Giters

InsiderThreats / cve-maker

Tool to detect, find, compile and execute a CVE on the current or a remote machine.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-MAKER

Use this software only for legal purposes. (Example: Vulnerable training machines.)
I am in no way responsible for your actions.
Use python 3.7
Made by msd0pe

WHAT IS IT ?

Cve-maker is a python tool to detect, find, compile and execute a CVE on the current or a remote machine.
It is intended to save you time. You can easily find your CVEs on https://www.exploit-db.com/ or with the Search option.

HOW IT WORKS ?

Cve-maker will search on CVE databases for the payload associated with the CVE that you provide it with parameters.
It creates it in the directory "/tmp/exploit/" and compiles it if necessary. It then proposes you to execute it or not.

DETECTION

The detection option will search if a CVE match with your Kernel version ! But not all possible CVEs are displayed: those between 2 versions (e. g. Linux Kernel 2.6.10 < 2.6.31) must be found manually

RESEARCH

Search your CVEs by entering keywords !

REMOTE

Attack remotely with a Reverse Shell, a Bind Shell or a SSH connection !

INSTALLATION

Installation of the prerequisites: apt-get install gcc g++ git python2.7 python3

Download the project: git clone https://github.com/msd0pe-1/cve-maker/

You only need to execute install.sh to get the libraries useful to the program : sh install.sh

USAGE

    
Usage: python cve-maker.py [options] site

Options:
--version             show program's version number and exit
-h, --help            show this help message and exit
-d, --detect          detect vulnerabilities on the current machine
-i, --check           check if the edb-id is verified
-r, --remote          attack a target remotely
-f FIND, --find=FIND  looking for an exploit by its vulnerable software
-c CVE, --cve=CVE     looks for the CVE from its name
-e EDB, --edb=EDB     looks for the CVE from its EDB-ID
-g GCC, --gcc=GCC     add options to compilation
-l LANG, --lang=LANG  langage of the exploit [Default: c]


Available 0day sites:
exploit_db


Langages:
sh  ruby  perl  python  php  c++  c


Examples:
python cve-maker -e 12345 -l ruby exploit_db

python cve-maker -c 2019-98765 -g "-lpthread" exploit_db


Tool to find, compile and execute a CVE on the current machine.
Source code put in public domain by msd0pe,no Copyright
Any malicious or illegal activity may be punishable by law
Use at your own risk

EXAMPLES

If you want to get the CVE thanks to its EDB-ID : 12345, coded in Ruby:
python cve-maker -e 12345 -l ruby exploit_db

If you have the CVE name, and it needs the gcc option "-lpthread" to be compiled correctly :
python cve-maker -c 2019-98765 -g "-lpthread" exploit_db

CONTRIBUTING

This project is in active development. Feel free to suggest a new feature or open a pull request !

About

Tool to detect, find, compile and execute a CVE on the current or a remote machine.

License:GNU General Public License v3.0

Languages

Language:Python 98.4%Language:Shell 1.6%