Top Commands

Windows Exploit Suggester

#Windows Machine
- Run systeminfo on the windows machine

#Linux Machine
- Copy all the data result and create a .txt document with all the information in it
- Run ./windows-exploit-suggester.py --update    ---> Create a fresh database of new exploits
- Run ./windows-exploit-suggester.py -i DATA-FOUND.TXT -d DATABASE.xlm

• https://github.com/AonCyberLabs/Windows-Exploit-Suggester (opens in a new tab)

WES-NG (Windows Exploit Suggester - Next Generation)

#Linux
wes.py --update

#Windows Machine
systeminfo

#Linux
wes.py systeminfo.txt

• https://github.com/bitsadmin/wesng (opens in a new tab)

Info Some exploit suggesting scripts (e.g. winPEAS) will require you to upload them to the target system and run them there. This may cause antivirus software to detect and delete them. To avoid making unnecessary noise that can attract attention, you may prefer to use WES-NG, which will run on your attacking machine (e.g. Kali or TryHackMe AttackBox).

Metasploit

multi/recon/local_exploit_suggester

Info If you already have a Meterpreter shell on the target system, you can use the multi/recon/local_exploit_suggester module to list vulnerabilities that may affect the target system and allow you to elevate your privileges on the target system.