB2617657
                           [55]: KB2618451
                           [56]: KB2619339
                           [57]: KB2620704
                           [58]: KB2620712
                           [59]: KB2621440
                           [60]: KB2631813
                           [61]: KB2633873
                           [62]: KB2633952
                           [63]: KB2639308
                           [64]: KB2640148
                           [65]: KB2641653
                           [66]: KB2641690
                           [67]: KB2644615
                           [68]: KB2645640
                           [69]: KB2647516
                           [70]: KB2647518
                           [71]: KB2647753
                           [72]: KB2653956
                           [73]: KB2654428
                           [74]: KB2655992
                           [75]: KB2656356
                           [76]: KB2656373
                           [77]: KB2656411
                           [78]: KB2658846
                           [79]: KB2659262
                           [80]: KB2660075
                           [81]: KB2660649
                           [82]: KB2661254
                           [83]: KB2664825
                           [84]: KB2665364
                           [85]: KB2667402
                           [86]: KB2676562
                           [87]: KB2685811
                           [88]: KB2685813
                           [89]: KB2685939
                           [90]: KB2686831
                           [91]: KB2688338
                           [92]: KB2690533
                           [93]: KB2691442
                           [94]: KB2698365
                           [95]: KB2699779
                           [96]: KB2705219
                           [97]: KB2706045
                           [98]: KB2709630
                           [99]: KB2709981
                           [100]: KB2712808
                           [101]: KB2718704
                           [102]: KB2719857
                           [103]: KB2719985
                           [104]: KB2724197
                           [105]: KB2726535
                           [106]: KB2727528
                           [107]: KB2729094
                           [108]: KB2729452
                           [109]: KB2731771
                           [110]: KB2731847
                           [111]: KB2732059
                           [112]: KB2732487
                           [113]: KB2732500
                           [114]: KB2735855
                           [115]: KB2736233
                           [116]: KB2736422
                           [117]: KB2739159
                           [118]: KB2741355
                           [119]: KB2742599
                           [120]: KB2743555
                           [121]: KB2744842
                           [122]: KB2749655
                           [123]: KB2750841
                           [124]: KB2753842
                           [125]: KB2756822
                           [126]: KB2756921
                           [127]: KB2757638
                           [128]: KB2758857
                           [129]: KB2761217
                           [130]: KB2761226
                           [131]: KB2761465
                           [132]: KB2762895
                           [133]: KB2763523
                           [134]: KB2769369
                           [135]: KB2770660
                           [136]: KB2773072
                           [137]: KB2778344
                           [138]: KB2778930
                           [139]: KB2779030
                           [140]: KB2779562
                           [141]: KB2785220
                           [142]: KB2786081
                           [143]: KB2786400
                           [144]: KB2789645
                           [145]: KB2790113
                           [146]: KB2790655
                           [147]: KB2791765
                           [148]: KB2792100
                           [149]: KB2798162
                           [150]: KB2799494
                           [151]: KB2799926
                           [152]: KB2800095
                           [153]: KB2803821
                           [154]: KB2804579
                           [155]: KB2807986
                           [156]: KB2808679
                           [157]: KB2808735
                           [158]: KB2809289
                           [159]: KB2813170
                           [160]: KB2813347
                           [161]: KB2813430
                           [162]: KB2813956
                           [163]: KB2820197
                           [164]: KB2820331
                           [165]: KB2823324
                           [166]: KB2829361
                           [167]: KB2830290
                           [168]: KB2832414
                           [169]: KB2833946
                           [170]: KB2834140
                           [171]: KB2834886
                           [172]: KB2835361
                           [173]: KB2835364
                           [174]: KB2836502
                           [175]: KB2836942
                           [176]: KB2836943
                           [177]: KB2839894
                           [178]: KB2840149
                           [179]: KB2840631
                           [180]: KB2843630
                           [181]: KB2844286
                           [182]: KB2845187
                           [183]: KB2845690
                           [184]: KB2846960
                           [185]: KB2847077
                           [186]: KB2847311
                           [187]: KB2847927
                           [188]: KB2849470
                           [189]: KB2850851
                           [190]: KB2852386
                           [191]: KB2853952
                           [192]: KB2859537
                           [193]: KB2861191
                           [194]: KB2861698
                           [195]: KB2861855
                           [196]: KB2862152
                           [197]: KB2862330
                           [198]: KB2862335
                           [199]: KB2862966
                           [200]: KB2862973
                           [201]: KB2863058
                           [202]: KB2863240
                           [203]: KB2864058
                           [204]: KB2864202
                           [205]: KB2868038
                           [206]: KB2868116
                           [207]: KB2868623
                           [208]: KB2868626
                           [209]: KB2868725
                           [210]: KB2871997
                           [211]: KB2872339
                           [212]: KB2875783
                           [213]: KB2876284
                           [214]: KB2876315
                           [215]: KB2876331
                           [216]: KB2882822
                           [217]: KB2883150
                           [218]: KB2884256
                           [219]: KB2887069
                           [220]: KB2888049
                           [221]: KB2891804
                           [222]: KB2892074
                           [223]: KB2893294
                           [224]: KB2893519
                           [225]: KB2893984
                           [226]: KB2898785
                           [227]: KB2898857
                           [228]: KB2900986
                           [229]: KB2901112
                           [230]: KB2904266
                           [231]: KB2908783
                           [232]: KB2909210
                           [233]: KB2909921
                           [234]: KB2911501
                           [235]: KB2912390
                           [236]: KB2913152
                           [237]: KB2913431
                           [238]: KB2913602
                           [239]: KB2916036
                           [240]: KB2918077
                           [241]: KB2919469
                           [242]: KB2922229
                           [243]: KB2925418
                           [244]: KB2926765
                           [245]: KB2928562
                           [246]
Network Card(s):           2 NIC(s) Installed.
                           [01]: Parallels Ethernet Adapter
                                 Connection Name: Local Area Connection 2
                                 DHCP Enabled:    Yes
                                 DHCP Server:     10.10.10.10
                                 IP address(es)
                                 [01]: 10.10.10.10
                           [02]: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
                                 Connection Name: Local Area Connection 4

The same error has been experienced running the script on both OSX and Windows.

Script does not work with Python v3.10

While working on the OSCP labs, I found this script is not working well with the latest Python3 releases and also found a few errors referencing libraries from Python2 as well as Python2 syntax.

I've made the necessary changes locally and could contribute to provide those fixes if wanted.

xls downloaded is broken or incompatible

I'm receiving the following error while running the script,

%> ./windows-exploit-suggester.py -d 2016-09-20-mssb.xls -i /Volumes/qq/1.txt
[*] initiating winsploit version 3.2...
[*] database file detected as xls or xlsx based on extension
Traceback (most recent call last):
  File "./windows-exploit-suggester.py", line 1529, in <module>
    main()
  File "./windows-exploit-suggester.py", line 413, in main
    sh = wb.sheet_by_name('Bulletin Search')
  File "/Users/xxx/Library/Python/2.7/lib/python/site-packages/xlrd/book.py", line 441, in sheet_by_name
    raise XLRDError('No sheet named <%r>' % sheet_name)
xlrd.biffh.XLRDError: No sheet named <'Bulletin Search'>

Can you check it?

$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt

Hi Author,

I could not find the contact details to mail you so just raising the query using issues menu.

I have just gone thru the script and really found it excellent.

I have query on supplying the comands options like "$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt"

Does win7sp1-systeminfo.txt file should conatin the systeminfo command or systeminfo command output.

Please advice.

xlrd library already installed but error states "please install and upgrade the python-xlrd library"

Get more new OS such as: win 2k19, win 2k12

Hi,

Can you add more OS into the project such as: win 2k19, win 2k16, win 2k12

Many thanks,

Add new bulletins / hotfixes

How can we update the script to detect new bulletins/hotfixes?
It seems to be hardcoded, right?
Do you need any help on that?

Fully Patched Box - Still showing KB's Applying

This may not apply to windows-exploit-suggester, but I tested this process on a fully patched Windows 7 desktop (ie. WindowsUpdate reports no patches needed and there are no pending reboots) however windows-exploit-suggester was still reporting KB's that were missing and possibly exploitable. When I tried to download and install those specific KB's manually from MS, following the links take you to another KB download and the installer would report that it's already installed. Is it possible that some of the missing KB#'s may not apply or are covered/superseded by other KB's? Could this be an issue with systeminfo, the MS database, and/or windows-exploit-suggester and the way it reports KB's?

Just trying to account for the inaccuracy and if it can be compensated for in windows-exploit-suggester.

Windows 10 is not supported

Command output

$ ./windows-exploit-suggester.py -d 2015-09-07-mssb.xlsx -i windows10.txt 
[*] initiating winsploit version 25...
[*] database file detected as xls or xlsx based on extension
[*] attempting to read from the systeminfo input file
[+] systeminfo input file read successfully (utf-8)
[-] unable to determine the windows versions from the input file specified. consider using --ostext option to force detection (example: --ostext 'windows 7 sp1 64-bit')

The input file


Host Name:                 DESKTOP-KAU0TTL
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.10240 N/A Build 10240
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          gszathmari
Registered Organization:   
Product ID:                00330-80000-00000-AA446
Original Install Date:     31/07/2015, 15:49:46
System Boot Time:          10/09/2015, 12:39:48
System Manufacturer:       VMware, Inc.
System Model:              VMware Virtual Platform
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~2693 Mhz
BIOS Version:              Phoenix Technologies LTD 6.00, 20/05/2014
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-gb;English (United Kingdom)
Input Locale:              en-gb;English (United Kingdom)
Time Zone:                 (UTC) Dublin, Edinburgh, Lisbon, London
Total Physical Memory:     2,047 MB
Available Physical Memory: 1,042 MB
Virtual Memory: Max Size:  3,199 MB
Virtual Memory: Available: 2,133 MB
Virtual Memory: In Use:    1,066 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    WORKGROUP
Logon Server:              \\DESKTOP-KAU0TTL
Hotfix(s):                 3 Hotfix(s) Installed.
                           [01]: KB3074678
                           [02]: KB3074683
                           [03]: KB3074686
Network Card(s):           2 NIC(s) Installed.
                           [01]: Intel(R) 82574L Gigabit Network Connection
                                 Connection Name: Ethernet0
                                 DHCP Enabled:    Yes
                                 DHCP Server:     172.16.142.254
                                 IP address(es)
                                 [01]: 172.16.142.153
                                 [02]: fe80::546c:3c8d:5558:da3f
                           [02]: Bluetooth Device (Personal Area Network)
                                 Connection Name: Bluetooth Network Connection
                                 Status:          Media disconnected
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.

Database filetype xlsx not supported fix

Not sure if anyone else has had this issue come up when trying to run this but here's what I did:
Run the database update command as normal
Rename the database file FROM .xls TO .xlsx
Then use as online tool to convert it back into .xls format. Stupid I know. I used (https://www.zamzar.com/convert/xlsx-to-xls/)
Save the file and replace your existing one and run the script as you normally would.

At least this worked for me. Maybe it'll help someone else out too.

Typo in line 662

There seems to be a typo in line 662 preventing the use of '--local'.

pontential.remove(row)

should maybe be:

potential.remove(row)

Update failure

Has the MS URL changed again ? It seems to be failing to reach the URL with the latest version of the script

python windows-exploit-suggester.py --update
[*] initiating winsploit version 3.0...
[-] error getting url http://www.microsoft.com/en-gb/download/confirmation.aspx?id=36982

read the systeminfo error utf8

Hi, i have windows 10 , and Python 2.7.13
When the script read the systeminfo file, this error show me.

python windows-exploit-suggester.py --database 2017-04-06-mssb.xls --systeminfo windows10.txt
[] initiating winsploit version 3.3...
[] database file detected as xls or xlsx based on extension
[*] attempting to read from the systeminfo input file
[-] could not read file using 'utf-8' encoding: 'utf8' codec can't decode byte 0xa2 in position 131: invalid start byte
[-] could not read file using 'utf-16' encoding: UTF-16 stream does not start with BOM
[+] systeminfo input file read successfully (utf-16-le)
[-] unable to determine the windows versions from the input file specified. consider using --ostext option to force detection (example: --ostext 'windows 7 sp1 64-bit')

1 This project seems dead for years. I have created a fork of this project with some major fixes. You can contribute to it here☺️: https://github.com/7Ragnarok7/Windows-Exploit-Suggester-2

This project seems dead for years. I have created a fork of this and fixed some major issues with it. You can contribute it here: https://github.com/7Ragnarok7/Windows-Exploit-Suggester-2

This really a great project and I want to continue building it.

Security Bulletin is no longer supported

I love this tool but Microsoft will not update bulletin search spreadsheets anymore. It would be great if you can update windows-exploit-suggester. A little bit info about new security guidance:

A similar spreadsheet can be exported from guidance, however, it does not contain the update replacement information. I verified that the information about supercedence can be found in the api response.

SyntaxError: multiple exception types must be parenthesized

except IOError, e:

Server 2019 is not supported

I can't find any information about server 2019 in the XLS file.

Can't read sysinfo with unicode caracter

Hi,

It can't read the sysinfo I generated from my windows 8.1 french version.

Inventory notification

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#Windows-Exploit-Suggester

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

Open source: Every information is available and up to date. If an information is missing or deprecated, you are invited to (help us).
Practical: Content is categorized and table formatted, allowing to search, browse, sort and filter.
Fast: Using static and client side technologies resulting in fast browsing.
Rich tables: search, sort, browse, filter, clear
Fancy informational popups
Badges / Shields
Static API
Twitter bot

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why?

Specialized websites: Some websites are referencing tools but additional information is not available or browsable. Make additional searches take time.
Curated lists: Curated lists are not very exhaustive, up to date or browsable and are very topic related.
Search engines: Search engines sometimes does find nothing, some tools or resources are too unknown or non-referenced. These is where crowdsourcing is better than robots.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.

Badges

The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make the project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care.