Remote Exploit Scan Tool
Use SSH credentials to remotely scan linux system
packages for known exploits in Exploit-DB and run
basic enumeration scripts.
Currently works against Debian and RHEL based systems.
Bug testing, additions, and rewrites are welcome, just submit an issue or pull request.
Thanks to mikesz81 for concept and nbulischeck for code review.
- linux (tested in kali-2019.2)
- searchsploit
- python>=3.7
- pip
- termcolor >= 1.1.0
- paramiko >= 2.6.0
Note: It is recommended to clone this repository into a python virtual
envirnment and runpip install -r requirements.txt
usage: rest.py [-h] [-n [port_number]] [-p password] [-k key_file] [-ss] [-le]
[-t] [-ps]
hostname username
positional arguments:
hostname hostname or IP address of remote machine
username username used to login to host
optional arguments:
-h, --help show this help message and exit
-n [port_number] port number (default is 22)
-p password password for user
-k key_file location of RSA or DSA Key file
-ss run package list against searchsploit database
-le run LinEnum.sh and return LE_report
-t add thorough switch to -le LinEnum.sh
-ps run pspy64 or pspy32 with defaults and return pspy_out
Examples:
./rest.py 192.168.1.100 vera -p eatadick6969 -n 666
./rest.py 192.168.1.101 jeff -p my_name_a -k ~/.ssh/id_rsa -ss
./rest.py 192.168.1.102 bigwillystyle -k ~/.ssh/id_rsa -ss
./rest.py 192.168.1.104 buck -p nchuck -le
./rest.py 192.168.1.105 matt_d -p i_love_ben_a -ps
./rest.py 192.168.1.106 ben_a -p i_love_matt_d -ss -le -t -ps