embedxpl 3.8.2__tar.gz → 3.8.3__tar.gz

{embedxpl-3.8.2 → embedxpl-3.8.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: embedxpl
-Version: 3.8.2
+Version: 3.8.3
 Summary: Embedded & Perimeter Security Assessment Framework -- 2800+ modules, 900+ CVEs, 114+ vendors. Covers routers, IP cameras, GPON ONTs, ISP CPEs, IoT/embedded edge, firewalls (Fortinet/Cisco/PAN-OS/SonicWall), VPN appliances, printers, drones, switches, UPS/PDU, ICS/OT.
 Author-email: André Henrique <henrique.santos@uniaogeek.com.br>
 Maintainer-email: André Henrique <henrique.santos@uniaogeek.com.br>

{embedxpl-3.8.2 → embedxpl-3.8.3}/embedxpl/modules/exploits/printers/hp/hp_laserjet_ssrf_cve_2024_4479.py

@@ -68,7 +68,10 @@ class Exploit(HTTPClient):
                 req, context=ctx, timeout=10) if ctx else urllib.request.urlopen(req, timeout=10)
             body = resp.read(4096).decode('latin-1', errors='replace')
             if body:
-                print_good("SSRF response ({} bytes): {}".format(len(body), body[:300]))
+                if "SSRF lab probe" in body or "instance-id" in body:
+                    print_good("Lab mock SSRF endpoint responded ({} bytes)".format(len(body)))
+                else:
+                    print_good("SSRF response ({} bytes): {}".format(len(body), body[:300]))
             else:
                 print_status("Empty response - no SSRF data returned.")
         except Exception as e:

{embedxpl-3.8.2 → embedxpl-3.8.3}/embedxpl/modules/scanners/smart_tv/bravia_upnp_audit.py

@@ -213,17 +213,19 @@ class Exploit(HTTPClient):
 
     def _fetch_descriptor(self) -> Optional[str]:
         """Fetch the UPnP device descriptor XML."""
-        body = self._soap_post(_CM_SVC, "GetCurrentConnectionIDs", "", "control/ConnectionManager")
-        # Just try to GET the dmr.xml
         import urllib.request
-        try:
-            with urllib.request.urlopen(
-                "http://{}:{}/dmr.xml".format(self.target, int(self.port)),
-                timeout=int(self.timeout)
-            ) as r:
-                return r.read(256).decode("utf-8", errors="replace")
-        except Exception:
-            return None
+        for path in ("/description.xml", "/dmr.xml", "/rootDesc.xml", "/"):
+            try:
+                with urllib.request.urlopen(
+                    "http://{}:{}{}".format(self.target, int(self.port), path),
+                    timeout=int(self.timeout),
+                ) as r:
+                    snippet = r.read(512).decode("utf-8", errors="replace")
+                    if "MediaRenderer" in snippet or "deviceType" in snippet:
+                        return snippet[:256]
+            except Exception:
+                continue
+        return None
 
     def _get_protocol_info(self) -> Optional[str]:
         resp = self._soap_post(
@@ -300,12 +302,15 @@ class Exploit(HTTPClient):
     def check(self) -> bool:
         """Check if UPnP MediaRenderer is accessible on the target."""
         import urllib.request
-        try:
-            with urllib.request.urlopen(
-                "http://{}:{}/dmr.xml".format(self.target, int(self.port)),
-                timeout=5
-            ) as r:
-                content = r.read(128).decode("utf-8", errors="replace")
-                return "MediaRenderer" in content or "sony" in content.lower()
-        except Exception:
-            return False
+        for path in ("/description.xml", "/dmr.xml", "/"):
+            try:
+                with urllib.request.urlopen(
+                    "http://{}:{}{}".format(self.target, int(self.port), path),
+                    timeout=5,
+                ) as r:
+                    content = r.read(256).decode("utf-8", errors="replace")
+                    if "MediaRenderer" in content or "sony" in content.lower():
+                        return True
+            except Exception:
+                continue
+        return self._get_volume() is not None

{embedxpl-3.8.2 → embedxpl-3.8.3}/embedxpl.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: embedxpl
-Version: 3.8.2
+Version: 3.8.3
 Summary: Embedded & Perimeter Security Assessment Framework -- 2800+ modules, 900+ CVEs, 114+ vendors. Covers routers, IP cameras, GPON ONTs, ISP CPEs, IoT/embedded edge, firewalls (Fortinet/Cisco/PAN-OS/SonicWall), VPN appliances, printers, drones, switches, UPS/PDU, ICS/OT.
 Author-email: André Henrique <henrique.santos@uniaogeek.com.br>
 Maintainer-email: André Henrique <henrique.santos@uniaogeek.com.br>

{embedxpl-3.8.2 → embedxpl-3.8.3}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "embedxpl"
-version = "3.8.2"
+version = "3.8.3"
 description = "Embedded & Perimeter Security Assessment Framework -- 2800+ modules, 900+ CVEs, 114+ vendors. Covers routers, IP cameras, GPON ONTs, ISP CPEs, IoT/embedded edge, firewalls (Fortinet/Cisco/PAN-OS/SonicWall), VPN appliances, printers, drones, switches, UPS/PDU, ICS/OT."
 readme = { file = "README.md", content-type = "text/markdown" }
 license = { file = "LICENSE" }