From 12af41044b60ce9651b1721a70e4c0253426fdaa Mon Sep 17 00:00:00 2001 From: Anurag Mondal Date: Sun, 15 Nov 2020 21:07:53 +0530 Subject: [PATCH 1/4] Update windows-exploit-suggester.py Fixed the shebang to use correct python env, Fixed the installation command for xlrd module and added support for windows server 2016 and 2019. --- windows-exploit-suggester.py | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/windows-exploit-suggester.py b/windows-exploit-suggester.py index 108c1b6..10bf402 100755 --- a/windows-exploit-suggester.py +++ b/windows-exploit-suggester.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python2 # -*- coding: utf-8 -*- # # Windows Exploit Suggester @@ -49,7 +49,7 @@ # # install dependencies # -# (install python-xlrd, $ pip install xlrd --upgrade) +# (install python-xlrd, $ python2 -m pip install xlrd --upgrade) # # feed it "systeminfo" input, and point it to the microsoft database # @@ -97,7 +97,7 @@ # TROUBLESHOOTING # # If you're receiving the following error message, update the xlrd library -# $ pip install xlrd --update +# $ python2 -m pip install xlrd --update # # [*] initiating winsploit version 24... # [*] database file detected as xls or xlsx based on extension @@ -964,6 +964,8 @@ def getname(ostext): [" 7","7"], [" 8","8"], ["2012","2012"], + ["2016","2016"], + ["2019","2019"], ["8.1","8.1"], [" 10","10"]] @@ -1040,7 +1042,19 @@ def getarchitecture(ostext): if getname(ostext) == "2012" and architecture == "32": if ARGS.verbose: ALERT("forcing unidentified architecture to 64-bit because OS identified as Windows Server 2012 does not support 32-bit") - architecture = "64" + architecture = "64" + + # windows server 2016 is only 64-bit arch + if getname(ostext) == "2016" and architecture == "32": + if ARGS.verbose: + ALERT("forcing unidentified architecture to 64-bit because OS identified as Windows Server 2016 does not support 32-bit") + architecture = "64" + + # windows server 2019 is only 64-bit arch + if getname(ostext) == "2019" and architecture == "32": + if ARGS.verbose: + ALERT("forcing unidentified architecture to 64-bit because OS identified as Windows Server 2019 does not support 32-bit") + architecture = "64" return architecture From 3a1dfc707a007751e811e52e77533a9d6ebe103f Mon Sep 17 00:00:00 2001 From: Anurag Mondal Date: Sun, 15 Nov 2020 21:10:14 +0530 Subject: [PATCH 2/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e3b5148..dd2b2ad 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ $ ./windows-exploit-suggester.py --update ``` install dependencies -(install python-xlrd, $ pip install xlrd --upgrade) +(install python-xlrd, $ python2 -m pip install xlrd --upgrade) feed it "systeminfo" input, and point it to the microsoft database ``` From 198bb3ca8042f3b7dd3b40af8d745423499b20e9 Mon Sep 17 00:00:00 2001 From: Anurag Mondal Date: Sun, 15 Nov 2020 21:25:20 +0530 Subject: [PATCH 3/4] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dd2b2ad..0c38c54 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,8 @@ install dependencies (install python-xlrd, $ python2 -m pip install xlrd --upgrade) -feed it "systeminfo" input, and point it to the microsoft database +Either run this from a Windows OS orfeed it "systeminfo" as input, and point it to the microsoft database + ``` $ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt [*] initiating... From 77a8fb20a2fb69e1e153fc2e5cb4eab88a98442d Mon Sep 17 00:00:00 2001 From: Anurag Mondal Date: Sun, 15 Nov 2020 21:31:33 +0530 Subject: [PATCH 4/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c38c54..1232293 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ install dependencies (install python-xlrd, $ python2 -m pip install xlrd --upgrade) -Either run this from a Windows OS orfeed it "systeminfo" as input, and point it to the microsoft database +Either run this from a Windows OS or feed it "systeminfo" as input, and point it to the microsoft database ``` $ ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt