Find possible privilege escalation vulnerabilities

Submitted data will be regex'd against: "KB[0-9]{7}" all other data is immediately discarded, no submission history is maintained, code is in footer of this page

What does this tool do?

Inspired by Watson, a missing privesc patch enumeration tool by @rastamouse, this site is a tool that allows you to quickly cross-reference the installed patches of a known system build and try to find out if the system in question is unprotected against any known, relevant privilege escalation attacks.

The obvious difference between this tool and Watson is that it is a website, and therefore doesn't require it to be run from a compromised host, compile tools, or bypass antivirus to make it run. Also the backend database for this service is being automagically updated by a periodic scrape of Microsoft's patch support site. That said, one could expect this database to be at most, a week or two old, check date last updated in the top right corner of this page.

What this tool is NOT:

  • This tool is not going to check against every CVE in existence, only a select few primarily dealing with privilege esclation
  • This tool is not a conclusive, comprehensive security assessment tool
  • this tool is not a certification of your endpoint's security in any way, shape, or form

If you encounter some error, get what you know to be incorrect results, or see a CVE you think should be checked against, please create a pull request via Github or contact me via twitter or email (github and contact links are at the bottom of this page).

All of the code for the data collector/scraper, and the flask server is open sourced

If you so wish to donate, I will happily take your crypto via the following BTC address: 3QbADkRDfJEDTyjPs26yByM6Csqy3a85Yu

Please don't wantonly abuse it, captchas are lame.

This tool is written, and maintained soley by myself, (@deadjakk) more information about this tools can be found in this article about this site.