POC详情: 638ab652f27a0638e5bcedfa12bd9b5fbb8e73ef

来源
https://github.com/Chocapikk/CVE-2023-46805
关联漏洞
标题: Ivanti ICS 授权问题漏洞 (CVE-2023-46805)
描述:Ivanti ICS是美国Ivanti公司的一代远程安全访问产品。 Ivanti ICS 9.x版本、22.x版本、Ivanti Policy Secure存在授权问题漏洞,该漏洞源于 Web 组件中存在身份验证绕过漏洞。攻击者利用该漏洞可以绕过控制检查来访问受限资源。
描述
Ivanti Pulse Secure CVE-2023-46805 Scanner - Based on Assetnote's Research
介绍
# 🚨 CVE-2023-46805 Scanner Tool 🛠️

A robust tool for detecting the CVE-2023-46805 vulnerability in Ivanti Pulse Connect Secure systems. This tool is inspired by the high-signal detection methods developed by AssetNote, focusing on authentication bypass vulnerabilities in these systems.

## 📝 Description

CVE-2023-46805 is a critical vulnerability that allows unauthorized bypass of authentication mechanisms in certain Ivanti Pulse Connect Secure versions. This tool aids in identifying affected systems, leveraging detection techniques based on AssetNote's research. 

For more details on the methodology, see AssetNote's research: [High-Signal Detection and Exploitation of Ivanti’s Pulse Connect Secure Auth Bypass](https://www.assetnote.io/resources/research/high-signal-detection-and-exploitation-of-ivantis-pulse-connect-secure-auth-bypass-rce)

## 🚀 Features

- **Single URL Scan**: Focus on a single target for quick assessment.
- **Bulk Scanning**: Analyze multiple URLs from a file for widespread assessment.
- **Thread Control**: Customize concurrent scanning with adjustable thread options.
- **Output Logging**: Save identified potentially vulnerable URLs to a file.

## 📚 How to Use

1. Install dependencies: `pip install -r requirements.txt`
2. Run the tool:
   - Single URL: `python scanner.py -u <URL>`
   - Bulk scan: `python scanner.py -f <file-path>`
   - With threads: `python scanner.py -f <file-path> -t <number-of-threads>`
   - Save output: `python scanner.py -f <file-path> -o <output-file-path>`

⚠️ **Disclaimer**: This tool is provided for educational and ethical testing purposes only. The author is not responsible for any misuse or damage caused by this tool. Always obtain explicit permission before testing systems that you do not own or have explicit authorization to test.
文件快照

 [4.0K]  /data/pocs/638ab652f27a0638e5bcedfa12bd9b5fbb8e73ef
├── [1.8K]  README.md
├── [  52]  requirements.txt
└── [3.7K]  scanner.py

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。