Windows 10 News and info | Forum
May 30, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Windows Exploit Suggester Lists Known Exploits for Your Windows Install  (Read 107 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 31433

I Do Windows

WWW Email
« on: March 04, 2019, 07:37:02 PM »

A program called Windows Exploit Suggester - Next Generation, or WES-NG, has been released that will list the known vulnerabilities affecting a Windows installation, any exploits that are available, and what security updates are needed to patch the bugs.

WES-NG was created by security researcher Arris Huijgen, who based his project off the Windows-Exploit-Suggester program that was originally released in 2014 by GDS Security, now known as AON Security. The original program stopped working when Microsoft stopped updating its Microsoft Security Bulletin Data Excel file and switched to the Microsoft Security Response Center API.

This program works by comparing a Windows SystemInfo report with a downloaded CSV file of known vulnerabilities and their associated security updates. Using this data, Windows Exploit Suggester will display a report showing all of the unpatched vulnerabilities found on the computer and their respective CVE IDs, Microsoft knowledge base article numbers, and a link to any known exploits for that vulnerability.

Windows Exploit Suggester - Next Generation (WES-NG) Demo

According to the projects description, every version of Windows between Windows XP and Windows 10, including the Windows Server counterparts, is supported.

For those who want to focus on specific vulnerabilities and filter out the rest, users can utilize the --hide flag to specify those vulnerabilities that should be filtered. For example, to filter out Edge vulnerabilities you can use the systeminfo.txt --hide Edge command.

Windows Exploit Suggester Help Screen

As Windows Exploit Suggester is written in Python, you will need to download and install the Python before you can use it. When testing WES-NG, BleepingComptuer used Python for Windows 3.7.2 and had to install the Chardet library using the pip3 install chardet command for the program to work.

Once Python and the necessary libraries are installed, you can run the Windows Exploit Suggester by following these steps:

1. Download Windows Exploit Suggester - NSG from its GitHub repository. Once downloaded, you will use the script to execute the program.

2. Open a Windows command prompt.

3. Download and Update the vulnerability database with the --update command.

4. Create a SystemInfo report with the systeminfo > systeminfo.txt command.

5. Run Windows Exploit Suggester using the SystemInfo report with the systeminfo.txt command. To redirect the output to a text file that you can open in Notepad, you can use the systeminfo.txt > wes-report.txt command

You can now open the report in Windows and determine what vulnerabilities exist on the computer and what updates need to be installed to patch them.

« Last Edit: March 04, 2019, 07:49:27 PM by javajolt » Logged

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page May 20, 2020, 10:33:11 PM