FirewallXPL-Forge v2.1.1 - CVE-2026-0257, NSE Installer, Wiki Rewrite

FirewallXPL-Forge v2.1.1

What is New

CVE-2026-0257 -- PAN-OS GlobalProtect Authentication Override Cookie Bypass

• Full E2E exploit module (CVSS 7.8 HIGH, CISA KEV 2026-05-29)
• TLS certificate extraction, RSA-PKCS1v15 cookie forge, auth bypass, session enumeration
• CVE catalog updated with CVE-2026-0257 entry

Complete Wiki Documentation Rewrite

13 chapters in English and Portuguese (11 updated + 2 new: NSE Manager, Shell Stager).

NSE Installer

New firewallxpl/core/nse_installer.py with CVE DB integration and multi-method Nmap detection.

Full Changelog: https://github.com/mrhenrike/FirewallXPL-Forge/blob/master/CHANGELOG.md

FirewallXPL-Forge v2.1.0

FirewallXPL-Forge v2.1.0

Added

Fortinet FortiClient EMS

• CVE-2026-35616 (CVSS 9.1, CISA KEV 2026-04-06): Pre-auth API bypass via X-SSL-CLIENT-VERIFY header spoofing with real X.509 cert forge (RSA-2048/SHA-256). Post-exploitation: fleet enumeration, EKZ-style update push, shell staging.
• CVE-2026-24858 (CVSS 9.8): Cross-tenant FortiCloud SSO auth bypass. Post-exploitation: FortiOS REST API config dump.
• CVE-2024-50562: SSL-VPN session cookie reuse after logout.

Cisco ASA/FTD

• CVE-2025-20362 + CVE-2025-20333 (CVSS 9.9): FIRESTARTER chain (UAT4356/ArcaneDoor APT, CISA AR26-113A). Pre-auth URL bypass + post-auth RCE. FIRESTARTER backdoor survives firmware update.

Core

• shell_stager.py: 26 shell types (bash, nc, python, perl, ruby, awk, socat, powershell, meterpreter linux/windows/php, webshells), PTY-aware listener (tty.setraw + select + SIGWINCH resize), Meterpreter RC file generation, ShellStagingMixin (force_exploit, ask_on_fail).
• GTFOBins post-exploitation cheatsheet (35 entries) printed automatically after each shell session.

Catalog

• cve_extended_catalog.json: +5 entries (CVE-2026-35616, CVE-2026-24858, CVE-2024-50562, CVE-2025-20362, CVE-2025-20333)
• CHANGELOG.md created (first changelog for this repository)

v2.0.0 — Perimeter Security Exploitation Framework

FirewallXPL-Forge v2.0.0

Complete framework refactoring: 164 modules covering 23 vendors (IT + OT/ICS).

Highlights

• 65 exploit modules (51+ CVEs) for Fortinet, Cisco, Palo Alto, F5, Citrix, Check Point, SonicWall, Ivanti, Juniper, Zyxel, Sophos, WatchGuard, pfSense, Barracuda, Siemens, Moxa, Hirschmann, Phoenix Contact, Schneider, Secomea, Ewon
• OT/ICS protocol bypass: Modbus TCP, OPC UA, DNP3, IEC 104, EtherNet/IP CIP
• Async concurrency engine with ThreadPool (up to 300), ProcessPool, ConnectionPool
• GPU acceleration: NVIDIA CUDA, AMD ROCm, Intel oneAPI, Apple Metal, OpenCL
• ML engine: ServiceFingerprinter, AttackOptimizer (Thompson Sampling), AnomalyDetector, AutoTuner
• Network discovery: Nmap/Masscan integration + builtin TCP fallback
• Rich TUI: styled banner, panels, tables, progress bars, dashboard
• 20 vendor wordlists (externalized defaults)

Install

\\�ash
pip install firewallxpl
\\

Author: Andre Henrique (@mrhenrike) | Uniao Geek

FirewallXPL-Forge 1.0.0-beta

FirewallXPL-Forge 1.0.0-beta

PyPI/setuptools version: 1.0.0b0 (PEP 440 beta)

Highlights

• First public beta; repository public.
• Superproject integration catalog: firewallxpl/resources/catalogs/superproject_submodule_integration_matrix.json (perimeter / purple-team reference hints).
• arsenal_index.json rebuilt to match actual firewallxpl modules (smaller, accurate index).

Scope

NGFW / UTM / WAF lab. See SECURITY.md.

Author: André Henrique (@mrhenrike) | União Geek — https://github.com/Uniao-Geek