{"id":13717566,"url":"https://github.com/Rezilion/mi-x","last_synced_at":"2025-05-07T07:31:50.883Z","repository":{"id":37714308,"uuid":"485484773","full_name":"Rezilion/mi-x","owner":"Rezilion","description":"Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)","archived":false,"fork":false,"pushed_at":"2023-08-12T14:25:36.000Z","size":3329,"stargazers_count":141,"open_issues_count":1,"forks_count":11,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-08-04T00:13:45.331Z","etag":null,"topics":["appsec","security","vulnerability-assessment","vulnerability-validation"],"latest_commit_sha":null,"homepage":"https://www.rezilion.com/rezilion-tools/am-i-exploitable/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Rezilion.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-04-25T18:17:06.000Z","updated_at":"2024-07-11T17:38:57.000Z","dependencies_parsed_at":"2024-01-17T09:21:08.957Z","dependency_job_id":"42888663-bcd1-49c3-a3c0-dd6685400b52","html_url":"https://github.com/Rezilion/mi-x","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rezilion%2Fmi-x","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rezilion%2Fmi-x/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rezilion%2Fmi-x/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rezilion%2Fmi-x/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Rezilion","download_url":"https://codeload.github.com/Rezilion/mi-x/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224573503,"owners_count":17333804,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","security","vulnerability-assessment","vulnerability-validation"],"created_at":"2024-08-03T00:01:24.163Z","updated_at":"2024-11-14T05:32:09.037Z","avatar_url":"https://github.com/Rezilion.png","language":"Python","funding_links":[],"categories":["Dependency intelligence","Python"],"sub_categories":["Vulnerability information exchange"],"readme":"\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://user-images.githubusercontent.com/15197376/178677447-74914a41-4664-47af-b156-9022f094bfbb.png#center\" width=\"400\" height=\"200\" /\u003e\n\u003c/p\u003e\n\n[![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)\n![pylint](https://user-images.githubusercontent.com/15197376/178207178-872a404a-a3c0-4442-b0ce-94a76e38848a.svg)\n\u003cimg alt=\"blackhat-arsenal\" src=\"https://github.com/toolswatch/badges/blob/master/arsenal/usa/2022.svg\"/\u003e\n\u003cimg alt=\"blackhat-arsenal\" src=\"https://github.com/toolswatch/badges/blob/master/arsenal/europe/2022.svg\"/\u003e\n\n\n# **Am I Exploitable?**\n\n Author:                   2022 - Now, Rezilion\n\n Description:              Vulnerabilities validation\n\n Development:              January 2022 - Now\n\n Documentation:            See website, README\n\n\n# Introduction\n\n## Description\n‘Am I Exploitable?’ is a python open source project that comes to meet the need of validating if your system is exploitable to specific vulnerabilities.\nThe project can help you understand whether you are exploitable to a specific vulnerability and explain to you what is the vulnerable component or invulnerable component in your system.\nThe project can create a graph that presents the validation flow according to the vulnerability checks we perform.\nMI-X supports machine-readable output. The results can be exported to three different file formats: json, csv and text.\nAfter executing the tool, you will see the validation flow - it will print out which checks were performed on the host/container followed by remediation and mitigation recommendations.\nWe want to create a community of researchers and programmers that can add vulnerability checks for new vulnerabilities or critical or famous vulnerabilities. Whenever a new vulnerability comes up, we can offer this service that helps people validate if they are exploitable or not.\nIn addition, the vulnerabilities checks we wrote so far, can be expanded with some checks we might have missed.\n\n## Features and usage options:\n* Validate if exploitable to provided cve\n* Validate if exploitable to category of cves\n* Get the vulnerability description\n* Validate the host containers\n* Present the validation flow logic as a graph.\n* Export the results to one of the three output formats: json, csv, text.\n* Get remediation and mitigation recommendations.\n\nAn example flow graph for CVE-2021-4034 (aka PwnKit):\n\n\u003cimg width=\"879\" alt=\"PwnKit Validation Flow Graph\" src=\"https://user-images.githubusercontent.com/15197376/187365588-2a5e8c45-0cb0-47ac-8b8f-f357a700c425.png\"\u003e\n\n\nEveryone is free to use 'Am I Exploitable?' under the conditions of the AGPL-3.0 License (see [LICENSE](https://github.com/Rezilion/mi-x/blob/main/LICENSE) file).\n \n## Quick facts\n   - **Name**:      'Am I Exploitable?'\n   - **Type**:      vulnerability validation\n   - **License**:   GNU AFFERO GENERAL PUBLIC LICENSE\n   - **Language**:  Python3\n   - **Author**:    Rezilion\n   - **Required Permissions**: root preferred, not needed (may use sudo)\n   \n# Files\n\n- `am_i_exploitable.py` - The main file which handles the user input and the CVEs calls.\n- `cves` - Python package that contains a python file for each currently supported vulnerability.\n- `modules` - Python package that contains modules.\nModules are code implementations which are used in different CVE files.\n\n\n# Supported OSs and Distributions\n\nThe tool supports the following Linux distributions:\n\nUbuntu, Debian, Red Hat, Centos, Fedora, SUSE, SLES, Amazon\n\nPartial support for Alpine\n\nPartial support for Windows\n\n\n# Color Legend\n\n\u003cimg width=\"577\" alt=\"mi-x_legend\" src=\"https://user-images.githubusercontent.com/15197376/198944304-e95e2577-a7da-4e5f-9458-aadf349aaed6.png\"\u003e\n\n# Installation Requirements\n\nBefore installing MI-X, make sure your machine has the following:\n1. python version 3\n2. pip3\n3. graphviz (optional, needed only for the graph capabilities) \n4. xdg-utils (optional, needed only for the graph capabilities)\n5. openjdk with jcmd support (needed when running in container mode and the openjdk version on the container is lower than `openjdk10`)\n\nIn order to install the requirements:\n1. Check your os distribution you can use the following command:\n   ```\n   cat /etc/os-release\n   ```\n2. Understand which package manager your os distribution is using:\n\n   apt - Ubuntu, Debian\n   \n   yum - Red Hat, CentOS, Fedora, SUSE, SLES, Amazon\n\n   apk - Alpine\n3. Install the relevant packages using your os distribution package manager\n\n# Dependencies Installation Requirements\nIn order to execute MI-X correctly, you have to install graphviz and packaging python modules requirement using pip: \n```\npip install -r requirements.txt\n```\n\n# Install MI-X\n\nThe very latest developments can be obtained via git.\n\n1. Clone or download the project files (no compilation nor installation is required)\n   ```\n   git clone https://github.com/Rezilion/mi-x.git\n   ```\n2. Execute MI-X menu\n   ```\n   cd mi-x \u0026\u0026 python3 am_i_exploitable.py\n   ```\n   \n# Execute Scanning Template\n\nScanning command template\n```\npython3 am_i_exploitable.py -v cve_yyyy_xxxx -c True -g True -f json\n\n```\n\n# Execute Scanning Example\nScan the machine running containers for log4shell.\n```\npython3 am_i_exploitable.py -v log4shell -c True -f json\n\n```\n![Executing](https://user-images.githubusercontent.com/15197376/199072345-2fc668f7-2d9a-4907-b427-e385e6fe67da.gif)\n\n\n# Arguments\n\n## -v --vulnerability_identifier\n\nSpecifies the vulnerability that will be checked (Not set by default). \n\nSyntax: \n- CVE-YEAR-ID - scans your system for specific vulnerability by the vulnerability cve id\n- name - scans your system for specific vulnerability by the vulnerability name\n- all - scans your system for all the vulnerabilities in the cves directory\n\nIf the argument is not set, a menu message will appear presenting the currently supported vulnerabilities.\n\n## -c --container\n\nScans all running containers on the host (False by default).\n- When running in containers mode, the user will need to insert the user’s password for sudo use.\n\n## -n --container_name\n\nScans specific containers on the host by inserting running containers names seperated by spaces  (Not set by default).\n- When running in containers mode, the user will need to insert the user’s password for sudo use.\n\n## -f --format'\n\nExports the results to one of three possible output formats: json, csv, text\n- The user will need to specify which format type the results will be exported to.\n\n## --description\n\nSpecifies whether to see the vulnerability description or not (True by default).\n\n## -g --graph\n\nSpecifies whether to see the validation flowchart (False by default).\n\n## -h --help\n\nHelp to understand how to run the code\n\n# Development and Bugs\n\nFound an issue, or have a great idea? Let us know:\n\n* GitHub - https://github.com/Rezilion/mi-x.git\n* E-mail - ofrio@rezilion.com\n\nContributions are appreciated and can be done via GitHub. \n\nSee CONTRIBUTING.md for more information about how to submit them.\n\n# Support\n\n'Am I Exploitable?' is tested on Windows and most common Linux operating systems. The documentation (README) and the debugging \ninformation (set the debug parameter to 'True'), should cover most questions and problems. \n\nBugs can be reported via GitHub, or sending an e-mail to the email address above.\n\n# Thanks\n\nThanks to the community for using and supporting open source software.\n\nMany comments, bugs/patches and questions are the key to success and ongoing motivation in developing tools like this.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRezilion%2Fmi-x","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FRezilion%2Fmi-x","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRezilion%2Fmi-x/lists"}