├── LICENSE
├── Linux_Exploit_Suggester.pl
└── README.md
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 2, June 1991
3 |
4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6 | Everyone is permitted to copy and distribute verbatim copies
7 | of this license document, but changing it is not allowed.
8 |
9 | Preamble
10 |
11 | The licenses for most software are designed to take away your
12 | freedom to share and change it. By contrast, the GNU General Public
13 | License is intended to guarantee your freedom to share and change free
14 | software--to make sure the software is free for all its users. This
15 | General Public License applies to most of the Free Software
16 | Foundation's software and to any other program whose authors commit to
17 | using it. (Some other Free Software Foundation software is covered by
18 | the GNU Lesser General Public License instead.) You can apply it to
19 | your programs, too.
20 |
21 | When we speak of free software, we are referring to freedom, not
22 | price. Our General Public Licenses are designed to make sure that you
23 | have the freedom to distribute copies of free software (and charge for
24 | this service if you wish), that you receive source code or can get it
25 | if you want it, that you can change the software or use pieces of it
26 | in new free programs; and that you know you can do these things.
27 |
28 | To protect your rights, we need to make restrictions that forbid
29 | anyone to deny you these rights or to ask you to surrender the rights.
30 | These restrictions translate to certain responsibilities for you if you
31 | distribute copies of the software, or if you modify it.
32 |
33 | For example, if you distribute copies of such a program, whether
34 | gratis or for a fee, you must give the recipients all the rights that
35 | you have. You must make sure that they, too, receive or can get the
36 | source code. And you must show them these terms so they know their
37 | rights.
38 |
39 | We protect your rights with two steps: (1) copyright the software, and
40 | (2) offer you this license which gives you legal permission to copy,
41 | distribute and/or modify the software.
42 |
43 | Also, for each author's protection and ours, we want to make certain
44 | that everyone understands that there is no warranty for this free
45 | software. If the software is modified by someone else and passed on, we
46 | want its recipients to know that what they have is not the original, so
47 | that any problems introduced by others will not reflect on the original
48 | authors' reputations.
49 |
50 | Finally, any free program is threatened constantly by software
51 | patents. We wish to avoid the danger that redistributors of a free
52 | program will individually obtain patent licenses, in effect making the
53 | program proprietary. To prevent this, we have made it clear that any
54 | patent must be licensed for everyone's free use or not licensed at all.
55 |
56 | The precise terms and conditions for copying, distribution and
57 | modification follow.
58 |
59 | GNU GENERAL PUBLIC LICENSE
60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61 |
62 | 0. This License applies to any program or other work which contains
63 | a notice placed by the copyright holder saying it may be distributed
64 | under the terms of this General Public License. The "Program", below,
65 | refers to any such program or work, and a "work based on the Program"
66 | means either the Program or any derivative work under copyright law:
67 | that is to say, a work containing the Program or a portion of it,
68 | either verbatim or with modifications and/or translated into another
69 | language. (Hereinafter, translation is included without limitation in
70 | the term "modification".) Each licensee is addressed as "you".
71 |
72 | Activities other than copying, distribution and modification are not
73 | covered by this License; they are outside its scope. The act of
74 | running the Program is not restricted, and the output from the Program
75 | is covered only if its contents constitute a work based on the
76 | Program (independent of having been made by running the Program).
77 | Whether that is true depends on what the Program does.
78 |
79 | 1. You may copy and distribute verbatim copies of the Program's
80 | source code as you receive it, in any medium, provided that you
81 | conspicuously and appropriately publish on each copy an appropriate
82 | copyright notice and disclaimer of warranty; keep intact all the
83 | notices that refer to this License and to the absence of any warranty;
84 | and give any other recipients of the Program a copy of this License
85 | along with the Program.
86 |
87 | You may charge a fee for the physical act of transferring a copy, and
88 | you may at your option offer warranty protection in exchange for a fee.
89 |
90 | 2. You may modify your copy or copies of the Program or any portion
91 | of it, thus forming a work based on the Program, and copy and
92 | distribute such modifications or work under the terms of Section 1
93 | above, provided that you also meet all of these conditions:
94 |
95 | a) You must cause the modified files to carry prominent notices
96 | stating that you changed the files and the date of any change.
97 |
98 | b) You must cause any work that you distribute or publish, that in
99 | whole or in part contains or is derived from the Program or any
100 | part thereof, to be licensed as a whole at no charge to all third
101 | parties under the terms of this License.
102 |
103 | c) If the modified program normally reads commands interactively
104 | when run, you must cause it, when started running for such
105 | interactive use in the most ordinary way, to print or display an
106 | announcement including an appropriate copyright notice and a
107 | notice that there is no warranty (or else, saying that you provide
108 | a warranty) and that users may redistribute the program under
109 | these conditions, and telling the user how to view a copy of this
110 | License. (Exception: if the Program itself is interactive but
111 | does not normally print such an announcement, your work based on
112 | the Program is not required to print an announcement.)
113 |
114 | These requirements apply to the modified work as a whole. If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works. But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 |
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 |
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 |
134 | 3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 |
138 | a) Accompany it with the complete corresponding machine-readable
139 | source code, which must be distributed under the terms of Sections
140 | 1 and 2 above on a medium customarily used for software interchange; or,
141 |
142 | b) Accompany it with a written offer, valid for at least three
143 | years, to give any third party, for a charge no more than your
144 | cost of physically performing source distribution, a complete
145 | machine-readable copy of the corresponding source code, to be
146 | distributed under the terms of Sections 1 and 2 above on a medium
147 | customarily used for software interchange; or,
148 |
149 | c) Accompany it with the information you received as to the offer
150 | to distribute corresponding source code. (This alternative is
151 | allowed only for noncommercial distribution and only if you
152 | received the program in object code or executable form with such
153 | an offer, in accord with Subsection b above.)
154 |
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it. For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable. However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 |
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 |
172 | 4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License. Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 |
180 | 5. You are not required to accept this License, since you have not
181 | signed it. However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works. These actions are
183 | prohibited by law if you do not accept this License. Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 |
189 | 6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions. You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 |
197 | 7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License. If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all. For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 |
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 |
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices. Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 |
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 |
229 | 8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded. In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 |
237 | 9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time. Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 |
242 | Each version is given a distinguishing version number. If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation. If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 |
250 | 10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission. For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this. Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 |
258 | NO WARRANTY
259 |
260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 |
270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 |
280 | END OF TERMS AND CONDITIONS
281 |
282 | How to Apply These Terms to Your New Programs
283 |
284 | If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 |
288 | To do so, attach the following notices to the program. It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 |
293 | Linux Exploit Suggester; based on operating system release number
294 | Copyright (C) 2013 PenturaLabs
295 |
296 | This program is free software; you can redistribute it and/or modify
297 | it under the terms of the GNU General Public License as published by
298 | the Free Software Foundation; either version 2 of the License, or
299 | (at your option) any later version.
300 |
301 | This program is distributed in the hope that it will be useful,
302 | but WITHOUT ANY WARRANTY; without even the implied warranty of
303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304 | GNU General Public License for more details.
305 |
306 | You should have received a copy of the GNU General Public License along
307 | with this program; if not, write to the Free Software Foundation, Inc.,
308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 |
310 | Also add information on how to contact you by electronic and paper mail.
311 |
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 |
315 | Gnomovision version 69, Copyright (C) year name of author
316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 | This is free software, and you are welcome to redistribute it
318 | under certain conditions; type `show c' for details.
319 |
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License. Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 |
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary. Here is a sample; alter the names:
328 |
329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 | `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 |
332 | {signature of Ty Coon}, 1 April 1989
333 | Ty Coon, President of Vice
334 |
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs. If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library. If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 |
--------------------------------------------------------------------------------
/Linux_Exploit_Suggester.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl
2 | use strict;
3 | use warnings;
4 | use Getopt::Std;
5 |
6 | our $VERSION = '0.9';
7 |
8 | my %opts;
9 | getopt( 'k,h', \%opts );
10 | usage() if exists $opts{h};
11 |
12 | my ( $khost, $is_partial ) = get_kernel();
13 | print "\nKernel local: $khost\n\n";
14 |
15 | my %exploits = get_exploits();
16 | print 'Searching among ' . scalar keys(%exploits) . " exploits...\n\n";
17 | print "Possible Exploits:\n";
18 |
19 | EXPLOIT:
20 | foreach my $key ( sort keys %exploits ) {
21 | foreach my $kernel ( @{ $exploits{$key}{vuln} } ) {
22 |
23 | if ( $khost eq $kernel
24 | or ( $is_partial and index($kernel,$khost) == 0 )
25 | ) {
26 | print "[+] $key";
27 | print " ($kernel)" if $is_partial;
28 |
29 | my $alt = $exploits{$key}{alt};
30 | my $cve = $exploits{$key}{cve};
31 | my $mlw = $exploits{$key}{mil};
32 | if ( $alt or $cve ) {
33 | print "\n";
34 | }
35 | if ( $alt ) { print " Alt: $alt "; }
36 | if ( $cve ) { print " CVE-$cve"; }
37 | if ( $mlw ) { print "\n Source: $mlw"; }
38 | print "\n";
39 | next EXPLOIT;
40 | }
41 | }
42 | }
43 | exit;
44 |
45 |
46 | ######################
47 | ## extra functions ##
48 | ######################
49 |
50 | sub get_kernel {
51 | my $khost = '';
52 |
53 | if ( exists $opts{k} ) {
54 | $khost = $opts{k};
55 | }
56 | else {
57 | $khost = `uname -r |cut -d"-" -f1`;
58 | chomp $khost;
59 | }
60 |
61 | # partial kernels might be provided by the user,
62 | # such as '2.4' or '2.6.'
63 | my $is_partial = $khost =~ /^\d+\.\d+\.?\d?/ ? 0 : 1;
64 | if ( $is_partial and substr($khost,-1) ne '.' ) {
65 | $khost .= '.';
66 | }
67 | return ( $khost, $is_partial );
68 | }
69 |
70 | sub usage {
71 | print <<"EOUSAGE";
72 | Linux Exploit Suggester $VERSION
73 | Usage: \t$0 [-h] [-k kernel]
74 |
75 | [-h] help (this message)
76 | [-k] kernel number eg. 2.6.28
77 |
78 | You can also provide a partial kernel version (eg. 2.4)
79 | to see all exploits available.
80 |
81 | EOUSAGE
82 | }
83 |
84 | sub get_exploits {
85 | return (
86 | 'w00t' => {
87 | vuln => [
88 | '2.4.10', '2.4.16', '2.4.17', '2.4.18',
89 | '2.4.19', '2.4.20', '2.4.21',
90 | ]
91 | },
92 | 'brk' => {
93 | vuln => [ '2.4.10', '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ],
94 | },
95 | 'ave' => { vuln => [ '2.4.19', '2.4.20' ] },
96 |
97 | 'elflbl' => {
98 | vuln => ['2.4.29'],
99 | mil => 'http://www.exploit-db.com/exploits/744/',
100 | },
101 |
102 | 'elfdump' => { vuln => ['2.4.27'] },
103 | 'elfcd' => { vuln => ['2.6.12'] },
104 | 'expand_stack' => { vuln => ['2.4.29'] },
105 |
106 | 'h00lyshit' => {
107 | vuln => [
108 | '2.6.8', '2.6.10', '2.6.11', '2.6.12',
109 | '2.6.13', '2.6.14', '2.6.15', '2.6.16',
110 | ],
111 | cve => '2006-3626',
112 | mil => 'http://www.exploit-db.com/exploits/2013/',
113 | },
114 |
115 | 'kdump' => { vuln => ['2.6.13'] },
116 | 'km2' => { vuln => [ '2.4.18', '2.4.22' ] },
117 | 'krad' =>
118 | { vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ] },
119 |
120 | 'krad3' => {
121 | vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ],
122 | mil => 'http://exploit-db.com/exploits/1397',
123 | },
124 |
125 | 'local26' => { vuln => ['2.6.13'] },
126 | 'loko' => { vuln => [ '2.4.22', '2.4.23', '2.4.24' ] },
127 |
128 | 'mremap_pte' => {
129 | vuln => [ '2.4.20', '2.2.24', '2.4.25', '2.4.26', '2.4.27' ],
130 | mil => 'http://www.exploit-db.com/exploits/160/',
131 | },
132 |
133 | 'newlocal' => { vuln => [ '2.4.17', '2.4.19' ] },
134 | 'ong_bak' => { vuln => ['2.6.5'] },
135 | 'ptrace' =>
136 | { vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ] },
137 | 'ptrace_kmod' => {
138 | vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ],
139 | cve => '2007-4573',
140 | },
141 | 'ptrace_kmod2' => {
142 | vuln => [
143 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', '2.6.31',
144 | '2.6.32', '2.6.33', '2.6.34',
145 | ],
146 | alt => 'ia32syscall,robert_you_suck',
147 | mil => 'http://www.exploit-db.com/exploits/15023/',
148 | cve => '2010-3301',
149 | },
150 | 'ptrace24' => { vuln => ['2.4.9'] },
151 | 'pwned' => { vuln => ['2.6.11'] },
152 | 'py2' => { vuln => [ '2.6.9', '2.6.17', '2.6.15', '2.6.13' ] },
153 | 'raptor_prctl' => {
154 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
155 | cve => '2006-2451',
156 | mil => 'http://www.exploit-db.com/exploits/2031/',
157 | },
158 | 'prctl' => {
159 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
160 | mil => 'http://www.exploit-db.com/exploits/2004/',
161 | },
162 | 'prctl2' => {
163 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
164 | mil => 'http://www.exploit-db.com/exploits/2005/',
165 | },
166 | 'prctl3' => {
167 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
168 | mil => 'http://www.exploit-db.com/exploits/2006/',
169 | },
170 | 'prctl4' => {
171 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ],
172 | mil => 'http://www.exploit-db.com/exploits/2011/',
173 | },
174 | 'remap' => { vuln => ['2.4.'] },
175 | 'rip' => { vuln => ['2.2.'] },
176 | 'stackgrow2' => { vuln => [ '2.4.29', '2.6.10' ] },
177 | 'uselib24' => {
178 | vuln => [ '2.6.10', '2.4.17', '2.4.22', '2.4.25', '2.4.27', '2.4.29' ]
179 | },
180 | 'newsmp' => { vuln => ['2.6.'] },
181 | 'smpracer' => { vuln => ['2.4.29'] },
182 | 'loginx' => { vuln => ['2.4.22'] },
183 | 'exp.sh' => { vuln => [ '2.6.9', '2.6.10', '2.6.16', '2.6.13' ] },
184 | 'vmsplice1' => {
185 | vuln => [
186 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22',
187 | '2.6.23', '2.6.24', '2.6.24.1',
188 | ],
189 | alt => 'jessica biel',
190 | cve => '2008-0600',
191 | mil => 'http://www.exploit-db.com/exploits/5092',
192 | },
193 | 'vmsplice2' => {
194 | vuln => [ '2.6.23', '2.6.24' ],
195 | alt => 'diane_lane',
196 | cve => '2008-0600',
197 | mil => 'http://www.exploit-db.com/exploits/5093',
198 | },
199 | 'vconsole' => {
200 | vuln => ['2.6.'],
201 | cve => '2009-1046',
202 | },
203 | 'sctp' => {
204 | vuln => ['2.6.26'],
205 | cve => '2008-4113',
206 | },
207 | 'ftrex' => {
208 | vuln => [
209 | '2.6.11', '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16',
210 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22',
211 | ],
212 | cve => '2008-4210',
213 | mil => 'http://www.exploit-db.com/exploits/6851',
214 | },
215 | 'exit_notify' => {
216 | vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ],
217 | mil => 'http://www.exploit-db.com/exploits/8369',
218 | },
219 | 'udev' => {
220 | vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ],
221 | alt => 'udev <1.4.1',
222 | cve => '2009-1185',
223 | mil => 'http://www.exploit-db.com/exploits/8478',
224 | },
225 |
226 | 'sock_sendpage2' => {
227 | vuln => [
228 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9',
229 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15',
230 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21',
231 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27',
232 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33',
233 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0', '2.6.1',
234 | '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', '2.6.7',
235 | '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', '2.6.13',
236 | '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19',
237 | '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25',
238 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30',
239 | ],
240 | alt => 'proto_ops',
241 | cve => '2009-2692',
242 | mil => 'http://www.exploit-db.com/exploits/9436',
243 | },
244 |
245 | 'sock_sendpage' => {
246 | vuln => [
247 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9',
248 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15',
249 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21',
250 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27',
251 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33',
252 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0', '2.6.1',
253 | '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', '2.6.7',
254 | '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', '2.6.13',
255 | '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19',
256 | '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25',
257 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30',
258 | ],
259 | alt => 'wunderbar_emporium',
260 | cve => '2009-2692',
261 | mil => 'http://www.exploit-db.com/exploits/9435',
262 | },
263 | 'udp_sendmsg_32bit' => {
264 | vuln => [
265 | '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6',
266 | '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12',
267 | '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18',
268 | '2.6.19',
269 | ],
270 | cve => '2009-2698',
271 | mil =>
272 | 'http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c',
273 | },
274 | 'pipe.c_32bit' => {
275 | vuln => [
276 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9',
277 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15',
278 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21',
279 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27',
280 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33',
281 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.15', '2.6.16',
282 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22',
283 | '2.6.23', '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28',
284 | '2.6.29', '2.6.30', '2.6.31',
285 | ],
286 | cve => '2009-3547',
287 | mil =>
288 | 'http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c',
289 | },
290 | 'do_pages_move' => {
291 | vuln => [
292 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
293 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
294 | '2.6.30', '2.6.31',
295 | ],
296 | alt => 'sieve',
297 | cve => '2010-0415',
298 | mil => 'Spenders Enlightenment',
299 | },
300 | 'reiserfs' => {
301 | vuln => [
302 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
303 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
304 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34',
305 | ],
306 | cve => '2010-1146',
307 | mil => 'http://www.exploit-db.com/exploits/12130/',
308 | },
309 | 'can_bcm' => {
310 | vuln => [
311 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
312 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
313 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
314 | '2.6.36',
315 | ],
316 | cve => '2010-2959',
317 | mil => 'http://www.exploit-db.com/exploits/14814/',
318 | },
319 | 'rds' => {
320 | vuln => [
321 | '2.6.30', '2.6.31', '2.6.32', '2.6.33',
322 | '2.6.34', '2.6.35', '2.6.36',
323 | ],
324 | mil => 'http://www.exploit-db.com/exploits/15285/',
325 | cve => '2010-3904',
326 | },
327 | 'half_nelson' => {
328 | vuln => [
329 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5',
330 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11',
331 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
332 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
333 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
334 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
335 | '2.6.36',
336 | ],
337 | alt => 'econet',
338 | cve => '2010-3848',
339 | mil => 'http://www.exploit-db.com/exploits/6851',
340 | },
341 | 'half_nelson1' => {
342 | vuln => [
343 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5',
344 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11',
345 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
346 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
347 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
348 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
349 | '2.6.36',
350 | ],
351 | alt => 'econet',
352 | cve => '2010-3848',
353 | mil => 'http://www.exploit-db.com/exploits/17787/',
354 | },
355 | 'half_nelson2' => {
356 | vuln => [
357 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5',
358 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11',
359 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
360 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
361 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
362 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
363 | '2.6.36',
364 | ],
365 | alt => 'econet',
366 | cve => '2010-3850',
367 | mil => 'http://www.exploit-db.com/exploits/17787/',
368 | },
369 | 'half_nelson3' => {
370 | vuln => [
371 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5',
372 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11',
373 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
374 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
375 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
376 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
377 | '2.6.36',
378 | ],
379 | alt => 'econet',
380 | cve => '2010-4073',
381 | mil => 'http://www.exploit-db.com/exploits/17787/',
382 | },
383 | 'caps_to_root' => {
384 | vuln => [ '2.6.34', '2.6.35', '2.6.36' ],
385 | cve => 'n/a',
386 | mil => 'http://www.exploit-db.com/exploits/15916/',
387 | },
388 | 'american-sign-language' => {
389 | vuln => [
390 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5',
391 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11',
392 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
393 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
394 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
395 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
396 | '2.6.36',
397 | ],
398 | cve => '2010-4347',
399 | mil => 'http://www.securityfocus.com/bid/45408/',
400 | },
401 | 'pktcdvd' => {
402 | vuln => [
403 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5',
404 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11',
405 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
406 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
407 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
408 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35',
409 | '2.6.36',
410 | ],
411 | cve => '2010-3437',
412 | mil => 'http://www.exploit-db.com/exploits/15150/',
413 | },
414 | 'video4linux' => {
415 | vuln => [
416 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5',
417 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11',
418 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17',
419 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
420 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29',
421 | '2.6.30', '2.6.31', '2.6.32', '2.6.33',
422 | ],
423 | cve => '2010-3081',
424 | mil => 'http://www.exploit-db.com/exploits/15024/',
425 | },
426 | 'memodipper' => {
427 | vuln => [
428 | '2.6.39', '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4',
429 | '3.0.5', '3.0.6', '3.1.0',
430 | ],
431 | cve => '2012-0056',
432 | mil => 'http://www.exploit-db.com/exploits/18411/',
433 | },
434 | 'semtex' => {
435 | vuln => [
436 | '2.6.37', '2.6.38', '2.6.39', '3.0.0', '3.0.1', '3.0.2',
437 | '3.0.3', '3.0.4', '3.0.5', '3.0.6', '3.1.0',
438 | ],
439 | cve => '2013-2094',
440 | mil => 'http://www.exploit-db.com/download/25444/',
441 | },
442 | 'perf_swevent' => {
443 | vuln => [
444 | '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5',
445 | '3.0.6', '3.1.0', '3.2', '3.3', '3.4.0', '3.4.1',
446 | '3.4.2', '3.4.3', '3.4.4', '3.4.5', '3.4.6', '3.4.8',
447 | '3.4.9', '3.5', '3.6', '3.7', '3.8.0', '3.8.1',
448 | '3.8.2', '3.8.3', '3.8.4', '3.8.5', '3.8.6', '3.8.7',
449 | '3.8.8', '3.8.9',
450 | ],
451 | cve => '2013-2094',
452 | mil => 'http://www.exploit-db.com/download/26131',
453 | },
454 | 'msr' => {
455 | vuln => [
456 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23',
457 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.27', '2.6.28',
458 | '2.6.29', '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34',
459 | '2.6.35', '2.6.36', '2.6.37', '2.6.38', '2.6.39', '3.0.0',
460 | '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5', '3.0.6',
461 | '3.1.0', '3.2', '3.3', '3.4', '3.5', '3.6',
462 | '3.7.0', '3.7.6',
463 | ],
464 | cve => '2013-0268',
465 | mil => 'http://www.exploit-db.com/exploits/27297/',
466 | },
467 | 'timeoutpwn' => {
468 | vuln => [
469 | '3.4', '3.5', '3.6', '3.7', '3.8', '3.8.9', '3.9', '3.10',
470 | '3.11', '3.12', '3.13', '3.4.0', '3.5.0', '3.6.0', '3.7.0',
471 | '3.8.0','3.8.5', '3.8.6', '3.8.9', '3.9.0', '3.9.6',
472 | '3.10.0','3.10.6', '3.11.0','3.12.0','3.13.0','3.13.1'
473 | ],
474 | cve => '2014-0038',
475 | mil => 'http://www.exploit-db.com/exploits/31346/',
476 | },
477 | 'rawmodePTY' => {
478 | vuln => [
479 | '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', '2.6.36', '2.6.37',
480 | '2.6.38', '2.6.39', '3.14', '3.15'
481 | ],
482 | cve => '2014-0196',
483 | mil => 'http://packetstormsecurity.com/files/download/126603/cve-2014-0196-md.c',
484 | },
485 | );
486 | }
487 |
488 | __END__
489 | =head1 NAME
490 |
491 | Linux_Exploit_Suggester.pl - A local exploit suggester for linux
492 |
493 | =head1 DESCRIPTION
494 |
495 | This perl script will enumerate the possible exploits available for a given kernel version
496 |
497 | =head1 USAGE
498 | $ Local_Exploit_Checker [-h] [-k kernel]
499 |
500 | [-h] help
501 | [-k] kernel Eg. 2.6.28
502 |
503 | You can also provide a partial kernel version (eg. 2.4)
504 | to see all exploits available.
505 |
506 | =head1 AUTHOR
507 |
508 | Andy (c) 10-07-2009
509 |
510 | Thanks to Brian for bugfixes, and sploit additions.
511 |
512 | =head1 CHANGELOG
513 | 19-04-2014 added cve-2014-0196 and bug fixes (Andy)
514 |
515 | 05-09-2013 code cleanup/optimizations and partial kernel feature (garu)
516 |
517 | 28-08-2013 added msr driver (Andy)
518 |
519 | 12-06-2013 added perf_swevent (Andy)
520 |
521 | 23-01-2012 added memodipper (Andy)
522 |
523 | 14-11-2011 bug fix to cut kernel version, plus a few more sploits listed (Brian)
524 |
525 | =cut
526 |
527 | =head1 LICENSE
528 |
529 | Linux Exploit Suggester
530 |
531 | This program is free software; you can redistribute it and/or modify
532 | it under the terms of the GNU General Public License as published by
533 | the Free Software Foundation; either version 2 of the License, or
534 | (at your option) any later version.
535 |
536 | This program is distributed in the hope that it will be useful,
537 | but WITHOUT ANY WARRANTY; without even the implied warranty of
538 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
539 | GNU General Public License for more details.
540 |
541 | You should have received a copy of the GNU General Public License along
542 | with this program; if not, write to the Free Software Foundation, Inc.,
543 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
544 |
545 |
546 | =cut
547 |
548 |
549 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Linux_Exploit_Suggester
2 | =======================
3 |
4 | Linux Exploit Suggester; based on operating system release number.
5 |
6 | This program run without arguments will perform a 'uname -r' to grab the Linux Operating Systems release version,
7 | and return a suggestive list of possible exploits. Nothing fancy, so a patched/back-ported patch may fool this script.
8 |
9 | Additionally possible to provide '-k' flag to manually enter the Kernel Version/Operating System Release Version.
10 |
11 | This script has been extremely useful on site and in exams. Now Open-sourced under GPLv2.
12 |
13 | Sample Output
14 | ==============
15 |
16 | $ perl ./Linux_Exploit_Suggester.pl -k 3.0.0
17 |
18 | Kernel local: 3.0.0
19 |
20 | Possible Exploits:
21 | [+] semtex
22 | CVE-2013-2094
23 | Source: www.exploit-db.com/download/25444/
24 | [+] memodipper
25 | CVE-2012-0056
26 | Source: http://www.exploit-db.com/exploits/18411/
27 | [+] perf_swevent
28 | CVE-2013-2094
29 | Source: http://www.exploit-db.com/download/26131
30 |
31 |
32 |
33 | $ perl ./Linux_Exploit_Suggester.pl -k 2.6.28
34 |
35 | Kernel local: 2.6.28
36 |
37 | Possible Exploits:
38 | [+] sock_sendpage2
39 | Alt: proto_ops CVE-2009-2692
40 | Source: http://www.exploit-db.com/exploits/9436
41 | [+] half_nelson3
42 | Alt: econet CVE-2010-4073
43 | Source: http://www.exploit-db.com/exploits/17787/
44 | [+] reiserfs
45 | CVE-2010-1146
46 | Source: http://www.exploit-db.com/exploits/12130/
47 | [+] pktcdvd
48 | CVE-2010-3437
49 | Source: http://www.exploit-db.com/exploits/15150/
50 | [+] american-sign-language
51 | CVE-2010-4347
52 | Source: http://www.securityfocus.com/bid/45408/
53 | [+] half_nelson
54 | Alt: econet CVE-2010-3848
55 | Source: http://www.exploit-db.com/exploits/6851
56 | [+] udev
57 | Alt: udev <1.4.1 CVE-2009-1185
58 | Source: http://www.exploit-db.com/exploits/8478
59 | [+] do_pages_move
60 | Alt: sieve CVE-2010-0415
61 | Source: Spenders Enlightenment
62 | [+] pipe.c_32bit
63 | CVE-2009-3547
64 | Source: http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c
65 | [+] exit_notify
66 | Source: http://www.exploit-db.com/exploits/8369
67 | [+] can_bcm
68 | CVE-2010-2959
69 | Source: http://www.exploit-db.com/exploits/14814/
70 | [+] ptrace_kmod2
71 | Alt: ia32syscall,robert_you_suck CVE-2010-3301
72 | Source: http://www.exploit-db.com/exploits/15023/
73 | [+] half_nelson1
74 | Alt: econet CVE-2010-3848
75 | Source: http://www.exploit-db.com/exploits/17787/
76 | [+] half_nelson2
77 | Alt: econet CVE-2010-3850
78 | Source: http://www.exploit-db.com/exploits/17787/
79 | [+] sock_sendpage
80 | Alt: wunderbar_emporium CVE-2009-2692
81 | Source: http://www.exploit-db.com/exploits/9435
82 | [+] video4linux
83 | CVE-2010-3081
84 | Source: http://www.exploit-db.com/exploits/15024/
85 |
86 |
--------------------------------------------------------------------------------