关联漏洞
描述
PANW NGFW CVE-2024-0012
介绍
# Palo Alto PAN-OS CVE-2024-0012 Vulnerability Checker
This Python script checks for the presence of a critical authentication bypass vulnerability in Palo Alto Networks PAN-OS Management Web Interface, identified as **CVE-2024-0012**. The vulnerability enables an unauthenticated attacker to gain administrative privileges, tamper with configuration, or exploit other privilege escalation vulnerabilities.
## Features
- **Automated Vulnerability Check**: Sends HTTP GET requests to the target and evaluates conditions based on response status, headers, and content.
- **Interactive or Command-Line Arguments**:
- Specify a single target with `-t` or a file of targets with `-f`.
- If no arguments are provided, the script switches to interactive mode, prompting the user for input.
- **Summary and Detailed Output**:
- Summarizes results for all targets.
- Optionally displays detailed results for vulnerable targets with the `-d` argument or via user prompt in interactive mode.
- **Prettified Output**: Uses the `rich` library to display results in a clean, human-readable format.
- **Error Handling**: Gracefully handles network errors and SSL verification issues.
## Requirements
- Python 3.7 or newer
- `requests` library for HTTP requests
- `rich` library for styled output
### Installation
1. Clone the repository or download the script.
2. Install required dependencies:
```bash
pip install -r requirements.txt
```
## Usage
### Basic Usage
To check a single target interactively:
```bash
python main.py
```
### Command-Line Arguments
#### Single Target
Specify a single FQDN or IP:
```bash
python main.py -t 127.0.0.1
```
#### Multiple Targets from a File
Provide a file containing a list of targets (one per line):
```bash
python main.py -f targets.txt
```
#### Print Detailed Results
Use the `-d` or `--details` flag to automatically print detailed results for all vulnerable targets:
```bash
python main.py -t 127.0.0.1 -d
```
### Output
#### Vulnerable Target
```plaintext
[!] Target -appears- vulnerable!
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Key ┃ Value ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
┃ URL ┃ https://127.0.0.1/php/utils/CmsGetDeviceSoftwareVersio… ┃
┃ Status Code ┃ 200 ┃
┃ Headers ┃ {"Date": "Wed, 20 Nov 2024 15:29:31 GMT", ... ┃
┃ Body Contains '0.0.0' ┃ Yes ┃
└─────────────────────────────┴──────────────────────────────────────────────────────────┘
```
#### Non-Vulnerable Target
```plaintext
[+] Target does not appear to be vulnerable.
Message: No matching conditions met.
```
#### Summary Table
At the end of the scan, a summary table lists all targets and their statuses:
```plaintext
┏━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┓
┃ Target ┃ Status ┃
┡━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━┩
┃ 127.0.0.1 ┃ Vulnerable ┃
┃ example.com ┃ Not Vulnerable ┃
└───────────────────────┴─────────────────┘
```
#### Errors
```plaintext
[bold red]Error:[/bold red] HTTPSConnectionPool(host='127.0.0.1', port=443): Max retries exceeded with URL: /php/utils/CmsGetDeviceSoftwareVersion.php/.js.map (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x...>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))
```
## Notes
- **Interactive Prompt**: If no `--target` or `--file` argument is provided, the script prompts for interactive input.
- **SSL Warnings**: The script disables SSL warnings for self-signed certificates. Use cautiously in secure environments.
- **Limitations**: This tool is designed for educational and authorized security assessments only. Unauthorized use against systems you do not own or manage may violate laws or policies.
## License
This script is released under the MIT License. See `LICENSE` file for details.
## Disclaimer
This script is provided "as-is" without warranty of any kind. Use at your own risk. The author is not responsible for any damage caused by the use of this tool.
## Acknowledgments
This script was inspired by the brilliant work of the watchTowr team, whose original Nuclei YAML template for CVE-2024-0012 served as the foundation for this Python implementation. Their dedication to identifying and addressing critical security vulnerabilities continues to set a high standard in the cybersecurity community.
文件快照
[4.0K] /data/pocs/8e036003532e8cdcd32edd3983de8a320993ed98
├── [1.0K] LICENSE
├── [5.7K] main.py
├── [5.4K] README.md
└── [ 45] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。