๐ ๏ธWindows Exploit Suggester
Theory
Thereโs a Windows version of Linux Exploit Suggester called, as you might expect, Windows Exploit Suggester. This is a tool for identifying missing patches on the Windows target which may indicate possible vulnerabilities. The tool takes the output from the โsysteminfoโ command and compares the targetโs patch levels (hotfixes installed) against the latest version of the Microsoft vulnerability database (the vulnerability database is automatically downloaded and stored as an Excel spreadsheet). Based on this comparison the tool suggests possible public exploits (marked with an E) and Metasploit modules (marked with an M) that may work against the unpatched system.
Practical
Github
Update the database
Get system information
Run following command in target window and save the output in text file,
Copy
Check for Vulnerabilities
You need to store the system info in a text file and also need to pass the database file
REFERENCES
Last updated