WESNG is a tool based on the output of Windows’ systeminfo
utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities.
Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported.
Usage
wes.py --update
.systeminfo.exe
tool to obtain the system information of the local system, or from a remote system using systeminfo.exe /S MyRemoteHost
, and redirect this to a file: systeminfo > systeminfo.txt
wes.py systeminfo.txt
. WES-NG then uses the database to determine which patches are applicable to the system and to which vulnerabilities are currently exposed, including exploits if available.Also Read – The Secret IG Growth Hacks You Haven’t Heard Before
Collector
This GitHub repository regularly updates the database of vulnerabilities, so running wes.py
with the --update
parameter gets the latest version.
If manual generation of the .csv file with hotfix information is required, use the scripts from the /collector
folder to compile the database. Read the comments at the top of each
script and execute them in the order as they are listed below. Executing
these scripts will produce CVEs.csv.
The WES-NG collector pulls information from various sources:
Rationale
I developed WES-NG because while GDSSecurity’s Windows-Exploit-Suggester worked excellently for operating systems in the Windows XP and Windows Vista era, GDSSecurity’s Windows-Exploit-Suggester does not work for operating systems like Windows 10 and vulnerabilities published in recent years. This is because Microsoft replaced the Microsoft Security Bulletin Data Excel file [1] on which GDSSecurity’s Windows-Exploit-Suggester is fully dependent, by the MSRC API [2]. The Microsoft Security Bulletin Data Excel file has not been updated since Q1 2017, so later operating systems and vulnerabilities cannot be detected. Thanks @gdssecurity, for this great tool which has served many of us for so many years!
Bugs
Credit: Arris Huijgen
A tool crafted with simplicity in mind but harboring its own set of flaws. Despite…
CyberSentry is a robust automated scanning tool designed for web applications. It helps security professionals, ethical…
Delve into the world of DARKARMY, a potent arsenal of cybersecurity tools designed to empower…
Evade (Evasion) - this feature helps you to evade spells of enemies directed at you…
Step into the world of bug hunting with Cazador, a powerful toolkit designed to equip…
Prepare to take your Among Us gaming experience to the next level with the latest…