Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Script for CVE Detection
- # Not Originally Made By Me
- from socket import *
- import re
- import sys
- import threading
- port_list = [16992,16993,16994,16995,623,664]
- server_rex = "Server: Intel\(R\) Active Management Technology"
- version_rex = "((11\.(6\.(2(7\.(3(2(6[0-3]|[0-5][0-9])|[01][0-9]{2})|[0-2]?[0-9]?[0-9]?[0-9])|[0-6])|[01]?[0-9])|5|0\.(2(5\.(3000|[0-2]?[0-9]?[0-9]?[0-9])|[0-4])|[01]?[0-9]))|"\
- "10\.0\.(5(5\.[0-2]?[0-9]?[0-9]?[0-9]|[0-4])|[0-4]?[0-9])|"\
- "9\.(5\.(6(1\.(30(1[01]|0?[0-9])|[0-2]?[0-9]?[0-9]?[0-9])|0)|[0-5]?[0-9])|1\.(4(1\.(30(2[0-3]|[01][0-9])|[0-2]?[0-9]?[0-9]?[0-9])|0)|[0-3]?[0-9])|0)|"\
- "8\.(1\.(7(1\.(3(60[0-7]|[0-5][0-9]{2})|[0-2]?[0-9]?[0-9]?[0-9])|0)|[0-6]?[0-9])|0)|"\
- "7\.(1\.(9(1\.(3(2(7[01]|[0-6][0-9])|[01][0-9]{2})|[0-2]?[0-9]?[0-9]?[0-9])|0)|[0-8]?[0-9])|0)|"\
- "6\.(2\.(6(1\.(3(5(3[0-4]|[0-2][[0-9])|[0-4][0-9]{2})|[0-2]?[0-9]?[0-9]?[0-9])|0)|[0-5]?[0-9])|[01])))"
- banner_rex = "%s %s" % (server_rex, version_rex)
- vuln_targets = []
- def check_vuln(response):
- m = re.search(banner_rex, response)
- if m is None:
- return False
- return True
- def run(host, port):
- try:
- s = socket(AF_INET,SOCK_STREAM)
- s.settimeout(10)
- s.connect((host, port))
- s.send("GET / HTTP/1.1\r\n\r\n")
- resp = s.recv(1024)
- s.close()
- if check_vuln(resp):
- print "\n[!] %s:%d appears to be vulnerable to CVE-2017-5689" % (host,port)
- vuln_targets.append("%s:%d" % (host,port))
- except Exception, e:
- s.close()
- def vuln_summary():
- print "Vulnerable targets:"
- for vuln in vuln_targets:
- print vuln
- def main(addr, end=0):
- # get address prefix
- addr_prefix = addr[0:addr.rfind('.')]
- # get start index of subnet
- start = int(addr[addr.rfind('.')+1:])
- # if single ip
- if end == 0:
- stop = start
- # get stop index of subnet
- else:
- stop = int(end)
- # generate target list
- addresses = []
- for i in xrange(start, stop+1):
- addresses.append("%s.%d" % (addr_prefix,i))
- for address in addresses:
- thread_pool = []
- for port in port_list:
- print "[+] checking %s:%d" % (address,port)
- t = threading.Thread(target=run, args = (address, port))
- t.start()
- thread_pool.append(t)
- # wait for threads to terminate
- for t in thread_pool:
- t.join()
- print ""
- vuln_summary()
- if __name__=="__main__":
- # validate ip argument
- ip_rex = r"^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(-([0-9]{1,3}))?"
- m = re.search(ip_rex, sys.argv[1])
- if m is None:
- print "Invalid ip address or range"
- exit(-1)
- first_ip = m.group(1)
- rng = m.group(3)
- # no range defined, use single ip
- if rng is None:
- main(first_ip)
- else:
- last_octet = first_ip[first_ip.rfind('.')+1:]
- if(int(last_octet) > int(rng)):
- print "Invalid ip range"
- exit(-1)
- main(first_ip, rng)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement