WES-NG is a tool based on the output of Windows’ systeminfo utility, which lists the vulnerabilities to which the OS is vulnerable, as well as any exploits for these #vulnerabilities. Every Windows operating system from XP to 10, as well as their Windows Server counterparts, is supported.
- Run the command wes.py —update to get the most recent vulnerability database.
- Use Windows’ built-in systeminfo.exe programme to get system information for a local system or a remote system using systeminfo.exe /S MyRemoteHost, and save it to a file: systeminfo > systeminfo.txt
- Run WES-NG with the output file systeminfo.txt as a parameter: wes.py systeminfo.txt. The database is then used by WES-NG to assess whether fixes are appropriate to the system and which vulnerabilities are currently exposed, as well as exploits if they are accessible.
- Because #Microsoft’s data is frequently incomplete and false positives are reported by wes.py, consult the Wiki’s Eliminating False Positives page for advice on how to deal with this.
Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purposes.
Download link: https://github.com/bitsadmin/wesng