From Shell Script to WebApp - A Risk Scanner PoC

Adam_Forester — Fri, 19 Jun 2026 21:17:04 GMT

**Disclaimer: All work is my own and not a recommendation by Check Point or supported by Check Point Support**

During the recent CVE announcement I wrote some shell scripting around the mitigation techniques from the SKs. In my 26 years of managing gateways I've always loved the shell and preferred to automate as mush as my work as humanly possible using APIs accessible via the shell. What I never was was a web developer...

Enter "Your AI Journey" I have played with pretty much all of them but have leaned more toward Codex even though I have a free Gemini Ultra through a family plan with friends. Codex in my opinion does the best job of talking while it's processing and explaining how it's working, so it feels more like I'm involved.

Using Codex I've done a lot of personal web front apps for my own home uses and converting things that were once done via spreadsheet to web.

I decided to see what would happen if I took my script work from here and see if I could turn it into a webapp. The framework was there because I had already done the commands and figured out what needed to change on things inside of generic-objects so translating should be easy.

It's all self contained local to an admin machines. Any API calls use Check Point secured HTTPS calls. It took a few hours to solve some of the search this or search that but knowing the backend API helped a lot to create something that can query, provide results, and then apply those results should an admin choose so. This would cut down a lot of work if I was still an admin of a 200 gateway environment and could have done all these mitigations from a single pane.

I added in some potential impact pop ups so that people have that extra thought step of "Am I ready to make this change because it will impact X" It will also automatically rescan when a change is made to confirm that the change is good.

I have some future ideas now that the basic interface is created and this was simply a use case that I had recently worked on. I was not able to test anything against smart-1 cloud or spark appliances because I own neither but I did build in domain for MDS environments.

Feel free to play with it and join in the experiment. https://github.com/WadesWeaponShed/CheckPoint-CVE-Webscanner

topic From Shell Script to WebApp - A Risk Scanner PoC in API / CLI Discussion

From Shell Script to WebApp - A Risk Scanner PoC