For Educational Purpose ONLY!
Just basic exploit abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of CISCO ASA/FTD applicances.
By default this uses a file list constructed from sample output from CVE-2018-0296 in the Metasploit Framework (https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/http/cisco_directory_traversal.md).
Usage: cve-2020-3452.sh <target ip/hostname> <optional_file_name>.txt
Example#1: cve-2020-3452.sh mytarget.com
Example#2: cve-2020-3452.sh mytarget.com cisco_asa_file_list.txt
Files that are downloaded will be in the newly created 'cisco_asa_files' directory