来源

关联漏洞

描述

Quick and Simple Scripts to Scan for Vulnerable Servers and Packet Level Monitors

介绍

# CVE-2025-55315 Vulnerability Scanner and TLS Proxy

This repository contains tools to detect and monitor ASP.NET Core applications vulnerable to CVE-2025-55315, which involves HTTP request smuggling due to conflicting HTTP headers.

## Tools Included

### 1. Python Vulnerability Scanner (`CVE-2025-55315_check.py`)
Scans a list of URLs and checks the `Server` HTTP header for known vulnerable ASP.NET Core versions.

#### Usage
```bash
pip install requests
python CVE-2025-55315_check.py
```

### 2. Go TLS Proxy Monitor (`tls_proxy_cve_monitor.go`)
Acts as a TLS proxy to inspect decrypted HTTPS traffic for conflicting `Content-Length` and `Transfer-Encoding: chunked` headers.

#### Setup
Generate a self-signed TLS certificate:
```bash
openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes
```

#### Run the proxy
```bash
sudo go run tls_proxy_cve_monitor.go
```

## Output
- Python scanner logs results to `aspnet_vulnerability_scan_results.json`
- Go proxy logs suspicious HTTPS requests to the console

## Disclaimer
These tools are for educational and authorized security testing purposes only. Do not use them on systems without explicit permission.

文件快照

 [4.0K]  /data/pocs/ab0ddd3225916c489d6ee838a73c6da950ca6f2e
├── [1.7K]  CVE-2025-55315_check.py
├── [1.1K]  CVE-2025-55315_HTTP_Sniffer.go
├── [1.2K]  CVE-2025-55315_TLS_Proxy_Monitor.go
└── [1.2K]  README.md

0 directories, 4 files

备注