{"id":15686351,"url":"https://github.com/rams3sh/cuw","last_synced_at":"2025-10-14T11:31:27.637Z","repository":{"id":94847067,"uuid":"137642420","full_name":"rams3sh/cuw","owner":"rams3sh","description":"Tool to check for applicable windows updates for a given machine in offline without dependency on WSUS or WUA.","archived":true,"fork":false,"pushed_at":"2020-09-23T13:55:11.000Z","size":20,"stargazers_count":10,"open_issues_count":0,"forks_count":4,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-01-31T05:32:42.444Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rams3sh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-17T09:16:02.000Z","updated_at":"2024-09-04T03:02:47.000Z","dependencies_parsed_at":"2023-04-25T07:34:43.253Z","dependency_job_id":null,"html_url":"https://github.com/rams3sh/cuw","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/rams3sh/cuw","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rams3sh%2Fcuw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rams3sh%2Fcuw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rams3sh%2Fcuw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rams3sh%2Fcuw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rams3sh","download_url":"https://codeload.github.com/rams3sh/cuw/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rams3sh%2Fcuw/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279019089,"owners_count":26086516,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-03T17:38:38.488Z","updated_at":"2025-10-14T11:31:27.626Z","avatar_url":"https://github.com/rams3sh.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cuw\nCUW or (C)heck for (U)pdates for (W)indows\n\nCUW is a local windows update database maintainer/ updater tool which also solves patch superseding logic for a given machine in offline without dependency on WSUS or WUA. \n\nBackground about CUW\n-------------------------\n\nMajor inspiration for creation of this tool was to check out the vulnerabilities (in case of a pentest, to find applicable exploits for post exploitation phase) in the existing system and to determine the patch life cycle maturity ( i.e missing patches, same logic as pentest but different view :P ) in case of a compliance audit; in offline mode.\n\nSince determining if all required patches have been applied in the system is a trival task as there is no online one-stop efficient searchable database (post April 2017 because of discontinuation of periodic release of MS Bulletin Excel file)  where patches, its's subsequent superseded patches, patch description etc for a specific product can be searched out and compared with the list of patches installed in the system (if any); and further more to add to the problem is solving manually the logic of superseded patches. Hence the motivation to build this tool.\n\nWorking of/with CUW\n-------------------\n\nCUW maintains a local sqlite database consisting of Windows patches and it's details.During the update process the tool downloads the official WSUS offline cab file from the link \"http://go.microsoft.com/fwlink/?LinkID=74689\" and parses the required information and feeds onto the local database. You can consider it as a localised repository of https://www.catalog.update.microsoft.com/Home.aspx but with more filter search capability as the entire data is in your control.\n\nCUW exports a csv format file \"MSPatches.csv\" containing only important columns from the database table as soon the database is updated.\nNote : Raw database is in sqlite format. If you want to view the table in the database, you can use any sqlite viewer tool.\n\nNow the user can use this csv to filter out the the updates containing keyword pertaining to the target operating system or the product installed using his/her super excel powers. The problem doesnt end there as the updates which have been filtered may have superseded updates. So to solve this , the user copies the updateids from the csv file after filtering out the keywords from the file into a text file.\nNow this text file is fed into the cuw tool using the \"scan\" option. CUW takes in the updateids, check for superseded patches within the database and after applying internal logic, gives out the final applicable patch ids which is supposed to be present in the system. Now this output can be used to compare with the existing patches (results obained from wmic qfe list command, refer \"Some of the Key Information required for the user to filter the required updateids before using the tool\" section below) and determine the missing patches / vulnerabilities in the target system.\n\nQ) Cant this entire thing of user selecting the required patches and feeding to CUW be automated ?\n\nIt can be, provided Microsoft follows a standard and accurate convention of naming its products and the products appicable to each of the updates in the wsusscn2.cab file (The official offline patch database released by microsoft every month to be used with WSUS and WUA tools), since CUW totally depends on the textual search. WSUS , WUA uses a set of detection mechanisms mentioned in the same cab file to determine all the products installed in a workstation and accordingly picks the required updates and patches the system and that is the reason why your regular system takes so much time to update and this entire process is active wheras CUW tries to attempt this very same process passively taking out the installation of patches.\n\nChallenge Explanation :-\n\nTo understand the challenge in entirety, the entire cab file structure and its working needs to be explained . Btw there is no official detailed manual explaining the structure of wssuscn2.cab file which I could find apart from this link https://support.microsoft.com/en-us/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline , which at least I couldnt find of any help since I was not using WUA API and I had to understand the entire cab file structure and the internal xmls and its tags to write a tool to parse its contents. I  will save the explanation on how I understood the structure of wssuscn2.cab file for another post in my blog at https://rams3sh.blogspot.com/.\n\nNow to keep it simple and to understand the challenge, lets understand that wssuscn2.cab file stores lot of informations such as Windows Products, Windows Updates, Different ways to check for an existence of a product (Detectoids), types of updates, EULA files, download links for various updates etc in different xml files (not one). Each of these information is mapped to unique ID called updateid (even though many of them are not updates, Microsoft chooses to call it that way). \n\nSo if one wants to look for patches applicable for MS Office 2016, one needs to first search for updateid of the product , search across all the updates where prerequistes column of that update has MS Office 2016's updateid part of it. This can be automated provided the input file,say which consists of list of installed applications' name (received as output from the commmand \"wmic product get name\") follows the same naming convention as the one in the wsusscn2.cab. But it isnt that way. Look at the example\n\nExample:-\n\nInstalled Application: Microsoft Office Professional Plus 2016\n\n\nWSUSSCN2.CAB Equivalent Product Name: Office 2016\n\nSimple search for existence for 2016 and Office is not enough as there are other examples such as MSSQL 2008 R2 Server as product and installed application is just MSSQL 2008 Client. Hence word matching logic does not work. \n\nTried for fuzzy string match logic using fuzzywuzzy library (https://github.com/seatgeek/fuzzywuzzy) but still identifying and fixing a threshold ratio for string match was difficult and was not consistent throughout.Hence left the challenge of selecting the updates to the user.\n\nIf this challenge is overcome, the process of update selection by the user can be automated.\n\n\n\nQ) Is there any possibility of inaccuracies on the output of results ?\n\nYes, if the update ids of the applicable updates (after filtration process in csv) provided by the user to the tool is inaccurate as the tool is merely solving the superseded update logic.\n\n\nSome of the Key Information required for the user to filter the required updateids before using the tool\n--------------------------------------------------------------------------------------------------------\n\n1. System Information \nTo get the operating system details, architecture and other informations.\n\nCommand : systeminfo.exe\n\n2. Build Version of the Operating System\nThis helps in filtering out the updates further from a set of updates applicable for an operating system.\n\nExample :-\nBoth of the following updates apply for Windows 10 but each one for different Version of Windows 10\n\ni. 2018-06 Cumulative Update for Windows 10 Version 1709 for x64-based Systems\n\nii. 2018-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems\n\nSo differentiating factor is the Version Number here.\n  \nCommand :reg query \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\" /v ReleaseId\n\n3. Get List of Installed Programs \nThis will help us in finding the list of programs installed in the machine. The program names can be used to filter out the applicable updates from the csv file.\n\nCommand : wmic product get name,version,vendor,installdate\n\n4. Get list of updates installed in the system \nThis will help us to compare the output from the tool and the installed updates to decide on which updates are missing in the system (if any).\n\nCommand : wmic qfe list\n     \nNote: None of the commands or outputs given by the commands mentioned above are used by the tool. These details are just for the user to finally filter out the required updates from the MSPatch csv file.\n\n\nHow To use\n-----------\n\nUsage:-\n                \n\n    cuw.exe scan \u003cfilename with updateids\u003e - Checks for Update ids in the input file and gives the final list of applicable updates with details\n    cuw.exe scan \u003cfilename with updateids\u003e output \u003coutput file name\u003e - Same as the previous option with the output (with extra details) being exported as csv\n    cuw.exe update - Updates the local patch database (Requires Internet Connection and some patience !! :P)\n    cuw.exe exportdb \u003cfilename of the exported csv\u003e\" - Exports the local patch database as csv file\n    cuw.exe help  -  Displays this help\n        \n  \nExternal Dependency\n-------------------\n cuw currently works only on windows due to hard coded windows based commands in the script.\n cuw depends on 7zip binary. \n The required binaries has been packed along with the release zip file. The author claims no ownership over the same.\n \nNote\n----\nIf you are using the source cuw.py, then you would have to dowload 7z binaries (7z.exe and 7z.dll) separately from the official site and place it in class path and update the entire database. The initial database updation on my machine which is i7 7th gen with 8GB Ram and Win10 OS took 3 hours of time.\n \nThe release zip has been packed with latest updated database and csv file as on 17-6-2018 to avoid long update process in the first subsequent update event.\n\n\nFuture Plans\n-------------\n\nTo add exploitdb informations to the database so that a mapping exploit (if any) also could be given out along with the report. More or less like windows_privesc_check (https://github.com/pentestmonkey/windows-privesc-check) just that I wouldnt want to limit it to priv escalation related exploit alone.\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frams3sh%2Fcuw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frams3sh%2Fcuw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frams3sh%2Fcuw/lists"}