Skip to content
/ CVE-2024-22024 Public

Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure

29 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0dteam/CVE-2024-22024

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 
cve_2024_22024.py
cve_2024_22024.py
 
 

Repository files navigation

CVE-2024-22024

Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure

Warning

FOR EDUCATIONAL PURPOSE AND AUTHORIZED TESTING ONLY.

Parameters

  • -u or --target_url: The target Ivanti Connect Secure (ICS) URL or file with list of URLs.

  • -c or --attacker_url: The attacker URL (generate one using Burp Collaborator, ngrok, or by using a unique URL from Webhook.site)

  • -t or --timeout: Timeout in seconds for the request (default is 3 seconds)

How to use

Testing a single URL:

python .\cve_2024_22024.py -u http://vpn.example.com -c http://potatodynamicdns.oastify.com

Testing list of URLs:

python .\cve_2024_22024.py -u .\urls_list.txt -c http://potatodynamicdns.oastify.com

Using a different timeout (5 seconds):

python .\cve_2024_22024.py -u .\urls_list.txt -c http://potatodynamicdns.oastify.com -t 5

Credits

Whoever discovered the vulnerability .. I just read the PoC and automated this.

0dteam website

About

Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure

Resources

Readme
Activity

Stars

29 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages