Windows系统漏洞Suggester
dmst | 2014-07-19 10:57
这个工具针对微软漏洞数据库比较了目标补丁级别,以便及时发现潜在缺少补丁程序的目标。
它需要从一台Windows主机'的SystemInfo'命令输出,以便在比较Microsoft安全公告数据库,并确定主机补丁级别。
它能够自动从微软下载安全公告数据库 - 更新flag,并将其保存为Excel电子表格。
当您在命令输出中,值得注意的是,它假定存在所有漏洞,然后根据该补丁程序的数据选择性地删除它们。可能会导致许多误报,它关键是知道什么软件实际上是在目标主机上运行。例如,如果有已知的IIS漏洞它将标志他们,即使IIS未在目标主机上运行。
公共漏洞(E)或Metasploit的模块(M)的字符值表示。
大量的灵感来自Pentura写的Linux_Exploit_Suggester。
USAGE
更新数据库
$ ./windows-exploit-suggester.py --update [*] initiating... [*] successfully requested base url [*] scraped ms download url [+] writing to file 2014-06-06-mssb.xlsx [*] done
安装依赖
(install python-xlrd, $ pip install xlrd --upgrade)
输入systeminfo信息,以及微软数据库
$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt [*] initiating... [*] database file detected as xls or xlsx based on extension [*] reading from the systeminfo input file [*] querying database file for potential vulnerabilities [*] comparing the 15 hotfix(es) against the 173 potential bulletins(s) [*] there are now 168 remaining vulns [+] windows version identified as 'Windows 7 SP1 32-bit' [*] [M] MS14-012: Cumulative Security Update for Internet Explorer (2925418) - Critical [E] MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430) - Important [M] MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986) - Critical [M] MS13-080: Cumulative Security Update for Internet Explorer (2879017) - Critical [M] MS13-069: Cumulative Security Update for Internet Explorer (2870699) - Critical [M] MS13-059: Cumulative Security Update for Internet Explorer (2862772) - Critical [M] MS13-055: Cumulative Security Update for Internet Explorer (2846071) - Critical [M] MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) - Critical [M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical [M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important [*] done
可以使用操作系统代替补丁程序
$ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --ostext 'windows server 2008 r2' [*] initiating... [*] database file detected as xls or xlsx based on extension [*] getting OS information from command line text [*] querying database file for potential vulnerabilities [*] comparing the 0 hotfix(es) against the 196 potential bulletins(s) [*] there are now 196 remaining vulns [+] windows version identified as 'Windows 2008 R2 64-bit' [*] [M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical [M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important [E] MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Important [M] MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) - Important [M] MS10-061: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) - Critical [E] MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) - Important [E] MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) - Important [M] MS10-002: Cumulative Security Update for Internet Explorer (978207) - Critical [M] MS09-072: Cumulative Security Update for Internet Explorer (976325) - Critical
翻译的不好,大家还是看原文吧
下载:https://github.com/GDSSecurity/Windows-Exploit-Suggester
相关内容:
各种吐槽:
1#
继续沉默 (哥就是帅) | 2014-07-19 11:13
不错,支持个
2#
BMa (安全技术爱好者!) | 2014-07-19 20:24
这个还是蛮有意思的,以前还有一个手工输出systeminfo然后进行比较的
3#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2014-07-21 09:56
嗯 ,这个 东西 思路 不错 ,以前 都是 纯手工 比较的。