linux-soft-exploit-suggester

Script to find exploits for all vulnerable software on the system, targeting software packages rather than just kernel vulnerabilities. It uses the exploit database to assess the security of packages and search for exploits to help with privilege escalation.

Usage

Download

wget https://raw.githubusercontent.com/belane/linux-soft-exploit-suggester/master/linux-soft-exploit-suggester.py

Basic use. Downloads the exploit database, generates a list of packages and searches for exploits.

python linux-soft-exploit-suggester.py

Run from a list of packages from another system if you can't run from target.

Debian/Ubuntu: dpkg -l > package_list
RedHat/CentOS: rpm -qa > package_list

python linux-soft-exploit-suggester.py --file package_list --distro debian

Update exploit database.

python linux-soft-exploit-suggester.py --update

Look for exploits for running processes, setuid binaries and linux capabilities.

python linux-soft-exploit-suggester.py --juicy

Filter exploits by local exploit type and minor versions.

python linux-soft-exploit-suggester.py --level 2 --type local

Example Output

> python linux-soft-exploit-suggester.py --file packages --db files_exploits.csv

  |  _         __ _  _ |    _    _ | _  |    __    __  __  _  __ |   _  _
  |·| || |\/  (_ | ||_ |-  /_)\/| \|| |·|-  (_ | ||  )|  )/_)(_  |- /_)|
  ||| ||_|/\  __)|_||  |_  \_ /\|_/||_|||_  __)|_||_/ |_/ \_ __) |_ \_ |
                                |                 _/  _/

[!] DNSTracer 1.9 - Buffer Overflow - local
  	 From: dnstracer 1.9
  	 File: /usr/share/exploitdb/platforms/linux/local/42424.py
  	 Url: https://www.exploit-db.com/exploits/42424
[!] GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution - remote
  	 From: wget 1.17.1
  	 File: /usr/share/exploitdb/platforms/linux/remote/40064.txt
  	 Url: https://www.exploit-db.com/exploits/40064
[!] GNU Screen 4.5.0 - Privilege Escalation (PoC) - local
  	 From: screen 4.3.1
  	 File: /usr/share/exploitdb/platforms/linux/local/41152.txt
  	 Url: https://www.exploit-db.com/exploits/41152
[!] Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit) - local
  	 From: ghostscript 9.21
  	 File: /usr/share/exploitdb/platforms/linux/local/41955.rb
  	 Url: https://www.exploit-db.com/exploits/41955
[!] MAWK 1.3.3-17 - Local Buffer Overflow - local
  	 From: mawk 1.3.3
  	 File: /usr/share/exploitdb/platforms/linux/local/42357.py
  	 Url: https://www.exploit-db.com/exploits/42357
[!] Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation - local
  	 From: sudo 1.8.20
  	 File: /usr/share/exploitdb/platforms/linux/local/42183.c
  	 Url: https://www.exploit-db.com/exploits/42183

...

Full Help

> python linux-soft-exploit-suggester.py -h

  |  _         __ _  _ |    _    _ | _  |    __    __  __  _  __ |   _  _
  |·| || |\/  (_ | ||_ |-  /_)\/| \|| |·|-  (_ | ||  )|  )/_)(_  |- /_)|
  ||| ||_|/\  __)|_||  |_  \_ /\|_/||_|||_  __)|_||_/ |_/ \_ __) |_ \_ |
                                |                 _/  _/

linux-soft-exploit-suggester:
  Search for Exploitable Software from package list.

optional arguments:
  -h, --help            Show this help message and exit
  -f FILE, --file FILE  Package list file
  --clean               Use clean package list, if used 'dpkg-query -W'
  --duplicates          Show duplicate exploits
  --db DB               Exploits csv file [default: files_exploits.csv]
  -j, --juicy           Search packages of running processes, setuid binaries and linux capabilities
  --update              Download latest version of exploits db
  -d debian|redhat, --distro debian|redhat
                        Linux flavor, debian or redhat [default: debian]
  --dos                 Include DoS exploits
  --intense             Include intense package name search,
                        when software name doesn't match package name (experimental)
  -l 1-5, --level 1-5   Software version search variation [default: 1]                        
                          level 1: Same version                        
                          level 2: Micro and Patch version                        
                          level 3: Minor version                        
                          level 4: Major version                        
                          level 5: All versions
  --type TYPE           Exploit type; local, remote, webapps, dos.
                          e.g.	--type local
                        	--type remote
  --filter FILTER       Filter exploits by string
                          e.g.	--filter "escalation"

usage examples:     
  Basic usage:
	python linux-soft-exploit-suggester.py 
     
  Update exploit database:
	python linux-soft-exploit-suggester.py --update 
     
  Search packages from juicy binaries:
	python linux-soft-exploit-suggester.py --juicy 
     
  Specify package list or exploit db:
	python linux-soft-exploit-suggester.py --file package_list --db files_exploits.csv 
     
  Use Redhat/Centos format file:
	python linux-soft-exploit-suggester.py --file package_list --distro redhat 
     
  Search exploit for major version:
	python linux-soft-exploit-suggester.py --file package_list --level 4 
     
  Filter by remote exploits:
	python linux-soft-exploit-suggester.py --file package_list --type remote 
     
  Search specific words in exploit title:
	python linux-soft-exploit-suggester.py --file package_list --filter Overflow

belane / linux-soft-exploit-suggester