Author: 2022 - Now, Rezilion

Description: Vulnerabilities validation

Development: January 2022 - Now

Documentation: See website, README

‘Am I Exploitable?’ is a python open source project that comes to meet the need of validating if your system is exploitable to specific vulnerabilities. The project can help you understand whether you are exploitable to a specific vulnerability and explain to you what is the vulnerable component or invulnerable component in your system. The project can create a graph that presents the validation flow according to the vulnerability checks we perform. MI-X supports machine-readable output. The results can be exported to three different file formats: json, csv and text. After executing the tool, you will see the validation flow - it will print out which checks were performed on the host/container followed by remediation and mitigation recommendations. We want to create a community of researchers and programmers that can add vulnerability checks for new vulnerabilities or critical or famous vulnerabilities. Whenever a new vulnerability comes up, we can offer this service that helps people validate if they are exploitable or not. In addition, the vulnerabilities checks we wrote so far, can be expanded with some checks we might have missed.

• Validate if exploitable to provided cve
• Validate if exploitable to category of cves
• Get the vulnerability description
• Validate the host containers
• Present the validation flow logic as a graph.
• Export the results to one of the three output formats: json, csv, text.
• Get remediation and mitigation recommendations.

An example flow graph for CVE-2021-4034 (aka PwnKit):

Everyone is free to use 'Am I Exploitable?' under the conditions of the AGPL-3.0 License (see LICENSE file).

• Name: 'Am I Exploitable?'
• Type: vulnerability validation
• License: GNU AFFERO GENERAL PUBLIC LICENSE
• Language: Python3
• Author: Rezilion
• Required Permissions: root preferred, not needed (may use sudo)

• am_i_exploitable.py - The main file which handles the user input and the CVEs calls.
• cves - Python package that contains a python file for each currently supported vulnerability.
• modules - Python package that contains modules. Modules are code implementations which are used in different CVE files.

The tool supports the following Linux distributions:

Ubuntu, Debian, Red Hat, Centos, Fedora, SUSE, SLES, Amazon

Partial support for Alpine

Partial support for Windows

Before installing MI-X, make sure your machine has the following:

1. python version 3
2. pip3
3. graphviz (optional, needed only for the graph capabilities)
4. xdg-utils (optional, needed only for the graph capabilities)
5. openjdk with jcmd support (needed when running in container mode and the openjdk version on the container is lower than openjdk10)

In order to install the requirements:

1. Check your os distribution you can use the following command:

   cat /etc/os-release
   

2. Understand which package manager your os distribution is using:

   apt - Ubuntu, Debian

   yum - Red Hat, CentOS, Fedora, SUSE, SLES, Amazon

   apk - Alpine

3. Install the relevant packages using your os distribution package manager

In order to execute MI-X correctly, you have to install graphviz and packaging python modules requirement using pip:

pip install -r requirements.txt

The very latest developments can be obtained via git.

1. Clone or download the project files (no compilation nor installation is required)

   git clone https://github.com/Rezilion/mi-x.git
   

2. Execute MI-X menu

   cd mi-x && python3 am_i_exploitable.py
   

Scanning command template

python3 am_i_exploitable.py -v cve_yyyy_xxxx -c True -g True -f json

Scan the machine running containers for log4shell.

python3 am_i_exploitable.py -v log4shell -c True -f json

Specifies the vulnerability that will be checked (Not set by default).

Syntax:

• CVE-YEAR-ID - scans your system for specific vulnerability by the vulnerability cve id
• name - scans your system for specific vulnerability by the vulnerability name
• all - scans your system for all the vulnerabilities in the cves directory

If the argument is not set, a menu message will appear presenting the currently supported vulnerabilities.

Scans all running containers on the host (False by default).

• When running in containers mode, the user will need to insert the user’s password for sudo use.

Scans specific containers on the host by inserting running containers names seperated by spaces (Not set by default).

• When running in containers mode, the user will need to insert the user’s password for sudo use.

Exports the results to one of three possible output formats: json, csv, text

• The user will need to specify which format type the results will be exported to.

Specifies whether to see the vulnerability description or not (True by default).

Specifies whether to see the validation flowchart (False by default).

Help to understand how to run the code

Found an issue, or have a great idea? Let us know:

• GitHub - https://github.com/Rezilion/mi-x.git
• E-mail - ofrio@rezilion.com

Contributions are appreciated and can be done via GitHub.

See CONTRIBUTING.md for more information about how to submit them.

'Am I Exploitable?' is tested on Windows and most common Linux operating systems. The documentation (README) and the debugging information (set the debug parameter to 'True'), should cover most questions and problems.

Bugs can be reported via GitHub, or sending an e-mail to the email address above.

Thanks to the community for using and supporting open source software.

Many comments, bugs/patches and questions are the key to success and ongoing motivation in developing tools like this.