Tool inspired by HTB-machine

edited June 22 in Tools

Hey guys,

Here's a tool I wrote, inspired by a problem I was solving on one of the machines here. I thought I'd share it with you all. All feedback is welcome:

Vulnfetcher is an enumeration tool: it searches the web for known vulnerabilities. It fetches related information and public available exploits, scores the results and orders them based on frequency and severity.

In a way you could call it a searsploit alternative, but it differs from searchsploit in that it uses searchengines. It is slower, but more forgiving when it comes to search-terms, it's able to process large lists unattended in the background and plays well with nmap.

Vulnfetcher Nmap Demo

It can process long lists of packages, either tab-separated or a debian packages-list generated by 'dpkg -l > file'. It allows you to reduce a list of say 200 installed packages to a handful of potentially vulnerable targets, sorted on probability of vulnerability:

Vulnfetcher Dpkg demo

You can find the tool here: https://github.com/gnothiseautonlw/vulnfetcher

Sign In to comment.