Palo Alto RCE Vuln# Palo Alto PAN-OS Exploit PoC - CVE-2024-0012 & CVE-2024-9474
This script is a Proof of Concept (PoC) exploit for vulnerabilities found in Palo Alto PAN-OS (CVE-2024-0012 & CVE-2024-9474). The script can be used to either scan a list of URLs for the vulnerability or exploit a single vulnerable URL interactively.
## Features
- Scan Mode: Automatically scans multiple URLs to detect the vulnerability.
- Exploit Mode: Interactively exploits a single URL, allowing the user to execute arbitrary commands.
- Concurrency Support: The script supports multiple threads to speed up the scanning process.
- Output Saving: Results are saved in a specified output file.
- Progress Bar: A customizable progress bar to track the scanning progress.
## Prerequisites
- Go 1.18 or later installed on your machine.
Required Go dependencies installed (see below).
### Installation
1. Clone the repository
```
git clone https://github.com/aratane/CVE-2024-9474
cd CVE-2024-9474
```
2. Install dependencies
This script relies on several Go libraries. Install them by running:
```
go mod tidy
```
### The required dependencies include:
github.com/cheggaaa/pb/v3: Progress bar for displaying scanning status.
github.com/gookit/color: Enhanced color support for console output.
github.com/manifoldco/promptui: Interactive command-line prompts.
github.com/p0dalirius/goopts/parser: Command-line argument parsing.
## Usage
Running in Scan Mode (to scan multiple URLs)
Scan Mode is used to check multiple URLs for the vulnerability. You need to provide a file with a list of URLs.
```
go run main.go --file urls.txt --output results.txt --threads 100
```
--file: Path to a file containing a list of URLs to scan.
--output: Path to save the scan results (default: output.txt).
--threads: Number of concurrent threads to use for scanning (default: 200).
### Example urls.txt:
```
http://example1.com
http://example2.com
```
Running in Exploit Mode (to exploit a single URL interactively)
### Exploit Mode allows you to interactively exploit a vulnerable URL.
```
go run main.go --url http://target.com --output results.txt
```
--url: The target URL to exploit.
--output: Path to save the exploit results.
Once in Exploit Mode, you can enter commands to be executed on the target system. Type exit to quit the interactive shell.
## Show Help
To display help information:
```
go run main.go --help
```
## Example Outputs
### Scan Mode
After the scan completes, the results will be saved to the specified output file (e.g., results.txt):
```
[+] http://example1.com - Auth Bypass successful
[+] http://example2.com - Auth Bypass successful
```
### Exploit Mode
When exploiting a URL interactively, the command output is shown after executing commands on the target:
```
# ls /var
bin app lib tmp
# exit
[+] Exiting interactive shell.
```
## Configuration
Command-Line Arguments
Flag Description Default Value
--url The URL to exploit in Exploit Mode
--file File with URLs to scan (used in Scan Mode)
--output Output file for saving results output.txt
--threads Number of concurrent threads for scanning (Scan Mode) 200
--help Show help message
## License
This project is licensed under the MIT License - see the LICENSE file for details.
[4.0K] /data/pocs/8bc57d830f7f5214725acfd6e4ba6e425bfca757
├── [ 690] go.mod
├── [3.7K] go.sum
├── [8.1K] main.go
└── [3.1K] README.md
0 directories, 4 files