Skip to content

This is a webshell fingerprinting scanner designed to identify implants on Cisco IOS XE WebUI's affected by CVE-2023-20198 and CVE-2023-20273

Notifications You must be signed in to change notification settings

Shadow0ps/CVE-2023-20198-Scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cisco IOS XE Device Scanner User Guide for CVE-2023-20198-Scanner

This is a webshell fingerprinting scanner designed to identify implants on Cisco IOS XE WebUI's affected by CVE-2023-20198 and CVE-2023-20273. This Python script checks for compromised Cisco IOS XE devices by making HTTP and HTTPS requests. It supports multiple ways to specify target IPs and provides threading for faster scanning.

ChangeLog

A few things you can do with this scipt:

Requirements

  • Python 3.x
  • Required Python packages: requests, termcolor, tqdm

Install the required Python packages using pip if you haven't already:

pip install requests termcolor tqdm

Usage

The script provides several command-line options for flexibility:

--target_file

Specify a file containing a list of Cisco IOS XE Device IPs or hostnames. The IPs or hostnames should be listed one per line.

Example:

python iosxe-scanner.py --target_file targets.txt

--cidr

Specify a CIDR range to scan. The script will generate all the IPs in the specified range and scan them.

Example:

python iosxe-scanner.py --cidr 192.168.1.0/24

--ip

Specify a single IP to scan.

Example:

python iosxe-scanner.py --ip 192.168.1.1

--user_agent

Set a custom User-Agent header for the HTTP requests. The default is CISCO-IOS-Shell-Scanner-cisco-sa-iosxe-webui-privesc-j22SaA4z.

Example:

python iosxe-scanner.py --user_agent "MyCustomUserAgent"

--rate_limit

Set a rate limit in seconds between requests. The default is 1 second.

Example:

python iosxe-scanner.py --rate_limit 0.5

--proxy

Specify an HTTP Proxy to use for requests.

Example:

python iosxe-scanner.py --proxy http://127.0.0.1:8080

--iocs_file

Specify a file containing Indicators of Compromise (IoCs) to look for in the response text. The default is IOCS.txt.

Example:

python iosxe-scanner.py --iocs_file custom_iocs.txt

Examples

Scan a list of targets from a file with a rate limit of 0.5 seconds

python iosxe-scanner.py --target_file targets.txt --rate_limit 0.5

Scan a CIDR range using a proxy

python iosxe-scanner.py --cidr 192.168.1.0/24 --proxy http://127.0.0.1:8080

Scan a single IP with a custom User-Agent

python iosxe-scanner.py --ip 192.168.1.1 --user_agent "MyCustomUserAgent"

Scan using a custom IoCs file

python iosxe-scanner.py --iocs_file custom_iocs.txt

Notes

  • This script disables SSL certificate verification for making HTTPS requests. Use this feature cautiously.
  • This script is presented "As Is" with NO WARRANTY. USE AT YOUR OWN RISK!
  • Use of this script may be illegal in your country or jurisdiction. While it only makes simple HTTP(S) requests and checks for specific responses it's up to you to determine whether or not its use is legal/ethical and appropriate. DONT BE A JERK.

If you find this script useful feel free to let me know or give me a follow on Twitter(𝕏) https://twitter.com/shadow0pz

About

This is a webshell fingerprinting scanner designed to identify implants on Cisco IOS XE WebUI's affected by CVE-2023-20198 and CVE-2023-20273

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages