belane / Linux Soft Exploit Suggester
Licence: gpl-3.0
Search Exploitable Software on Linux
Stars: ✭ 187
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Linux Soft Exploit Suggester
Hacker Roadmap
📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
Stars: ✭ 7,752 (+4045.45%)
Mutual labels: pentest, hacking-tool, vulnerabilities
awesome-pentest-tools
List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Stars: ✭ 34 (-81.82%)
Mutual labels: software, pentest, hacking-tool
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+314.44%)
Mutual labels: pentest, hacking-tool
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+420.86%)
Mutual labels: pentest, vulnerabilities
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+439.57%)
Mutual labels: pentest, hacking-tool
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+153.48%)
Mutual labels: pentest, hacking-tool
Jok3r
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+244.92%)
Mutual labels: pentest, hacking-tool
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+379.68%)
Mutual labels: pentest, hacking-tool
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+507.49%)
Mutual labels: pentest, hacking-tool
Awesome Nodejs Security
Awesome Node.js Security resources
Stars: ✭ 1,294 (+591.98%)
Mutual labels: pentest, vulnerabilities
Web Brutator
Fast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-48.13%)
Mutual labels: pentest, hacking-tool
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+120.86%)
Mutual labels: hacking-tool, vulnerabilities
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+287.7%)
Mutual labels: pentest, hacking-tool
Writeups
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-67.38%)
Mutual labels: vulnerabilities, pentest
Awesome Vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Stars: ✭ 133 (-28.88%)
Mutual labels: pentest, vulnerabilities
Dr0p1t Framework
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
Stars: ✭ 1,132 (+505.35%)
Mutual labels: pentest, hacking-tool
linux-soft-exploit-suggester
linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities. It uses exploit database to evaluate the security of packages and search for exploits, so you should download it on first run.
> python linux-soft-exploit-suggester.py -h
| _ __ _ _ | _ _ | _ | __ __ __ _ __ | _ _
|·| || |\/ (_ | ||_ |- /_)\/| \|| |·|- (_ | || )| )/_)(_ |- /_)|
||| ||_|/\ __)|_|| |_ \_ /\|_/||_|||_ __)|_||_/ |_/ \_ __) |_ \_ |
| _/ _/
linux-soft-exploit-suggester:
Search for Exploitable Software from package list.
optional arguments:
-h, --help Show this help message and exit
-f FILE, --file FILE Package list file
--clean Use clean package list, if used 'dpkg-query -W'
--duplicates Show duplicate exploits
--db DB Exploits csv file [default: files_exploits.csv]
--update Download latest version of exploits db
-d debian|redhat, --distro debian|redhat
Linux flavor, debian or redhat [default: debian]
--dos Include DoS exploits
--intense Include intense package name search,
when software name doesn't match package name (experimental)
-l 1-5, --level 1-5 Software version search variation [default: 1]
level 1: Same version
level 2: Micro and Patch version
level 3: Minor version
level 4: Major version
level 5: All versions
--type TYPE Exploit type; local, remote, webapps, dos.
e.g. --type local
--type remote
--filter FILTER Filter exploits by string
e.g. --filter "escalation"
usage examples:
Get Package List:
debian/ubuntu: dpkg -l > package_list
redhat/centos: rpm -qa > package_list
Update exploit database:
python linux-soft-exploit-suggester.py --update
Basic usage:
python linux-soft-exploit-suggester.py --file package_list
Specify exploit db:
python linux-soft-exploit-suggester.py --file package_list --db files_exploits.cve
Use Redhat/Centos format file:
python linux-soft-exploit-suggester.py --file package_list --distro redhat
Search exploit for major version:
python linux-soft-exploit-suggester.py --file package_list --level 4
Filter by remote exploits:
python linux-soft-exploit-suggester.py --file package_list --type remote
Search specific words in exploit title:
python linux-soft-exploit-suggester.py --file package_list --filter Overflow
Advanced usage:
python linux-soft-exploit-suggester.py --file package_list --level 3 --type local --filter escalation
Output
> python linux-soft-exploit-suggester.py --file packages --db files_exploits.csv
| _ __ _ _ | _ _ | _ | __ __ __ _ __ | _ _
|·| || |\/ (_ | ||_ |- /_)\/| \|| |·|- (_ | || )| )/_)(_ |- /_)|
||| ||_|/\ __)|_|| |_ \_ /\|_/||_|||_ __)|_||_/ |_/ \_ __) |_ \_ |
| _/ _/
[!] DNSTracer 1.9 - Buffer Overflow - local
From: dnstracer 1.9
File: /usr/share/exploitdb/platforms/linux/local/42424.py
Url: https://www.exploit-db.com/exploits/42424
[!] GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution - remote
From: wget 1.17.1
File: /usr/share/exploitdb/platforms/linux/remote/40064.txt
Url: https://www.exploit-db.com/exploits/40064
[!] GNU Screen 4.5.0 - Privilege Escalation (PoC) - local
From: screen 4.3.1
File: /usr/share/exploitdb/platforms/linux/local/41152.txt
Url: https://www.exploit-db.com/exploits/41152
[!] Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit) - local
From: ghostscript 9.21
File: /usr/share/exploitdb/platforms/linux/local/41955.rb
Url: https://www.exploit-db.com/exploits/41955
[!] KeepNote 0.7.8 - Command Execution - local
From: keepnote 0.7.8
File: /usr/share/exploitdb/platforms/multiple/local/40440.py
Url: https://www.exploit-db.com/exploits/40440
[!] MAWK 1.3.3-17 - Local Buffer Overflow - local
From: mawk 1.3.3
File: /usr/share/exploitdb/platforms/linux/local/42357.py
Url: https://www.exploit-db.com/exploits/42357
[!] Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation - local
From: sudo 1.8.20
File: /usr/share/exploitdb/platforms/linux/local/42183.c
Url: https://www.exploit-db.com/exploits/42183
...
Generate package list
Debian
dpkg -l > package_list
Red Hat
rpm -qa > package_list
TIP. Packages from running processes and SETUID binaries
Running packages
> for i in $(ps auex|sed -e ':l;s/ / /g;t l'|cut -d' ' -f11|grep -v '\['|grep '/'|sort -u); \
do \
dpkg -l | grep "^ii `dpkg -S $i 2>&1|cut -d':' -f1`" |tee -a potentials; \
done
SETUID Binaries
> for i in $(find / -perm -4000 -o -perm -2000 -type f 2>/dev/null); \
do \
dpkg -l | grep "^ii `dpkg -S $i 2>&1|cut -d':' -f1`"|tee -a potentials; \
done
Eliminate duplicates and Run
> sort -u potentials > potentials_no_duplicates
> python linux-soft-exploit-suggester.py --file potentials_no_duplicates --level 2 --type local
| _ __ _ _ | _ _ | _ | __ __ __ _ __ | _ _
|·| || |\/ (_ | ||_ |- /_)\/| \|| |·|- (_ | || )| )/_)(_ |- /_)|
||| ||_|/\ __)|_|| |_ \_ /\|_/||_|||_ __)|_||_/ |_/ \_ __) |_ \_ |
| _/ _/
[!] Sudo 1.8.20 - 'get_process_ttyname()' Privilege Escalation - local
From: sudo 1.8.20
File: /usr/share/exploitdb/platforms/linux/local/42183.c
Url: https://www.exploit-db.com/exploits/42183
[!] Fuse 2.9.3-15 - Privilege Escalation - local
From: fuse 2.9.7
File: /usr/share/exploitdb/platforms/linux/local/37089.txt
Url: https://www.exploit-db.com/exploits/37089
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].