Linux Soft Exploit Suggester Logo

Linux Soft Exploit Suggester

0
Free
Visit Website

Script to find exploits for all vulnerable software on the system, targeting software packages rather than just kernel vulnerabilities. It uses the exploit database to assess the security of packages and search for exploits to help with privilege escalation. Usage: - Download: wget https://raw.githubusercontent.com/belane/linux-soft-exploit-suggester/master/linux-soft-exploit-suggester.py - Basic use: Downloads the exploit database, generates a list of packages, and searches for exploits: python linux-soft-exploit-suggester.py - Run from a list of packages from another system if you can't run from the target: - Debian/Ubuntu: dpkg -l > package_list - RedHat/CentOS: rpm -qa > package_list - Update exploit database: python linux-soft-exploit-suggester.py --update - Look for exploits for running processes, setuid binaries, and Linux capabilities: python linux-soft-exploit-suggester.py --juicy - Filter exploits by local exploit type and minor versions: python linux-soft-exploit-suggester.py --level 2 --type local Example Output: python linux-soft-exploit-suggester.py --file packages --db files_exploits.csv

FEATURES

ALTERNATIVES

A community effort to compile security advisories for Ruby libraries with a detailed directory structure.

A repository of open-source plugins for Rapid7 InsightConnect

An open-source tool for finding security vulnerabilities, compliance issues, and infrastructure misconfigurations in infrastructure-as-code

OWASP Project for making vulnerability management easier.

A JavaScript scanner built in PHP for scraping URLs and other information.

A categorized collection of bug bounty write-ups for various vulnerabilities.

Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.

Scans Alpine base images for vulnerabilities using Multi Stage builds in Docker 17.05