This script is a basic Citrix Scanner for CVE-2023-3519. We try to identify vulnerable Citrix Gateways/ADCs by looking at the HTTP headers.
During our analysis of this vulnerability, we and our friends at CERT-Verbund noticed, that our patched systems had the same HTTP header Last-Modified timestamp.
Note that reverse proxies and heavily customised front pages may alter the results. In this case, we check, if the timestamp is volatile. It it isn't and the timestamp is newer than 18. July 2023, the server has probably been patched. This script should not be your only method of checking that you are not vulnerable.
Our current known timestamps are:
| Patch | Last-Modified Timestamp |
|---|---|
| 13.1-49.13 | Mon, 10 Jul 2023 17:41:17 GMT |
| 13.1-49.13 | Mon, 10 Jul 2023 18:36:14 GMT |
| 13.0-91.13 | Fri, 07 Jul 2023 15:39:40 GMT |
Clone the repository:
git clone https://github.com/telekom-security/cve-2023-3519-citrix-scanner
cd cve-2023-3519-citrix-scannerCreate a file called targets.txt, containing your targets line by line.
An example can be found in targets.txt.example.
Run the script.
Florian Roth has published a list of further resources for this vulnerability: https://twitter.com/cyb3rops/status/1682297555424628736