{"id":13843124,"url":"https://github.com/noperator/panos-scanner","last_synced_at":"2026-02-05T23:30:51.833Z","repository":{"id":46154627,"uuid":"278187882","full_name":"noperator/panos-scanner","owner":"noperator","description":"Determine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.","archived":false,"fork":false,"pushed_at":"2024-06-25T09:34:14.000Z","size":41,"stargazers_count":128,"open_issues_count":4,"forks_count":30,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-12-22T21:45:21.988Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/noperator.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-08T20:26:52.000Z","updated_at":"2025-11-18T14:35:09.000Z","dependencies_parsed_at":"2024-04-27T05:32:13.366Z","dependency_job_id":"79374c35-65bd-439d-a6a9-d3bd3184bae6","html_url":"https://github.com/noperator/panos-scanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/noperator/panos-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noperator%2Fpanos-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noperator%2Fpanos-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noperator%2Fpanos-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noperator%2Fpanos-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/noperator","download_url":"https://codeload.github.com/noperator/panos-scanner/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/noperator%2Fpanos-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29138375,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T23:14:48.546Z","status":"ssl_error","status_checked_at":"2026-02-05T23:14:35.724Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:01:55.672Z","updated_at":"2026-02-05T23:30:51.812Z","avatar_url":"https://github.com/noperator.png","language":"Python","readme":"# PAN-OS GlobalProtect Portal Scanner\n\nDetermine the Palo Alto PAN-OS software version of a remote GlobalProtect portal or management interface.\n\nDeveloped with ❤️ by the [Bishop Fox Cosmos](https://bishopfox.com/platform) (formerly CAST) team.\n\n- [Description](#description)\n- [Getting started](#getting-started)\n- [Back matter](#back-matter)\n\n## Description\n\nPalo Alto's GlobalProtect portal, a feature of PAN-OS, has been the subject of \n[several critical-severity vulnerabilities](https://security.paloaltonetworks.com/?severity=CRITICAL\u0026product=PAN-OS\u0026sort=-date) that can allow authorization bypass, unauthenticated remote code execution, etc. From an external perspective, it can be difficult to tell if you're running a patched version of PAN-OS since the GlobalProtect portal and management interface don't explicitly reveal their underlying software version.\n\nTo assist PAN-OS users in patching their firewalls, this scanner examines the `Last-Modified` and `ETag` HTTP response headers for several static web resources, and associates those values with specific PAN-OS releases. For example, note the `ETag` in the following HTTP response from the GlobalProtect portal login page:\n\n```\n$ curl -skI https://example.com/global-protect/login.esp\nHTTP/1.1 200 OK\nContent-Type: text/html; charset=UTF-8\nConnection: keep-alive\nETag: \"6e185d5daf9a\"\n```\n\nExamining the last 8 characters of the `ETag` gives us the hexadecimal epoch time `5d5daf9a`, represented as `1566420890` in decimal format. We can convert this epoch time to a human-readable format using the UNIX `date` utility:\n\n```\n$ date -d @1566420890\nWed 21 Aug 2019 08:54:50 PM UTC\n```\n\nUsing the attached `version-table.txt`, we can determine that this instance of GlobalProtect portal is running on PAN-OS version `8.1.10`, and is therefore vulnerable to \n[CVE-2020-2034](https://security.paloaltonetworks.com/CVE-2020-2034), an OS command injection vulnerability in GlobalProtect portal, and should consequently be patched.\n\n```\n$ awk '/Aug.*21.*2019/ {print $1}' version-table.txt \n8.1.10\n```\n\nThis scanner automates the process described above, suggesting an exact (or approximate) underlying PAN-OS version for a remote GlobalProtect portal or management interface. When multiple versions are associated with a given date, this tool will display all version matches as a comma-separated list; e.g, `7.1.24-h1,8.0.19-h1,8.1.9-h4` for `2019-08-15`.\n\n## Getting started\n\n### Install\n\n```\n$ git clone https://github.com/noperator/panos-scanner.git\n```\n\n### Usage\n\nNote that this script requires `version-table.txt` in the same directory.\n\n```\n$ python3 panos-scanner.py -h\nusage: Determine the software version of a remote PAN-OS target. Requires version-table.txt in the same directory.\n       [-h] [-v] [-s] [-c] -t TARGET\n\noptional arguments:\n  -h, --help  show this help message and exit\n  -v          verbose output\n  -s          stop after one exact match\n  -t TARGET   https://example.com\n```\n\nIn the following example, `https://example.com/global-protect/portal/images/favicon.ico` has an HTTP response header that indicates that it's running PAN-OS version `8.0.10`.\n\n```\n$ python3 panos-scanner.py -s -t https://example.com | jq '.match'\n{\n  \"date\": \"2018-05-04\",\n  \"versions\": [\n    \"8.0.10\"\n  ],\n  \"precision\": \"exact\",\n  \"resource\": \"global-protect/portal/images/favicon.ico\"\n}\n```\n\n\u003c!--\n\nAlso supports verbose output.\n\n```\n$ python3 panos-scanner.py -v -t https://example.com\n[*] https://example.com\n[+] global-protect/login.esp\n[*] 2018-05-03 ~ 2018-05-04 =\u003e 8.0.10\n[-] php/login.php (ReadTimeout)\n[+] global-protect/portal/css/login.css\n[*] 2018-05-03 ~ 2018-05-04 =\u003e 8.0.10\n[*] 2018-05-04 =\u003e 8.0.10\n[-] js/Pan.js (HTTPError)\n[+] global-protect/portal/images/favicon.ico\n[*] 2018-05-04 =\u003e 8.0.10\n[-] login/images/favicon.ico (HTTPError)\n[+] global-protect/portal/images/logo-pan-48525a.svg\n[*] 2018-05-04 =\u003e 8.0.10\n8.0.10 2018-05-04 (exact)\n```\n\nThis tool doesn't currently support reading from a list of targets. Instead, here's a useful way to test multiple targets using a Bash `for` loop, along with the `tr` and `column` utilities. You can equivalently use a Bash `while` loop over the contents of a text file: `$ cat target_list.txt | while read TARGET; do ...`.\n\n```\n$ for TARGET in \\\nhttps://example.com \\\nhttps://nomatchexample.com \\\nhttps://doublematchexample.com \\\nhttp://nonexistentexample.com \\\n; do\n    echo -n \"$TARGET;\"\n    python3 panos-scanner.py -s -t \"$TARGET\" | tr '\\n' ';'\n    echo\ndone | column -t -s ';'\n\nhttps://example.com             8.1.9 2019-07-03 (exact)\nhttps://nomatchexample.com      no matches found\nhttps://doublematchexample.com  8.1.12 2019-12-10 (exact)  9.1.0 2019-12-11 (approximate)\nhttp://nonexistentexample.com   ConnectionError\n```\n\n--\u003e\n\n## Back matter\n\n### Legal disclaimer\n\nUsage of this tool for testing targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.\n\n### Acknowledgements\n\nThanks [@k4nfr3](https://github.com/k4nfr3) for providing updates to the version table, and for building in the option to print a URL for Palo Alto's security advisories page.\n\n### See also\n\n- [Shodan Facet Analysis — PAN-OS Version](https://beta.shodan.io/search/facet?query=http.html%3A%22Global+Protect%22\u0026facet=os)\n- [A Look at PAN-OS Versions with a Bit of R](https://rud.is/b/2020/07/10/a-look-at-pan-os-versions-with-a-bit-of-r/)\n- [Palo Alto Networks Security Advisories](https://security.paloaltonetworks.com/)\n\n### To-do\n\n- [x] Stop after one exact match\n- [x] Simplify output\n- [x] Support verbose CLI option\n- [x] Perhaps output JSON instead, to be processed with `jq`\n\n### License\n\nThis project is licensed under the [MIT License](LICENSE.md).\n","funding_links":[],"categories":["Python","Python (1887)","General"],"sub_categories":["Secure Sharing"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoperator%2Fpanos-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnoperator%2Fpanos-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnoperator%2Fpanos-scanner/lists"}