kernelpop

kernelpop is a framework for performing automated kernel exploit enumeration on Linux, Mac, and Windows hosts.

Download

Requirement: Python3
git clone https://github.com/spencerdodd/kernelpop.git

Usage

run modes

default mode

The default mode runs with the command python3 kernelpop.py. This processes information about the host kernel and compares it to the known kernel exploits available to the program. It then outputs a list of potentially useful vulnerabilities and attached exploits.

brute-enumeration mode

The brute-enumeration mode performs the same checks, but then goes beyond and checks the computer for exploit prerequisites to see if the operating system is set up in the required vulnerable state for successful exploitation.

input mode

The input mode allows you to perform enumeration with just the output of a uname -a command, which makes it useful as a host-side enumeration tool.

One feature currently only partially implemented is brute-exploit mode. This is set to prepare, compile, and run exploits in order to confirm an exploitable kernel. However, as of now, it would only run on the box the program is executed on. Given that this is a fairly large project to bring on to someone else’s computer, and makes considerable noise when compiling and checking exploit attempts, it would be poor OPSEC to use in an actual engagement. At some point in the future, I would like to integrate it into my other project pysploit for enumeration and the reckless, noisy, exploit brute-exploit mode.

exploit sources

https://github.com/SecWiki/linux-kernel-exploits
https://www.exploit-db.com/local/
https://github.com/SecWiki/windows-kernel-exploits

Source: https://github.com/spencerdodd/kernelpop