Skip to content

BishopFox/fortiweb-auth-bypass-check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
scan.py
scan.py
 
 

Repository files navigation

FortiWeb Auth Bypass Check

FortiWeb auth bypass scanner by Bishop Fox

  • Tests a target for authentication bypass CVE-2025-64446
  • Only exploits a path traversal, does not exploit the actual auth bypass
  • Does not perform any administrative actions on the target

For more information about this vulnerability, refer to the Bishop Fox blog.

Setup

git clone https://github.com/BishopFox/fortiweb-auth-bypass-check
cd fortiweb-auth-bypass-check
python3 -m pip install requests

Usage

python3 scan.py https://[TARGET]

Examples

# Vulnerable target
$ python3 scan.py https://example1.com
[*] Testing https://example1.com
[!] Target is VULNERABLE - update immediately!

# Unaffected target
$ python3 scan.py https://example2.com
[*] Testing https://example2.com
[+] Target is not affected

# Invalid target
$ python3 scan.py https://example3.com
[*] Testing https://example3.com
[-] Target does not appear to be FortiWeb

License

This code is distributed under an MIT license.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages