Scans target to see if its vulnerable to CVE-2025-31161
# CVE-2025-31161 CrushFTP Authentication Bypass Scanner
A Python tool to detect and test for CVE-2025-31161 vulnerability in CrushFTP servers.
## 📖 Description
This script tests for the authentication bypass vulnerability (CVE-2025-31161) in CrushFTP servers that allows remote attackers to authenticate without valid credentials through HTTP Authorization header manipulation.
## ✨ Features
- 🔍 Interactive target input (IP and port)
- 🎯 Multiple exploitation payload testing
- 📊 Automatic vulnerability detection
- 🎨 Clear visual indicators with emojis
- 📋 Comprehensive results reporting
- ⚡ Easy to use with no complex configuration
## 🚀 Basic Usage
```bash
python3 CVE-2025-31161.py
```
# Installation
```bash
git clone https://github.com/yourusername/CVE-2025-31161.py
cd CVE-2025-31161.py
pip3 install -r requirements.txt
```
## Example Session
$ python3 CVE-2025-31161.py
🔍 CrushFTP CVE-2025-31161 Authentication Bypass Tester
==================================================
**Enter target IP address**: 192.168.1.100
**Enter target port** [8080]: 8080
#### 🎯 Target: http://192.168.1.100:8080
#### 🚀 Starting vulnerability scan...
==================================================
📡 **Testing:** /WebInterface/
🔑 **Payload:** 'A'
📊 **Status:** 200
🎉 **VULNERABILITY CONFIRMED**
💡 **200 OK with content:** dashboard, main
✅ **Working payload:** 'A'
## 📋 SCAN RESULTS
==================================================
🎯 **Target:** 192.168.1.100:8080
🔴 **VULNERABILITY STATUS:** VULNERABLE
💥 **CVE-2025-31161 Authentication Bypass CONFIRMED**
✅ **Working payloads:**
#### 1. **A** -> /WebInterface/
==================================================
### Legal Disclaimer
This tool is for educational and authorized testing purposes only. Only use on systems you own or have explicit permission to test.
[4.0K] /data/pocs/11bbe92a7841b629ba740ed2915dd3cbdac53f8c
├── [1.0K] LICENSE
├── [1.9K] README.md
└── [ 33] requirements.txt
1 directory, 3 files