Chocapikk / CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

🚨 CVE-2024-21887 Exploit Tool πŸ› οΈ

A robust tool for detecting and exploiting the CVE-2024-21887 vulnerability in Ivanti Connect and Policy Secure systems.

πŸ“ Description

CVE-2024-21887 is a critical command injection vulnerability, allowing authenticated admins to execute arbitrary commands. This tool aids in identifying and interacting with affected systems.

πŸš€ Features

  • Single URL Scan: Pinpoint focus on a single target.
  • Bulk Scanning: Analyze multiple URLs from a file.
  • Thread Control: Customize concurrent scanning with thread options.
  • Output Logging: Save identified vulnerable URLs to a file.

πŸ“š How to Use

  1. Install dependencies: pip install -r requirements.txt
  2. Run the tool:
    • Single URL: python exploit.py -u <URL>
    • Bulk scan: python exploit.py -f <file-path>
    • With threads: python exploit.py -f <file-path> -t <number-of-threads>
    • Save output: python exploit.py -f <file-path> -o <output-file-path>

⚠️ Disclaimer: This tool is provided for educational and ethical testing purposes only. I am not responsible for any misuse or damage caused by this tool. Always obtain explicit permission before testing systems that you do not own or have explicit authorization to test.

About

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.


Languages

Language:Python 100.0%