Linux Soft Exploit Suggester Logo

Linux Soft Exploit Suggester

0
Free
Visit Website

Script to find exploits for all vulnerable software on the system, targeting software packages rather than just kernel vulnerabilities. It uses the exploit database to assess the security of packages and search for exploits to help with privilege escalation. Usage: - Download: wget https://raw.githubusercontent.com/belane/linux-soft-exploit-suggester/master/linux-soft-exploit-suggester.py - Basic use: Downloads the exploit database, generates a list of packages, and searches for exploits: python linux-soft-exploit-suggester.py - Run from a list of packages from another system if you can't run from the target: - Debian/Ubuntu: dpkg -l > package_list - RedHat/CentOS: rpm -qa > package_list - Update exploit database: python linux-soft-exploit-suggester.py --update - Look for exploits for running processes, setuid binaries, and Linux capabilities: python linux-soft-exploit-suggester.py --juicy - Filter exploits by local exploit type and minor versions: python linux-soft-exploit-suggester.py --level 2 --type local Example Output: python linux-soft-exploit-suggester.py --file packages --db files_exploits.csv

FEATURES

ALTERNATIVES

Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.

A continuous threat exposure management platform that provides automated vulnerability scanning for internet-facing assets with varying service tiers for different organizational needs.

tfsec is being replaced by Trivy, a more comprehensive open-source security solution

An application security platform that aggregates, prioritizes and contextualizes vulnerabilities from multiple security scanners and sources to help manage application and cloud security risks.

A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.

Automate the search for Exploits and Vulnerabilities in important databases.

A runtime threat management and attack path enumeration tool for cloud-native environments

PINNED