WSUSpect Proxy

The WSUSpect Proxy is a proof of concept tool that can be used to inject custom updates into non-SSL WSUS traffic.

This tool is based on our Black Hat USA 2015 presentation, WSUSpect – Compromising the Windows Enterprise via Windows Update.

The tool is written in Python and is intended to be used by pen-testers to demonstrate the risks of using an insecurely configured WSUS setup. To successfully use WSUSpect Proxy, you need a Windows machine that is configured to fetch WSUS updates over HTTP. The proxy settings for the machine should be changed (either manually or via other means) to point to the IP and port that the proxy script is running on. When Windows Update runs, the script will then insert 'fake' update metadata into traffic between the target PC and WSUS server.

To meet the security requirements of Windows Update, our proxy is designed to deliver genuine Microsoft-signed binaries such as PsExec or BgInfo, but with custom arguments that allow arbitrary command execution. These binaries aren't included with the tool, you will need to download them and place them into the tool directory.

For more information, please read the WSUSpect whitepaper and the file included with the tool.

The WSUSpect Proxy tool has been released under the MIT license, by downloading you are agreeing to the terms of the license which can be found here.

Download the WSUSpect Proxy Tool

View the source on GitHub

CHECK IT Health Check Service
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA