This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out potential vulnerabilites. It was developed by Michael Baer (@derbaer0) in the SEC Consult Vulnerability Lab.
Currently, it is mostly suited for a local privilege escalation also described in our blog post.
The script can also be used to get an overview of an installer and identify potential weaknesses.
You need some python packages. sqlite3
, termcolor
, maybe more. Otherwise, no installation is required. Just run the script from the main folder.
Install the (apt) package msitools
. It contains msiinfo
and msiextract
that are needed as well.
sudo apt install msitools
python msiscan.py <Installer>
./runall.sh <directory>
Now scan the result for unusual colors (red) for quick wins. Advise: If there is something red, repair it with ProcMon and do the manual approach.
There will be errors. Just ignore them. The analysis tries to continue if possible.
If you see a red line in the beginning Repairmode disabled ...
, you will not be able to trigger the repair function.
Now, a few explanations to understand the output if you want to invest some time in deeper analysis:
CreateObject ("WScript.Shell")
).JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…