0xspade

Linux Exploit Suggester

Aug 25th, 2016
162
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 19.50 KB | None | 0 0
  1. #!/usr/bin/perl
  2. use strict;
  3. use warnings;
  4. use Getopt::Std;
  5.  
  6. our $VERSION = '0.9';
  7.  
  8. my %opts;
  9. getopt( 'k,h', \%opts );
  10. usage() if exists $opts{h};
  11.  
  12. my ( $khost, $is_partial ) = get_kernel();
  13. print "\nKernel local: $khost\n\n";
  14.  
  15. my %exploits = get_exploits();
  16. print 'Searching among ' . scalar keys(%exploits) . " exploits...\n\n";
  17. print "Possible Exploits:\n";
  18.  
  19. EXPLOIT:
  20. foreach my $key ( sort keys %exploits ) {
  21.     foreach my $kernel ( @{ $exploits{$key}{vuln} } ) {
  22.  
  23.         if (     $khost eq $kernel
  24.               or ( $is_partial and index($kernel,$khost) == 0 )
  25.         ) {
  26.             print "[+] $key";
  27.             print " ($kernel)" if $is_partial;
  28.  
  29.             my $alt = $exploits{$key}{alt};
  30.             my $cve = $exploits{$key}{cve};
  31.             my $mlw = $exploits{$key}{mil};
  32.             if ( $alt or $cve ) {
  33.                 print "\n";
  34.             }
  35.             if ( $alt ) { print "   Alt: $alt "; }
  36.             if ( $cve ) { print "   CVE-$cve"; }
  37.             if ( $mlw ) { print "\n   Source: $mlw"; }
  38.             print "\n";
  39.             next EXPLOIT;
  40.         }
  41.     }
  42. }
  43. exit;
  44.  
  45.  
  46. ######################
  47. ## extra functions  ##
  48. ######################
  49.  
  50. sub get_kernel {
  51.     my $khost = '';
  52.  
  53.     if ( exists $opts{k} ) {
  54.         $khost = $opts{k};
  55.     }
  56.     else {
  57.         $khost = `uname -r |cut -d"-" -f1`;
  58.         chomp $khost;
  59.     }
  60.  
  61.     # partial kernels might be provided by the user,
  62.     # such as '2.4' or '2.6.'
  63.     my $is_partial = $khost =~ /^\d+\.\d+\.?\d?/ ? 0 : 1;
  64.     if ( $is_partial and substr($khost,-1) ne '.' ) {
  65.         $khost .= '.';
  66.     }
  67.     return ( $khost, $is_partial );
  68. }
  69.  
  70. sub usage {
  71.     print <<"EOUSAGE";
  72. Linux Exploit Suggester $VERSION
  73. Usage: \t$0  [-h] [-k kernel]
  74.  
  75. [-h] help (this message)
  76. [-k] kernel number eg. 2.6.28
  77.  
  78. You can also provide a partial kernel version (eg. 2.4)
  79. to see all exploits available.
  80.  
  81. EOUSAGE
  82. }
  83.  
  84. sub get_exploits {
  85.   return (
  86.     'w00t' => {
  87.         vuln => [
  88.             '2.4.10', '2.4.16', '2.4.17', '2.4.18',
  89.             '2.4.19', '2.4.20', '2.4.21',
  90.         ]
  91.     },
  92.     'brk' => {
  93.         vuln => [ '2.4.10', '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ],
  94.     },
  95.     'ave' => { vuln => [ '2.4.19', '2.4.20' ] },
  96.  
  97.     'elflbl' => {
  98.         vuln => ['2.4.29'],
  99.         mil  => 'http://www.exploit-db.com/exploits/744/',
  100.     },
  101.  
  102.     'elfdump'      => { vuln => ['2.4.27'] },
  103.     'elfcd'        => { vuln => ['2.6.12'] },
  104.     'expand_stack' => { vuln => ['2.4.29'] },
  105.  
  106.     'h00lyshit' => {
  107.         vuln => [
  108.             '2.6.8',  '2.6.10', '2.6.11', '2.6.12',
  109.             '2.6.13', '2.6.14', '2.6.15', '2.6.16',
  110.         ],
  111.         cve => '2006-3626',
  112.         mil => 'http://www.exploit-db.com/exploits/2013/',
  113.     },
  114.  
  115.     'kdump' => { vuln => ['2.6.13'] },
  116.     'km2'   => { vuln => [ '2.4.18', '2.4.22' ] },
  117.     'krad' =>
  118.       { vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ] },
  119.  
  120.     'krad3' => {
  121.         vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ],
  122.         mil => 'http://exploit-db.com/exploits/1397',
  123.     },
  124.  
  125.     'local26' => { vuln => ['2.6.13'] },
  126.     'loko'    => { vuln => [ '2.4.22', '2.4.23', '2.4.24' ] },
  127.  
  128.     'mremap_pte' => {
  129.         vuln => [ '2.4.20', '2.2.24', '2.4.25', '2.4.26', '2.4.27' ],
  130.         mil => 'http://www.exploit-db.com/exploits/160/',
  131.     },
  132.  
  133.     'newlocal' => { vuln => [ '2.4.17', '2.4.19' ] },
  134.     'ong_bak'  => { vuln => ['2.6.5'] },
  135.     'ptrace' =>
  136.       { vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ] },
  137.     'ptrace_kmod' => {
  138.         vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ],
  139.         cve  => '2007-4573',
  140.     },
  141.     'ptrace_kmod2' => {
  142.         vuln => [
  143.             '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', '2.6.31',
  144.             '2.6.32', '2.6.33', '2.6.34',
  145.         ],
  146.         alt => 'ia32syscall,robert_you_suck',
  147.         mil => 'http://www.exploit-db.com/exploits/15023/',
  148.         cve => '2010-3301',
  149.     },
  150.     'ptrace24' => { vuln => ['2.4.9'] },
  151.     'pwned'    => { vuln => ['2.6.11'] },
  152.     'py2'      => { vuln => [ '2.6.9', '2.6.17', '2.6.15', '2.6.13' ] },
  153.     'raptor_prctl' => {
  154.         vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
  155.         cve  => '2006-2451',
  156.         mil => 'http://www.exploit-db.com/exploits/2031/',
  157.     },
  158.     'prctl' => {
  159.         vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
  160.         mil => 'http://www.exploit-db.com/exploits/2004/',
  161.     },
  162.     'prctl2' => {
  163.         vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
  164.         mil => 'http://www.exploit-db.com/exploits/2005/',
  165.     },
  166.     'prctl3' => {
  167.         vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
  168.         mil => 'http://www.exploit-db.com/exploits/2006/',
  169.     },
  170.     'prctl4' => {
  171.         vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
  172.         mil => 'http://www.exploit-db.com/exploits/2011/',
  173.     },
  174.     'remap'      => { vuln => ['2.4.'] },
  175.     'rip'        => { vuln => ['2.2.'] },
  176.     'stackgrow2' => { vuln => [ '2.4.29', '2.6.10' ] },
  177.     'uselib24' => {
  178.         vuln => [ '2.6.10', '2.4.17', '2.4.22', '2.4.25', '2.4.27', '2.4.29' ]
  179.     },
  180.     'newsmp'   => { vuln => ['2.6.'] },
  181.     'smpracer' => { vuln => ['2.4.29'] },
  182.     'loginx'   => { vuln => ['2.4.22'] },
  183.     'exp.sh'   => { vuln => [ '2.6.9', '2.6.10', '2.6.16', '2.6.13' ] },
  184.     'vmsplice1' => {
  185.         vuln => [
  186.             '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22',
  187.             '2.6.23', '2.6.24', '2.6.24.1',
  188.         ],
  189.         alt => 'jessica biel',
  190.         cve => '2008-0600',
  191.         mil => 'http://www.exploit-db.com/exploits/5092',
  192.     },
  193.     'vmsplice2' => {
  194.         vuln => [ '2.6.23', '2.6.24' ],
  195.         alt  => 'diane_lane',
  196.         cve  => '2008-0600',
  197.         mil  => 'http://www.exploit-db.com/exploits/5093',
  198.     },
  199.     'vconsole' => {
  200.         vuln => ['2.6.'],
  201.         cve  => '2009-1046',
  202.     },
  203.     'sctp' => {
  204.         vuln => ['2.6.26'],
  205.         cve  => '2008-4113',
  206.     },
  207.     'ftrex' => {
  208.         vuln => [
  209.             '2.6.11', '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16',
  210.             '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22',
  211.         ],
  212.         cve => '2008-4210',
  213.         mil => 'http://www.exploit-db.com/exploits/6851',
  214.     },
  215.     'exit_notify' => {
  216.         vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ],
  217.         mil => 'http://www.exploit-db.com/exploits/8369',
  218.     },
  219.     'udev' => {
  220.         vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ],
  221.         alt  => 'udev <1.4.1',
  222.         cve  => '2009-1185',
  223.         mil => 'http://www.exploit-db.com/exploits/8478',
  224.     },
  225.  
  226.     'sock_sendpage2' => {
  227.         vuln => [
  228.             '2.4.4',  '2.4.5',  '2.4.6',  '2.4.7',  '2.4.8',  '2.4.9',
  229.             '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15',
  230.             '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21',
  231.             '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27',
  232.             '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33',
  233.             '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0',  '2.6.1',
  234.             '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',  '2.6.6',  '2.6.7',
  235.             '2.6.8',  '2.6.9',  '2.6.10', '2.6.11', '2.6.12', '2.6.13',
  236.             '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19',
  237.             '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25',
  238.             '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30',
  239.         ],
  240.         alt => 'proto_ops',
  241.         cve => '2009-2692',
  242.         mil => 'http://www.exploit-db.com/exploits/9436',
  243.     },
  244.  
  245.     'sock_sendpage' => {
  246.         vuln => [
  247.             '2.4.4',  '2.4.5',  '2.4.6',  '2.4.7',  '2.4.8',  '2.4.9',
  248.             '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15',
  249.             '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21',
  250.             '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27',
  251.             '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33',
  252.             '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0',  '2.6.1',
  253.             '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',  '2.6.6',  '2.6.7',
  254.             '2.6.8',  '2.6.9',  '2.6.10', '2.6.11', '2.6.12', '2.6.13',
  255.             '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19',
  256.             '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25',
  257.             '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30',
  258.         ],
  259.         alt => 'wunderbar_emporium',
  260.         cve => '2009-2692',
  261.         mil => 'http://www.exploit-db.com/exploits/9435',
  262.     },
  263.     'udp_sendmsg_32bit' => {
  264.         vuln => [
  265.             '2.6.1',  '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',  '2.6.6',
  266.             '2.6.7',  '2.6.8',  '2.6.9',  '2.6.10', '2.6.11', '2.6.12',
  267.             '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18',
  268.             '2.6.19',
  269.         ],
  270.         cve => '2009-2698',
  271.         mil =>
  272.           'http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c',
  273.     },
  274.     'pipe.c_32bit' => {
  275.         vuln => [
  276.             '2.4.4',  '2.4.5',  '2.4.6',  '2.4.7',  '2.4.8',  '2.4.9',
  277.             '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15',
  278.             '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21',
  279.             '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27',
  280.             '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33',
  281.             '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.15', '2.6.16',
  282.             '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22',
  283.             '2.6.23', '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28',
  284.             '2.6.29', '2.6.30', '2.6.31',
  285.         ],
  286.         cve => '2009-3547',
  287.         mil =>
  288.           'http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c',
  289.     },
  290.     'do_pages_move' => {
  291.         vuln => [
  292.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  293.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  294.             '2.6.30', '2.6.31',
  295.         ],
  296.         alt => 'sieve',
  297.         cve => '2010-0415',
  298.         mil => 'Spenders Enlightenment',
  299.     },
  300.     'reiserfs' => {
  301.         vuln => [
  302.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  303.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  304.             '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34',
  305.         ],
  306.         cve => '2010-1146',
  307.         mil => 'http://www.exploit-db.com/exploits/12130/',
  308.     },
  309.     'can_bcm' => {
  310.         vuln => [
  311.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  312.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  313.             '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
  314.             '2.6.36',
  315.         ],
  316.         cve => '2010-2959',
  317.         mil => 'http://www.exploit-db.com/exploits/14814/',
  318.     },
  319.     'rds' => {
  320.         vuln => [
  321.             '2.6.30', '2.6.31', '2.6.32', '2.6.33',
  322.             '2.6.34', '2.6.35', '2.6.36',
  323.         ],
  324.         mil => 'http://www.exploit-db.com/exploits/15285/',
  325.         cve => '2010-3904',
  326.     },
  327.     'half_nelson' => {
  328.         vuln => [
  329.             '2.6.0',  '2.6.1',  '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',
  330.             '2.6.6',  '2.6.7',  '2.6.8',  '2.6.9',  '2.6.10', '2.6.11',
  331.             '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
  332.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  333.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  334.             '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
  335.             '2.6.36',
  336.         ],
  337.         alt => 'econet',
  338.         cve => '2010-3848',
  339.         mil => 'http://www.exploit-db.com/exploits/6851',
  340.     },
  341.     'half_nelson1' => {
  342.         vuln => [
  343.             '2.6.0',  '2.6.1',  '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',
  344.             '2.6.6',  '2.6.7',  '2.6.8',  '2.6.9',  '2.6.10', '2.6.11',
  345.             '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
  346.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  347.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  348.             '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
  349.             '2.6.36',
  350.         ],
  351.         alt => 'econet',
  352.         cve => '2010-3848',
  353.         mil => 'http://www.exploit-db.com/exploits/17787/',
  354.     },
  355.     'half_nelson2' => {
  356.         vuln => [
  357.             '2.6.0',  '2.6.1',  '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',
  358.             '2.6.6',  '2.6.7',  '2.6.8',  '2.6.9',  '2.6.10', '2.6.11',
  359.             '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
  360.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  361.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  362.             '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
  363.             '2.6.36',
  364.         ],
  365.         alt => 'econet',
  366.         cve => '2010-3850',
  367.         mil => 'http://www.exploit-db.com/exploits/17787/',
  368.     },
  369.     'half_nelson3' => {
  370.         vuln => [
  371.             '2.6.0',  '2.6.1',  '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',
  372.             '2.6.6',  '2.6.7',  '2.6.8',  '2.6.9',  '2.6.10', '2.6.11',
  373.             '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
  374.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  375.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  376.             '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
  377.             '2.6.36',
  378.         ],
  379.         alt => 'econet',
  380.         cve => '2010-4073',
  381.         mil => 'http://www.exploit-db.com/exploits/17787/',
  382.     },
  383.     'caps_to_root' => {
  384.         vuln => [ '2.6.34', '2.6.35', '2.6.36' ],
  385.         cve  => 'n/a',
  386.         mil => 'http://www.exploit-db.com/exploits/15916/',
  387.     },
  388.     'american-sign-language' => {
  389.         vuln => [
  390.             '2.6.0',  '2.6.1',  '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',
  391.             '2.6.6',  '2.6.7',  '2.6.8',  '2.6.9',  '2.6.10', '2.6.11',
  392.             '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
  393.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  394.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  395.             '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
  396.             '2.6.36',
  397.         ],
  398.         cve => '2010-4347',
  399.         mil => 'http://www.securityfocus.com/bid/45408/',
  400.     },
  401.     'pktcdvd' => {
  402.         vuln => [
  403.             '2.6.0',  '2.6.1',  '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',
  404.             '2.6.6',  '2.6.7',  '2.6.8',  '2.6.9',  '2.6.10', '2.6.11',
  405.             '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
  406.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  407.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  408.             '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
  409.             '2.6.36',
  410.         ],
  411.         cve => '2010-3437',
  412.         mil => 'http://www.exploit-db.com/exploits/15150/',
  413.     },
  414.     'video4linux' => {
  415.         vuln => [
  416.             '2.6.0',  '2.6.1',  '2.6.2',  '2.6.3',  '2.6.4',  '2.6.5',
  417.             '2.6.6',  '2.6.7',  '2.6.8',  '2.6.9',  '2.6.10', '2.6.11',
  418.             '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
  419.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  420.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
  421.             '2.6.30', '2.6.31', '2.6.32', '2.6.33',
  422.         ],
  423.         cve => '2010-3081',
  424.         mil => 'http://www.exploit-db.com/exploits/15024/',
  425.     },
  426.     'memodipper' => {
  427.         vuln => [
  428.             '2.6.39', '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4',
  429.             '3.0.5',  '3.0.6', '3.1.0',
  430.         ],
  431.         cve => '2012-0056',
  432.         mil => 'http://www.exploit-db.com/exploits/18411/',
  433.     },
  434.     'semtex' => {
  435.         vuln => [
  436.             '2.6.37', '2.6.38', '2.6.39', '3.0.0', '3.0.1', '3.0.2',
  437.             '3.0.3',  '3.0.4',  '3.0.5',  '3.0.6', '3.1.0',
  438.         ],
  439.         cve => '2013-2094',
  440.         mil => 'http://www.exploit-db.com/download/25444/‎',
  441.     },
  442.     'perf_swevent' => {
  443.         vuln => [
  444.             '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5',
  445.             '3.0.6', '3.1.0', '3.2',   '3.3',   '3.4.0', '3.4.1',
  446.             '3.4.2', '3.4.3', '3.4.4', '3.4.5', '3.4.6', '3.4.8',
  447.             '3.4.9', '3.5',   '3.6',   '3.7',   '3.8.0', '3.8.1',
  448.             '3.8.2', '3.8.3', '3.8.4', '3.8.5', '3.8.6', '3.8.7',
  449.             '3.8.8', '3.8.9',
  450.         ],
  451.         cve => '2013-2094',
  452.         mil => 'http://www.exploit-db.com/download/26131',
  453.     },
  454.     'msr' => {
  455.         vuln => [
  456.             '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
  457.             '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.27', '2.6.28',
  458.             '2.6.29', '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34',
  459.             '2.6.35', '2.6.36', '2.6.37', '2.6.38', '2.6.39', '3.0.0',
  460.             '3.0.1',  '3.0.2',  '3.0.3',  '3.0.4',  '3.0.5',  '3.0.6',
  461.             '3.1.0',  '3.2',    '3.3',    '3.4',    '3.5',    '3.6',
  462.             '3.7.0',  '3.7.6',
  463.         ],
  464.         cve => '2013-0268',
  465.         mil => 'http://www.exploit-db.com/exploits/27297/',
  466.     },
  467.     'timeoutpwn' => {
  468.         vuln => [
  469.             '3.4',  '3.5',    '3.6',    '3.7',   '3.8',   '3.8.9', '3.9', '3.10',
  470.         '3.11', '3.12',   '3.13',   '3.4.0', '3.5.0', '3.6.0', '3.7.0',
  471.             '3.8.0','3.8.5',  '3.8.6',  '3.8.9', '3.9.0', '3.9.6',
  472.             '3.10.0','3.10.6', '3.11.0','3.12.0','3.13.0','3.13.1'
  473.         ],
  474.         cve => '2014-0038',
  475.         mil => 'http://www.exploit-db.com/exploits/31346/',
  476.     },
  477.     'rawmodePTY' => {
  478.         vuln => [
  479.              '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', '2.6.36', '2.6.37',
  480.              '2.6.38', '2.6.39', '3.14', '3.15'
  481.         ],
  482.         cve => '2014-0196',
  483.         mil => 'http://packetstormsecurity.com/files/download/126603/cve-2014-0196-md.c',
  484.     },
  485.   );
  486. }
  487.  
  488. __END__
  489. =head1 NAME
  490.  
  491. Linux_Exploit_Suggester.pl - A local exploit suggester for linux
  492.  
  493. =head1 DESCRIPTION
  494.  
  495. This perl script will enumerate the possible exploits available for a given kernel version
  496.  
  497. =head1 USAGE
  498.     $ Local_Exploit_Checker [-h] [-k kernel]
  499.  
  500.     [-h] help
  501.     [-k] kernel Eg. 2.6.28
  502.  
  503. You can also provide a partial kernel version (eg. 2.4)
  504. to see all exploits available.
  505.  
  506. =head1 AUTHOR
  507.  
  508. Andy (c) 10-07-2009
  509.  
  510. Thanks to Brian for bugfixes, and sploit additions.
  511.  
  512. =head1 CHANGELOG
  513. 19-04-2014 added cve-2014-0196 and bug fixes (Andy)
  514.  
  515. 05-09-2013 code cleanup/optimizations and partial kernel feature (garu)
  516.  
  517. 28-08-2013 added msr driver (Andy)
  518.  
  519. 12-06-2013 added perf_swevent (Andy)
  520.  
  521. 23-01-2012 added memodipper (Andy)
  522.  
  523. 14-11-2011 bug fix to cut kernel version, plus a few more sploits listed (Brian)
  524.  
  525. =cut
  526.  
  527. =head1 LICENSE
  528.  
  529.  Linux Exploit Suggester
  530.  
  531.  This program is free software; you can redistribute it and/or modify
  532.  it under the terms of the GNU General Public License as published by
  533.  the Free Software Foundation; either version 2 of the License, or
  534.  (at your option) any later version.
  535.  
  536.  This program is distributed in the hope that it will be useful,
  537.  but WITHOUT ANY WARRANTY; without even the implied warranty of
  538.  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  539.  GNU General Public License for more details.
  540.        
  541.  You should have received a copy of the GNU General Public License along
  542.  with this program; if not, write to the Free Software Foundation, Inc.,
  543.  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  544.  
  545.  
  546. =cut
Add Comment
Please, Sign In to add comment