PAN-OS GlobalProtect Portal Scanner

Palo Alto’s GlobalProtect portal, a feature of PAN-OS, has been the subject of several critical-severity vulnerabilities that can allow authorization bypass, unauthenticated remote code execution, etc. From an external perspective, it can be difficult to tell if you’re running a patched version of PAN-OS since the GlobalProtect portal and management interface don’t explicitly reveal their underlying software version.

To assist PAN-OS users in patching their firewalls, this scanner examines the Last-Modified and ETag HTTP response headers for several static web resources, and associates those values with specific PAN-OS releases. For example, note the ETag in the following HTTP response from the GlobalProtect portal login page:

$ curl -skI
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
ETag: "6e185d5daf9a"

Examining the last 8 characters of the ETag gives us the hexadecimal epoch time 5d5daf9a, represented as 1566420890 in decimal format. We can convert this epoch time to a human-readable format using the UNIX date utility:

$ date -d @1566420890
Wed 21 Aug 2019 08:54:50 PM UTC

Using the attached version-table.txt, we can determine that this instance of GlobalProtect portal is running on PAN-OS version 8.1.10, and is therefore vulnerable to CVE-2020-2034, an OS command injection vulnerability in GlobalProtect portal, and should consequently be patched.

$ awk '/Aug.*21.*2019/ {print $1}' version-table.txt 

This scanner automates the process described above, suggesting an exact (or approximate) underlying PAN-OS version for a remote GlobalProtect portal or management interface. When multiple versions are associated with a given date, this tool will display all version matches as a comma-separated list; e.g, 7.1.24-h1,8.0.19-h1,8.1.9-h4 for 2019-08-15.


git clone


python3 [-h] [-v] [-s] -t TARGET


Determine the software version of a remote PAN-OS target. Requires version-table.txt in the same directory. See for security advisories for specific PAN-OS

optional arguments:
  -h, --help  show this help message and exit
  -v          verbose output
  -s          stop after one exact match


$ python3 -s -t | jq '.match'
  "date": "2018-05-04",
  "versions": [
  "precision": "exact",
  "resource": "global-protect/portal/images/favicon.ico"

URL list