├── README.md ├── LICENSE └── linux-exploit-suggester-2.pl /README.md: -------------------------------------------------------------------------------- 1 | 2 | Linux Exploit Suggester 2 3 | ========================= 4 | 5 | Next-generation exploit suggester based on [Linux_Exploit_Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) 6 | 7 | Key Improvements Include: 8 | * More exploits! 9 | * Option to download exploit code directly from Exploit DB 10 | * Accurate wildcard matching. This expands the scope of searchable exploits. 11 | * Output colorization for easy viewing. 12 | * And more to come! 13 | 14 | This script is extremely useful for quickly finding privilege escalation vulnerabilities both in on-site and exam environments. 15 | 16 | Usage 17 | ============== 18 | 19 | When run without arguments, the script performs a 'uname -r' to grab the Linux operating system release version, and returns a list of possible exploits. Links to CVEs and applicable exploit POCs are included. Keep in mind that a patched/back-ported patch may fool this script. 20 | 21 | ``` 22 | $ ./linux-exploit-suggester-2.pl 23 | 24 | Local Kernel: 4.4.0 25 | Searching among 73 exploits... 26 | 27 | Possible Exploits 28 | [1] af_packet 29 | CVE-2016-8655 30 | Source: http://www.exploit-db.com/exploits/40871 31 | [2] dirty_cow 32 | CVE-2016-5195 33 | Source: http://www.exploit-db.com/exploits/40616 34 | [3] exploit_x 35 | CVE-2018-14665 36 | Source: http://www.exploit-db.com/exploits/45697 37 | [4] get_rekt 38 | CVE-2017-16695 39 | Source: http://www.exploit-db.com/exploits/45010 40 | ``` 41 | 42 | Use the **-k** flag to manually enter a wildcard for the kernel/operating system release version. 43 | 44 | ``` 45 | $ ./linux-exploit-suggester-2.pl -k 3 46 | ``` 47 | 48 | Use the **-d** flag to open a download menu to retrieve exploit code directly from Exploit DB. You can either download all exploits or select them individually by number. 49 | 50 | ``` 51 | $ ./linux-exploit-suggester-2.pl -d 52 | 53 | Exploit Download 54 | (Download all: 'a' / Individually: '2,4,5' / Exit: ^c) 55 | Select exploits to download: a 56 | 57 | Downloading https://www.exploit-db.com/raw/40871 -> exploit_af_packet 58 | Downloading https://www.exploit-db.com/raw/40616 -> exploit_dirty_cow 59 | Downloading https://www.exploit-db.com/raw/45697 -> exploit_exploit_x 60 | Downloading https://www.exploit-db.com/raw/45010 -> exploit_get_rekt 61 | ``` 62 | 63 | Use the **-h** flag to display the help menu 64 | 65 | Contributing 66 | ============ 67 | 68 | This project is in active development. Feel free to suggest a new feature or open a pull request! 69 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | Linux Exploit Suggester; based on operating system release number 294 | Copyright (C) 2013 PenturaLabs 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | {signature of Ty Coon}, 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | -------------------------------------------------------------------------------- /linux-exploit-suggester-2.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | use strict; 3 | use warnings; 4 | use Getopt::Std; 5 | 6 | our $VERSION = '2'; 7 | 8 | my %opts; 9 | getopts( 'k:hd', \%opts ); 10 | if (exists $opts{h}) { 11 | usage(); 12 | exit; 13 | }; 14 | 15 | print_banner(); 16 | my ( $khost, $is_partial ) = get_kernel(); 17 | print " Local Kernel: \e[00;33m$khost\e[00m\n"; 18 | 19 | my %exploits = get_exploits(); 20 | print ' Searching ' . scalar keys(%exploits) . " exploits...\n\n"; 21 | print " \e[1;35mPossible Exploits\e[00m\n"; 22 | 23 | my $count = 1; 24 | my @applicable = (); 25 | EXPLOIT: 26 | foreach my $key ( sort keys %exploits ) { 27 | foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { 28 | 29 | if ( $khost eq $kernel 30 | or ( $is_partial and index($kernel,$khost) == 0 ) 31 | ) { 32 | $exploits{$key}{key} = $key; 33 | push(@applicable, $exploits{$key}); 34 | print " \e[00;33m[\e[00m\e[00;31m$count\e[00m\e[00;33m]\e[00m "; 35 | print "\e[00;33m$key\e[00m"; 36 | print " \e[00;33m($kernel)\e[00m" if $is_partial; 37 | 38 | my $alt = $exploits{$key}{alt}; 39 | my $cve = $exploits{$key}{cve}; 40 | my $mlw = $exploits{$key}{mil}; 41 | if ( $alt or $cve ) { 42 | print "\n"; 43 | } 44 | if ( $alt ) { print " Alt: $alt "; } 45 | if ( $cve ) { print " CVE-$cve"; } 46 | if ( $mlw ) { print "\n Source: $mlw"; } 47 | print "\n"; 48 | $count += 1; 49 | next EXPLOIT; 50 | } 51 | } 52 | } 53 | print "\n"; 54 | 55 | if (!@applicable) { 56 | print " No exploits are available for this kernel version\n\n"; 57 | exit; 58 | } 59 | 60 | if (exists $opts{d}) { 61 | print " \e[1;36mExploit Download\e[00m\n"; 62 | print " (Download all: \e[00;33m'a'\e[00m / Individually: \e[00;33m'2,4,5'\e[00m "; 63 | print "/ Exit: \e[00;33m^c\e[00m)\n"; 64 | print " Select exploits to download: "; 65 | 66 | while (1) { 67 | my $input = ; 68 | $input =~ s/\s+//g; 69 | 70 | if ($input =~ /^a$/) { 71 | my @selected = (); 72 | for (my $i=1; $i <= scalar @applicable; $i++) { 73 | push(@selected, $i); 74 | } 75 | download_exploits(\@selected, \@applicable); 76 | last; 77 | } 78 | elsif ($input =~ /^(0|[1-9][0-9]*)(,(0|[1-9][0-9]*))*$/) { 79 | my @selected = uniq(split(',', $input)); 80 | @selected = sort {$a <=> $b} @selected; 81 | if ($selected[0] > 0 && $selected[-1] <= scalar @applicable) { 82 | download_exploits(\@selected, \@applicable); 83 | last; 84 | } 85 | else { 86 | print " \e[00;31mInput is out of range.\e[00m Select exploits to download: "; 87 | } 88 | } 89 | else { 90 | print " \e[00;31mInvalid input.\e[00m Select exploits to download: "; 91 | } 92 | } 93 | }; 94 | exit; 95 | 96 | ###################### 97 | ## extra functions ## 98 | ###################### 99 | 100 | sub get_kernel { 101 | my $khost = ''; 102 | 103 | if ( exists $opts{k} ) { 104 | $khost = $opts{k}; 105 | } 106 | else { 107 | $khost = `uname -r |cut -d"-" -f1`; 108 | chomp $khost; 109 | } 110 | 111 | if (!defined $khost || !($khost =~ /^[0-9]+([.][0-9]+)*$/)) { 112 | print " \e[00;31mSpecified kernel is in the wrong format\e[00m\n"; 113 | print " Try a kernel format like this: 3.2.0\n\n"; 114 | exit; 115 | } 116 | 117 | # partial kernels might be provided by the user, 118 | # such as '2.4' or '2.6.' 119 | my $is_partial = $khost =~ /^\d+\.\d+\.\d?/ ? 0 : 1; 120 | return ( $khost, $is_partial ); 121 | } 122 | 123 | sub download_exploits { 124 | my ($sref, $aref) = @_; 125 | my @selected = @{ $sref }; 126 | my @applicable = @{ $aref }; 127 | my $exploit_base = "www.exploit-db.com/exploits"; 128 | my $download_base = "https://www.exploit-db.com/raw/"; 129 | print "\n"; 130 | 131 | foreach my $num (@selected) { 132 | my $mil = $applicable[$num-1]{mil}; 133 | next if (!defined $mil); 134 | my ($exploit_num) = ($mil =~ /^.*\/([1-9][0-9]*)\/?$/); 135 | 136 | if ($exploit_num && index($mil, $exploit_base) != -1) { 137 | my $url = $download_base . $exploit_num; 138 | my $file = "exploit_$applicable[$num-1]{key}"; 139 | print " Downloading \e[00;33m$url\e[00m -> \e[00;33m$file\e[00m\n"; 140 | system "wget $url -O $file > /dev/null 2>&1"; 141 | } 142 | else { 143 | print " No exploit code available for \e[00;33m$applicable[$num-1]{key}\e[00m\n"; 144 | } 145 | } 146 | print "\n"; 147 | } 148 | 149 | sub uniq { 150 | my %seen; 151 | grep !$seen{$_}++, @_; 152 | } 153 | 154 | sub usage { 155 | print_banner(); 156 | print " \e[00;35mUsage:\e[00m $0 [-h] [-k kernel] [-d]\n\n"; 157 | print " \e[00;33m[\e[00m\e[00;31m-h\e[00m\e[00;33m]\e[00m Help (this message)\n"; 158 | print " \e[00;33m[\e[00m\e[00;31m-k\e[00m\e[00;33m]\e[00m Kernel number (eg. 2.6.28)\n"; 159 | print " \e[00;33m[\e[00m\e[00;31m-d\e[00m\e[00;33m]\e[00m Open exploit download menu\n\n"; 160 | 161 | print " You can also provide a partial kernel version (eg. 2.4)\n"; 162 | print " to see all exploits available.\n\n"; 163 | } 164 | 165 | sub print_banner { 166 | print "\n\e[00;33m #############################\e[00m\n"; 167 | print "\e[1;31m Linux Exploit Suggester $VERSION\e[00m\n"; 168 | print "\e[00;33m #############################\e[00m\n\n"; 169 | } 170 | 171 | sub get_exploits { 172 | return ( 173 | 'w00t' => { 174 | vuln => [ 175 | '2.4.10', '2.4.16', '2.4.17', '2.4.18', 176 | '2.4.19', '2.4.20', '2.4.21', 177 | ] 178 | }, 179 | 'brk' => { 180 | vuln => [ '2.4.10', '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ], 181 | }, 182 | 'ave' => { vuln => [ '2.4.19', '2.4.20' ] }, 183 | 184 | 'elflbl' => { 185 | vuln => ['2.4.29'], 186 | mil => 'http://www.exploit-db.com/exploits/744', 187 | }, 188 | 189 | 'elfdump' => { vuln => ['2.4.27'] }, 190 | 'elfcd' => { vuln => ['2.6.12'] }, 191 | 'expand_stack' => { vuln => ['2.4.29'] }, 192 | 193 | 'h00lyshit' => { 194 | vuln => [ 195 | '2.6.8', '2.6.10', '2.6.11', '2.6.12', 196 | '2.6.13', '2.6.14', '2.6.15', '2.6.16', 197 | ], 198 | cve => '2006-3626', 199 | mil => 'http://www.exploit-db.com/exploits/2013', 200 | }, 201 | 202 | 'kdump' => { vuln => ['2.6.13'] }, 203 | 'km2' => { vuln => [ '2.4.18', '2.4.22' ] }, 204 | 'krad' => 205 | { vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ] }, 206 | 207 | 'krad3' => { 208 | vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ], 209 | mil => 'http://exploit-db.com/exploits/1397', 210 | }, 211 | 212 | 'local26' => { vuln => ['2.6.13'] }, 213 | 'loko' => { vuln => [ '2.4.22', '2.4.23', '2.4.24' ] }, 214 | 215 | 'mremap_pte' => { 216 | vuln => [ '2.4.20', '2.2.24', '2.4.25', '2.4.26', '2.4.27' ], 217 | mil => 'http://www.exploit-db.com/exploits/160', 218 | }, 219 | 220 | 'newlocal' => { vuln => [ '2.4.17', '2.4.19' ] }, 221 | 'ong_bak' => { vuln => ['2.6.5'] }, 222 | 'ptrace' => 223 | { vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ] }, 224 | 'ptrace_kmod' => { 225 | vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ], 226 | cve => '2007-4573', 227 | }, 228 | 'ptrace_kmod2' => { 229 | vuln => [ 230 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', '2.6.31', 231 | '2.6.32', '2.6.33', '2.6.34', 232 | ], 233 | alt => 'ia32syscall,robert_you_suck', 234 | mil => 'http://www.exploit-db.com/exploits/15023', 235 | cve => '2010-3301', 236 | }, 237 | 'ptrace24' => { vuln => ['2.4.9'] }, 238 | 'pwned' => { vuln => ['2.6.11'] }, 239 | 'py2' => { vuln => [ '2.6.9', '2.6.17', '2.6.15', '2.6.13' ] }, 240 | 'raptor_prctl' => { 241 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 242 | cve => '2006-2451', 243 | mil => 'http://www.exploit-db.com/exploits/2031', 244 | }, 245 | 'prctl' => { 246 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 247 | mil => 'http://www.exploit-db.com/exploits/2004', 248 | }, 249 | 'prctl2' => { 250 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 251 | mil => 'http://www.exploit-db.com/exploits/2005', 252 | }, 253 | 'prctl3' => { 254 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 255 | mil => 'http://www.exploit-db.com/exploits/2006', 256 | }, 257 | 'prctl4' => { 258 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 259 | mil => 'http://www.exploit-db.com/exploits/2011', 260 | }, 261 | 'remap' => { vuln => ['2.4'] }, 262 | 'rip' => { vuln => ['2.2'] }, 263 | 'stackgrow2' => { vuln => [ '2.4.29', '2.6.10' ] }, 264 | 'uselib24' => { 265 | vuln => [ '2.6.10', '2.4.17', '2.4.22', '2.4.25', '2.4.27', '2.4.29' ] 266 | }, 267 | 'newsmp' => { vuln => ['2.6'] }, 268 | 'smpracer' => { vuln => ['2.4.29'] }, 269 | 'loginx' => { vuln => ['2.4.22'] }, 270 | 'exp.sh' => { vuln => [ '2.6.9', '2.6.10', '2.6.16', '2.6.13' ] }, 271 | 'vmsplice1' => { 272 | vuln => [ 273 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', 274 | '2.6.23', '2.6.24', '2.6.24.1', 275 | ], 276 | alt => 'jessica biel', 277 | cve => '2008-0600', 278 | mil => 'http://www.exploit-db.com/exploits/5092', 279 | }, 280 | 'vmsplice2' => { 281 | vuln => [ '2.6.23', '2.6.24' ], 282 | alt => 'diane_lane', 283 | cve => '2008-0600', 284 | mil => 'http://www.exploit-db.com/exploits/5093', 285 | }, 286 | 'vconsole' => { 287 | vuln => ['2.6'], 288 | cve => '2009-1046', 289 | }, 290 | 'sctp' => { 291 | vuln => ['2.6.26'], 292 | cve => '2008-4113', 293 | }, 294 | 'ftrex' => { 295 | vuln => [ 296 | '2.6.11', '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', 297 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', 298 | ], 299 | cve => '2008-4210', 300 | mil => 'http://www.exploit-db.com/exploits/6851', 301 | }, 302 | 'exit_notify' => { 303 | vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ], 304 | mil => 'http://www.exploit-db.com/exploits/8369', 305 | }, 306 | 'udev' => { 307 | vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ], 308 | alt => 'udev <1.4.1', 309 | cve => '2009-1185', 310 | mil => 'http://www.exploit-db.com/exploits/8478', 311 | }, 312 | 313 | 'sock_sendpage2' => { 314 | vuln => [ 315 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', 316 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', 317 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', 318 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', 319 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', 320 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0', '2.6.1', 321 | '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', '2.6.7', 322 | '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', '2.6.13', 323 | '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19', 324 | '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25', 325 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', 326 | ], 327 | alt => 'proto_ops', 328 | cve => '2009-2692', 329 | mil => 'http://www.exploit-db.com/exploits/9436', 330 | }, 331 | 332 | 'sock_sendpage' => { 333 | vuln => [ 334 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', 335 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', 336 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', 337 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', 338 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', 339 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0', '2.6.1', 340 | '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', '2.6.7', 341 | '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', '2.6.13', 342 | '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19', 343 | '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25', 344 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', 345 | ], 346 | alt => 'wunderbar_emporium', 347 | cve => '2009-2692', 348 | mil => 'http://www.exploit-db.com/exploits/9435', 349 | }, 350 | 'udp_sendmsg_32bit' => { 351 | vuln => [ 352 | '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', 353 | '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', 354 | '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', 355 | '2.6.19', 356 | ], 357 | cve => '2009-2698', 358 | mil => 359 | 'http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c', 360 | }, 361 | 'pipe.c_32bit' => { 362 | vuln => [ 363 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', 364 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', 365 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', 366 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', 367 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', 368 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.15', '2.6.16', 369 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', 370 | '2.6.23', '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', 371 | '2.6.29', '2.6.30', '2.6.31', 372 | ], 373 | cve => '2009-3547', 374 | mil => 375 | 'http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c', 376 | }, 377 | 'do_pages_move' => { 378 | vuln => [ 379 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 380 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 381 | '2.6.30', '2.6.31', 382 | ], 383 | alt => 'sieve', 384 | cve => '2010-0415', 385 | mil => 'Spenders Enlightenment', 386 | }, 387 | 'reiserfs' => { 388 | vuln => [ 389 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 390 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 391 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', 392 | ], 393 | cve => '2010-1146', 394 | mil => 'http://www.exploit-db.com/exploits/12130', 395 | }, 396 | 'can_bcm' => { 397 | vuln => [ 398 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 399 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 400 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 401 | '2.6.36', 402 | ], 403 | cve => '2010-2959', 404 | mil => 'http://www.exploit-db.com/exploits/14814', 405 | }, 406 | 'rds' => { 407 | vuln => [ 408 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', 409 | '2.6.34', '2.6.35', '2.6.36', 410 | ], 411 | mil => 'http://www.exploit-db.com/exploits/15285', 412 | cve => '2010-3904', 413 | }, 414 | 'half_nelson1' => { 415 | vuln => [ 416 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 417 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 418 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 419 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 420 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 421 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 422 | '2.6.36', 423 | ], 424 | alt => 'econet', 425 | cve => '2010-3848', 426 | mil => 'http://www.exploit-db.com/exploits/17787', 427 | }, 428 | 'half_nelson2' => { 429 | vuln => [ 430 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 431 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 432 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 433 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 434 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 435 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 436 | '2.6.36', 437 | ], 438 | alt => 'econet', 439 | cve => '2010-3850', 440 | mil => 'http://www.exploit-db.com/exploits/17787', 441 | }, 442 | 'half_nelson3' => { 443 | vuln => [ 444 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 445 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 446 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 447 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 448 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 449 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 450 | '2.6.36', 451 | ], 452 | alt => 'econet', 453 | cve => '2010-4073', 454 | mil => 'http://www.exploit-db.com/exploits/17787', 455 | }, 456 | 'caps_to_root' => { 457 | vuln => [ '2.6.34', '2.6.35', '2.6.36' ], 458 | cve => 'n/a', 459 | mil => 'http://www.exploit-db.com/exploits/15916', 460 | }, 461 | 'american-sign-language' => { 462 | vuln => [ 463 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 464 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 465 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 466 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 467 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 468 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 469 | '2.6.36', 470 | ], 471 | cve => '2010-4347', 472 | mil => 'http://www.securityfocus.com/bid/45408', 473 | }, 474 | 'pktcdvd' => { 475 | vuln => [ 476 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 477 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 478 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 479 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 480 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 481 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 482 | '2.6.36', 483 | ], 484 | cve => '2010-3437', 485 | mil => 'http://www.exploit-db.com/exploits/15150', 486 | }, 487 | 'video4linux' => { 488 | vuln => [ 489 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 490 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 491 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 492 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 493 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 494 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', 495 | ], 496 | cve => '2010-3081', 497 | mil => 'http://www.exploit-db.com/exploits/15024', 498 | }, 499 | 'memodipper' => { 500 | vuln => [ 501 | '2.6.39', '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', 502 | '3.0.5', '3.0.6', '3.1.0', 503 | ], 504 | cve => '2012-0056', 505 | mil => 'http://www.exploit-db.com/exploits/18411', 506 | }, 507 | 'semtex' => { 508 | vuln => [ 509 | '2.6.37', '2.6.38', '2.6.39', '3.0.0', '3.0.1', '3.0.2', 510 | '3.0.3', '3.0.4', '3.0.5', '3.0.6', '3.1.0', 511 | ], 512 | cve => '2013-2094', 513 | mil => 'http://www.exploit-db.com/exploits/25444', 514 | }, 515 | 'perf_swevent' => { 516 | vuln => [ 517 | '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5', 518 | '3.0.6', '3.1.0', '3.2.0', '3.3.0', '3.4.0', '3.4.1', 519 | '3.4.2', '3.4.3', '3.4.4', '3.4.5', '3.4.6', '3.4.8', 520 | '3.4.9', '3.5.0', '3.6.0', '3.7.0', '3.8.0', '3.8.1', 521 | '3.8.2', '3.8.3', '3.8.4', '3.8.5', '3.8.6', '3.8.7', 522 | '3.8.8', '3.8.9', 523 | ], 524 | cve => '2013-2094', 525 | mil => 'http://www.exploit-db.com/exploits/26131', 526 | }, 527 | 'msr' => { 528 | vuln => [ 529 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 530 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.27', '2.6.28', 531 | '2.6.29', '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', 532 | '2.6.35', '2.6.36', '2.6.37', '2.6.38', '2.6.39', '3.0.0', 533 | '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5', '3.0.6', 534 | '3.1.0', '3.2.0', '3.3.0', '3.4.0', '3.5.0', '3.6.0', 535 | '3.7.0', '3.7.6', 536 | ], 537 | cve => '2013-0268', 538 | mil => 'http://www.exploit-db.com/exploits/27297', 539 | }, 540 | 'timeoutpwn' => { 541 | vuln => [ 542 | '3.4.0', '3.5.0', '3.6.0', '3.7.0', '3.8.0', '3.8.9', 543 | '3.9.0', '3.10.0', '3.11.0', '3.12.0', '3.13.0', '3.4.0', 544 | '3.5.0', '3.6.0', '3.7.0', '3.8.0', '3.8.5', '3.8.6', 545 | '3.8.9', '3.9.0', '3.9.6', '3.10.0', '3.10.6', '3.11.0', 546 | '3.12.0', '3.13.0', '3.13.1' 547 | ], 548 | cve => '2014-0038', 549 | mil => 'http://www.exploit-db.com/exploits/31346', 550 | }, 551 | 'rawmodePTY' => { 552 | vuln => [ 553 | '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', '2.6.36', 554 | '2.6.37', '2.6.38', '2.6.39', '3.14.0', '3.15.0' 555 | ], 556 | cve => '2014-0196', 557 | mil => 'http://packetstormsecurity.com/files/download/126603/cve-2014-0196-md.c', 558 | }, 559 | 'overlayfs' => { 560 | vuln => [ 561 | '3.13.0', '3.16.0', '3.19.0' 562 | ], 563 | cve => '2015-8660', 564 | mil => 'http://www.exploit-db.com/exploits/39230', 565 | }, 566 | 'pp_key' => { 567 | vuln => [ 568 | '3.4.0', '3.5.0', '3.6.0', '3.7.0', '3.8.0', '3.8.1', 569 | '3.8.2', '3.8.3', '3.8.4', '3.8.5', '3.8.6', '3.8.7', 570 | '3.8.8', '3.8.9', '3.9.0', '3.9.6', '3.10.0', '3.10.6', 571 | '3.11.0', '3.12.0', '3.13.0', '3.13.1' 572 | ], 573 | cve => '2016-0728', 574 | mil => 'http://www.exploit-db.com/exploits/39277', 575 | }, 576 | 'dirty_cow' => { 577 | vuln => [ 578 | '2.6.22', '2.6.23', '2.6.24', '2.6.25', '2.6.26', '2.6.27', 579 | '2.6.27', '2.6.28', '2.6.29', '2.6.30', '2.6.31', '2.6.32', 580 | '2.6.33', '2.6.34', '2.6.35', '2.6.36', '2.6.37', '2.6.38', 581 | '2.6.39', '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', 582 | '3.0.5', '3.0.6', '3.1.0', '3.2.0', '3.3.0', '3.4.0', 583 | '3.5.0', '3.6.0', '3.7.0', '3.7.6', '3.8.0', '3.9.0' 584 | ], 585 | cve => '2016-5195', 586 | mil => 'http://www.exploit-db.com/exploits/40616', 587 | }, 588 | 'af_packet' => { 589 | vuln => ['4.4.0' ], 590 | cve => '2016-8655', 591 | mil => 'http://www.exploit-db.com/exploits/40871', 592 | }, 593 | 'packet_set_ring' => { 594 | vuln => ['4.8.0' ], 595 | cve => '2017-7308', 596 | mil => 'http://www.exploit-db.com/exploits/41994', 597 | }, 598 | 'clone_newuser' => { 599 | vuln => [ 600 | '3.3.5', '3.3.4', '3.3.2', '3.2.13', '3.2.9', '3.2.1', 601 | '3.1.8', '3.0.5', '3.0.4', '3.0.2', '3.0.1', '3.2', '3.0.1', '3.0' 602 | ], 603 | cve => 'N\A', 604 | mil => 'http://www.exploit-db.com/exploits/38390', 605 | }, 606 | 'get_rekt' => { 607 | vuln => [ 608 | '4.4.0', '4.8.0', '4.10.0', '4.13.0' 609 | ], 610 | cve => '2017-16695', 611 | mil => 'http://www.exploit-db.com/exploits/45010', 612 | }, 613 | 'exploit_x' => { 614 | vuln => [ 615 | '2.6.22', '2.6.23', '2.6.24', '2.6.25', '2.6.26', '2.6.27', 616 | '2.6.27', '2.6.28', '2.6.29', '2.6.30', '2.6.31', '2.6.32', 617 | '2.6.33', '2.6.34', '2.6.35', '2.6.36', '2.6.37', '2.6.38', 618 | '2.6.39', '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', 619 | '3.0.5', '3.0.6', '3.1.0', '3.2.0', '3.3.0', '3.4.0', 620 | '3.5.0', '3.6.0', '3.7.0', '3.7.6', '3.8.0', '3.9.0', 621 | '3.10.0', '3.11.0', '3.12.0', '3.13.0', '3.14.0', '3.15.0', 622 | '3.16.0', '3.17.0', '3.18.0', '3.19.0', '4.0.0', '4.1.0', 623 | '4.2.0', '4.3.0', '4.4.0', '4.5.0', '4.6.0', '4.7.0' 624 | ], 625 | cve => '2018-14665', 626 | mil => 'http://www.exploit-db.com/exploits/45697', 627 | }, 628 | ); 629 | } 630 | 631 | __END__ 632 | =head1 NAME 633 | 634 | linux_exploit_suggester-2.pl - A local exploit suggester for linux 635 | 636 | =head1 DESCRIPTION 637 | 638 | This perl script will enumerate the possible exploits available for a given kernel version 639 | 640 | =head1 USAGE 641 | 642 | [-h] Help (this message) 643 | [-k] Kernel number (eg. 2.6.28) 644 | [-d] Open exploit download menu 645 | 646 | You can also provide a partial kernel version (eg. 2.4) 647 | to see all exploits available. 648 | 649 | =head1 AUTHOR 650 | 651 | Jonathan Donas (c) 2019 652 | 653 | =cut 654 | 655 | =head1 LICENSE 656 | 657 | Linux Exploit Suggester 2 658 | 659 | This program is free software; you can redistribute it and/or modify 660 | it under the terms of the GNU General Public License as published by 661 | the Free Software Foundation; either version 2 of the License, or 662 | (at your option) any later version. 663 | 664 | This program is distributed in the hope that it will be useful, 665 | but WITHOUT ANY WARRANTY; without even the implied warranty of 666 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 667 | GNU General Public License for more details. 668 | 669 | You should have received a copy of the GNU General Public License along 670 | with this program; if not, write to the Free Software Foundation, Inc., 671 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 672 | 673 | =cut 674 | --------------------------------------------------------------------------------