This repository hosts a Python-based vulnerability scanner developed by Oblivion Development & Hosting (OD&H) to detect CVE-2024-25600 in the Bricks Builder plugin for WordPress. This tool is designed primarily for use within Try Hack Me (THM) exercises, providing a controlled environment for cybersecurity education and skill development.
This scanner leverages asynchronous network operations to achieve efficient scanning and offers an interactive shell for in-depth vulnerability analysis and command execution.
Repository Link: https://github.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM
This tool is intended for educational and ethical testing purposes only. OD&H is not responsible for any misuse or damage caused by this scanner. Users are solely responsible for ensuring they have explicit permission to test any target systems. Unauthorized use is strictly prohibited. OD&H is committed to responsible disclosure and strongly encourages reporting any discovered vulnerabilities to the appropriate vendor.
- Targeted CVE-2024-25600 Detection: Specifically engineered to identify instances of the CVE-2024-25600 vulnerability.
- Bricks Builder Focus: Exclusively designed for the Bricks Builder plugin within WordPress environments.
- Asynchronous Architecture: Employs
aiohttpandasynciofor high-performance, concurrent vulnerability assessments. - Interactive Analysis Shell: Provides an interactive environment for detailed vulnerability analysis and targeted command execution.
- Informative Output: Utilizes the
richlibrary to deliver clearly formatted and color-coded console output for easy interpretation of scan results. - Repository Management: Includes a
.gitignorefile to maintain a clean repository by preventing the accidental commit of sensitive information and build artifacts. - Comprehensive Documentation: Features detailed code comments and this comprehensive
README.mdfile.
-
Clone the repository:
git clone https://github.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM.git cd ODH-BricksBuilder-CVE-2024-25600-THM -
Set up a virtual environment (recommended):
python3 -m venv venv source venv/bin/activate # On Linux/macOS venv\Scripts\activate # On Windows
-
Install dependencies:
pip install -r requirements.txt
python3 main.py -h
usage: main.py [-h] [--url URL] [--list LIST] [--output OUTPUT]
Check for CVE-2024-25600 vulnerability in Bricks theme
options:
-h, --help show this help message and exit
-u URL, --url URL URL to fetch nonce from and check vulnerability
-l LIST, --list LIST Path to a file containing a list of URLs to check for
vulnerability
-o OUTPUT, --output OUTPUT
File to write vulnerable URLs to
-
Scan a single URL:
python3 main.py -u http://example.com
-
Scan a list of URLs from a file:
python3 main.py -l urls.txt -o vulnerable.txt
(This will scan each URL in
urls.txtand write the vulnerable URLs tovulnerable.txt)
OD&H encourages community contributions to this project. To contribute:
- Fork the repository to your own GitHub account.
- Create a new branch for your proposed feature or bug fix.
- Implement your changes and commit them with clear, descriptive messages.
- Submit a pull request to the
mainbranch of this repository.
This project is licensed under the MIT License - see the LICENSE file for details.
Copyright (c) 2015 Oblivion Development & Hosting
This project adheres to a strict Code of Conduct. All participants are expected to uphold its principles. See CODE_OF_CONDUCT.md for details.
For inquiries or support, please contact:
Oblivion Development & Hosting:
- Website: https://odh.ivan-vcard.xyz
Oblivion Development & Hosting provides individuals and businesses with top-tier web development, hosting, and cybersecurity solutions to thrive in the digital landscape.
Our Mission: To deliver secure, reliable, and innovative technology solutions grounded in transparency and trust.
Key Focus Areas:
- 🌍 Web Development
- 🔒 Cybersecurity
- 🖥️ Hosting Solutions
- 💬 Exceptional Customer Support
- 💡 Fostering a Culture of Innovation and Integrity