This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out potential vulnerabilites. It was developed by Michael Baer (@derbaer0) in the SEC Consult Vulnerability Lab.
Currently, it is mostly suited for a local privilege escalation also described in our blog post.
The script can also be used to get an overview of an installer and identify potential weaknesses.
You need some python packages. sqlite3
, termcolor
, maybe more. Otherwise, no installation is required. Just run the script from the main folder.
Install the (apt) package msitools
. It contains msiinfo
and msiextract
that are needed as well.
sudo apt install msitools
python msiscan.py <Installer>
./runall.sh <directory>
Now scan the result for unusual colors (red) for quick wins. Advise: If there is something red, repair it with ProcMon and do the manual approach.
There will be errors. Just ignore them. The analysis tries to continue if possible.
If you see a red line in the beginning Repairmode disabled ...
, you will not be able to trigger the repair function.
Now, a few explanations to understand the output if you want to invest some time in deeper analysis:
CreateObject ("WScript.Shell")
).Usman Sikander (a.k.a Offensive-Panda) is a seasoned security professional specializing in adversary emulation, malware development,…
Just some quick malware analysis on a free Saturday. I was just chilling in the…
MyMSIAnalyzer is a tool that allows you to detect vulnerabilities inside MSI files. It is…
Artemis is a modular vulnerability scanner. It's the tool that powers CERT PL scanning activities…
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks…
Discover your application security risks and vulnerabilities in only a few minutes. In this guide…