add cidr notations, better handling for Citrix server identifications…

…, and hostnames
syedpeer · Jan 11, 2020 · 741328f · 741328f
1 parent 4cbb7de
commit 741328f
Showing 1 changed file with 30 additions and 7 deletions.
diff --git a/cve-2019-19781_scanner.py b/cve-2019-19781_scanner.py
@@ -9,13 +9,22 @@
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # disable warnings
 import argparse
 import sys
+from netaddr import IPNetwork
 
 def check_server(target, targetport):
-    req = requests.get("https://%s:%s/vpn/../vpns/cfg/smb.conf" % (target,targetport), verify=False)
-    if ("global") in req.content: # each smb.conf will contain a [global] variable
-        print("[\033[91m!\033[0m] This Citrix ADC Server: %s is still vulnerable to CVE-2019-19781." % (target))
-    else:
-        print("[\033[92m*\033[0m] Awesome! The server %s is not vulnerable." % (target))
+
+    try:
+        req = requests.get("https://%s:%s/vpn/../vpns/cfg/smb.conf" % (target,targetport), verify=False, timeout=2)
+        if ("global") in req.content: # each smb.conf will contain a [global] variable
+            print("[\033[91m!\033[0m] This Citrix ADC Server: %s is still vulnerable to CVE-2019-19781." % (target))
+        elif ("Citrix") in req.content: # only seen if system is not vulnerable
+            print("[\033[92m*\033[0m] Awesome! The server %s is not vulnerable." % (target))
+        else:
+            print("[-] Server %s does not appear to be a Citrix server." % (target))
+
+
+    except requests.ConnectionError: 
+        print("[-] Server %s timed out and didn't respond on port: %s." % (target, targetport))
 
 print("""
    _______      ________    ___   ___  __  ___        __  ___ ______ ___  __ 
@@ -34,7 +43,15 @@ def check_server(target, targetport):
 This will look to see if the remote system is still vulnerable to CVE-2019-19781. This 
 will only scan one host at a time.
 
+You can use CIDR notations as well for example: 192.168.1.1/24
+You can use hostnames instead of IP addresses also.
+
+Example: python3 cve-2019-19781_scanner.py 192.168.1.1/24 443
+Example2: python3 cve-2019-19781_scanner.py 192.168.1.1 443
+Example3: python3 cve-2019-19781_scanner.py fakewebsiteaddress.com 443
+
 Usage: python3 cve-2019-19781_scanner.py targetip targetport
+
 """)
 
 # parse our commands
@@ -47,5 +64,11 @@ def check_server(target, targetport):
     print("[\033[91m!\033[0m] Citrix ADC/NetScalers should only default to HTTPS, not port 80 or HTTP. Try a different port.\n")
     sys.exit()
 
-# run the check
-check_server(args.target, args.targetport)
+# if we are iterating through IP addresses to scan CIDR notations 
+if "/" in args.target:
+    for ip in IPNetwork(args.target):
+        check_server(ip, args.targetport)
+
+# if we are just using 1 IP address
+else:
+    check_server(args.target, args.targetport)