Python / scapy module implementing SRVLOC/SLP protocol and scans for enabled OpenSLP services.# Scanner for SLP services (CVE-2019-5544 CVE-2020-3992)
Python script that implements SRVLOC/SLP protocol to scan for enabled OpenSLP services.
You may find it handy while searching for systems impacted by CVE-2019-5544, CVE-2020-3992 or CVE-2021-21974 ...
More info on the VMware vulnerability you may find for instance here: https://blog.rapid7.com/2020/11/11/vmware-esxi-openslp-remote-code-execution-vulnerability-cve-2020-3992-and-cve-2019-5544-what-you-need-to-know/
The script does not detect, whether the service is vulnerable or not, but it reports the remote VMWare version and build
## Requirements
You will require python3 and scapy library installed, i.e. `pip3 install scapy`
## Usage
```
./check_slp.py <file_with_targets>
```
where argument is a file with ip address or networks in CIDR notation.
## Output
```
2020-12-01 15:03:15,654 - INFO - [ip_removed] Sending packet via Unicast UDP
2020-12-01 15:03:15,778 - INFO - [ip_removed] SLP Service detected
2020-12-01 15:03:16,032 - INFO - [ip_removed] ATTR service:VMwareInfrastructure://[fqdn_removed] (product="VMware ESXi 6.5.0 build-17097218"),(hardwareUuid="30313436-3631-584D-5133-343230505032")
2020-12-01 15:03:16,292 - INFO - [ip_removed] ATTR service:wbem:https://[fqdn_removed]:5989 (MultipleOperationsSupported=false),(AuthenticationMechanismsSupported=Basic),(Namespace=root/interop,interop,root/hpq,root/cimv2,root/config,vmware/esxv2),(Namespace=root/cimv2,root/interop,root/config,vmware/esxv2),(Classinfo=0,0,0,0),(ProtocolVersion=1.0),(RegisteredProfilesSupported=DMTF:Sensors,DMTF:Base Server,DMTF:Power State Management,DMTF:CPU,DMTF:Software Inventory,DMTF:Record Log,DMTF:System Memory,DMTF:Physical Asset,DMTF:Fan,DMTF:Power Supply,DMTF:Profile Registration,DMTF:Battery,)
```
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view