CVE_Compare: A Windows Vulnerability Scanning Tool

Due to the lack of Windows vulnerability scanners for penetration testing, I decided to create my own.

CVE_Compare scans software in Windows and compares against the NIST Vulnerability Database (NVD) to identify present vulnerabilities. It also includes an optional scan for missing Microsoft hotfixes and patches.

You can find CVE_Compare here.

The tool works as follows:

• It runs a scan for all installed packages in a Windows device; be it Windows 7, Windows 8 embedded, Windows 10, etc.
• It downloads CVE data from NVD.
• It performs a comparison, matching CVEs to installed software.
• It outputs the result to the console and to a text file.
• It offers the option to run a scan for missing Microsoft hotfixes/patches.

The neat thing about this tool is that it has Python and PowerShell (PS1) components. This means that if you are testing a remote device, you can run the PS1 script in the device, and then perform the analysis in your host.

More functionality and capabilities will be added in the future. Enjoy!