WES-NG – Windows Exploit Suggester – Next Generation

WES-NG is a tool based on the output of Windows’ systeminfo utility which provides the list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported.

WES-NG - Windows Exploit Suggester - Next Generation
WES-NG – Windows Exploit Suggester – Next Generation

The WES-NG collector pulls information for update from various sources:

  • Microsoft Security Bulletin Data: KBs for older systems
  • MSRC: The Microsoft Security Update API of the Microsoft Security Response Center (MSRC): Standard source of information for modern Microsoft Updates
  • NIST National Vulnerability Database (NVD): Complement vulnerabilities with Exploit-DB links These are combined into a single .csv file which is compressed and hosted on GitHub repository.

Windows Exploit Suggester needs to be updated before running the assessment. user may find several powershell scripts in the collector folder to make the update and generate definitions.zip file with latest version.

Usage steps are by making the following:

  1. Obtain the latest database of vulnerabilities by executing the command wes.py --update.
  2. Use Windows’ built-in systeminfo.exe tool to obtain the system information of the local system, or from a remote system using systeminfo.exe /S MyRemoteHost, and redirect this to a file: systeminfo > systeminfo.txt
  3. Execute WES-NG with the systeminfo.txt output file as the parameter: wes.py systeminfo.txt. WES-NG then uses the database to determine which patches are applicable to the system and to which vulnerabilities are currently exposed, including exploits if available.
  4. In case there is any incomplete information or doubt of false positives developers added a wiki section to make some troubleshooting with the tool.

You can read more and download this tool over here: https://github.com/bitsadmin/wesng