## https://sploitus.com/exploit?id=0B199456-D600-5704-AEF6-BE05088DB33A
# CVE-2024-2997 Scanner
## Overview
CVE-2024-2997 Scanner is an advanced vulnerability scanner designed to detect the command injection vulnerability in web applications. This tool helps security professionals identify potential security risks in their applications.
## Disclaimer
This tool is for **educational purposes only**. Only use it on applications you own or have permission to test. The author is not responsible for any misuse or damage caused by this tool.
## Features
- **High-Performance Scanning**: Utilizes multi-threading (up to 20 threads) for fast scanning
- **Comprehensive URL Generation**: Generates a wide range of potential vulnerable URLs
- **Real-time Progress Tracking**: Shows scan progress with a dynamic progress bar
- **Detailed Reporting**: Generates both text and HTML reports of scan results
- **Vulnerability Classification**: Categorizes findings by confidence level (Low, Medium, High, Critical)
- **Smart Detection**: Identifies both CVE-2024-2997 and similar vulnerabilities
- **Batch Processing**: Processes URLs in batches to prevent system overload
- **Customizable Settings**: Adjustable threads, timeouts, delays, and batch sizes
- **Dark-themed HTML Reports**: Professional, modern reports with detailed vulnerability information
- **Session Management**: Ability to save and resume scanning sessions
## Installation
1. Clone the repository:
```bash
git clone https://github.com/lfillaz/CVE-2024-2997.git
cd CVE-2024-2997
```
2. Run the script with command-line options:
```bash
python CVE-2024-2997.py -u http://example.com -v
```
3. Or run interactively and follow the on-screen instructions:
```bash
python CVE-2024-2997.py
```
## Command-Line Options
The scanner supports the following command-line options:
| Option | Description |
|--------|-------------|
| `-u, --url` | Base URL to scan |
| `-p, --proxy` | Proxy URL (e.g., http://127.0.0.1:8080) |
| `-v, --verbose` | Enable verbose mode |
| `-o, --output` | Output file for vulnerable URLs (default: sus.txt) |
| `-d, --details` | Output file for vulnerability details (default: vulnerable_details.txt) |
| `-s, --scan-delay` | Scan delay in seconds (default: 0.1) |
| `-t, --threads` | Number of threads to use (default: 20) |
| `-r, --resume` | Resume scan from existing scope.txt |
| `--timeout` | Request timeout in seconds (default: 5) |
| `--user-agent` | Custom User-Agent string |
| `--batch-size` | Number of URLs to scan in each batch (default: 50) |
## How It Works
1. The script prints an ASCII art banner and starts the scanning process.
2. It checks if a previous session file `scope.txt` exists:
- If it exists, the user can choose to continue scanning the URLs from the previous session or start a new session.
- If it doesn't exist, a new session is started.
3. The user inputs the base URL (or provides it via command-line).
4. The script generates a wide range of URLs based on the base URL, including:
- Admin paths
- API endpoints
- Authentication paths
- Content management paths
- Common CMS paths
- Known vulnerable paths
5. The scan begins with a real-time progress bar showing completion status.
6. The script scans each URL for the command injection vulnerability, displaying the results in a color-coded format:
- Vulnerable URLs are displayed in red with confidence level.
- Safe URLs are displayed in green (when verbose mode is enabled).
7. After scanning, a comprehensive HTML report is generated with:
- Scan summary statistics
- Vulnerability details with confidence levels
- Visual indicators of vulnerability severity
- Responsive dark-themed design
## Understanding Results
The scanner classifies vulnerabilities by confidence level:
- **Critical**: Vulnerability confirmed with multiple payloads
- **High**: Strong indicators of vulnerability found
- **Medium**: Potential vulnerability or similar issue detected
- **Low**: Weak indicators that require further investigation
## Output Files
- **sus.txt**: Contains a list of vulnerable URLs
- **vulnerable_details.txt**: Contains detailed information about each vulnerability
- **report.html**: Interactive HTML report with comprehensive scan results
- **scope.txt**: Contains all generated URLs for the current/previous session
- **response_*.txt**: Contains raw responses from vulnerable endpoints (for confirmed vulnerabilities)
## Community
Join our Discord community for updates, support, and discussions:
[](https://discord.gg/M9pg3dNmXN)
## License
This project is licensed under the MIT License - see the LICENSE file for details.