CVE-2024-55591 If you're reading this, you most likely know what we're talking about. DOWNLOAD Vulnerability Scanner Description This script attempts to create a WebSocket connection at a random URL from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is VULNERABLE. Checks the file with ip addresses for vulnerability USEAGE Checks your text document with ip addresses for vulnerabilities python3 check.py –file ips.txt –port 443 poc.py (Event Listening and Tracking) Description Use this poc, you can bypass authentication and see system log. USAGE Opens the listener, shows all actions performed on the server. python3 poc.py –target TARGET You can also customize the activity tracking setting and put a filter on the tasks you need to do. Replace * with the action you wish to track LOG_ID_ADMIN_LOGIN_SUCC Shows only successful administrator logins ADMIN CREATION Description Use this exp, you can Сreates administrator, adding an administrator to a VPN group. USEAGE Set the required IP Address in the code before startup. python3 adadmin.py CMD Description Use this exp, you can bypass authentication and run cmd. USEAGE exp.py –target TARGET [–port PORT] [–username USERNAME] [–cmd CMD] Affected Versions -FortiOS 7.0.0 through 7.0.16 -FortiProxy 7.0.0 through 7.0.19 -FortiProxy 7.2.0 through 7.2.12 More details DOWNLOAD USAGE INSTRUCTIONS Vulnerability Scanner I use remote server for work, operating…Read More