FirewallXPL-Forge v2.1.0

mrhenrike released this 28 May 22:05

· 23 commits to master since this release

613934c

FirewallXPL-Forge v2.1.0

Added

Fortinet FortiClient EMS

CVE-2026-35616 (CVSS 9.1, CISA KEV 2026-04-06): Pre-auth API bypass via X-SSL-CLIENT-VERIFY header spoofing with real X.509 cert forge (RSA-2048/SHA-256). Post-exploitation: fleet enumeration, EKZ-style update push, shell staging.
CVE-2026-24858 (CVSS 9.8): Cross-tenant FortiCloud SSO auth bypass. Post-exploitation: FortiOS REST API config dump.
CVE-2024-50562: SSL-VPN session cookie reuse after logout.

Cisco ASA/FTD

CVE-2025-20362 + CVE-2025-20333 (CVSS 9.9): FIRESTARTER chain (UAT4356/ArcaneDoor APT, CISA AR26-113A). Pre-auth URL bypass + post-auth RCE. FIRESTARTER backdoor survives firmware update.

Core

shell_stager.py: 26 shell types (bash, nc, python, perl, ruby, awk, socat, powershell, meterpreter linux/windows/php, webshells), PTY-aware listener (tty.setraw + select + SIGWINCH resize), Meterpreter RC file generation, ShellStagingMixin (force_exploit, ask_on_fail).
GTFOBins post-exploitation cheatsheet (35 entries) printed automatically after each shell session.

Catalog

cve_extended_catalog.json: +5 entries (CVE-2026-35616, CVE-2026-24858, CVE-2024-50562, CVE-2025-20362, CVE-2025-20333)
CHANGELOG.md created (first changelog for this repository)

Assets 2