View Issue Details

IDProjectCategoryView StatusLast Update
0004572Kali Linux[All Projects] Kali Websites & Docspublic2020-09-11 07:47
Reportermzet Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionreopened 
Product Version 
Target VersionFixed in Version 
Summary0004572: Update tools.kali.org : linux-exploit-suggester.sh - Updated/Forked Version
DescriptionI'm aware that Kali already contains Linux_Exploit_Suggester (https://tools.kali.org/exploitation-tools/linux-exploit-suggester). Unfortunately AFAIK this tool is not maintained anymore and is out of date (last added exploits are from 2014).

linux-exploit-suggester.sh (https://github.com/mzet-/linux-exploit-suggester) is up to date and regularly updated. It contains all the exploits that are present in Linux_Exploit_Suggester (excluding those that are applicable solely for kernels 2.4 and older) plus all the latest (as of early 2018) publicly known Linux kernel exploits.

linux-exploit-suggester.sh is inspired on Linux_Exploit_Suggester so basic philosophy and use case is the same. However it also comes with some additional features:

- when run directly on examined machine it can perform some additional checks (like kernel's CONFIG_* and/or sysctl entries) to rule out exploits that won't be applicable
- most exploits contain additional info (Tags) about which distro they were succesfully run
- tool also contains exploits (that leads to LPE) for userspace software
- other minor features

Currently linux-exploit-suggester.sh contains:

- 0000041:0000070 userspace exploits
- 0000018:0000030 userspace exploits

For more details please see README.md at https://github.com/mzet-/linux-exploit-suggester.

Thanks for consideration.

Activities

g0tmi1k

2018-04-10 11:42

administrator   ~0009020

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool? either a download page or a link to the latest version
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [Activity] - When did the project start? Is is still actively being deployed?
- [How to install] - How do you compile it?
--- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
- [How to use] - What are some basic commands/functions to demonstrate it?

mzet

2018-04-13 21:26

reporter   ~0009037

Below are informations you requested, please let me know if something is missing or unclear.

- [Name] - The name of the tool

linux-exploit-suggester.sh

- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release
to match (e.g. git tag)

Version 0.9 of the tool should be used.


- [Homepage] - Where can the tool be found online? Where to go to get more
information?

https://github.com/mzet-/linux-exploit-suggester

- [Download] - Where to go to get the tool? either a download page or a link to
the latest version

latest (development) version:
https://github.com/mzet-/linux-exploit-suggester

version 0.9:
https://github.com/mzet-/linux-exploit-suggester/archive/v0.9.tar.gz

- [Author] - Who made the tool?

mzet

- [Licence] - How is the software distributed? What conditions does it come
with?

GPLv3

- [Description] - What is the tool about? What does it do?

linux-exploit-suggester.sh tool is meant to assist security analyst in identifying possible privilege escalation attack vectors on target Linux machine by suggesting possible exploits.

- [Dependencies] - What is needed for the tool to work?

Tool is implemented as a single Bash script. It requires Bash in version >= 4.0 in order to run.

- [Similar tools] - What other tools are out there?
 
Similar to (and inspired by) https://github.com/InteliSecureLabs/Linux_Exploit_Suggester.

- [Activity] - When did the project start? Is is still actively being deployed?

Project has started on 6 Oct 2016. Yes, it is actively being developed and maintained.

- [How to install] - How do you compile it?
--- Note, using source code to acquire (e.g. git clone/svn checkout) can't be
used - Also downloading from the head. Please use a "tag" or "release" version.

No compilation is involved - the tool is implemented as a single Bash script.

After downloading the tool (in version 0.9) from https://github.com/mzet-/linux-exploit-suggester/archive/v0.9.tar.gz the tool is ready to run.

- [How to use] - What are some basic commands/functions to demonstrate it?

Basic usage (see more examples at: https://github.com/mzet-/linux-exploit-suggester#usage):

checks for possible kernel space (and for Ubuntu, Debian, RHEL/CentOS, Fedora distros also for user space) exploits based on kernel (package) version and other settings like (kernels CONFIG_* compile time settings and sysctl entries):
$ ./linux-exploit-suggester.sh

enumerates kernel and hardware protection mechanisms (KASLR, SMEP, SMAP, etc.):
$ ./linux-exploit-suggester.sh --checksec

lists possible exploits for Linux kernel in version 3.3.*:
$ ./linux-exploit-suggester.sh -k 3.3

checks for possible kernel space and user space exploits based on output from given 'uname -a' command output and based on provided package file listing (output from 'dpkg -l' or 'rpm -qa' commands):
$ ./linux-exploit-suggester.sh --uname <output_from_uname_-a_cmd> --pkglist-file <pkg_listing_file>

to see help:
$ ./linux-exploit-suggester.sh -h

mzet

2018-04-25 20:05

reporter   ~0009066

Any update on this?

mzet

2019-05-14 12:55

reporter   ~0010579

Please reconsider adding LES tool to the Kali. The tool has matured, is up to date, has excellent '--checksec' functionality in summary it is much more then its predecessor (https://tools.kali.org/exploitation-tools/linux-exploit-suggester) I believe. See detailed paper (in a form of blog post) here: https://mzet-.github.io/2019/05/10/les-paper.html for details about the tool inner workings and novel techniques it uses to limit false positives when generating list of candidate exploits.

Please see below for (updated) information about the tool:

- [Name] - The name of the tool
LES: Linux privilege escalation auditing tool

- [Version] - What version of the tool should be added?
Latest stable version: v1.0
https://github.com/mzet-/linux-exploit-suggester/releases/tag/v1.0

- [Homepage] - Where can the tool be found online? Where to go to get more information?
https://github.com/mzet-/linux-exploit-suggester

- [Download] - Where to go to get the tool? either a download page or a link to the latest version
https://github.com/mzet-/linux-exploit-suggester/releases/tag/v1.0

- [Author] - Who made the tool?
Mariusz "mzet" Ziulek

- [Licence] - How is the software distributed? What conditions does it come with?
GPLv3

- [Description] - What is the tool about? What does it do?
LES is the next generation version of the tool designed to assist the security tester/analyst in looking for critically vulnerable (i.e. locally exploitable) Linux machines during manual red tem/pentest engagement.

- [Dependencies] - What is needed for the tool to work?
Bash in version >= 4.0

- [Similar tools] - What other tools are out there?
https://tools.kali.org/exploitation-tools/linux-exploit-suggester

- [Activity] - When did the project start? Is is still actively being deployed?
Project has started on 6 Oct 2016. Yes, it is actively being developed and maintained.

- [How to install] - How do you compile it?
wget https://github.com/mzet-/linux-exploit-suggester/archive/v1.0.tar.gz

- [How to use] - What are some basic commands/functions to demonstrate it?
$ ./linux-exploit-suggester.sh

Thanks for consideration.

Best,
Mariusz

g0tmi1k

2019-10-28 13:19

administrator   ~0011233

The old one doesn't exists any more ~ https://github.com/PenturaLabs?tab=repositories

I would recommend we switch

mzet

2019-11-11 10:12

reporter   ~0011292

Cool. Let me know if you need any additional info from me.

g0tmi1k

2020-01-06 13:20

administrator   ~0011817

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

mzet

2020-01-07 15:00

reporter   ~0011829

@kali-team, please note that new release has just been published: https://github.com/mzet-/linux-exploit-suggester/archive/v1.1.tar.gz

mzet

2020-02-04 16:18

reporter   ~0012008

If we're going to add it to Kali, can we queue it for ver. 2020.2 (https://bugs.kali.org/changelog_page.php?version_id=25)?

mzet

2020-05-12 13:25

reporter   ~0012773

Guys,

Do we add it or not? It was acknowledged, let's push it.


- [Name] - The name of the tool
LES: Linux privilege escalation auditing tool

- [Version] - What version of the tool should be added?
Latest stable version: v1.1
https://github.com/mzet-/linux-exploit-suggester/releases/tag/v1.1

- [Homepage] - Where can the tool be found online? Where to go to get more information?
https://github.com/mzet-/linux-exploit-suggester

- [Download] - Where to go to get the tool? either a download page or a link to the latest version
https://github.com/mzet-/linux-exploit-suggester/releases/tag/v1.1
https://github.com/mzet-/linux-exploit-suggester/archive/v1.1.tar.gz

- [Author] - Who made the tool?
Mariusz "mzet" Ziulek

- [Licence] - How is the software distributed? What conditions does it come with?
GPLv3

- [Description] - What is the tool about? What does it do?
LES is the next generation version of the tool designed to assist the security tester/analyst in looking for critically vulnerable (i.e. locally exploitable) Linux machines during manual red team / penetration testing engagements.

- [Dependencies] - What is needed for the tool to work?
Bash in version >= 4.0

- [Similar tools] - What other tools are out there?
https://tools.kali.org/exploitation-tools/linux-exploit-suggester

- [Activity] - When did the project start? Is is still actively being deployed?
Project has started on 6 Oct 2016. Yes, it is actively being developed and maintained.

- [How to install] - How do you compile it?
wget https://github.com/mzet-/linux-exploit-suggester/archive/v1.1.tar.gz

- [How to use] - What are some basic commands/functions to demonstrate it?
$ ./linux-exploit-suggester.sh


Please let me know if you need any additional information.

Best,
mzet

sbrun

2020-05-18 14:11

manager   ~0012805

I have uploaded the new version 1.1.-0kali1
It will be in kali-rolling soon

mzet

2020-09-11 07:01

reporter   ~0013415

Site https://tools.kali.org/exploitation-tools/linux-exploit-suggester still describes the all version of the tool. It should be updated as well.

Issue History

Date Modified Username Field Change
2018-03-01 10:34 mzet New Issue
2018-03-01 11:26 g0tmi1k Product Version kali-dev =>
2018-03-01 11:26 g0tmi1k Summary Please consider adding linux-exploit-suggester.sh to Kali Linux => linux-exploit-suggester.sh - Updated/Forked Version
2018-04-10 11:42 g0tmi1k Note Added: 0009020
2018-04-13 21:26 mzet Note Added: 0009037
2018-04-25 20:05 mzet Note Added: 0009066
2019-05-14 12:55 mzet Note Added: 0010579
2019-10-28 13:19 g0tmi1k Note Added: 0011233
2019-10-28 13:19 g0tmi1k Category New Tool Requests => Queued Tool Addition
2019-10-28 16:01 g0tmi1k Status new => assigned
2019-11-11 10:12 mzet Note Added: 0011292
2020-01-06 13:07 g0tmi1k Status assigned => acknowledged
2020-01-06 13:20 g0tmi1k Note Added: 0011817
2020-01-07 15:00 mzet Note Added: 0011829
2020-02-04 16:18 mzet Note Added: 0012008
2020-05-12 13:25 mzet Note Added: 0012773
2020-05-18 14:11 sbrun Assigned To => sbrun
2020-05-18 14:11 sbrun Status acknowledged => resolved
2020-05-18 14:11 sbrun Resolution open => fixed
2020-05-18 14:11 sbrun Note Added: 0012805
2020-09-11 07:01 mzet Status resolved => feedback
2020-09-11 07:01 mzet Resolution fixed => reopened
2020-09-11 07:01 mzet Note Added: 0013415
2020-09-11 07:47 sbrun Assigned To sbrun =>
2020-09-11 07:47 sbrun Status feedback => new
2020-09-11 07:47 sbrun Category Queued Tool Addition => Kali Websites & Docs
2020-09-11 07:47 sbrun Summary linux-exploit-suggester.sh - Updated/Forked Version => Update tools.kali.org : linux-exploit-suggester.sh - Updated/Forked Version