Share
## https://sploitus.com/exploit?id=7FE6DC00-FCC1-583F-B6EE-4C7F8DBE3098
# cve-2023-3519-citrix-scanner

This script is a basic Citrix Scanner for CVE-2023-3519.
We try to identify vulnerable Citrix Gateways/ADCs by looking at the HTTP headers.

## How it works

During our analysis of this vulnerability, we and our friends at [CERT-Verbund](https://www.cert-verbund.de/) noticed, that our patched systems had the same HTTP header `Last-Modified` timestamp.

Note that reverse proxies and heavily customised front pages may alter the results.
In this case, we check, if the timestamp is volatile. It it isn't and the timestamp is newer than 18. July 2023, the server has probably been patched.
This script should not be your only method of checking that you are not vulnerable.

Our current known timestamps are:

| Patch | Last-Modified Timestamp |
| --- | --- |
| 13.1-49.13 | `Mon, 10 Jul 2023 17:41:17 GMT` |
| 13.1-49.13 | `Mon, 10 Jul 2023 18:36:14 GMT` |
| 13.0-91.13 | `Fri, 07 Jul 2023 15:39:40 GMT` |

## Usage

Clone the repository:

```bash
git clone https://github.com/telekom-security/cve-2023-3519-citrix-scanner

cd cve-2023-3519-citrix-scanner
```

Create a file called `targets.txt`, containing your targets line by line.
An example can be found in `targets.txt.example`.

Run the script.

## Further reading

Florian Roth has published a list of further resources for this vulnerability: [https://twitter.com/cyb3rops/status/1682297555424628736](https://twitter.com/cyb3rops/status/1682297555424628736)