Skip to main content

WES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities.

Project description

Windows Exploit Suggester - Next Generation (WES-NG)

WES-NG is a tool based on the output of Windows' systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 11, including their Windows Server counterparts, is supported.

At the BITSADMIN blog an in-depth article on WES-NG is available: Windows Security Updates for Hackers.

Usage

  1. Download WES-NG using pip install wesng or using the following commandline: git clone https://github.com/bitsadmin/wesng --depth 1
  2. Obtain the latest database of vulnerabilities by executing the command wes.py --update
  3. There are two options to check for missing patches: a. Launch missingkbs.vbs on the host to have Windows determine which patches are missing b. Use Windows' built-in systeminfo.exe tool to obtain the system information of the local system, or from a remote system using systeminfo /S MyRemoteHost, and redirect this to a file: systeminfo > systeminfo.txt
  4. Depending on the method chosen in step 3 execute WES-NG: a. With the missing.txt file as input: wes.py --missing missing.txt (or wes.py -m missing.txt) b. With the systeminfo.txt file as the parameter: wes.py systeminfo.txt WES-NG then uses the database to determine which patches are applicable to the system and to which vulnerabilities are currently exposed, including exploits if available.
  5. As the data provided by Microsoft's MSRC feed is frequently incomplete and false positives are reported by wes.py, @DominicBreuker contributed the --muc-lookup parameter to validate identified missing patches from the systeminfo.txt file against Microsoft's Update Catalog. Additionally, make sure to check the Eliminating false positives page in the Wiki on how to interpret the results. For an overview of all available parameters for both missingkbs.vbs and wes.py, check CMDLINE.md.

Demo

Gif animation showing usage of Windows Exploit Suggester - Next Generation

Collector

This GitHub repository regularly updates the database of vulnerabilities, so running wes.py with the --update parameter gets the latest version. If manual generation of the .csv file with hotfix information is required, use the scripts from the /collector folder to compile the database. Read the comments at the top of each script and execute them in the order as they are listed below. Executing these scripts will produce definitions.zip. The WES-NG collector pulls information from various sources:

  • Microsoft Security Bulletin Data: KBs for older systems [1]
  • MSRC: The Microsoft Security Update API of the Microsoft Security Response Center (MSRC): Standard source of information for modern Microsoft Updates [2]
  • NIST National Vulnerability Database (NVD): Complement vulnerabilities with Exploit-DB links [3] These are combined into a single .csv file which is compressed and hosted in this GitHub repository.

Rationale

I developed WES-NG because while GDSSecurity's Windows-Exploit-Suggester worked excellently for operating systems in the Windows XP and Windows Vista era, GDSSecurity's Windows-Exploit-Suggester does not work for operating systems like Windows 11 and vulnerabilities published in recent years. This is because Microsoft replaced the Microsoft Security Bulletin Data Excel file [1] on which GDSSecurity's Windows-Exploit-Suggester is fully dependent, by the MSRC API [2]. The Microsoft Security Bulletin Data Excel file has not been updated since Q1 2017, so later operating systems and vulnerabilities cannot be detected. Thanks @gdssecurity, for this great tool which has served many of us for so many years!

Bugs

Changelog

See CHANGELOG.md

Improvements

  • Add support for NoPowerShell's Get-SystemInfo cmdlet output
  • Add support for alternative output formats of systeminfo (csv, table)
  • More testing on the returned false positive vulnerabilities - see also the wiki

References

[1] https://www.microsoft.com/download/details.aspx?id=36982

[2] https://portal.msrc.microsoft.com/en-us/developer

[3] https://nvd.nist.gov/vuln/data-feeds

Authored by Arris Huijgen (@bitsadmin - https://github.com/bitsadmin/)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wesng-1.0.3.tar.gz (19.9 kB view details)

Uploaded Source

Built Distribution

wesng-1.0.3-py3-none-any.whl (18.5 kB view details)

Uploaded Python 3

File details

Details for the file wesng-1.0.3.tar.gz.

File metadata

  • Download URL: wesng-1.0.3.tar.gz
  • Upload date:
  • Size: 19.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/3.7.3 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.2

File hashes

Hashes for wesng-1.0.3.tar.gz
Algorithm Hash digest
SHA256 8c682e5d4df6efc48f199f5b7d3fd4331e86311e5caf5c07301561cce2b56ed5
MD5 6e5afb861adef0811ed5600946b492fd
BLAKE2b-256 edba1a9595009d82dc22181fc25d1e145f587b581ac21437d5e9a0337280ba99

See more details on using hashes here.

File details

Details for the file wesng-1.0.3-py3-none-any.whl.

File metadata

  • Download URL: wesng-1.0.3-py3-none-any.whl
  • Upload date:
  • Size: 18.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/3.7.3 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.2

File hashes

Hashes for wesng-1.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 a292d5e732f3544853b63943cd4a3458cb475735b711325dd45939ac3c702351
MD5 fb75885732c1b71f5a8d8a7483026698
BLAKE2b-256 88d1a8e713c12a80c74623fd4ae066bfcaec56329ffb6e4c329f3fc9a6fe63b8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page