/mi-x

Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, existence of a mitigation, OS, etc..)

Primary LanguagePythonGNU Affero General Public License v3.0AGPL-3.0

License: AGPL v3 pylint blackhat-arsenal blackhat-arsenal

Am I Exploitable?

Author: 2022 - Now, Rezilion

Description: Vulnerabilities validation

Development: January 2022 - Now

Documentation: See website, README

Introduction

Description

‘Am I Exploitable?’ is a python open source project that comes to meet the need of validating if your system is exploitable to specific vulnerabilities. The project can help you understand whether you are exploitable to a specific vulnerability and explain to you what is the vulnerable component or invulnerable component in your system. The project can create a graph that presents the validation flow according to the vulnerability checks we perform. MI-X supports machine-readable output. The results can be exported to three different file formats: json, csv and text. After executing the tool, you will see the validation flow - it will print out which checks were performed on the host/container followed by remediation and mitigation recommendations. We want to create a community of researchers and programmers that can add vulnerability checks for new vulnerabilities or critical or famous vulnerabilities. Whenever a new vulnerability comes up, we can offer this service that helps people validate if they are exploitable or not. In addition, the vulnerabilities checks we wrote so far, can be expanded with some checks we might have missed.

Features and usage options:

  • Validate if exploitable to provided cve
  • Validate if exploitable to category of cves
  • Get the vulnerability description
  • Validate the host containers
  • Present the validation flow logic as a graph.
  • Export the results to one of the three output formats: json, csv, text.
  • Get remediation and mitigation recommendations.

An example flow graph for CVE-2021-4034 (aka PwnKit):

PwnKit Validation Flow Graph

Everyone is free to use 'Am I Exploitable?' under the conditions of the AGPL-3.0 License (see LICENSE file).

Quick facts

  • Name: 'Am I Exploitable?'
  • Type: vulnerability validation
  • License: GNU AFFERO GENERAL PUBLIC LICENSE
  • Language: Python3
  • Author: Rezilion
  • Required Permissions: root preferred, not needed (may use sudo)

Files

  • am_i_exploitable.py - The main file which handles the user input and the CVEs calls.
  • cves - Python package that contains a python file for each currently supported vulnerability.
  • modules - Python package that contains modules. Modules are code implementations which are used in different CVE files.

Supported OSs and Distributions

The tool supports the following Linux distributions:

Ubuntu, Debian, Red Hat, Centos, Fedora, SUSE, SLES, Amazon

Partial support for Alpine

Partial support for Windows

Color Legend

mi-x_legend

Installation Requirements

Before installing MI-X, make sure your machine has the following:

  1. python version 3
  2. pip3
  3. graphviz (optional, needed only for the graph capabilities)
  4. xdg-utils (optional, needed only for the graph capabilities)
  5. openjdk with jcmd support (needed when running in container mode and the openjdk version on the container is lower than openjdk10)

In order to install the requirements:

  1. Check your os distribution you can use the following command:

    cat /etc/os-release
    
  2. Understand which package manager your os distribution is using:

    apt - Ubuntu, Debian

    yum - Red Hat, CentOS, Fedora, SUSE, SLES, Amazon

    apk - Alpine

  3. Install the relevant packages using your os distribution package manager

Dependencies Installation Requirements

In order to execute MI-X correctly, you have to install graphviz and packaging python modules requirement using pip:

pip install -r requirements.txt

Install MI-X

The very latest developments can be obtained via git.

  1. Clone or download the project files (no compilation nor installation is required)
    git clone https://github.com/Rezilion/mi-x.git
    
  2. Execute MI-X menu
    cd mi-x && python3 am_i_exploitable.py
    

Execute Scanning Template

Scanning command template

python3 am_i_exploitable.py -v cve_yyyy_xxxx -c True -g True -f json

Execute Scanning Example

Scan the machine running containers for log4shell.

python3 am_i_exploitable.py -v log4shell -c True -f json

Executing

Arguments

-v --vulnerability_identifier

Specifies the vulnerability that will be checked (Not set by default).

Syntax:

  • CVE-YEAR-ID - scans your system for specific vulnerability by the vulnerability cve id
  • name - scans your system for specific vulnerability by the vulnerability name
  • all - scans your system for all the vulnerabilities in the cves directory

If the argument is not set, a menu message will appear presenting the currently supported vulnerabilities.

-c --container

Scans all running containers on the host (False by default).

  • When running in containers mode, the user will need to insert the user’s password for sudo use.

-n --container_name

Scans specific containers on the host by inserting running containers names seperated by spaces (Not set by default).

  • When running in containers mode, the user will need to insert the user’s password for sudo use.

-f --format'

Exports the results to one of three possible output formats: json, csv, text

  • The user will need to specify which format type the results will be exported to.

--description

Specifies whether to see the vulnerability description or not (True by default).

-g --graph

Specifies whether to see the validation flowchart (False by default).

-h --help

Help to understand how to run the code

Development and Bugs

Found an issue, or have a great idea? Let us know:

Contributions are appreciated and can be done via GitHub.

See CONTRIBUTING.md for more information about how to submit them.

Support

'Am I Exploitable?' is tested on Windows and most common Linux operating systems. The documentation (README) and the debugging information (set the debug parameter to 'True'), should cover most questions and problems.

Bugs can be reported via GitHub, or sending an e-mail to the email address above.

Thanks

Thanks to the community for using and supporting open source software.

Many comments, bugs/patches and questions are the key to success and ongoing motivation in developing tools like this.