Skip to content
/ CVE-2024-2997 Public

The tool helps in quickly identifying vulnerabilities by examining a comprehensive list of potential paths on a website, making it useful for security assessments.

License

MIT license
11 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lfillaz/CVE-2024-2997

BranchesTags

Repository files navigation

CVE-2024-2997 Scanner

Version Python License

Overview

image

CVE-2024-2997 Scanner is an advanced vulnerability scanner designed to detect the command injection vulnerability in web applications. This tool helps security professionals identify potential security risks in their applications.

Disclaimer

This tool is for educational purposes only. Only use it on applications you own or have permission to test. The author is not responsible for any misuse or damage caused by this tool.

Features

  • High-Performance Scanning: Utilizes multi-threading (up to 20 threads) for fast scanning
  • Comprehensive URL Generation: Generates a wide range of potential vulnerable URLs
  • Real-time Progress Tracking: Shows scan progress with a dynamic progress bar
  • Detailed Reporting: Generates both text and HTML reports of scan results
  • Vulnerability Classification: Categorizes findings by confidence level (Low, Medium, High, Critical)
  • Smart Detection: Identifies both CVE-2024-2997 and similar vulnerabilities
  • Batch Processing: Processes URLs in batches to prevent system overload
  • Customizable Settings: Adjustable threads, timeouts, delays, and batch sizes
  • Dark-themed HTML Reports: Professional, modern reports with detailed vulnerability information
  • Session Management: Ability to save and resume scanning sessions

Installation

  1. Clone the repository:
git clone https://github.com/lfillaz/CVE-2024-2997.git
cd CVE-2024-2997
  1. Run the script with command-line options:
python CVE-2024-2997.py -u http://example.com -v
  1. Or run interactively and follow the on-screen instructions:
python CVE-2024-2997.py

Command-Line Options

The scanner supports the following command-line options:

Option Description
-u, --url Base URL to scan
-p, --proxy Proxy URL (e.g., http://127.0.0.1:8080)
-v, --verbose Enable verbose mode
-o, --output Output file for vulnerable URLs (default: sus.txt)
-d, --details Output file for vulnerability details (default: vulnerable_details.txt)
-s, --scan-delay Scan delay in seconds (default: 0.1)
-t, --threads Number of threads to use (default: 20)
-r, --resume Resume scan from existing scope.txt
--timeout Request timeout in seconds (default: 5)
--user-agent Custom User-Agent string
--batch-size Number of URLs to scan in each batch (default: 50)

How It Works

  1. The script prints an ASCII art banner and starts the scanning process.
  2. It checks if a previous session file scope.txt exists:
    • If it exists, the user can choose to continue scanning the URLs from the previous session or start a new session.
    • If it doesn't exist, a new session is started.
  3. The user inputs the base URL (or provides it via command-line).
  4. The script generates a wide range of URLs based on the base URL, including:
    • Admin paths
    • API endpoints
    • Authentication paths
    • Content management paths
    • Common CMS paths
    • Known vulnerable paths
  5. The scan begins with a real-time progress bar showing completion status.
  6. The script scans each URL for the command injection vulnerability, displaying the results in a color-coded format:
    • Vulnerable URLs are displayed in red with confidence level.
    • Safe URLs are displayed in green (when verbose mode is enabled).
  7. After scanning, a comprehensive HTML report is generated with:
    • Scan summary statistics
    • Vulnerability details with confidence levels
    • Visual indicators of vulnerability severity
    • Responsive dark-themed design

Understanding Results

The scanner classifies vulnerabilities by confidence level:

  • Critical: Vulnerability confirmed with multiple payloads
  • High: Strong indicators of vulnerability found
  • Medium: Potential vulnerability or similar issue detected
  • Low: Weak indicators that require further investigation

Output Files

  • sus.txt: Contains a list of vulnerable URLs
  • vulnerable_details.txt: Contains detailed information about each vulnerability
  • report.html: Interactive HTML report with comprehensive scan results
  • scope.txt: Contains all generated URLs for the current/previous session
  • response_*.txt: Contains raw responses from vulnerable endpoints (for confirmed vulnerabilities)

Community

Join our Discord community for updates, support, and discussions:

Discord

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

The tool helps in quickly identifying vulnerabilities by examining a comprehensive list of potential paths on a website, making it useful for security assessments.

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages