WSUSpect Proxy

Show left menu  
Hide left menu  
The WSUSpect Proxy is a proof of concept tool that can be used to inject custom updates into non-SSL WSUS traffic. It is based on our Black Hat USA 2015 presentation, 'WSUSpect – Compromising the Windows Enterprise via Windows Update'.

The tool is written in Python and is intended to be used by pen-testers to demonstrate the risks of using an insecurely configured WSUS setup. To successfully use WSUSpect Proxy, you need a Windows machine that is configured to fetch WSUS updates over HTTP. The proxy settings for the machine should be changed (either manually or via other means) to point to the IP and port that the proxy script is running on. When Windows Update runs, the script will then insert 'fake' update metadata into traffic between the target PC and WSUS server.

To meet the security requirements of Windows Update, our proxy is designed to deliver genuine Microsoft-signed binaries such as PsExec or BgInfo, but with custom arguments that allow arbitrary command execution. These binaries aren't included with the tool, you will need to download them and place them into the tool directory.

For more information, please read the WSUSpect whitepaper and the README.md file included with the tool.

By downloading this tool you are agreeing to the following license agreement.

Download the WSUSpect Proxy Tool

View the source on GitHub

WSUSpect in action

Back to Top