Vulnerable Driver Scanner
Have you ever wondered how you’d ever find potentially vulnerable drivers to reverse? Well worry no more, with my vulnerable driver scanner, it’ll let you scan all drivers in a directory for potential indicators.
The source can be retrieved at:
“Driver Exploit Scanner” C:\Windows\System32\Drivers\ > results.txt
Currently it does the following:
-Scans for code that disables SMEP.
-Looks for commonly used strings that are used in mapping physical memory.
-Walks IAT for commonly (mis)used imports(it also looks for IoCreateDevice, in case you were just looking for drivers to fuzz with DeviceIoControl).
-Scores it based upon how likely it is to be vulnerable, 100+ is an indicator it’s quite likely to be vulnerable.
Driver Exploit Scanner.exe