Tool inspired by HTB-machine

gnothiseauton · June 20, 2020, 8:19pm

Hey guys,

Here’s a tool I wrote, inspired by a problem I was solving on one of the machines here. I thought I’d share it with you all. All feedback is welcome:

Vulnfetcher is an enumeration tool: it searches the web for known vulnerabilities. It fetches related information and public available exploits, scores the results and orders them based on frequency and severity.

In a way you could call it a searsploit alternative, but it differs from searchsploit in that it uses searchengines. It is slower, but more forgiving when it comes to search-terms, it’s able to process large lists unattended in the background and plays well with nmap.

Vulnfetcher Nmap Demo

It can process long lists of packages, either tab-separated or a debian packages-list generated by ‘dpkg -l > file’. It allows you to reduce a list of say 200 installed packages to a handful of potentially vulnerable targets, sorted on probability of vulnerability:

Vulnfetcher Dpkg demo

You can find the tool here: GitHub - gnothiseautonlw/vulnfetcher: Searchsploit alternative. It differs in that it uses searchengines, can run unattended in the background, plays well with nmap and is able to process large lists of packages or services on it's own. It supports a simple search, nmap xml's, tab-separated files and debian packages list files ('dpkg -l > file')

Topic		Replies	Views
Reconnoitre - an enumeration tool to help you organise, and learn more about attack process Tools enumeration	26	4319	November 6, 2018
Tools to start with Tools tools , noob	9	3247	October 13, 2019
External Enumeration and Recon Other enumeration , guide	4	939	March 7, 2020
New linux smart enumeration tool Exploits enumeration , privesc , linux , lse	3	1016	May 20, 2019
Tool for enumerating timers and processes Off-topic	2	273	July 24, 2022

Tool inspired by HTB-machine

Related topics