Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3
F5 released a Critical Remote Code Execution vulnerability (CVE-2020-5902) on 30th June 2020 that affects several versions of Big IP. Attacker can easily exploit RCE & LFI present in TMUI (Traffic Management User Interface) in undisclosed pages.
In short, it is a varient of Remote Code Execution & Local File Inclusion Vulnerability which has a CVSS Score 10.
# For Windows
$python -m pip install requests
# OR
# For Linux
$ sudo apt-get install python3-pip
$ sudo pip3 install requests
Ideal Target For This Script: google.com
Don't Give These Type of target: https://google.com
or http://google.com
# For Windows
$ python CVE-2020-5902.py
# For Linux
$ python3 CVE-2020-5902.py
# Enumeration Subdomain Using Sublist3r
$ python sublist3r.py -d google.com -o google.com.txt
# Giving This Subdomain List to CVE-2020-5902.py
$ python CVE-2020-5902.py