/CVE-NetScalerFileSystemCheck

This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information

Primary LanguagePowerShell

CVE-NetScalerFileSystemCheck

This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information.

The following files and logs will be checked (Latest version 1.13):

  • Template folders for XML files
  • Apache Access logfiles
  • Apache Error logfiles
  • Cron Jobs
  • Backdoor Scripts
  • Crypto Miner
  • Bash logfiles

Getting Started

The Output file will be created in the execution directory.

Prerequisites

CVE-NetScalerFileSystemCheck.ps1 needs plink.exe in the execution directory and can be run your local computer.

CVE-NetScalerFileSystemCheck.sh can be run your NetScaler appliance directly, e.g. under /var/tmp/.

Running the scripts

CCVE-NetScalerFileSystemCheck.ps1

.\CVE-NetScalerFileSystemCheck.ps1 -NSIP [YourNetScalerIP]

CCVE-NetScalerFileSystemCheck.sh

bash CVE-NetScalerFileSystemCheck.sh

Credits

@manuelkolloff - https://nerdscaler.com/

Cheers, Daniel Weppeler