POC详情: 851502d02e6ec6f3260e7d9e8a5fb2587f11ae53

来源
https://github.com/nmanzi/webcvescanner
关联漏洞
标题: Citrix Application Delivery Controller和Citrix Systems Gateway 路径遍历漏洞 (CVE-2019-19781)
描述:Citrix Systems NetScaler Gateway(Citrix Systems Gateway)和Citrix Application Delivery Controller(ADC)都是美国思杰系统(Citrix Systems)公司的产品。Citrix Systems NetScaler Gateway是一套安全的远程接入解决方案。该方案可为管理员提供应用级和数据级管控功能,以实现用户从任何地点远程访问应用和数据。Citrix Application Delivery Controll
描述
Gather a list of Citrix appliances in a country / state pair, and check if they're vulnerable to CVE-2019-19781
介绍
# shitsniffer
Gather a list of Citrix appliances in a country / state pair, and check if they're vulnerable to CVE-2019-19781. Results are output as JSON which can be wrangled quite nicely into a meaningful PowerBI report.

It does this by querying Shodan for all results in a particular country matching a search string. By default, it searches `country:AU has_ssl:true` with the search string `"Set-Cookie: pwcount=0"`

To check for vulnerability, we see if a `HEAD` for `https://<HOST>/vpn/%2E%2E/vpns/cfg/smb.conf` returns a status `200`. This means directory traversal is allowed, and the patch or workaround has not been applied to the host.

## Setup
You'll need to download the GeoLite2 ASN and City DBs, which will resolve details on discovered hosts. You can find the downloads here: https://dev.maxmind.com/geoip/geoip2/geolite2/

Place the .mmdb files into a folder named geolite under where you extracted shitsniffer.py

## Usage
```
usage: shitsniffer.py [-h] [-t TARGETHOST] [-f RESULTSFILE] [-d DATAFILE]
                      [-a APIKEY] [-c COUNTRY] [-s SEARCHSTRING] [-n]
                      [-l LIMIT]

OPTIONS:
  -h, --help            show this help message and exit
  -t TARGETHOST, --targethost TARGETHOST
                        Host to check, will scan shodan if not specified
  -f RESULTSFILE, --resultsfile RESULTSFILE
                        Where to save the scanner output json file
  -d DATAFILE, --datafile DATAFILE
                        Path to save/load shodan data file (saves query
                        credits)
  -a APIKEY, --apikey APIKEY
                        Your shodan.io API key
  -c COUNTRY, --country COUNTRY
                        Country to search
  -s SEARCHSTRING, --searchstring SEARCHSTRING
                        Additional search arguments
  -n, --no-color        Output without color
  -l LIMIT, --limit LIMIT
                        Process this many hosts from shodan data

Example: python shitsniffer.py -a <API key> -d shodan-DDMMYY.json -f output-DDMMYY.json
```

## Thanks
Thanks goes to Diverse Services for allowing me time to indulge myself with this endeavour.
文件快照

 [4.0K]  /data/pocs/851502d02e6ec6f3260e7d9e8a5fb2587f11ae53
├── [ 34K]  LICENSE
├── [2.1K]  README.md
└── [9.0K]  shitsniffer.py

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。