This script is designed to scan for the CVE-2024-38856 vulnerability in Apache Ofbiz applications, which may allow for remote code execution. It sends HTTP POST requests to specific paths within the Ofbiz application with malicious payloads to exploit the vulnerability.
- Scans targets for vulnerability using various paths
- Supports multithreading for faster processing
- Uses
coloredlogsfor color-coded, easy-to-read logs - Supports input from a file containing a list of targets
- Python 3.x
- Python Modules:
requestscoloredlogscoloramaargparseurllib3
You can install the required dependencies using pip:
pip install requests coloredlogs colorama argparse urllib3To run the script, use the following command:
python script_name.py [options]-t,--threads: Number of threads to use (default: 1)-p,--port: Target port-c,--command: Command to execute-s,--scan: Perform a scan with ping, curl, and wget-d,--domain: Domain (attacker domain) to scan with ping, curl, and wget-f,--file: File containing a list of targets in the formathttp(s)://target,port
-
Scan targets with a command:
python script_name.py -f targets.txt -c "whoami"
python script_name.py -s -d example.com -p 80python script_name.py -f targets.txt -c "uname -a"- If targets lack the http:// or https:// prefix, the script will prompt you to choose a prefix to add.
- If there's an error while making an HTTP request, the script will log the error.