How to show all Possible Exploits in Victim PC using Windows-Exploit-Suggester

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

It requires the ‘systeminfo‘ command output from a Windows host in order to compare that the Microsoft security bulletin database and determine the patch level of the host.

It has the ability to automatically download the security bulletin database from Microsoft with the –update flag, and saves it as an Excel spreadsheet.

First Download windows exploit suggester from here and unzip in your pc

Now to update the script using

./windows-exploit-suggester.py –update

Now download xlrd-0.9.4 from here and install in your pc using

./setup.py installĀ  ( which is prerequisite)

Now run systeminfo command in windows prompt and save the resultant file on the Desktop as

Win7-ultimate.txt.

Now copy File Win7-ultimate.txt in Windows-Exploit-Suggester-master folder on Kali Linux as shown below.

Now run the following command & you will get the result.

./windows-exploit-suggester.py –database 2015-09-25-mssb.xlsx –systeminfo win7-ultimate-systeminfo.txt

Now it will show all possible exploits for an operating system Victim windows PC.

3 Comments How to show all Possible Exploits in Victim PC using Windows-Exploit-Suggester

  1. Kiara

    Hi Unable to read the system info file at the last step. Here in article also the step mentioned and input given differs. Please suggest.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *