Skip to content
/ WSUS-Patch-Level-Scanner-A-Lightweight-Tool-for-Detecting-Vulnerable-Microsoft-WSUS-Deployments Public

WSUS scanner, security tools, patch level detection, Windows Server Update Services, WSUS vulnerability, sysadmin tools, cybersecurity, network scanner, Python security script, IT infrastructure security, vulnerability assessment, WSUS SSL port, enterprise security, CVE detection, server version scanner

acyber.ir
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mrmtwoj/WSUS-Patch-Level-Scanner-A-Lightweight-Tool-for-Detecting-Vulnerable-Microsoft-WSUS-Deployments

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
wsus_scanner_enhanced.py
wsus_scanner_enhanced.py
 
 

Repository files navigation

WSUS-Patch-Level-Scanner-A-Lightweight-Tool-for-Detecting-Vulnerable-Microsoft-WSUS-Deployments

Introduction

In this article, we introduce a lightweight multi-threaded WSUS Patch-Level Scanner designed to help administrators quickly identify outdated or vulnerable WSUS servers. The tool supports SOAP-based fingerprinting, version extraction, KB mapping, and flexible input handling such as single IP, lists, and CIDR ranges.

Why WSUS Patch-Level Scanning Matters

  • Many organizations still rely on WSUS for centralized Windows updates.
  • Misconfigured or outdated WSUS servers expose organizations to man-in-the-middle attacks, spoofed updates, or patch manipulation.
  • Automated scanning helps identify weak points before attackers exploit them.

Key Features

  • Multi-threaded scanning (fast)
  • Detection of unpatched / outdated WSUS versions
  • SOAP fingerprinting on ports 8530 (HTTP) and 8531 (SSL)

Support for:

  • -t < target or list >
  • File-based input (@targets.txt)
  • CIDR range parsing
  • Output formats: JSON, CSV, HTML
  • Proxy support
  • Retry/timeout control
  • Lightweight Python code, easily extensible
  • Banner, help, and full command-line interface

How the Scanner Works

  • The scanner checks:
  • WSUS port availability
  • SOAP/WSDL server responses
  • ServerVersion / BuildNumber pattern
  • Patch KB comparison against a small built-in vulnerability database

If the version matches a known vulnerable build, it marks the target as Vulnerable. Otherwise, it categorizes the server as Potentially Patched or Unknown.

Installation

https://github.com/mrmtwoj/WSUS-Patch-Level-Scanner-A-Lightweight-Tool-for-Detecting-Vulnerable-Microsoft-WSUS-Deployments.git

Usage Examples

python wsus_scanner_enhanced.py -t 192.168.1.20

Scan multiple IPs

python wsus_scanner_enhanced.py -t 192.168.1.20,192.168.1.21

Scan from file

python wsus_scanner_enhanced.py -t @targets.txt

Scan a CIDR

python wsus_scanner_enhanced.py -t 10.0.0.0/24 -c 50

Export report

python wsus_scanner_enhanced.py -t @targets.txt -o report.html -f html

Example Output

{
  "target": "192.168.1.20",
  "status": "vulnerable",
  "build": "10.0.14393.0",
  "port": 8530,
  "notes": "Matches vulnerable WSUS build pattern CVE list"
}

Future Improvements

  • Full CVE database mapping
  • Deep WSDL/metadata parsing
  • TLS certificate fingerprinting
  • Integration with vulnerability dashboards (ELK, Splunk, OpenVAS)

Conclusion

This WSUS Patch-Level Scanner provides system administrators and security teams with a powerful yet lightweight tool for identifying unpatched or vulnerable WSUS servers across their networks. The script is intentionally modular and easy to extend, making it suitable for both enterprise auditing and research applications.

Output Example

{
  "target": "192.168.1.20",
  "status": "vulnerable",
  "build": "10.0.14393.0"
}

About

WSUS scanner, security tools, patch level detection, Windows Server Update Services, WSUS vulnerability, sysadmin tools, cybersecurity, network scanner, Python security script, IT infrastructure security, vulnerability assessment, WSUS SSL port, enterprise security, CVE detection, server version scanner

acyber.ir

Topics

cybersecurity network-scanner vulnerability-assessment security-tools enterprise-security sysadmin-tools cve-detection cve-2025-59287 wsus-vulnerability exploit-for-windows-server wsus-scanner patch-level-detection windows-server-update-services python-security-script it-infrastructure-security wsus-ssl-port server-version-scanner

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages