-
Notifications
You must be signed in to change notification settings - Fork 0
/
check-cve-2024-21762.py
106 lines (92 loc) · 3.26 KB
/
check-cve-2024-21762.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import socket
import ssl
import sys
import logging
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.check_hostname=False
context.verify_mode=ssl.CERT_NONE
# should be fine for most hosts, increase this if you're getting errors.
TIMEOUT=5
# Define the filename to save vulnerable IPs
VULN_IP_FILE = 'vuln_ips.txt'
# Configure logging
logging.basicConfig(filename='scan_log.txt', level=logging.INFO, format='%(asctime)s %(levelname)s: %(message)s')
def send_req(host, req):
try:
s=socket.create_connection(host, timeout=5)
except Exception as e:
logging.error(f"Error connecting to {host}: {e}")
return -1
ss=context.wrap_socket(s)
ss.send(req)
try:
return ss.read(2048)
except socket.timeout:
logging.error(f"Timeout while reading from {host}")
return 0
except Exception as e:
logging.error(f"Error reading from {host}: {e}")
return -1
control_req="""POST /remote/VULNCHECK HTTP/1.1\r
Host: {}\r
Transfer-Encoding: chunked\r
\r
0\r
\r
\r
"""
check_req="""POST /remote/VULNCHECK HTTP/1.1\r
Host: {}\r
Transfer-Encoding: chunked\r
\r
0000000000000000FF\r
\r
"""
def check(host):
baseurl="https://{}:{}".format(*host)
r1=send_req(host, control_req.format(baseurl).encode())
if r1==-1:
return "Connection Failed"
if r1==0:
return "Control request failed"
if b"HTTP/1.1 403 Forbidden" not in r1:
logging.warning(f"Server at {baseurl} does not look like a Fortinet SSL VPN interface")
r2=send_req(host, check_req.format(baseurl).encode())
if r2==0:
# Save vulnerable IP to file
with open(VULN_IP_FILE, 'a') as f:
f.write(f"{host[0]}:{host[1]}\n")
return "\033[1;31mVulnerable\033[0m" # Red color for Vulnerable
else:
return "\033[1;32mPatched\033[0m" # Green color for Patched
if __name__=="__main__":
if len(sys.argv) == 3:
host = (sys.argv[1], int(sys.argv[2]))
print(check(host))
elif len(sys.argv) == 2:
input_file = sys.argv[1]
with open(input_file, 'r') as file:
host_urls = file.readlines()
for idx, url in enumerate(host_urls, start=1):
url = url.strip()
if not url:
continue
parts = url.split(':')
host = (parts[0], int(parts[1]))
print(f"Scanning {url} ({idx}/{len(host_urls)})...", end=' ')
try:
result = check(host)
print(result)
if result == "Connection Failed":
logging.error(f"Connection failed for {url}")
elif result == "Control request failed":
logging.error(f"Control request failed for {url}")
except Exception as e:
logging.error(f"Error scanning {url}: {e}")
continue # Skip to the next IP if there's an error
else:
print("Usage:")
print("For single check: python3 script.py <host> <port>")
print("For mass scanning: python3 script.py <host_URL.txt>")
print("added a constant VULN_IP_FILE to specify the filename to save vulnerable IPs (vuln_ips.txt)")
print("added a try-except block around the check(host) function call inside the loop for mass scanning")