Chocapikk / CVE-2023-27372

SPIP Vulnerability Scanner - CVE-2023-27372 Detector

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-27372 SPIP < 4.2.1 - Remote Code Execution Vulnerability Scanner πŸ›‘οΈπŸ’»

This Python utility pinpoints the CVE-2023-27372 flaw found in SPIP applications before version 4.2.1. Leveraging the remote code execution paradigm, it validates potential vulnerabilities. Its genesis is influenced by the path-breaking proof of concept by researcher nuts7, visible here. πŸ•΅οΈβ€β™‚οΈπŸ”

Installation Steps πŸ“₯

  1. Start by cloning the repository: git clone https://github.com/Chocapikk/CVE-2023-27372 πŸ“‹
  2. Delve into the repository's directory: cd CVE-2023-27372 πŸ“
  3. Fetch the requisite Python modules via pip: pip install -r requirements.txt 🐍

Command & Control πŸ’»

Launch the utility with: python CVE-2023-27372.py [options] πŸ–₯️

Available options are:

  • -u or --url : Specify the SPIP application's core URL 🌐
  • -v or --verbose : Opt for detailed output. (Default is set to False) πŸ“£
  • -l or --list : Incorporate a file containing a range of SPIP application URLs πŸ“ƒ
  • -o or --output : Channelize the results to a specified file πŸ“
  • --pages : Determine the number of pages to scan when leveraging LeakIX via LeakPy.
  • --leakpy : Engage the LeakIX integration for accumulating SPIP URLs.

For illustration: python CVE-2023-27372.py -u <SPIP_URL> -v -o report.txt πŸ”

Reconnaissance Method 🎯

For enthusiasts keen on uncovering potential SPIP platforms for vulnerability assessment, ZoomEye is an astute choice. Employ the following dork for this intent:

zoomeye search "spip.php?page=" -num 2000 -filter=ip,port πŸ‘€

Always bear in mind the research and academic inclination of this instrument. Prior consent is a prerequisite before deploying it on any site. πŸ“šβœ…

Ethical Note & Caution ⚠️

This tool's primary ambition is scholarly assessment and to assist users in gauging their own setups. Unauthorized deployments or inflicting intentional harm is stringently disapproved. Users must ensure they're in tune with local legal guidelines. The creators dissociate from any misapplications or legal contraventions. The integration with LeakIX through LeakPy aims to expedite the scanning chore by curating potential vulnerable URLs. Always validate your rights to access and assess the URLs you harness. 🚫🚨

About

SPIP Vulnerability Scanner - CVE-2023-27372 Detector


Languages

Language:Python 68.7%Language:Ruby 31.3%