Linux Exploit Suggester
#Threat Defense#Vulnerability Management
Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.
Linux Exploit Suggester: Based on Operating System Release Number
Linux Exploit Suggester: This tool is designed to analyze the operating system release number.
This Program Runs Without Arguments
This program, when run without arguments, will execute 'uname -r' to retrieve the release version of the Linux Operating System and provide a suggested list of potential exploits. It's straightforward, so a patched or back-ported patch may deceive this script. Additionally, you can use the '-k' flag to manually input the Kernel Version or Operating System Release Version.
This script has been highly beneficial
This script has been highly beneficial both on-site and during exams. It is now open-sourced under the GPLv2 license.
Sample Output:
$ perl ./Linux_Exploit_Suggester.pl -k 3.0.0
Kernel local: 3.0.0
Possible Exploits:
[+] semtex CVE-2013-2094
Source: www.exploit-db.com/download/25444/
[+] memodipper CVE-2012-0056
Source: http://www.exploit-db.com/exploits/18411/
[+] perf_swevent CVE-2013-2094
Source: http://www.exploit-db.com/download/26131
$ perl ./Linux_Exploit_Suggester.pl -k 2.6.28
Kernel local: 2.6.28
Possible Exploits:
[+] sock_sendpage2 Alt: proto_ops CVE-2009-2692
Source: http://www.exploit-db.com/exploits/9436
[+] half_nelson3 Alt: econet CVE-2010-4073
Source: http://www.exploit-db.com/exploits/17787/
[+] reiserfs CVE-2010-1146
Source: http://www.exploit-db.com/exploits/1
