Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519
The cve_2023_3519_inspector.py
is a Python-based vulnerability scanner for detecting the CVE-2023-3519 vulnerability in Citrix Gateways. It performs a passive analysis and fingerprinting of target websites to assess their vulnerability based on a series of checks.
This script requires Python 3.6+ and the following Python packages:
To install the required packages, run:
git clone https://github.com/securekomodo/citrixInspector.git
cd citrixInspector
pip install -r requirements.txt
python cve_2023_3519_inspector.py -u <target_url>
Author: Bryan Smith (@securekomodo)
------------------------
_________ .__ __ .__
\_ ___ \|__|/ |________|__|__ ___
/ \ \/| \ __\_ __ \ \ \/ /
\ \___| || | | | \/ |> <
\______ /__||__| |__| |__/__/\_ \
\/ \/
.___ __
| | ____ ____________ ____ _____/ |_ ___________
| |/ \ / ___/\____ \_/ __ \_/ ___\ __\/ _ \_ __ \
| | | \___ \ | |_> > ___/\ \___| | ( <_> ) | \/
|___|___| /____ >| __/ \___ >\___ >__| \____/|__|
\/ \/ |__| \/ \/
CVE-2023-3519 Inspector
------------------------
usage: cve_2023_3519_inspector.py [-h] (-u URL | -f FILE) [--ioc-check] [-l LOG]
Check for vulnerabilities in Citrix Gateway.
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL The URL of the Citrix Gateway to check.
-f FILE, --file FILE A file containing a list of URLs to check.
--ioc-check Slower. Performs IOC (Indicator of Compromise) check.
-l LOG, --log LOG Log file to write the output.
The cve_2023_3519_inspector.py
script can either accept a single URL or a file with a list of URLs as input. It then performs a series of checks to determine the potential vulnerability of the given Citrix Gateways:
# Check a single URL
python cve_2023_3519_inspector.py --url https://example.com
# Check multiple URLs from a file
python cve_2023_3519_inspector.py --file urls.txt
# Check multiple URLs from a file and check for IOCs
python cve_2023_3519_inspector.py --file urls.txt --ioc-check
To specify a log file for output, use the --log
option:
python cve_2023_3519_inspector.py --url https://example.com --log my_log.log
For help:
python cve_2023_3519_inspector.py --help
The cve_2023_3519_inspector.py
script performs the following checks on the target websites:
Depending on the checks passed, the script infers if the target is a Citrix Gateway and if it is vulnerable and outputs the result to the console and optionally to a log file.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
This project is made for educational and ethical testing purposes only. Usage of citrixInspector/cve_2023_3519_inspector for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
The project is licensed under MIT License.
Bryan Smith