This script is a basic Citrix Scanner for CVE-2023-3519.
We try to identify vulnerable Citrix Gateways/ADCs by looking at the HTTP headers.
## How it works
During our analysis of this vulnerability, we and our friends at [CERT-Verbund](https://www.cert-verbund.de/) noticed, that our patched systems had the same HTTP header `Last-Modified` timestamp.
Note that reverse proxies and heavily customised front pages may alter the results.
In this case, we check, if the timestamp is volatile. It it isn't and the timestamp is newer than 18. July 2023, the server has probably been patched.
This script should not be your only method of checking that you are not vulnerable.
Our current known timestamps are:
| Patch | Last-Modified Timestamp |
| --- | --- |
| 13.1-49.13 | `Mon, 10 Jul 2023 17:41:17 GMT` |
| 13.1-49.13 | `Mon, 10 Jul 2023 18:36:14 GMT` |
| 13.0-91.13 | `Fri, 07 Jul 2023 15:39:40 GMT` |
Clone the repository:
git clone https://github.com/telekom-security/cve-2023-3519-citrix-scanner
Create a file called `targets.txt`, containing your targets line by line.
An example can be found in `targets.txt.example`.
Run the script.
## Further reading
Florian Roth has published a list of further resources for this vulnerability: [https://twitter.com/cyb3rops/status/1682297555424628736](https://twitter.com/cyb3rops/status/1682297555424628736)