Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tunelko/CVE-2022-22954-PoC
VMware Workspace ONE Access and Identity Manager RCE via SSTI - Test script for shodan, file or manual.
https://github.com/tunelko/CVE-2022-22954-PoC
Last synced: 21 days ago
JSON representation
VMware Workspace ONE Access and Identity Manager RCE via SSTI - Test script for shodan, file or manual.
- Host: GitHub
- URL: https://github.com/tunelko/CVE-2022-22954-PoC
- Owner: tunelko
- License: gpl-3.0
- Created: 2022-04-13T08:52:15.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-02-13T13:51:41.000Z (10 months ago)
- Last Synced: 2024-08-05T17:44:19.383Z (4 months ago)
- Language: Python
- Homepage:
- Size: 47.9 KB
- Stars: 11
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - tunelko/CVE-2022-22954-PoC - VMware Workspace ONE Access and Identity Manager RCE via SSTI - Test script for shodan, file or manual. (Python)
README
## CVE-2022-22954 PoC
VMware Workspace ONE Access and Identity Manager RCE via SSTI.CVE-2022-22954 - PoC SSTI
Usage:
```bash
CVE-2022-22954.py [-h] -m SET_MODE [-i IP] [-c CMD]
optional arguments:
-h, --help show this help message and exit
-m SET_MODE, --mode SET_MODE
Available modes: shodan | file | manual
-i IP, --ip IP Host IP
-c CMD, --cmd CMD Command string
```
### Modes
- shodan: Retrieves IP list based on "http.favicon.hash:-1250474341" query
- file: Put your IP list in ips.txt
- manual: Pass IP and CMD arguments to -m manual mode
### Disclaimer
This is just a PoC. Use it at wour own risk and not in production nor real environments. Don't ask me why the code is like this or if it's good or bad, I don't care. I'm not a cool programmer and my code is ugly.