来源

关联漏洞

描述

OD&H's scanner for CVE-2024-25600 vulnerability in the Bricks Builder WordPress plugin. For use in Try Hack Me (THM) environments.

介绍

# ODH-BricksBuilder-CVE-2024-25600-THM

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

## Overview

This repository hosts a Python-based vulnerability scanner developed by Oblivion Development & Hosting (OD&H) to detect CVE-2024-25600 in the Bricks Builder plugin for WordPress. This tool is designed primarily for use within Try Hack Me (THM) exercises, providing a controlled environment for cybersecurity education and skill development.

This scanner leverages asynchronous network operations to achieve efficient scanning and offers an interactive shell for in-depth vulnerability analysis and command execution.

**Repository Link:** [https://github.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM](https://github.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM)

## Disclaimer

**This tool is intended for educational and ethical testing purposes only.**  OD&H is not responsible for any misuse or damage caused by this scanner. Users are solely responsible for ensuring they have explicit permission to test any target systems. Unauthorized use is strictly prohibited. OD&H is committed to responsible disclosure and strongly encourages reporting any discovered vulnerabilities to the appropriate vendor.

## Features

*   **Targeted CVE-2024-25600 Detection:**  Specifically engineered to identify instances of the CVE-2024-25600 vulnerability.
*   **Bricks Builder Focus:**  Exclusively designed for the Bricks Builder plugin within WordPress environments.
*   **Asynchronous Architecture:** Employs `aiohttp` and `asyncio` for high-performance, concurrent vulnerability assessments.
*   **Interactive Analysis Shell:**  Provides an interactive environment for detailed vulnerability analysis and targeted command execution.
*   **Informative Output:**  Utilizes the `rich` library to deliver clearly formatted and color-coded console output for easy interpretation of scan results.
*   **Repository Management:**  Includes a `.gitignore` file to maintain a clean repository by preventing the accidental commit of sensitive information and build artifacts.
*   **Comprehensive Documentation:**  Features detailed code comments and this comprehensive `README.md` file.

## Installation

1.  **Clone the repository:**

    ```bash
    git clone https://github.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM.git
    cd ODH-BricksBuilder-CVE-2024-25600-THM
    ```

2.  **Set up a virtual environment (recommended):**

    ```bash
    python3 -m venv venv
    source venv/bin/activate  # On Linux/macOS
    venv\Scripts\activate  # On Windows
    ```

3.  **Install dependencies:**

    ```bash
    pip install -r requirements.txt
    ```

## Usage

```
python3 main.py -h
```

```
usage: main.py [-h] [--url URL] [--list LIST] [--output OUTPUT]
Check for CVE-2024-25600 vulnerability in Bricks theme
options:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL to fetch nonce from and check vulnerability
  -l LIST, --list LIST  Path to a file containing a list of URLs to check for
                        vulnerability
  -o OUTPUT, --output OUTPUT
                        File to write vulnerable URLs to
```

*   **Scan a single URL:**

    ```bash
    python3 main.py -u http://example.com
    ```

*   **Scan a list of URLs from a file:**

    ```bash
    python3 main.py -l urls.txt -o vulnerable.txt
    ```

    (This will scan each URL in `urls.txt` and write the vulnerable URLs to `vulnerable.txt`)

## Contributing

OD&H encourages community contributions to this project.  To contribute:

1.  Fork the repository to your own GitHub account.
2.  Create a new branch for your proposed feature or bug fix.
3.  Implement your changes and commit them with clear, descriptive messages.
4.  Submit a pull request to the `main` branch of this repository.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

Copyright (c) 2015 Oblivion Development & Hosting

## Code of Conduct

This project adheres to a strict Code of Conduct. All participants are expected to uphold its principles.  See [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for details.

## Contact

For inquiries or support, please contact:

Oblivion Development & Hosting:

*   Website: [https://odh.ivan-vcard.xyz](https://odh.ivan-vcard.xyz)

## About Oblivion Development & Hosting (OD&H)

Oblivion Development & Hosting provides individuals and businesses with top-tier web development, hosting, and cybersecurity solutions to thrive in the digital landscape.

Our Mission: To deliver **secure**, **reliable**, and **innovative** technology solutions grounded in transparency and trust.

Key Focus Areas:

*   🌍 Web Development
*   🔒 Cybersecurity
*   🖥️ Hosting Solutions
*   💬 Exceptional Customer Support
*   💡 Fostering a Culture of Innovation and Integrity

文件快照

 [4.0K]  /data/pocs/43aa37b049bc208e6c4d2622a546840ddd0a35f3
├── [5.0K]  CODE_OF_CONDUCT.md
├── [1.1K]  LICENSE
├── [9.9K]  main.py
├── [4.8K]  README.md
└── [  74]  requirements.txt

0 directories, 5 files

备注