Find possible privilege escalation vulnerabilities

Submitted data will be regex'd against: "KB[0-9]{7}" all other data is immediately discarded, no submission history is maintained, code is in footer of this page

What does this tool do?

Inspired by Watson, a missing privesc patch enumeration tool by @rastamouse, this site is effectively a tool that allows you to quickly cross-reference the installed patches of a known system build and try to find out if the system in question is unprotected against any known, relevant privilege escalation attacks.

The obvious difference between this tool and Watson is that it is a website, and therefore doesn't require it to be run from a compromised host, compile tools, or bypass antivirus to make it run. Also the backend database for this service is being automagically updated by a periodic scrape of Microsoft's patch support site. That said, one could expect this database to be at most, a week or two old, check date last updated in the top right corner of this page.

What this tool is NOT:

  • This tool is not going to check against every CVE in existence, only a select few primarily dealing with privilege esclation
  • This tool is not a conclusive, comprehensive security assessment tool
  • this tool is not a certification of your endpoint's security in any way, shape, or form

This tool is written, maintained, and funded solely by myself (@deadjakk), so don't come at me with pitchforks if something isn't perfect or you think this website "lied" to you, I guarantee you nothing for the nothing I receive. If however, you do encounter some error, get what you know to be incorrect results, or see a CVE you think should be checked against, feel free to contact me via twitter or email (contact links are at the bottom of this page).

All of the code for the data collector/scraper, and the backend flask server is open sourced, the github link is in the footer of the page.

If you so wish to donate, I can take your leet crypto monies via this BTC address: --------------

Also don't wantonly abuse it, I don't want to add a captcha, thank you, happy hacking.