bitsadmin / wesng Goto Github PK
View Code? Open in Web Editor NEWWindows Exploit Suggester - Next Generation
License: BSD 3-Clause "New" or "Revised" License
Windows Exploit Suggester - Next Generation
License: BSD 3-Clause "New" or "Revised" License
...
Hello, great work on this! Just curious if there's a way to add an option to not show superseded patches? Sounds like it may help with the false positive issues you have detailed.
The program does not handle properly the output of the command systeminfo in a spanish windows10 on the version of the operating system.
The guilty line in Spanish is this:
Versi�n del sistema operativo: 10.0.17763 N/D Compilaci�n 17763
if I replace in txt
10.0.17763 N/D Compilaci�n 17763
with
10.0.17763 N/D Compilacion 17763
wes.py works correctly.
The entire systeminfo output is:
Nombre de host:
Nombre del sistema operativo: Microsoft Windows 10 Pro Education
Versi�n del sistema operativo: 10.0.17763 N/D Compilaci�n 17763
Fabricante del sistema operativo: Microsoft Corporation
Configuraci�n del sistema operativo: Estaci�n de trabajo independiente
Tipo de compilaci�n del sistema operativo: Multiprocessor Free
Propiedad de:
Organizaci�n registrada:
Id. del producto: 00378-60400-63639-AA821
Fecha de instalaci�n original: 31/05/2019, 14:10:33
Tiempo de arranque del sistema: 18/09/2019, 8:45:58
Fabricante del sistema: HP
Modelo el sistema: HP ProDesk 600 G2 MT
Tipo de sistema: x64-based PC
Procesador(es): 1 Procesadores instalados.
[01]: Intel64 Family 6 Model 94 Stepping 3 GenuineIntel ~3312 Mhz
Versi�n del BIOS: HP N02 Ver. 02.14, 30/05/2016
Directorio de Windows: C:\Windows
Directorio de sistema: C:\Windows\system32
Dispositivo de arranque: \Device\HarddiskVolume2
Configuraci�n regional del sistema: es;Espa�ol (internacional)
Idioma de entrada: es;Espa�ol (tradicional)
Zona horaria: (UTC+01:00) Bruselas, Copenhague, Madrid, Par�s
Cantidad total de memoria f�sica: 16.265 MB
Memoria f�sica disponible: 11.301 MB
Memoria virtual: tama�o m�ximo: 18.697 MB
Memoria virtual: disponible: 13.383 MB
Memoria virtual: en uso: 5.314 MB
Ubicaci�n(es) de archivo de paginaci�n: C:\pagefile.sys
Dominio:
Servidor de inicio de sesi�n:
Revisi�n(es): 11 revisi�n(es) instaladas.
[01]: KB4514358
[02]: KB4486153
[03]: KB4486161
[04]: KB4494174
[05]: KB4497932
[06]: KB4499728
[07]: KB4503308
[08]: KB4512577
[09]: KB4512937
[10]: KB4516115
[11]: KB4512578
Tarjeta(s) de red: 2 Tarjetas de interfaz de red instaladas.
[01]: Intel(R) Ethernet Connection (2) I219-LM
Nombre de conexi�n: Ethernet
DHCP habilitado: S�
Servidor DHCP: 192.168.0.1
Direcciones IP
[01]: 192.168.0.21
[02]: fe80::1022:a391:540b:6651
[02]: VirtualBox Host-Only Ethernet Adapter
Nombre de conexi�n: VirtualBox Host-Only Network
DHCP habilitado: No
Direcciones IP
[01]: 192.168.56.1
[02]: fe80::f88f:244d:d4ca:5c13
Requisitos Hyper-V: Extensiones de modo de monitor de VM: S�
Se habilit� la virtualizaci�n en el firmware: S�
Traducci�n de direcciones de segundo nivel: S�
La prevenci�n de ejecuci�n de datos est� disponible: S�
Got a systeminfo.txt from a Win Server 2012 R2 with 220 Hotfixes installed, wesng shows oder 9000 vulnerabilites.
A lot of them are for different systems like Win10/7, also comes with tons of duplicates.
I used
./wes.py systeminfo.txt --exploits-only --hide "Internet Explorer" Edge Flash --muc-lookup
[!] Cannot lookup superseeding KBs in the Microsoft Update Catalog!
Reason: Python package mechanicalsoup not installed.
Install with 'pip install mechanicalsoup' and run again
G:\Device Guard\#Hardening 10 2004+\wesng-master>pip install mechanicalsoup
Requirement already satisfied: mechanicalsoup in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (0.12.0)
Requirement already satisfied: lxml in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from mechanicalsoup) (4.5.2)
Requirement already satisfied: requests>=2.0 in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from mechanicalsoup) (2.24.0)
Requirement already satisfied: beautifulsoup4>=4.4 in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from mechanicalsoup) (4.9.1)
Requirement already satisfied: six>=1.4 in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from mechanicalsoup) (1.15.0)
Requirement already satisfied: certifi>=2017.4.17 in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from requests>=2.0->mechanicalsoup) (2020.6.20)
Requirement already satisfied: chardet<4,>=3.0.2 in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from requests>=2.0->mechanicalsoup) (3.0.4)
Requirement already satisfied: idna<3,>=2.5 in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from requests>=2.0->mechanicalsoup) (2.10)
Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from requests>=2.0->mechanicalsoup) (1.25.9)
Requirement already satisfied: soupsieve>1.2 in c:\users\ty\appdata\local\packages\pythonsoftwarefoundation.python.3.8_qbz5n2kfra8p0\localcache\local-packages\python38\site-packages (from beautifulsoup4>=4.4->mechanicalsoup) (2.0.1)
similar to --impact
Regex is not working yet for these OSs.
Hi,
First thanks for this nice tool.
I tried the tool on a Windows Server 2012 R2, and it seems the output of KBs from systeminfo is wrong, and that makes wes to output a lot of false positive.
Here is the output of systeminfo:
Host Name: HOSTNAME
OS Name: Microsoft Windows Server 2012 R2 Standard
OS Version: 6.3.9600 N/A Build 9600
[...]
Hotfix(s): 275 Hotfix(s) Installed.
[01]: KB2868626
[02]: KB2883200
[03]: KB2887595
[04]: KB2894852
[05]: KB2894856
[06]: KB2896496
[07]: KB2903939
[08]: KB2911106
[09]: KB2919355
[10]: KB2919394
[11]: KB2920189
[12]: KB2928680
[13]: KB2934520
[14]: KB2938066
[15]: KB2954879
[16]: KB2955164
[17]: KB2959626
[18]: KB2961908
[19]: KB2962409
[20]: KB2965500
[21]: KB2966826
[22]: KB2966828
[23]: KB2967917
[24]: KB2971203
[25]: KB2972103
[26]: KB2973448
[27]: KB2975061
[28]: KB2975719
[29]: KB2976627
[30]: KB2977629
[31]: KB2984006
[32]: KB2987107
[33]: KB2989647
[34]: KB2989930
[35]: KB2993100
[36]: KB2995004
[37]: KB2995388
[38]: KB2996799
[39]: KB2998174
[40]: KB3000483
[41]: KB3000850
[42]: KB3003057
[43]: KB3004365
[44]: KB3004545
[45]: KB3008923
[46]: KB3012199
[47]: KB3012702
[48]: KB3013172
[49]: KB3013769
[50]: KB3013791
[51]: KB3013816
[52]: KB3014442
[53]: KB3019978
[54]: KB3021910
[55]: KB3021952
[56]: KB3023219
[57]: KB3023266
[58]: KB3024751
[59]: KB3024755
[60]: KB3030947
[61]: KB3033446
[62]: KB3035126
[63]: KB3036612
[64]: KB3037576
[65]: KB3037924
[66]: KB3038002
[67]: KB3038701
[68]: KB3042085
[69]: KB3044374
[70]: KB3044673
[71]: KB3045634
[72]: KB3045685
[73]: KB3045717
[74]: KB3045719
[75]: KB3045755
[76]: KB3045999
[77]: KB3046017
[78]: KB3046339
[79]: KB3046737
[80]: KB3054169
[81]: KB3054203
[82]: KB3054256
[83]: KB3054464
[84]: KB3055323
[85]: KB3055343
[86]: KB3055642
[87]: KB3059317
[88]: KB3060681
[89]: KB3060793
[90]: KB3061512
[91]: KB3063843
[92]: KB3071756
[93]: KB3072307
[94]: KB3074228
[95]: KB3074545
[96]: KB3077715
[97]: KB3078405
[98]: KB3078676
[99]: KB3080149
[100]: KB3082089
[101]: KB3084135
[102]: KB3084905
[103]: KB3086255
[104]: KB3087041
[105]: KB3087137
[106]: KB3091297
[107]: KB3094486
[108]: KB3095701
[109]: KB3097992
[110]: KB3099834
[111]: KB3100473
[112]: KB3102429
[113]: KB3102467
[114]: KB3103616
[115]: KB3103696
[116]: KB3103709
[117]: KB3109103
[118]: KB3109976
[119]: KB3110329
[120]: KB3115224
[121]: KB3118401
[122]: KB3121261
[123]: KB3123245
[124]: KB3126434
[125]: KB3126587
[126]: KB3127222
[127]: KB3133043
[128]: KB3133690
[129]: KB3134179
[130]: KB3134813
[131]: KB3134815
[132]: KB3137728
[133]: KB3138602
[134]: KB3139164
[135]: KB3139398
[136]: KB3139914
[137]: KB3140219
[138]: KB3140234
[139]: KB3145384
[140]: KB3145432
[141]: KB3146604
[142]: KB3146723
[143]: KB3146751
[144]: KB3147071
[145]: KB3155784
[146]: KB3156059
[147]: KB3159398
[148]: KB3161949
[149]: KB3162343
[150]: KB3162835
[151]: KB3172614
[152]: KB3172729
[153]: KB3173424
[154]: KB3175024
[155]: KB3178539
[156]: KB3179574
[157]: KB3185319
[158]: KB3186539
[159]: KB3192392
[160]: KB3197873
[161]: KB3205400
[162]: KB4012213
[163]: KB4014505
[164]: KB4014510
[165]: KB4014512
[166]: KB4014555
[167]: KB4014562
[168]: KB4014581
[169]: KB4014598
[170]: KB4014604
[171]: KB4014661
[172]: KB4015547
[173]: KB4018271
[174]: KB4019213
[175]: KB4020322
[176]: KB4021558
[177]: KB4022717
[178]: KB4025252
[179]: KB4025333
[180]: KB4033369
[181]: KB4033428
[182]: KB4034672
[183]: KB4034733
[184]: KB4036586
[185]: KB4038793
[186]: KB4040685
[187]: KB4040967
[188]: KB4040972
[189]: KB4040981
[190]: KB4041687
[191]: KB4041777
[192]: KB4043763
[193]: KB4047206
[194]: KB4048961
[195]: KB4049068
[196]: KB4051956
[197]: KB4052978
[198]: KB4054177
[199]: KB4054522
[200]: KB4054566
[201]: KB4054854
[202]: KB4054980
[203]: KB4054999
[204]: KB4055001
[205]: KB4056568
[206]: KB4056898
[207]: KB4073700
[208]: KB4074597
[209]: KB4074837
[210]: KB4088879
[211]: KB4089187
[212]: KB4092946
[213]: KB4093115
[214]: KB4093753
[215]: KB4095515
[216]: KB4095875
[217]: KB4096236
[218]: KB4096417
[219]: KB4098972
[220]: KB4103715
[221]: KB4103768
[222]: KB4130978
[223]: KB4229727
[224]: KB4284878
[225]: KB4338419
[226]: KB4338424
[227]: KB4338605
[228]: KB4338824
[229]: KB4339093
[230]: KB4339284
[231]: KB4342310
[232]: KB4342315
[233]: KB4343205
[234]: KB4343888
[235]: KB4344145
[236]: KB4344153
[237]: KB4344166
[238]: KB4344178
[239]: KB4345424
[240]: KB4457009
[241]: KB4457015
[242]: KB4457026
[243]: KB4457034
[244]: KB4457045
[245]: KB4457056
[246
Network Card(s): 1 NIC(s) Installed.
[01]: HP Ethernet 1Gb 4-port 331T Adapter
Connection Name: ETH-B3
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
[...]
As you can see the Hotfix(s):
entry is truncated...
It would maybe good to find a better way of getting the installed KBs from the machine, because systeminfo seems broken and unreliable.
Some relationships between the BulletinKB
and AffectedProduct
are mismatched.
For example, KB5022728-related records in the latest version (2023-03-09) 9a212d7 show that it patches not only Windows 10 Version 21H2 but also 22H2.
"20230214","CVE-2023-21722","5022728",".NET Framework Denial of Service Vulnerability","Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems","Microsoft","Important","Denial of Service","",
"20230214","CVE-2023-21722","5022728",".NET Framework Denial of Service Vulnerability","Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems","Microsoft","Important","Denial of Service","",
"20230214","CVE-2023-21722","5022728",".NET Framework Denial of Service Vulnerability","Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems","Microsoft","Important","Denial of Service","",
"20230214","CVE-2023-21722","5022728",".NET Framework Denial of Service Vulnerability","Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems","Microsoft","Important","Denial of Service","",
"20230214","CVE-2023-21722","5022728",".NET Framework Denial of Service Vulnerability","Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems","Microsoft","Important","Denial of Service","",
"20230214","CVE-2023-21722","5022728",".NET Framework Denial of Service Vulnerability","Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems","Microsoft","Important","Denial of Service","",
But the fact is:
You can also check out the MSRC Security Update Guide about CVE-2023-21722.
At the same time, some records are also duplicated:
L348961 & L348968
"20230214","CVE-2023-21722","5022728",".NET Framework Denial of Service Vulnerability","Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems","Microsoft","Important","Denial of Service","",
L348962 & L348969
"20230214","CVE-2023-21722","5022728",".NET Framework Denial of Service Vulnerability","Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems","Microsoft","Important","Denial of Service","",
Hi!
I noticed that the last vulnerabilities (ex: CVE-2021-34527) did not appear in the results. Same observation with the validation files except for Windows 7 and Windows server 2012.
My system : Windows 10 1809
Thx
Hi,
this is not really an issue in the code.
There are currently at minimum 2 exploits missing for CVE-2019-1129 and CVE-2019-1130. That was the fix for the latest sandboxescaper CVE-2019-0841 Bypass vulnerability from july.
One way to exploit this is here (Race Condition, so multiple cores needed):
https://github.com/SecureThisShit/SharpByeBear
Greetings
Line 401 in 57d6689
I might require your help until the project is over, please don't close. I will close it myself
Scanning today on my Windows, and I've found lot of vulnerabilities :
[+] Done. Displaying 123 of the 123 vulnerabilities found.
After a quick check, it was Windows 10, version 1909 and according
this security update includes quality improvements. Key changes include:
https://support.microsoft.com/en-us/help/4551762/windows-10-update-kb4551762
It means that your scanner is not really working with build 1909 ?
Thanks.
After writing "systeminfo > systeminfo.txt" in cmd, I get the following output from the console:
Windows Exploit Suggester 0.94 ( https://github.com/bitsadmin/wesng/ )
[+] Parsing systeminfo output
Traceback (most recent call last):
File "C:\Users\gutip\Desktop\WES\wes.py", line 480, in
main()
File "C:\Users\gutip\Desktop\WES\wes.py", line 111, in main
productfilter, win, mybuild, version, arch, hotfixes = determine_product(systeminfo_data)
File "C:\Users\gutip\Desktop\WES\wes.py", line 252, in determine_product
raise WesException('Not able to detect OS version based on provided input file')
main.WesException: Not able to detect OS version based on provided input file
But if I check the file content, it is printed:
Nombre de host: LAPTOP-HLCEB8UF
Nombre del sistema operativo: Microsoft Windows 10 Education
Versi¢n del sistema operativo: 10.0.17763 N/D Compilaci¢n 17763
Fabricante del sistema operativo: Microsoft Corporation
Configuraci¢n del sistema operativo: Estaci¢n de trabajo independiente
[...]
Hi!
I noticed a false positive when a CVE is corrected by different KBs. Enclosed is a systeminfo.txt and qfefile.txt illustrating the problem.
You can see that wesng
says that the server is vulnerable to CVE-2017-0143 (EternalBlue), because KB4012219
is missing:
Date: 20170321
CVE: CVE-2017-0143
KB: KB4012219
Title: Windows SMB Remote Code Execution Vulnerability
Affected product: Windows Server 2012 R2
Affected component:
Severity: Critical
Impact: Remote Code Execution
Exploits: https://www.exploit-db.com/exploits/41891/, https://www.exploit-db.com/exploits/41987/, https://www.exploit-db.com/exploits/43970/
However, KB4012213
, which also corrects CVE-2017-0143 in the March 2017 Security Only Update, is installed.
Therefore, the server is not vulnerable to EternalBlue, and the fact that KB4012219
is not installed should be ignored.
Hi,
In the try block:
try:
import chardet
encoding = chardet.detect(systeminfo)
systeminfo = systeminfo.decode(encoding['encoding'])
except ImportError:
print('[!] Warning: chardet module not installed. In case of encoding errors, install chardet using: pip3 install chardet')
systeminfo = systeminfo.decode('ascii')
Chardet sadly detects the wrong encoding and language, thus leading to an unexpected error that you haven't handled.
I'll also point out that even though I knew the right encoding ('ansi'
), I still tried to replace encoding['encoding']
with both 'utf-8'
and 'ascii'
and they both give error (UnicodeDecodeError: 'charmap' codec can't decode byte 0x8d
), so I don't know if you should arbitrarily choose the decoding yourself, maybe give the option to specify it
Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.
https://inventory.rawsec.ml/tools.html#WES-NG
An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.
More details about features here.
Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.
Mainly because this is giving visibility to your tool and improve its referencing.
The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.
Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.
If you want to thank us, you can help make our open project better known by tweeting about it! For example:
That's all, this message is just to notify you if you care. Else you can close this issue.
Would be good if this can be build within system intern commandline like CMD or Powershell instead of phyton
The input file systeminfo.txt created from systeminfo.exe doesn't list all the KBs installed.
The final result shows vulnerability related to for e.g. "KB4012212" although this update is installed.
Date: 20170314
CVE: CVE-2017-0022
KB: KB4012212
Affected product: Windows 7 for 32-bit Systems Service Pack 1
Affected component: Microsoft XML Core Services 3.0
Severity: Important
Impact: Information Disclosure
Exploit: n/a
The following command shows that "KB4012212" is installed.
wmic qfe list brief /format:texttablewsys > "%USERPROFILE%\hotfix.txt"
Security Update KB4012212 NT AUTHORITY\SYSTEM 3/31/2017
https://support.microsoft.com/en-us/help/2644427/systeminfo-exe-does-not-display-all-updates-in-windows-server-2003
Above link indicates that - "When using SystemInfo.exe in Windows Server 2003 to display a list of installed hotfixes, some hotfixes may not be listed if over 200 are installed." Cause - "There is a buffer size limitation that does not allow all system update hotfixes to be displayed"
Although this was for Windows Server 2003, it looks like this is still valid for other OS as well.
Hi
Do you update the "definitions.zip" file automatically? If yes, could you please send the update code of this file?
It would be great to have wesng
packaged on https://pypi.org/ :)
How about considering alternative approaches for extracting the list of installed KBs (in addition to using Get-SystemInfo, wmic qfe and the systeminfo command)?
The "Microsoft Update Client Install History" as described in windows-how-to-list-all-of-the-windows-and-software-updates-applied-to-a-computer looks promising (wrt eliminating more false positives).
Running Wes-ng on my virtual lab, on win10 1809 (latest hotfix is from 2019), server 2016, server 2019
always returning only 1 missing patch on each which does not seems correct
wes_srv19_with_d.txt
wes_srv19_without_d.txt
wes_srv16_with_d.txt
wes_srv16_without_d.txt
wes_win101809_without_d.txt
wes_win101809_with_d.txt
Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported
I noticed there are quite a few versions of windows which have been missed, or not handled correctly. I initially noticed it on 2008 R2 which was being reported as 2008 (different build numbers) which reported 2564 vulnerabilities found :O looks like windows 8 (& 8.1) and 2012's are missing too. I didn't have these on hand to test to verify, but a quick look at wes.py doesn't even list these versions
https://en.wikipedia.org/wiki/Comparison_of_Microsoft_Windows_versions#Windows_NT
Receiving an error when looking up KB on the Microsoft Update Catalog. If the rows returned is None, you will receive an error:
[+] Looking up superseeding hotfixes in the Microsoft Update Catalog
- Looking up potentially missing KB3197873 [...] found: []
Traceback (most recent call last):
File "wes.py", line 799, in <module>
main()
File "wes.py", line 210, in main
filtered = apply_muc_filter(filtered, hotfixes_orig)
File "/root/Downloads/wesng/muc_lookup.py", line 94, in apply_muc_filter
superseeded_by[kb] = set(lookup_supersedence(kb))
File "/root/Downloads/wesng/muc_lookup.py", line 119, in lookup_supersedence
updates = rows.find_all(
AttributeError: 'NoneType' object has no attribute 'find_all'
I've made a pull request to fix this: #41
there is no info about above mentioned KB being superseded, thus creating false findings where this KB is not present on system. The KB is superseded by all later monthly cumulative rollups. (https://www.catalog.update.microsoft.com/Search.aspx?q=KB4345420)
I think it will be useful if the script show how many exploits in the result, like:
Or even more in the result like:
So users don't have to check everything in the terminal. It is extremely helpful if the target doesn't do full update.
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/urllib/request.py", line 1357, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)>
I wish to use a central definition.zip. I have made an alias to always run wes.py with --definition /some/path/to/file.zip.
However when --update is supplied, parse will throw errors about invalid arguments.
I'd like if arguments are allowed, in particular where --update will write the new definition to.
I'd also like if --color and other such tags were still allowed.
Is it fine to add python2 support here and make possible to use this as a module?
If I want to perform large-scale terminal detection on computers that have entered the domain, what is a better solution? Is there such a recognition technology?
..i tried wes.py on a win7 ultimate and got problems maybe you have an idea what is missing?
i already did: pip install chardet and pip install regex
PS C:\Users\oli7\Downloads\wesng-master> py.exe -V
Python 3.7.2
PS C:\Users\oli7\Downloads\wesng-master> .\wes.py .\systeminfo.txt > .\wes-report.txt
result is:
PS C:\Users\oli7\Downloads\wesng-master> .\wes.py .\systeminfo.txt > .\wes-report.txt Traceback (most recent call last): File "C:\Users\oli7\Downloads\wesng-master\wes.py", line 288, in <module> main() File "C:\Users\oli7\Downloads\wesng-master\wes.py", line 63, in main systeminfo_matches = regex_version.findall(systeminfo)[0] IndexError: list index out of range PS C:\Users\oli7\Downloads\wesng-master>
Here you have the requested logs:
https://mega.nz/#!wgRCxApA
I've Win10 version 1803, build 17134.619
Let me thank you for your work in making this tool.
I checked closed and open issues and could not find anything related to the error i have, so i apologize if this has already been covered somewhere else.
Python2.7
Z:\disco>python wes.py sysinf.txt qfe.txt -e -o z:\disco\wesout.txt
Windows Exploit Suggester 0.96 ( https://github.com/bitsadmin/wesng/ )
[+] Parsing systeminfo output
[+] Parsing quick fix engineering (qfe) output
[+] Operating System
- Name: Windows 10 Version 1803 for x64-based Systems
- Generation: 10
- Build: 17134
- Version: 1803
- Architecture: x64-based
- Installed hotfixes (12): <removed>
[+] Loading definitions
- Creation date of definitions: 20190723
[+] Determining missing patches
[+] Applying display filters
[+] Found vulnerabilities
[+] Writing 5 results to z:\disco\wesout.txt
Traceback (most recent call last):
File "wes.py", line 776, in
main()
File "wes.py", line 208, in main
store_results(args.outputfile, filtered)
File "wes.py", line 648, in store_results
with open(outputfile, 'w', newline='') as f:
TypeError: 'newline' is an invalid keyword argument for this function`
I've also tried the same command with:
-o wesout.txt
-o .\wesout.txt
Hello!
I have some misunderstanding regarding to the results of the tool obtained for windows 10 version 10.0.10240 N/A Build 10240 (1507). In my case OS has four installed hotfixs, the last of which dates from December 14, 2015 (KB3122962). Despite this, wes.py gives me result that host OS has only one vulnerability (CVE-2017-0143). Are these results normal for windows 10 1507 with four installed hotfixes? I supposed that other security updates were published for 4 year, but I can't find any updates for build 1507 after December 14, 2015 to confirm or deny the result.
Upd.
I run VB script from https://docs.microsoft.com/en-us/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline and got following missing hotfixes: KB3172729, KB890830, KB4493478, KB4493475
Hey,
If you can share the script you use, even if it requires a very heavy development environment, some API keys or others things that are just difficult to get
Thanks
https://file.io/8uY2uI
Regards
Mats
Hey boss,
At first, i would like to thank you so mush for your great job.
Can you provide us with your code to generate the definition zip file please?
BR
most CVEs have null component fields and the product is usually just the OS version. In most cases the filter needs to be applied to the Title since it contains the most information.
adding "or hidden in cve['Title'].lower()" to line 281 solved the issue for me.
would be nice to have some color output as well. i may work on this soon if its not on the to-do list already.
are there any other impact? i just know the execution of remote code
No ideas from
https://github.com/GDSSecurity/Windows-Exploit-Suggester ?
Python is apparently not enough to run this on WIn 10:
> .\wes.py systeminfo.txt > wes-report.txt
Traceback (most recent call last):
File "C:\Users\Edgar.Knapp\Downloads\wesng-master\wes.py", line 65, in main import chardet
ModuleNotFoundError: No module named 'chardet'
I tried
> pip3 install chardet
'pip3' is not recognized as an internal or external command, operable program or batch file.
Some instructions on what to do would be helpful.
systeminfo.txt
Host Name: #####
OS Name: Microsoft(R) Windows(R) Server 2003, Standard Edition
OS Version: 5.2.3790 Service Pack 1 Build 3790
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Server
OS Build Type: Uniprocessor Free
Registered Owner: #####
Registered Organization:
Product ID: ####-###-########-#####
Original Install Date: 2/17/2008, 7:42:18 PM
System Up Time: 4 Days, 14 Hours, 25 Minutes, 24 Seconds
System Manufacturer: VMware, Inc.
System Model: VMware Virtual Platform
System Type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 6 Model 63 Stepping 2 GenuineIntel ~2597 Mhz
BIOS Version: INTEL - 6040000
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-06:00) Central Time (US & Canada)
Total Physical Memory: 511 MB
Available Physical Memory: 334 MB
Page File: Max Size: 678 MB
Page File: Available: 525 MB
Page File: In Use: 153 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: N/A
Hotfix(s): 1 Hotfix(s) Installed.
[01]: Q147222
Network Card(s): N/A
python wes.py systeminfo.txt -e
Windows Exploit Suggester 0.98 ( https://github.com/bitsadmin/wesng/ )
[+] Parsing systeminfo output
[+] Operating System
- Name: Microsoft Windows Server 2003
- Generation: 2003
- Build: 3790
- Version: None
- Architecture:
- Installed hotfixes: None
[+] Loading definitions
- Creation date of definitions: 20191204
[+] Determining missing patches
[+] Filtering duplicate vulnerabilities
[+] Applying display filters
[+] Found vulnerabilities
wes is not identifying this is x68 architecture and I get also lots of exploits for x64
This project is cool. Have you thought of extending it much further. Creating an API like module that parses the systeminfo file and generates a list of results?
seems that $cves_msrc = @() is missing from collect_msrc.ps1 thus the script returns many errors and only one item...
hi, i am testing wesng with windows 2012 r2 server in russian language, it fails to detect os name or/ version and exits.
error:
python wes.py sys qfe
Windows Exploit Suggester 0.98 ( https://github.com/bitsadmin/wesng/ )
[+] Parsing systeminfo output
[-] Not able to detect OS version based on provided input file
tried to run wesng on same windows, it gave not able to detect os name.
problem seems to be with reg expression to detect name/version? couldnt test it though
qfe file:
https://pastebin.com/raw/frwMSuMz
systeminfo file:
https://pastebin.com/raw/wX1Nb1J1
screenshot from windows detecting os version, failing on os name
https://imgur.com/a/imWKuFQ
thanks for help
Hi!
For I can say, it seems that if you have the last build you have all the previous accumulative patchs. But, when you do a systeminfo, you only get the generic build number (17134 in my case).
What I found is that this guy found a way to get this data with PowerShell:
https://gist.github.com/SMSAgentSoftware/78659181ccbe0f59677209f3487d7030#file-get-windowsversion-ps1
When you run the script you get the full OS Build: 17134.619. Once you get it, you can compare and automatically skip previous KB.
I hope this could be helpful for you.
Hello,
I believe that the csv file contained in definitions.zip is incomplete
the result of collect_msrc.ps1 seems consistent.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.