This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

Last update: Mar 31, 2022

Overview

f5-waf-enforce-sigs-CVE-2021-44228

This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

Overview

This script enforces all signatures present in the list below related to CVE-2021-44228 across all policies in blocking mode in the Adv. WAF/ASM.

sigs = ['200104768', '200104769', '200004450', '200004451','200004474','200104770','200104771']

https://support.f5.com/csp/article/K19026212

This was tested on BIG-IP ASM/Adv.WAF v15.x but I expect this to work in v13/v14/v16 as well.

Prerequisites

Python 3.7+

The host machine needs to have connection to the BIG-IP management interface.

How to Use

usage: f5-waf-enforce-sig-CVE-2021-44228 device

positional arguments:
  device      File with IP adrresses of the target BIG-IP devices separated by line

Owner

Ismael Gonçalves

GitHub Repository

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses 🕵️

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for

1.1k Aug 24, 2021

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m

1 Jan 11, 2022

This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

1 Jan 23, 2022

POC for CVE-2022-1388

CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5 products. Follow the Horizon3.ai Attack Team on Twitter for the latest security research: Ho

231 Dec 07, 2022

Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

Opensource Project Simple Python Password Generator This repository is just for peoples who want to generate strong-passwords for there social-account

15 Dec 01, 2022

Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

861 Feb 18, 2021

VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

4 Sep 23, 2022

Bilgi Sistemleri Projesi için yapılan keylogger

Keylogger Bilgi Sistemleri Projesi için yapılan keylogger Projede kullanılan kütüphanelere sahip olmasanız da python dosyası çalıştığında kendisi gere

1 Jan 07, 2022

MassStringer, CTF Flag Finder

massStringer MassStringer, CTF Flag Finder Usage: python3 massStringer.py Enter absolute path of the directory to scan for flags Edit "flag = re.searc

4 Sep 06, 2022

DCSync - DCSync Attack from Outside using Impacket

Adding DCSync Permissions Mostly copypasta from https://github.com/tothi/rbcd-at

77 Dec 16, 2022

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF

118 Nov 07, 2022

A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Zepu1chr3 A Radare2 based Python module for Binary Analysis and Reverse Engineering. Installation You can simply run this command. pip3 install zepu1c

5 Aug 25, 2022

SEBUAH TOOLS TERMUX CRACK AKUN FF HOMKI AKUN EPEP DAH SATU FOLLOW AE YA BROO AWOKWOK

print " INSTALL TOOLS " $ pkg update && upgrade $ pkg install python2 $ pkg install git $ pip2 install lolcat $ pip2 install bs4 $ pip2 install reques

2 Nov 29, 2021

GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

121 Dec 14, 2022

A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Wlan Fetcher Windows10 Description A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer. Usage This Script onl

2 Nov 20, 2021

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

258 Jan 02, 2023

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

108 Dec 04, 2021

Tool to decrypt iOS apps using r2frida

r2flutch Yet another tool to decrypt iOS apps using r2frida. Requirements It requires to install Frida on the Jailbroken iOS device: Jailbroken device

146 Jan 03, 2023

A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

Dumpulator-IDA Currently proof-of-concept This project is a small POC plugin for launching dumpulator emulation within IDA, passing it addresses from

9 Sep 21, 2022

Click-Jack - Automatic tool to find Clickjacking Vulnerability in various Web applications

CLICK-Jack It is a automatic tool to find Clickjacking Vulnerability in various

4 Jan 10, 2022

This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM device

Related tags

Overview

f5-waf-enforce-sigs-CVE-2021-44228

Overview

Prerequisites

How to Use

Owner

Ismael Gonçalves

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses 🕵️

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

POC for CVE-2022-1388

Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

Bilgi Sistemleri Projesi için yapılan keylogger

MassStringer, CTF Flag Finder

DCSync - DCSync Attack from Outside using Impacket

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

A Radare2 based Python module for Binary Analysis and Reverse Engineering.

SEBUAH TOOLS TERMUX CRACK AKUN FF HOMKI AKUN EPEP DAH SATU FOLLOW AE YA BROO AWOKWOK

GitHub Advance Security Compliance Action

A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

Tool to decrypt iOS apps using r2frida

A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

Click-Jack - Automatic tool to find Clickjacking Vulnerability in various Web applications