## https://sploitus.com/exploit?id=873F45D7-C139-5B2B-9BB1-3A7A09615718
# CVE-2025-6543_CitrixNetScaler_PoC
Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs.
## ๐ GitHub Repository Description
> **CVE-2025-6543 Enhanced Checker**
> Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs.
---
## ๐ `README.md`
````markdown
# CVE-2025-6543 Enhanced Checker
A robust multi-host, multi-port vulnerability scanner for **CVE-2025-6543**, targeting Citrix NetScaler appliances. This tool supports both SNMP and SSH banner grabbing to determine build versions and patch status. Includes optional CSV output and a stub for future exploit integration.
## โ๏ธ Features
- โ Multi-host and multi-port scanning
- โ SNMP and SSH version enumeration
- โ Build/version parsing logic with patch baseline comparison
- โ Progress bar support via `tqdm`
- โ Export results to CSV
- โ ๏ธ Stub for exploit probe
---
## ๐ฆ Requirements
- Python 3.6+
- `tqdm` (optional, for progress bar)
- `snmpget` from `net-snmp-utils`
- `sshpass` for password-based SSH access
### Install dependencies on Debian/Ubuntu:
```bash
sudo apt update
sudo apt install -y net-snmp sshpass python3-pip
pip3 install tqdm
````
---
## ๐ Usage
```bash
python3 cve_2025_6543_checker.py [OPTIONS]
```
### ๐น Input Options
**Required**: either provide a host list or a file:
* `-H HOST [HOST ...]` โ Space-separated list of IPs/FQDNs
* `-f FILE` โ File with one host per line
**Required**: either provide a port or a file:
* `-p PORT` โ Single TCP port
* `-P FILE` โ File with one port per line
### ๐น Connection Options
* `--no-snmp` โ Disable SNMP scanning
* `-c STRING` โ SNMP community string (default: `public`)
* `--ssh-user USER` โ SSH username
* `--ssh-pass PASS` โ SSH password
### ๐น Output & Exploitation
* `-o FILE` โ Save results to CSV
* `-x` โ Run exploit probe (currently stubbed)
### ๐น Debugging
* `-v` โ Verbose output for debugging and banner grabs
---
## ๐ Example Usages
### Scan multiple hosts on one port:
```bash
python3 cve_2025_6543_checker.py -H 192.168.1.10 192.168.1.11 -p 161
```
### Scan from host and port files with SSH fallback:
```bash
python3 cve_2025_6543_checker.py -f hosts.txt -P ports.txt \
--ssh-user admin --ssh-pass password123 -o results.csv
```
### Disable SNMP and force SSH-only scanning:
```bash
python3 cve_2025_6543_checker.py -H 10.10.10.1 -p 22 \
--no-snmp --ssh-user root --ssh-pass changeme
```
---
## ๐ Output Format (CSV)
If `-o` is used, the output file will include:
```
host,port,branch,build,state
192.168.1.10,22,13.1,57.16,VULNERABLE โ ๏ธ
```
---
## ๐ About CVE-2025-6543
This vulnerability affects certain builds of Citrix NetScaler ADC/VPX appliances. The tool checks for known patched versions and flags devices that are potentially vulnerable based on build signatures. The included banner parsing logic supports various formats and tags (e.g., FIPS, NDCPP).
---
## โ ๏ธ Disclaimer
This tool is for **educational and authorized security testing** only. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.
---
## ๐ TODO
* Implement real exploit logic in `exploit_probe()`
* Add TLS/HTTPS banner scraping fallback
* Implement JSON and XML output options