linux-exploit-suggester
Linux Exploit Suggester (LES) is a shell-based auditing tool that scans a Linux system to identify exposure to known kernel privilege escalation exploits and verify hardening security measures. It uses heuristic matching of kernel versions and configurations against a curated database of CVEs with documented exploits.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | The-Z-Labs/linux-exploit-suggester |
| Owner | The-Z-Labs |
| Primary language | Shell |
| License | GPL-3.0 — OSI-approved |
| Stars | 6.6k |
| Forks | 1.2k |
| Open issues | 24 |
| Latest release | Unknown |
| Last updated | 2026-03-20 |
| Source | https://github.com/The-Z-Labs/linux-exploit-suggester |
What linux-exploit-suggester is
LES analyzes kernel version, distribution, and compile-time/runtime security configurations to assess exploit applicability via pattern matching against tagged vulnerability data. It provides exposure risk levels (highly probable, probable, less probable) and can audit kernel hardening features (KASLR, stack protection, etc.) alongside PoC download links and exploitation prerequisites.
Get the linux-exploit-suggester source
Clone the repository and explore it locally.
git clone https://github.com/The-Z-Labs/linux-exploit-suggester.gitcd linux-exploit-suggester# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Tool requires local shell access and read permissions on /proc, /sys, and kernel config—cannot run remotely over SSH without explicit invocation.
- Exploit database is maintained manually via GitHub; users must clone or download the .sh script and keep it current to detect newly published CVEs.
- Output includes direct download links to PoC exploits from external sources (Exploit-DB, GitHub); no built-in exploit delivery or automated compilation.
- Requires interpretation of exposure ratings and kernel capability/CONFIG flags; false positives are possible and manual verification is essential.
- Supports heuristic-based uname string analysis for offline assessment, but live system scanning requires execution on the target.
When to avoid it — and what to weigh
- Offensive use without authorization — This tool is explicitly designed for privilege escalation exploitation. Any deployment must comply with applicable law and have explicit permission from system owners.
- Reliance on exploit success without testing — LES provides heuristic risk ratings, not guarantees. Many exploits require specific kernel configurations, capabilities, or custom compilation; testing is mandatory.
- Expectation of zero-day or unreleased vulnerability detection — LES only identifies known, published CVEs. It cannot detect novel vulnerabilities or provide network-based (agentless) scanning.
- Production deployment without security controls — This tool is a security testing utility; running it on production systems without restricted access and monitoring could leak sensitive kernel configuration data.
License & commercial use
Licensed under GPL-3.0. This is a copyleft open-source license requiring any derivative or distributed modifications to remain under GPL-3.0 and include source code.
GPL-3.0 permits commercial use; however, any modifications or bundling into commercial products must be under GPL-3.0 with source code disclosure. Commercial support, liability indemnification, or warranty are not provided. Organizations should review their license obligations with legal counsel before distribution.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Tool is designed to identify vulnerabilities; it does not itself exploit systems but facilitates reconnaissance and PoC staging. Execution requires local shell access and elevated kernel introspection privileges. No authentication or output encryption; kernel configurations and CVE exposure data are logged in plaintext. Operators must restrict tool access and output to authorized personnel; uncontrolled output could disclose kernel hardening gaps to unauthorized parties. Third-party exploit downloads are not integrity-checked; PoC sources should be verified independently.
Alternatives to consider
Lynis (CISOfy)
Broader security auditing tool covering kernel hardening, package vulnerabilities, and compliance checks; provides more comprehensive system health assessment but less specialized for kernel LPE exploitation.
Kernel exploit scanner (custom or CVE-DB integration)
Organizations may build internal scanners using CVE databases (NVD, Mitre) and kernel version APIs; offers control and tailored integration but requires ongoing maintenance.
Commercial vulnerability management platforms (Tenable, Qualys)
Provide agentless network scanning, centralized CVE correlation, and remediation workflows; higher overhead but include support, compliance reporting, and vendor liability.
Build on linux-exploit-suggester with DEV.co software developers
Use LES to audit kernel vulnerabilities and hardening measures. Integrate into your security assessment workflow today—download the GPL-3.0 tool from GitHub.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
linux-exploit-suggester FAQ
Can LES be run remotely or over the network?
Does LES guarantee an exploit will work?
How often is the exploit database updated?
What are the legal implications of using LES?
Work with a software development agency
From first prototype to production, DEV.co delivers software development services around tools like linux-exploit-suggester. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.
Strengthen your Linux security posture
Use LES to audit kernel vulnerabilities and hardening measures. Integrate into your security assessment workflow today—download the GPL-3.0 tool from GitHub.