Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/belane/linux-soft-exploit-suggester
Search Exploitable Software on Linux
https://github.com/belane/linux-soft-exploit-suggester
ctf elevate exploits hacking-tool linux pentest security security-tools vulnerabilities
Last synced: 3 days ago
JSON representation
Search Exploitable Software on Linux
- Host: GitHub
- URL: https://github.com/belane/linux-soft-exploit-suggester
- Owner: belane
- License: gpl-3.0
- Created: 2017-07-22T10:37:20.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2023-04-14T16:36:05.000Z (almost 2 years ago)
- Last Synced: 2025-01-09T04:14:28.831Z (10 days ago)
- Topics: ctf, elevate, exploits, hacking-tool, linux, pentest, security, security-tools, vulnerabilities
- Language: Python
- Homepage:
- Size: 1.53 MB
- Stars: 223
- Watchers: 12
- Forks: 51
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-pentest-cheat-sheets - Linux Soft Exploit Suggester - linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities (๐ Pentest Methodology / ๐ Privilege Escalation)
README
# linux-soft-exploit-suggester
Script to find exploits for all vulnerable software on the system, targeting software packages rather than just kernel vulnerabilities.
It uses the [exploit database](https://gitlab.com/exploit-database/exploitdb) to assess the security of packages and search for exploits to help with privilege escalation.
## Usage
### Download
```
wget https://raw.githubusercontent.com/belane/linux-soft-exploit-suggester/master/linux-soft-exploit-suggester.py
```
### Basic use. Downloads the exploit database, generates a list of packages and searches for exploits.
```
python linux-soft-exploit-suggester.py
```
### Run from a list of packages from another system if you can't run from target.
- **Debian/Ubuntu**: `dpkg -l > package_list`
- **RedHat/CentOS**: `rpm -qa > package_list`
```
python linux-soft-exploit-suggester.py --file package_list --distro debian
```
### Update exploit database.
```
python linux-soft-exploit-suggester.py --update
```
### Look for exploits for running processes, setuid binaries and linux capabilities.
```
python linux-soft-exploit-suggester.py --juicy
```
### Filter exploits by local exploit type and minor versions.
```
python linux-soft-exploit-suggester.py --level 2 --type local
```
## Example Output
```
> python linux-soft-exploit-suggester.py --file packages --db files_exploits.csv
| _ __ _ _ | _ _ | _ | __ __ __ _ __ | _ _
|ยท| || |\/ (_ | ||_ |- /_)\/| \|| |ยท|- (_ | || )| )/_)(_ |- /_)|
||| ||_|/\ __)|_|| |_ \_ /\|_/||_|||_ __)|_||_/ |_/ \_ __) |_ \_ |
| _/ _/
[!] DNSTracer 1.9 - Buffer Overflow - local
From: dnstracer 1.9
File: /usr/share/exploitdb/platforms/linux/local/42424.py
Url: https://www.exploit-db.com/exploits/42424
[!] GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution - remote
From: wget 1.17.1
File: /usr/share/exploitdb/platforms/linux/remote/40064.txt
Url: https://www.exploit-db.com/exploits/40064
[!] GNU Screen 4.5.0 - Privilege Escalation (PoC) - local
From: screen 4.3.1
File: /usr/share/exploitdb/platforms/linux/local/41152.txt
Url: https://www.exploit-db.com/exploits/41152
[!] Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit) - local
From: ghostscript 9.21
File: /usr/share/exploitdb/platforms/linux/local/41955.rb
Url: https://www.exploit-db.com/exploits/41955
[!] MAWK 1.3.3-17 - Local Buffer Overflow - local
From: mawk 1.3.3
File: /usr/share/exploitdb/platforms/linux/local/42357.py
Url: https://www.exploit-db.com/exploits/42357
[!] Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation - local
From: sudo 1.8.20
File: /usr/share/exploitdb/platforms/linux/local/42183.c
Url: https://www.exploit-db.com/exploits/42183
...
```
## Full Help
```
> python linux-soft-exploit-suggester.py -h
| _ __ _ _ | _ _ | _ | __ __ __ _ __ | _ _
|ยท| || |\/ (_ | ||_ |- /_)\/| \|| |ยท|- (_ | || )| )/_)(_ |- /_)|
||| ||_|/\ __)|_|| |_ \_ /\|_/||_|||_ __)|_||_/ |_/ \_ __) |_ \_ |
| _/ _/
linux-soft-exploit-suggester:
Search for Exploitable Software from package list.
optional arguments:
-h, --help Show this help message and exit
-f FILE, --file FILE Package list file
--clean Use clean package list, if used 'dpkg-query -W'
--duplicates Show duplicate exploits
--db DB Exploits csv file [default: files_exploits.csv]
-j, --juicy Search packages of running processes, setuid binaries and linux capabilities
--update Download latest version of exploits db
-d debian|redhat, --distro debian|redhat
Linux flavor, debian or redhat [default: debian]
--dos Include DoS exploits
--intense Include intense package name search,
when software name doesn't match package name (experimental)
-l 1-5, --level 1-5 Software version search variation [default: 1]
level 1: Same version
level 2: Micro and Patch version
level 3: Minor version
level 4: Major version
level 5: All versions
--type TYPE Exploit type; local, remote, webapps, dos.
e.g. --type local
--type remote
--filter FILTER Filter exploits by string
e.g. --filter "escalation"
usage examples:
Basic usage:
python linux-soft-exploit-suggester.py
Update exploit database:
python linux-soft-exploit-suggester.py --update
Search packages from juicy binaries:
python linux-soft-exploit-suggester.py --juicy
Specify package list or exploit db:
python linux-soft-exploit-suggester.py --file package_list --db files_exploits.csv
Use Redhat/Centos format file:
python linux-soft-exploit-suggester.py --file package_list --distro redhat
Search exploit for major version:
python linux-soft-exploit-suggester.py --file package_list --level 4
Filter by remote exploits:
python linux-soft-exploit-suggester.py --file package_list --type remote
Search specific words in exploit title:
python linux-soft-exploit-suggester.py --file package_list --filter Overflow
```