Windows Exploit Suggester

Description

A Python-based tool that compares the output of Windows systeminfo command against a database of known vulnerabilities to identify potential privilege escalation exploits for the target system.

Usage 1: Update the Vulnerability Database

Download/update the vulnerability database. This will create an Excel spreadsheet file with the latest vulnerability data.

Command:

./windows-exploit-suggester.py --update

Usage 2: Install Required Dependency

Install the xlrd Python library which is required for parsing the Excel database file.

Command:

pip install xlrd --upgrade

Usage 3: Run the Exploit Suggester

Compare the systeminfo output from the target Windows machine against the vulnerability database to identify potential exploits. Save the systeminfo output from the target into a text file first.

Command:

./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt

Notes

First run systeminfo on the target Windows machine and save the output to a text file.
The --update command will generate the database file name (e.g., 2014-06-06-mssb.xlsx); use that name in the --database flag.
GitHub: https://github.com/AonCyberLabs/Windows-Exploit-Suggester
Also consider using the Metasploit local exploit suggester module:
```
run post/multi/recon/local_exploit_suggester
```