Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile CVE-2025-4427 CVE-2025-4428

Name: Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile CVE-2025-4427 CVE-2025-4428
Rating: 5 (325 reviews)
2025-05-16 | CVSS 8.8
## https://sploitus.com/exploit?id=0FBA293F-BA27-5E52-93BE-EF2CB3164519
# CVE-2025-4427 & CVE-2025-4428 Vulnerability Scanner

![Python Version](https://img.shields.io/badge/python-3.6%2B-blue)
![License](https://img.shields.io/badge/license-MIT-green)

Advanced detection tool for identifying systems vulnerable to the CVE-2025-4427 and CVE-2025-4428 exploit chain. This security scanner helps identify vulnerable endpoints and demonstrates proof-of-concept exploitation.

## Features

- 🛡️ **Vulnerability Detection**: Identifies vulnerable systems through signature analysis
- 💻 **Command Execution**: Allows safe testing of vulnerability via controlled command execution
- 🔄 **Retry Mechanism**: Automatic retry for failed connections
- 📄 **Logging System**: Detailed logging with file and console outputs
- 🌐 **Proxy Support**: Configurable proxy settings for traffic inspection
- 🔧 **Multi-Shell Support**: Compatible with both bash and sh environments
- 📊 **Output Redirection**: Save results to external files

## Installation

1. **Requirements**:
   - Python 3.6+
   - requests library

2. **Install dependencies**:
```bash
pip install requests
```

## Usage

### Basic Command

```
python scanner.py -H http://target-site.com/
```

### Full Syntax

```
python scanner.py -H [TARGET_URL] [OPTIONS]
```

### Options

| Parameter |                    Description                    |
| :-------: | :-----------------------------------------------: |
|    -H     |               Target URL (required)               |
|    -c     |        Command to execute (default: 'id')         |
|    -s     |                 Shell type [bash                  |
|    -x     | Proxy configuration (e.g.: http://127.0.0.1:8080) |
|    -t     |     Request timeout in seconds (default: 15)      |
|    -r     |      Connection retry attempts (default: 2)       |
|    -o     |                 Output file path                  |

## Examples

1. Basic vulnerability check:

```
python scanner.py -H https://example.com/
```

1. Custom command execution with proxy:

```
python scanner.py -H http://internal-server/ -c "uname -a" -x http://proxy:8080
```

1. Full test with output redirection:

```
python scanner.py -H http://test-site.com/ -s sh -t 30 -o results.txt
```

## Important Notes

- 🚨 **Legal Compliance**: Use only on authorized systems
- 🔒 **Security Advisory**: For testing purposes only
- ⚠️ **Ethical Warning**: Do not use for illegal activities
- 📝 **Best Practice**: Always verify results manually
- 🔍 **Accuracy**: False positives/negatives possible - use as initial screening tool

## Exit Codes

| Code |        Description         |
| :--: | :------------------------: |
|  0   | Vulnerable system detected |
|  1   |   No vulnerability found   |
|  2   |  Execution error occurred  |
## License

Distributed under MIT License. See `LICENSE` for full text.