Remote Exploit Scan Tool
Use SSH credentials to remotely scan linux system
packages for known exploits in Exploit-DB and run
basic enumeration scripts.

Currently works against Debian and RHEL based systems.
Bug testing, additions, and rewrites are welcome, just submit an issue or pull request.
Thanks to mikesz81 for concept and nbulischeck for code review.

• linux (tested in kali-2019.2)
• searchsploit
• python>=3.7
• pip
  • termcolor >= 1.1.0
  • paramiko >= 2.6.0

Note: It is recommended to clone this repository into a python virtual
envirnment and run pip install -r requirements.txt

usage: rest.py [-h] [-n [port_number]] [-p password] [-k key_file] [-ss] [-le]
               [-t] [-ps]
               hostname username

positional arguments:
  hostname          hostname or IP address of remote machine
  username          username used to login to host

optional arguments:
  -h, --help        show this help message and exit
  -n [port_number]  port number (default is 22)
  -p password       password for user
  -k key_file       location of RSA or DSA Key file
  -ss               run package list against searchsploit database
  -le               run LinEnum.sh and return LE_report
  -t                add thorough switch to -le LinEnum.sh
  -ps               run pspy64 or pspy32 with defaults and return pspy_out

Examples:

./rest.py 192.168.1.100 vera -p eatadick6969 -n 666
./rest.py 192.168.1.101 jeff -p my_name_a -k ~/.ssh/id_rsa -ss
./rest.py 192.168.1.102 bigwillystyle -k ~/.ssh/id_rsa -ss
./rest.py 192.168.1.104 buck -p nchuck -le
./rest.py 192.168.1.105 matt_d -p i_love_ben_a -ps
./rest.py 192.168.1.106 ben_a -p i_love_matt_d -ss -le -t -ps