1.5 KiB
The Local Exploit Suggester is a post-exploitation module that you can use to check a system for local vulnerabilities. It performs local exploit checks; it does not actually run any exploits, which is useful because this means you to scan a system without being intrusive. In addition to being stealthy, it's a time saver. You don't have to manually search for local exploits that will work; it'll show you which exploits the target is vulnerable to based on the system's platform and architecture.
The Local Exploit Suggester is available for Python, PHP, and Windows Meterpreter.
Vulnerable Application
To use the Local Exploit Suggester:
- You must have an open Meterpreter session.
Verification Steps
Please see the Overview section.
##Options
You can set the following options for the Local Exploit Suggester:
- showdescription - Set this option to true to see more details about each exploit.
Scenarios
When the Local Exploit Suggester runs, it displays a list of local exploits that the target may be vulnerable to, and it tells you the likelihood of exploitation.
The following terms are used to help you understand how vulnerable a target is to a particular exploit:
- Vulnerable - Indicates that the target is vulnerable.
- Appears - Indicates that the target may be vulnerable based on the file version, but the vulnerable code has not been tested.
- Detected - Indicates that the target has the file, but it cannot be determined whether or not the target is vulnerable.