Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
  • Loading branch information
@tucommenceapousser
tucommenceapousser authored Apr 25, 2024
1 parent a10540d commit 02f4607
Showing 1 changed file with 38 additions and 0 deletions.
38 changes: 38 additions & 0 deletions scan_logs.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
#!/usr/bin/env python3

from glob import glob
import argparse
import os
import sys


def main():
parser = argparse.ArgumentParser(description="Evaluate if the CrushFTP File Read vulnerability was exploited")
parser.add_argument("dir", type=str, help="Path to CrushFTP installation directory")
args = parser.parse_args()

if not os.path.exists(os.path.join(args.dir, "CrushFTP.jar")):
print(f"[!] The following directory does not look like a CrushFTP installation folder: {args.dir}")
return 1

log_files = [os.path.join(args.dir, "CrushFTP.log")] + glob(os.path.join(args.dir, "logs", "session_logs", "*", "session_HTTP_*.log")) + glob(os.path.join(args.dir, "logs", "CrushFTP.log*"))

for fname in log_files:
with open(fname, "r") as f:
txt = f.read()

if "<INCLUDE>" in txt:
lines = [l for l in txt.split("\n") if "<INCLUDE>" in l]

for l in lines:
try:
ip = l.split("|")[2].split(":")[3].split("]")[0]
print(f"{fname}: traces of exploitation by {ip}")
except IndexError:
print(f"{fname}: traces of exploitation")
else:
print(f"{fname}: traces of exploitation")


if __name__ == "__main__":
sys.exit(main() or 0)

0 comments on commit 02f4607

Please sign in to comment.