/CVE-2019-5544_CVE-2020-3992

Python / scapy module implementing SRVLOC/SLP protocol and scans for enabled OpenSLP services.

Primary LanguagePythonMIT LicenseMIT

Scanner for SLP services (CVE-2019-5544 CVE-2020-3992)

Python script that implements SRVLOC/SLP protocol to scan for enabled OpenSLP services.

You may find it handy while searching for systems impacted by CVE-2019-5544, CVE-2020-3992 or CVE-2021-21974 ...

More info on the VMware vulnerability you may find for instance here: https://blog.rapid7.com/2020/11/11/vmware-esxi-openslp-remote-code-execution-vulnerability-cve-2020-3992-and-cve-2019-5544-what-you-need-to-know/

The script does not detect, whether the service is vulnerable or not, but it reports the remote VMWare version and build

Requirements

You will require python3 and scapy library installed, i.e. pip3 install scapy

Usage

./check_slp.py <file_with_targets>

where argument is a file with ip address or networks in CIDR notation.

Output

2020-12-01 15:03:15,654 - INFO - [ip_removed] Sending packet via Unicast UDP
2020-12-01 15:03:15,778 - INFO - [ip_removed] SLP Service detected
2020-12-01 15:03:16,032 - INFO - [ip_removed] ATTR    service:VMwareInfrastructure://[fqdn_removed]      (product="VMware ESXi 6.5.0 build-17097218"),(hardwareUuid="30313436-3631-584D-5133-343230505032")
2020-12-01 15:03:16,292 - INFO - [ip_removed] ATTR    service:wbem:https://[fqdn_removed]:5989   (MultipleOperationsSupported=false),(AuthenticationMechanismsSupported=Basic),(Namespace=root/interop,interop,root/hpq,root/cimv2,root/config,vmware/esxv2),(Namespace=root/cimv2,root/interop,root/config,vmware/esxv2),(Classinfo=0,0,0,0),(ProtocolVersion=1.0),(RegisteredProfilesSupported=DMTF:Sensors,DMTF:Base Server,DMTF:Power State Management,DMTF:CPU,DMTF:Software Inventory,DMTF:Record Log,DMTF:System Memory,DMTF:Physical Asset,DMTF:Fan,DMTF:Power Supply,DMTF:Profile Registration,DMTF:Battery,)