Perform With Massive Apache OFBiz Zero-Day Scanner & RCE# CVE-2024-38856 Apache Ofbiz RCE Scanner
## Description
This script is designed to scan for the `CVE-2024-38856` vulnerability in Apache Ofbiz applications, which may allow for remote code execution. It sends HTTP POST requests to specific paths within the Ofbiz application with malicious payloads to exploit the vulnerability.
## Features
- Scans targets for vulnerability using various paths
- Supports multithreading for faster processing
- Uses `coloredlogs` for color-coded, easy-to-read logs
- Supports input from a file containing a list of targets
## Prerequisites
- Python 3.x
- Python Modules:
- `requests`
- `coloredlogs`
- `colorama`
- `argparse`
- `urllib3`
You can install the required dependencies using pip:
```bash
pip install requests coloredlogs colorama argparse urllib3
```
# Usage
## Running the Script
To run the script, use the following command:
```bash
python script_name.py [options]
```
# Options
- `-t`, `--threads`: Number of threads to use (default: 1)
- `-p`, `--port`: Target port
- `-c`, `--command`: Command to execute
- `-s`, `--scan`: Perform a scan with ping, curl, and wget
- `-d`, `--domain`: Domain (attacker domain) to scan with ping, curl, and wget
- `-f`, `--file`: File containing a list of targets in the format `http(s)://target,port`
# Examples
- Scan targets with a command:
```bash
python script_name.py -f targets.txt -c "whoami"
```
# Perform a scan with a domain:
```bash
python script_name.py -s -d example.com -p 80
```
# Use a file containing a list of targets:
```bash
python script_name.py -f targets.txt -c "uname -a"
```
# Error Handling
- If targets lack the http:// or https:// prefix, the script will prompt you to choose a prefix to add.
- If there's an error while making an HTTP request, the script will log the error.
[4.0K] /data/pocs/c238cfca5d4507ff14571f90f420cd42cd866508
├── [ 10K] CVE-2024-38856.py
├── [1.9K] README.md
└── [ 38] requirements.txt
0 directories, 3 files