distro_checker is a Cross Distribution Exploit Testing. This allows to evaluate different scenarios and hopefully helps yours to make exploits a bit more robust.
This includes a few simple vulnerabilities such as file permission, file race condition, environment variable code injection, etc.
The tool contains the following elements:
+ docker_build.py: This script function is to generate images of each distribution and run docker_launch.py.
+ docker_launch.py: This is the one that finally connects through the SSH and executes our command in the selected container.
+ images.txt: A list of images to use extras/: Libraries and base Dockerfile used for generation of the images.
+ root/: Here, we find private keys for the ssh connection, which are necessary for testing out the GUI tests.
With Example Case:
Case 1 – Shellshock: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Case 2: Redhat Local Privilege Escalation CVE-2015-(3245,3246): https://access.redhat.com/security/cve/CVE-2015-3245, https://access.redhat.com/security/cve/CVE-2015-3246
Changelog v1.0.1 (08/18/15):
* Adding support to vagrant (vagrant_build.py)
+ Doing a similar process using Vagrant, we would be able to try out all kinds of vulnerabilities, as that would be a complete virtualization setting.
+ We hope this helps everyone in the need test their tools across a wide range of distributions, from researchers to developers their code