Linux Exploit Suggester
LES is a Linux privilege escalation auditing tool that assesses kernel exposure to publicly known exploits and verifies kernel hardening security measures.
Description
Linux Exploit Suggester (LES) is designed to assist in detecting security deficiencies for given Linux kernel or Linux-based machines. It evaluates the exposure of the kernel to every publicly known Linux kernel exploit using heuristic methods. For each exploit, it calculates the level of exposure.
The tool also verifies the state of kernel hardening security measures, checking both compile-time configurations (CONFIGs) and run-time settings (sysctl). This provides a complete picture of the security posture for the running kernel, serving as a modern continuation of the kernel switch checks from checksec.sh by Tobias Klein.
LES helps auditors and security professionals identify potential privilege escalation vectors by matching kernel versions against known exploits and reviewing security configurations.
How It Works
LES uses heuristic methods to assess kernel exposure to publicly known exploits by matching the provided kernel version against a database of exploits. It checks kernel compile-time configurations and run-time sysctl settings to verify security hardening measures, providing a comprehensive audit of potential vulnerabilities.
Installation
sudo apt install linux-exploit-suggesterFlags
Examples
./Linux_Exploit_Suggester.pl -k 3.0.0linux-exploit-suggester -h./Linux_Exploit_Suggester.pl -k 4.4.0./Linux_Exploit_Suggester.pl -k 5.10.0linux-exploit-suggester./Linux_Exploit_Suggester.pl -k 2.6.32