kernelpop: kernel privilege escalation enumeration and exploitation framework

12-04 13:11


kernelpop is a framework for performing automated kernel vulnerability enumeration and exploitation on the following operating systems:

  • Linux

  • Mac

  • Windows (coming soon)

example of enumeration to root (Linux)

mac exploitation example


Since it seems like this project is getting some clones / views, I should say this is a work in progress. I'm taking class and working fulltime so getting programming time is sporadic. That said, I am actively maintaining and adding features. Please let me know if you find any issues with the project.




run modes

default mode (passive)

The default mode runs with the command python3 . This processes information about the host kernel and compares it to the known kernel exploits available to the program. It then outputs a list of potentially useful vulnerabilities and attached exploits.

exploit mode NEW (active)

The exploit mode is run with the -e flag. This dynamically compiles and runs the exploit source code with stdio interactions inside the program! It can catch interrupts from short-stopped attempts as well

brute-enumeration mode (active)

The brute-enumeration mode performs the same checks as the default mode, but then goes beyond and checks the computer for exploit prerequisites to see if the operating system is set up in the required vulnerable state for successful exploitation.

input mode (passive)

The input mode allows you to perform enumeration with just the output of a uname -a command, which makes it useful as a host-side only enumeration tool.

currently supported CVE's:

  • CVE-2017-1000379

  • CVE-2017-1000373

  • CVE-2017-1000372

  • CVE-2017-1000371

  • CVE-2017-1000370

  • CVE-2017-1000367

  • CVE-2017-1000112

  • CVE-2017-7308

  • CVE-2017-6074

  • CVE-2017-5123

  • CVE-2016-5195

  • CVE-2016-2384

  • CVE-2016-0728

  • CVE-2015-1328

  • CVE-2014-4699

  • CVE-2014-4014

  • CVE-2014-3153

  • CVE-2014-0196

  • CVE-2014-0038

  • CVE-2013-2094

  • CVE-2010-4347

  • CVE-2010-2959

  • CVE-2009-1185

exploit sources

historical distro sources


标签: Linux Python MacOS
© 2014 TuiCode, Inc.