Webmin CVE-2019-15107 Vulnerability Scanner

A multi-threaded Python scanner to detect Webmin servers vulnerable to CVE-2019-15107 (authenticated RCE vulnerability in Webmin versions 1.890 through 1.920).

Description

This tool scans a list of Webmin servers (provided in CSV format) and checks for the CVE-2019-15107 vulnerability, which allows remote code execution through the password_change.cgi endpoint. The scanner is multi-threaded for efficient scanning of large networks and provides color-coded output for easy result interpretation.

Features

• Multi-threaded scanning for fast results
• CSV input file support (HOST:IP:PORT format)
• Color-coded terminal output (green/red/yellow for vulnerable/non-vulnerable/errors)
• Real-time scanning statistics
• Automatic saving of vulnerable hosts to vulnerable_hosts.txt
• Detailed scan summary report

Vulnerability Details

CVE-2019-15107: An authenticated remote code execution vulnerability in Webmin versions 1.890 through 1.920. The vulnerability exists in the password_change.cgi endpoint, which allows command injection via the expired parameter.

Installation

1. Clone this repository:

   git clone https://github.com/mattb709/CVE-2019-15107-Scanner.git
   cd CVE-2019-15107-Scanner

2. Install the required dependencies:

   pip install requests colorama

Usage

1. Prepare a CSV file (targets.csv) with your target hosts in the following format:

   HOST,IP,PORT
   server1,192.168.1.1,10000
   server2,10.0.0.2,10000
   

   (If PORT is empty, default port 10000 will be used)

2. Run the scanner:

   python CVE-2019-15107-Scanner.py targets.csv

3. For faster scanning with multiple threads (e.g., 10 threads):

   python CVE-2019-15107-Scanner.py targets.csv --threads 10

Output Example

[*] Starting Webmin CVE-2019-15107 Scanner
[*] Loading targets from: targets.csv
[*] Using 5 threads

[+] VULNERABLE: 192.168.1.1:10000
    Command output: uid=0(root) gid=0(root) groups=0(root)

[-] Not vulnerable: 10.0.0.2:10000
[!] Error: 10.0.0.3:10000 - Connection timeout

=== SCAN SUMMARY ===
Vulnerable hosts: 1
Non-vulnerable hosts: 1
Errors: 1
Total hosts scanned: 3

Vulnerable hosts saved to 'vulnerable_hosts.txt'

Output Files

• vulnerable_hosts.txt: Contains all identified vulnerable hosts in IP:PORT format

Disclaimer

This tool is intended for authorized security testing and research purposes only. The author is not responsible for any misuse or damage caused by this program. Always obtain proper authorization before scanning any systems.

License

This project is licensed under the MIT License - see the LICENSE file for details.

References

• CVE-2019-15107
• Webmin Security Advisory