RaspAP Hunter is a Bash script designed to scan for RaspAP installations and test them for a specific vulnerability CVE-2022-39986.
____ ___ ____
/ __ \ ____ _ _____ ____ / | / __ \
/ /_/ // __ `// ___// __ \ / /| | / /_/ /
/ _, _// /_/ /(__ )/ /_/ // ___ | / ____/
/_/ |_| \__,_//____// .___//_/ |_|/_/
__ __ /_/ __ author: mind2hex
/ / / /__ __ ____ / /_ ___ _____
/ /_/ // / / // __ \ / __// _ \ / ___/
/ __ // /_/ // / / // /_ / __// /
/_/ /_/ \__,_//_/ /_/ \__/ \___//_/
c=====e
____________ _,,_H__
(__((__((___() CVE-2022-39986 //| |
(__((__((___()()_____________________________________// |ACME |
(__((__((___()()()------------------------------------/ |_____|
- Requirements Checking: Checks for necessary dependencies and provides instructions for installation if missing.
- Shodan Integration: Downloads and parses target IP addresses with RaspAP from Shodan.
- Vulnerability Scanning: Scans for the specific CVE and provides feedback on vulnerable IPs.
- Reverse Shell Spawning: Allows the user to spawn a reverse shell on a vulnerable target.
- shodan
- jq
- python
- ngrok
- terminator
-
Clone this repository or download the script
raspap_hunter.sh
. -
Make the script executable:
chmod +x raspap_hunter.sh
-
Run the script:
./raspap_hunter.sh
- Ensure that
php-reverse-shell.php
is available in the working directory or it will be downloaded from the provided URL. - Make sure to configure Shodan with your API key.
- Follow the instructions if missing dependencies.
mind2hex
This script is for educational and research purposes only. Do not use this against any systems without explicit permission.
Please see the license file in the repository.