Skip to content

Determine the running software version of a remote F5 BIG-IP management interface.

License

Notifications You must be signed in to change notification settings

BishopFox/bigip-scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BIG-IP Scanner

Determine the running software version of a remote F5 BIG-IP management interface. Developed with ❤️ by the Bishop Fox Cosmos team.

Description

CVE-2022-1388, a critical vulnerability in the F5 BIG-IP management interface, allows an attacker to bypass authentication and remotely execute arbitrary system commands. Bishop Fox developed a BIG-IP scanner that you can use to determine:

  • Which software version is running on a remote F5 BIG-IP management interface
  • Whether a specific appliance is affected by any known vulnerabilities, including CVE-2022-1388—all without sending any malicious traffic to the server (i.e., risking being blocked by a WAF)

See full write-up for this tool at the Bishop Fox blog, including a complete walkthrough of the methodology behind building the version table.

Getting started

Install

git clone https://github.com/bishopfox/bigip-scanner.git && cd bigip-scanner
python3 -m venv venv
source venv/bin/activate
python3 -m pip install -U pip
python3 -m pip install -r requirements.txt

Usage

$ python3 bigip-scanner.py -h
usage: bigip-scanner.py [-h] -t TARGET [-v VERSION_TABLE] [-a] [-d]

Determine the running software version of a remote F5 BIG-IP management interface.
Developed with ❤️ by the Bishop Fox Cosmos team.

optional arguments:
  -h, --help        show this help message and exit
  -t TARGET         https://example.com
  -v VERSION_TABLE  version-table.csv
  -a                request all resources; don't stop after an exact match
  -d                debug mode

In the following example, https://example.com/tmui/tmui/login/images/logo_f5.png has an HTTP response header that indicates that it's running BIG-IP version 16.1.2-0.0.18 which, according to F5's security advisory, is in the vulnerable range for CVE-2022-1388.

$ python3 bigip-scanner.py -t https://example.com | jq
[
  {
    "version": "16.1.2-0.0.18",
    "precision": "exact",
    "modification_time": "2021-10-23T21:06:13Z",
    "release_number": "16.1.2",
    "release_type": "Maintenance",
    "image_name": "BIGIP-16.1.2-0.0.18",
    "release_date": "11/02/2021",
    "target": "https://example.com",
    "resource": "/tmui/tmui/login/images/logo_f5.png",
    "header_name": "ETag",
    "header_value": "1fe7-5db411548c100"
  }
]

Back matter

Legal disclaimer

Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

See also

License

This project is licensed under the MIT License.

About

Determine the running software version of a remote F5 BIG-IP management interface.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages