Your IP : 216.73.216.40
| Current Path : /dev/shm/ |
|
|
| Current File : //dev/shm/cve.sh |
#!/bin/sh
echo "=============================================================" echo "Comprehensive Linux CVE Checker (2019-2025)" echo "Local Privilege Escalation Vulnerability Scan"
echo "Run on: $(date)" echo "Note: Designed for web shell and all Linux servers."
echo "============================================================="
# تابع برای چاپ نتیجه print_result() { cve="$1" status="$2" details="$3" echo "" case "$status" in "VULNERABLE") echo "[+] $cve: POTENTIALLY VULNERABLE!" ;; "NOT_VULNERABLE") echo "[-] $cve: Not vulnerable or not applicable."
;; *)
echo "[?] $cve: Unable to determine." ;;
esac
echo " Details: $details"
echo ""
}
# تشخیص توزیع لینوکس
detect_distro() {
echo "Detecting Linux distribution..."
DISTRO="Unknown"
VERSION="Unknown"
KERNEL=$(uname -r 2>/dev/null || echo "Unknown")
if [ -f "/etc/os-release" ]; then
. /etc/os-release
DISTRO="$NAME"
VERSION="$VERSION_ID"
elif [ -f "/etc/redhat-release" ]; then
DISTRO=$(cat /etc/redhat-release | awk '{print $1}')
VERSION=$(cat /etc/redhat-release | grep -o '[0-9]\.[0-9]')
elif [ -f "/etc/lsb-release" ]; then
. /etc/lsb-release
DISTRO="$DISTRIB_ID"
VERSION="$DISTRIB_RELEASE"
elif [ -f "/etc/debian_version" ]; then
DISTRO="Debian"
VERSION=$(cat /etc/debian_version)
fi
echo "Detected Distribution: $DISTRO $VERSION"
echo "Kernel Version: $KERNEL"
echo "---------------------------------------------"
}
# چک کردن ابزارهای موجود
check_tools() {
echo "Checking available tools..."
CHECK_TOOLS="ls find grep awk wget python python3 uname cat"
TOOLS_AVAILABLE=""
for tool in $CHECK_TOOLS; do
if command -v "$tool" >/dev/null 2>&1; then
TOOLS_AVAILABLE="$TOOLS_AVAILABLE $tool"
fi
done
echo "Available tools:$TOOLS_AVAILABLE"
echo "---------------------------------------------"
}
# CVE-2019-18683 (Kernel V4L2)
check_cve_2019_18683() {
echo "Checking CVE-2019-18683 (Kernel V4L2)..."
if ls /dev/video* >/dev/null 2>&1; then
print_result "CVE-2019-18683" "UNKNOWN" "Video devices found (/dev/video*). Vulnerable if V4L2 module loaded. PoC needed."
else
print_result "CVE-2019-18683" "NOT_VULNERABLE" "No video devices found."
fi
}
# CVE-2020-28018 (Exim)
check_cve_2020_28018() {
echo "Checking CVE-2020-28018 (Exim)..."
EXIM_PATH=$(find /usr/sbin /sbin -name exim 2>/dev/null | sed 1q)
if [ -n "$EXIM_PATH" ] && [ -x "$EXIM_PATH" ]; then
EXIM_VER=$("$EXIM_PATH" -bV 2>/dev/null | grep "Exim version" | awk '{print $3}')
if [ -n "$EXIM_VER" ]; then
case "$EXIM_VER" in
[0-4].[0-9][0-3]* | 4.94 | 4.94.1)
print_result "CVE-2020-28018" "VULNERABLE" "Exim $EXIM_VER found at $EXIM_PATH. Vulnerable if misconfigured."
;;
*)
print_result "CVE-2020-28018" "NOT_VULNERABLE" "Exim $EXIM_VER is patched."
;;
esac
else
print_result "CVE-2020-28018" "UNKNOWN" "Exim found at $EXIM_PATH but version not readable."
fi
else
print_result "CVE-2020-28018" "NOT_VULNERABLE" "Exim not found."
fi
}
# CVE-2021-3156 (Sudo Baron Samedit)
check_cve_2021_3156() {
echo "Checking CVE-2021-3156 (Sudo)..."
SUDO_PATH=$(find /usr/bin /bin -name sudo 2>/dev/null | sed 1q)
if [ -n "$SUDO_PATH" ] && [ -x "$SUDO_PATH" ]; then
SUDO_VER=$("$SUDO_PATH" --version 2>/dev/null | grep "Sudo version" | awk '{print $3}')
if [ -n "$SUDO_VER" ]; then
case "$SUDO_VER" in
1.[0-8]* | 1.9.[0-4]* | 1.9.5 | 1.9.5p[0-1])
print_result "CVE-2021-3156" "VULNERABLE" "Sudo $SUDO_VER found at $SUDO_PATH. Test: sudoedit -s '\\'."
;;
*)
print_result "CVE-2021-3156" "NOT_VULNERABLE" "Sudo $SUDO_VER is patched."
;;
esac
else
print_result "CVE-2021-3156" "UNKNOWN" "Sudo found at $SUDO_PATH but version not readable."
fi
else
print_result "CVE-2021-3156" "NOT_VULNERABLE" "Sudo not found."
fi
}
# CVE-2021-4034 (Pkexec)
check_cve_2021_4034() {
echo "Checking CVE-2021-4034 (Pkexec)..."
PKEXEC_PATH=$(find /usr/bin /bin -name pkexec 2>/dev/null | sed 1q)
if [ -n "$PKEXEC_PATH" ] && [ -x "$PKEXEC_PATH" ]; then
PKEXEC_VER=$("$PKEXEC_PATH" --version 2>/dev/null | awk '{print $3}')
if [ -n "$PKEXEC_VER" ]; then
case "$PKEXEC_VER" in
0.1[0-1][0-9])
print_result "CVE-2021-4034" "VULNERABLE" "Pkexec $PKEXEC_VER found at $PKEXEC_PATH. Download PoC to exploit."
;;
*)
print_result "CVE-2021-4034" "NOT_VULNERABLE" "Pkexec $PKEXEC_VER is patched."
;;
esac
else
print_result "CVE-2021-4034" "UNKNOWN" "Pkexec found at $PKEXEC_PATH but version not readable."
fi
else
print_result "CVE-2021-4034" "NOT_VULNERABLE" "Pkexec not found."
fi
}
# CVE-2021-22555 (Netfilter)
check_cve_2021_22555() {
echo "Checking CVE-2021-22555 (Netfilter)..."
IPTABLES_PATH=$(find /sbin /usr/sbin -name iptables 2>/dev/null | sed 1q)
if [ -n "$IPTABLES_PATH" ] && [ -x "$IPTABLES_PATH" ]; then
if echo "$KERNEL" | grep -q "^2\.6\.32"; then
print_result "CVE-2021-22555" "UNKNOWN" "Iptables found at $IPTABLES_PATH, kernel $KERNEL might be vulnerable. Needs PoC."
else
print_result "CVE-2021-22555" "NOT_VULNERABLE" "Kernel $KERNEL not in vulnerable range (2.6.19-5.11)."
fi
else
print_result "CVE-2021-22555" "NOT_VULNERABLE" "Iptables not found."
fi
}
# CVE-2022-25636 (Netfilter)
check_cve_2022_25636() {
echo "Checking CVE-2022-25636 (Netfilter)..."
IPTABLES_PATH=$(find /sbin /usr/sbin -name iptables 2>/dev/null | sed 1q)
if [ -n "$IPTABLES_PATH" ] && [ -x "$IPTABLES_PATH" ]; then
if echo "$KERNEL" | grep -q "^2\.6\.32"; then
print_result "CVE-2022-25636" "UNKNOWN" "Iptables found at $IPTABLES_PATH, kernel $KERNEL might be vulnerable. Needs PoC."
else
print_result "CVE-2022-25636" "NOT_VULNERABLE" "Kernel $KERNEL not in vulnerable range."
fi
else
print_result "CVE-2022-25636" "NOT_VULNERABLE" "Iptables not found."
fi
}
# CVE-2021-3493 (OverlayFS)
check_cve_2021_3493() {
echo "Checking CVE-2021-3493 (OverlayFS)..."
if mount | grep overlay >/dev/null 2>&1; then
if echo "$KERNEL" | grep -q "^2\.6\.32"; then
print_result "CVE-2021-3493" "UNKNOWN" "OverlayFS found, kernel $KERNEL might be vulnerable if backported. Needs PoC."
else
print_result "CVE-2021-3493" "NOT_VULNERABLE" "Kernel $KERNEL not in vulnerable range."
fi
else
print_result "CVE-2021-3493" "NOT_VULNERABLE" "No OverlayFS mounts found."
fi
}
# CVE-2023-0386 (OverlayFS)
check_cve_2023_0386() {
echo "Checking CVE-2023-0386 (OverlayFS)..."
if mount | grep overlay >/dev/null 2>&1; then
if echo "$KERNEL" | grep -q "^2\.6\.32"; then
print_result "CVE-2023-0386" "UNKNOWN" "OverlayFS found, kernel $KERNEL might be vulnerable if user namespaces enabled. Needs PoC."
else
print_result "CVE-2023-0386" "NOT_VULNERABLE" "Kernel $KERNEL not in vulnerable range."
fi
else
print_result "CVE-2023-0386" "NOT_VULNERABLE" "No OverlayFS mounts found."
fi
}
# چک کردن SUID binaries
check_suid_binaries() {
echo "Checking SUID binaries for potential vulnerabilities..."
SUID_FILES=$(find / -perm -4000 2>/dev/null)
if [ -n "$SUID_FILES" ]; then
echo "SUID binaries found:"
echo "$SUID_FILES" | while read -r file; do
echo " - $file"
done
print_result "SUID_CHECK" "UNKNOWN" "SUID binaries found. Check versions manually for known CVEs."
else
print_result "SUID_CHECK" "NOT_VULNERABLE" "No SUID binaries found."
fi
}
# اجرای چکها
echo "Running distribution detection..."
detect_distro
check_tools
echo "Running CVE checks..."
check_cve_2019_18683
check_cve_2020_28018
check_cve_2021_3156
check_cve_2021_4034
check_cve_2021_22555
check_cve_2022_25636
check_cve_2021_3493
check_cve_2023_0386
check_suid_binaries
echo "============================================================="
echo "Scan complete!"
echo "For VULNERABLE or UNKNOWN results:"
echo "- Download PoCs or compiled binaries if possible."
echo "- Test manually where suggested (e.g., sudoedit -s '\\')."
echo "Note: Works on all Linux servers with minimal tools."
echo "============================================================="