Linux Soft Exploit Suggester
#Threat Defense#Vulnerability Management
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
Script to Identify Exploits for Vulnerable Software
This script is designed to find exploits in all vulnerable software present on the system. It specifically targets software packages, rather than focusing solely on kernel vulnerabilities.
Using the Exploit Database for Security Assessment
This tool utilizes the exploit database to evaluate the security of software packages and to identify potential exploits that can assist in privilege escalation.
Usage:
- Download: wget https://raw.githubusercontent.com/belane/linux-soft-exploit-suggester/master/linux-soft-exploit-suggester.py
- Basic use: This command downloads the exploit database, creates a list of installed packages, and searches for relevant exploits: python linux-soft-exploit-suggester.py
- If you cannot run the tool on the target system, you can execute it using a list of packages from another system:
- For Debian/Ubuntu: dpkg -l > package_list
- For RedHat/CentOS: rpm -qa > package_list
- To update the exploit database, use: python linux-soft-exploit-suggester.py --update
- To search for exploits related to running processes, setuid binaries, and Linux capabilities, use: python linux-soft-exploit-suggester.py --juicy
- To filter exploits based on local exploit type and minor versions, run: python linux-soft-exploit-suggester.py --level 2 --type local
Example Output: You can specify an input file with the following command: python linux-soft-exploit-suggester.py --file packages --db files_exploits.csv
