## https://sploitus.com/exploit?id=1B059930-1979-5939-A210-8CCA2407032A
# CVE-2025-55315 Vulnerability Scanner and TLS Proxy
This repository contains tools to detect and monitor ASP.NET Core applications vulnerable to CVE-2025-55315, which involves HTTP request smuggling due to conflicting HTTP headers.
## Tools Included
### 1. Python Vulnerability Scanner (`CVE-2025-55315_check.py`)
Scans a list of URLs and checks the `Server` HTTP header for known vulnerable ASP.NET Core versions.
#### Usage
```bash
pip install requests
python CVE-2025-55315_check.py
```
### 2. Go TLS Proxy Monitor (`tls_proxy_cve_monitor.go`)
Acts as a TLS proxy to inspect decrypted HTTPS traffic for conflicting `Content-Length` and `Transfer-Encoding: chunked` headers.
#### Setup
Generate a self-signed TLS certificate:
```bash
openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes
```
#### Run the proxy
```bash
sudo go run tls_proxy_cve_monitor.go
```
## Output
- Python scanner logs results to `aspnet_vulnerability_scan_results.json`
- Go proxy logs suspicious HTTPS requests to the console
## Disclaimer
These tools are for educational and authorized security testing purposes only. Do not use them on systems without explicit permission.