Skip to content
/ at-doom-fortigate Public

Fortigate CVE-2018-13379 - Tool to search for vulnerable Fortigate hosts in Rapid7 Project Sonar data anonymously through The Tor network.

License

MIT license
4 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jpiechowka/at-doom-fortigate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
config
config
 
 
doom
doom
 
 
files
files
 
 
logging
logging
 
 
networking
networking
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

At Doom Fortigate

 	

=================     ===============     ===============   ========  ========
\\ . . . . . . .\\   //. . . . . . .\\   //. . . . . . .\\  \\. . .\\// . . //
||. . ._____. . .|| ||. . ._____. . .|| ||. . ._____. . .|| || . . .\/ . . .||
|| . .||   ||. . || || . .||   ||. . || || . .||   ||. . || ||. . . . . . . ||
||. . ||   || . .|| ||. . ||   || . .|| ||. . ||   || . .|| || . | . . . . .||
|| . .||   ||. _-|| ||-_ .||   ||. . || || . .||   ||. _-|| ||-_.|\ . . . . ||
||. . ||   ||-'  || ||  `-||   || . .|| ||. . ||   ||-'  || ||  `|\_ . .|. .||
|| . _||   ||    || ||    ||   ||_ . || || . _||   ||    || ||   |\ `-_/| . ||
||_-' ||  .|/    || ||    \|.  || `-_|| ||_-' ||  .|/    || ||   | \  / |-_.||
||    ||_-'      || ||      `-_||    || ||    ||_-'      || ||   | \  / |  `||
||    `'         || ||         `'    || ||    `'         || ||   | \  / |   ||
||            .===' `===.         .==='.`===.         .===' /==. |  \/  |   ||
||         .=='   \_|-_ `===. .==='   _|_   `===. .===' _-|/   `==  \/  |   ||
||      .=='    _-'    `-_  `='    _-'   `-_    `='  _-'   `-_  /|  \/  |   ||
||   .=='    _-'          `-__\._-'         `-_./__-'         `' |. /|  |   ||
||.=='    _-'                                                     `' |  /==.||
=='    _-'                                                            \/   `==
\   _-'                                                                `-_   /
 `''                                                                      ``'

Tool to search for vulnerable Fortigate hosts in Rapid7 Project Sonar data anonymously through The Tor network.

CVE-2018-13379

More infomration on Orange Tsai's Blog: https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html

How to use

  1. Visit https://youtu.be/q657rEkgfKs
  2. Download Rapid7 data in json format for port 10443 from https://opendata.rapid7.com/sonar.https/
  3. Place json file in /data directory (or configure input path in config.go file and recompile)
  4. Download and run Tor Browser
  5. Run app
  6. Profit (see results.txt output file or configure output file path in config.go and recompile)

Building from source code

To build from source execute the commands below (Go needs to be installed and properly configured, see https://golang.org/doc/install)

git clone https://github.com/jpiechowka/at-doom-fortigate.git
cd at-doom-fortigate
go build -v -a .

About

Fortigate CVE-2018-13379 - Tool to search for vulnerable Fortigate hosts in Rapid7 Project Sonar data anonymously through The Tor network.

Topics

security fortigate security-scanner security-tools pentest-tool cve-2018-13379

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages