{"id":13826275,"url":"https://github.com/bishopfox/pwn-pulse","last_synced_at":"2025-04-19T20:33:53.698Z","repository":{"id":79092029,"uuid":"207348255","full_name":"BishopFox/pwn-pulse","owner":"BishopFox","description":"Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)","archived":false,"fork":false,"pushed_at":"2020-01-15T17:01:50.000Z","size":61,"stargazers_count":137,"open_issues_count":1,"forks_count":60,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-04-09T21:40:44.661Z","etag":null,"topics":["cve","exploit","infosec","penetration-testing","pentest-scripts","pentesting","red-team","security-tools"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BishopFox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-09-09T15:58:39.000Z","updated_at":"2025-03-28T22:56:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"4c8bd7e8-fddb-4a25-accd-c3eb3856037e","html_url":"https://github.com/BishopFox/pwn-pulse","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fpwn-pulse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fpwn-pulse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fpwn-pulse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fpwn-pulse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BishopFox","download_url":"https://codeload.github.com/BishopFox/pwn-pulse/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249794839,"owners_count":21326775,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","exploit","infosec","penetration-testing","pentest-scripts","pentesting","red-team","security-tools"],"created_at":"2024-08-04T09:01:34.930Z","updated_at":"2025-04-19T20:33:53.666Z","avatar_url":"https://github.com/BishopFox.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"d62a971d37c69db9f3b9187318c3921a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"8ea8f890cf767c3801b5e7951fca3570\"\u003e\u003c/a\u003e公网访问局域网"],"readme":"# pwn-pulse.sh\n**Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)**\n\nScript authored by braindead @BishopFox. Based on [research by Orange Tsai and Meh Chang](https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html). Thanks also to Alyssa Herrera and 0xDezzy for additional insights. Huge thanks to bl4ckh0l3z for fixing, cleaning and refactoring the code significantly!\n\nThis script extracts private keys, usernames, admin details (including session cookies) and observed logins (including passwords) from Pulse Connect Secure VPN files downloaded via CVE-2019-11510.\n\n* It takes the target domain or IP as an argument and will download important files from the server using the arbitrary file read vulnerability.\n* It then greps through the files for sensitive information and dumps it all into a file named [TARGET]_report.txt\n* It could also test each session cookie to see if the session is currently active (and thus available for hijacking).\n\nAdditional details about the development of the script are available in [this blog article](https://know.bishopfox.com/blog/breaching-the-trusted-perimeter).\n\n### Usage:\n```\n./pwn-pulse.sh -h\n\n  [pwn-pulse.sh by braindead @BishopFox]\n\n  This script extracts private keys, usernames, admin details (including\n  session cookies) and observed logins (including passwords) from Pulse\n  Connect Secure VPN files downloaded via CVE-2019-11510.\n\n  Usage: pwn-pulse.sh [options]\n\n  Options:\n        -h   show this output\n        -t   set the target (IPs - single entry by stdin, in csv format, single column in a file)\n        -d   download config, cache and sessions files\n        -c   test cookies in order to identify active sessions\n        -k   test cookies without downloading files (already downloaded and extracted)\n        -s   extract ssh keys\n        -a   all tests\n        \n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbishopfox%2Fpwn-pulse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbishopfox%2Fpwn-pulse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbishopfox%2Fpwn-pulse/lists"}