A Python-based tool to scan websites for the CVE-2024-9166 vulnerability, which is one of the most recent ones (at the moment of publishing this repository.). It checks for vulnerable patterns, tests the vulnerability to confirm it, and logs results to a file.
I'm not responsible in any way of the misuse of this tool. This tool was made with the intention of being used for ethical hacking, doing penetration testing (and every type of hacking) without consent is illegal and can have serious consequences!
To install the tool you can just copy this Github repository with this single command:
git clone https://github.com/Andrysqui/CVE-2024-9166- Python 3.7+
- Install Python dependencies via
pip:
pip install requests beautifulsoup4 argparse- Single URL Scan:
python3 CVE-2024-9166.py --url https://example.com- Scan Multiple URLs from a File and Logging the Results:
python3 CVE-2024-9166.py --file urls.txt --logfile output.log- Custom Headers
python3 CVE-2024-9166.py --url https://example.com --headers '{"User-Agent": "Custom-Agent", "Bug-Bounty: True", "Pen-Testing: True"}'-hor--help: Shows a help message explaining each one of the arguments below.--urlor-u: Specify a single URL to scan (mutually exclusive with-for--file).--fileor-f: Path with a file with URLs to scan (one per line, mutually exclusive with-uor--url).--logfileor-l: Path to log results (default:scan_log.txt).--headers: Custom headers in JSON format (e.g.,'{"User-Agent": "Custom-Agent"}').--threads: Number of threads for scanning multiple URLs (default: 5).--exploit-command: Command used to test the vulnerability (default:id).--vulnerable-content: Pattern to search for inside responses to confirm a vulnerability when using custom command (default:uid=).