Forked from yonatankhunters/CVE-2022-1388_scanner.py
Created
August 24, 2022 01:52
-
-
Save s3rgeym/d15cb806a7631bb7478d5e6d41ded8e9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| class DupStdout(object): | |
| def __init__(self, log_path): | |
| self.terminal = sys.stdout | |
| self.log_file = open(log_path, "w") | |
| def write(self, message: str): | |
| self.terminal.write(message) | |
| self.log_file.write(message) | |
| def flush(self): | |
| self.terminal.flush() | |
| self.log_file.flush() | |
| def usage(): | |
| print(''' | |
| Axon R&R: F5 BIG-IP iControl Rest API exposed Check | |
| Usage: python3 CVE-2022-1388_scanner.py <F5_hosts.txt> | |
| ''') | |
| def get_urls(): | |
| out = [] | |
| with open(sys.argv[1],"r") as f: | |
| urls = [l.rstrip() for l in f] | |
| for url in urls: | |
| out.append(url) | |
| return out | |
| def vuln_check(out): | |
| headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0"} | |
| for url in out: | |
| big_ip = url + "/mgmt/shared/authn/login" | |
| try: | |
| response = requests.get(big_ip, timeout=1, headers=headers) | |
| if "resterrorresponse" in response.text: | |
| print(f" {big_ip} F5 BIG-IP icontrol REST API EXPOSED") | |
| else: | |
| print(f" {big_ip} F5 BIG icontrol REST API ISN'T EXPOSED") | |
| except Exception as e: | |
| print(f" {big_ip} Unale to connent / timeout ") | |
| def main(): | |
| if len(sys.argv)!= 2: | |
| usage() | |
| else: | |
| sys.stdout = DupStdout("results.txt") | |
| urls = get_urls() | |
| vuln_check(urls) | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment