#!/usr/bin/env python

import argparse
import requests
import sys
import re

def check_vulnerability(url):
    """Check if the RDG Gateway server is vulnerable to CVE-2019-1006"""
    response = requests.get(url)
    if response.status_code != 200:
        print("Error: Could not connect to the server.")
        return False
    if "RDG_CLIENT" not in response.text:
        print("Error: This does not appear to be an RDG Gateway server.")
        return False
    match = re.search(r"MsRdpClientShell\.ActiveX\.1", response.text)
    if not match:
        print("Error: Could not find MsRdpClientShell.ActiveX.1 control.")
        return False
    match = re.search(r"([\d\.]+)", match.string[match.end():])
    if not match:
        print("Error: Could not find version number.")
        return False
    version = match.group(1)
    if version < "10.0.0.0" or version >= "10.0.0.9999":
        print("Vulnerable (version: {})".format(version))
        return True
    else:
        print("Not vulnerable (version: {})".format(version))
        return False

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="Check an RDG Gateway server for CVE-2019-1006 vulnerability.")
    parser.add_argument("url", metavar="URL", help="URL of the RDG Gateway server to test")
    args = parser.parse_args()
    check_vulnerability(args.url)