Giter Site home page Giter Site logo

weblogic-scan's Introduction

weblogic-scan

weblogic 漏洞扫描工具 妄想试图weblogic一把梭
目前检测的功能

  • console 页面探测 & 弱口令扫描
  • uuid页面的SSRF
  • CVE-2017-10271 wls-wsat页面的反序列化
  • CVE-2018-2628 反序列化
  • CNVD-C-2019-48814

后期可以的话还会继续加功能的,主要是一些反序列化的poc真的不好写,我也不咋会..

USE

使用前请先填写config.py中的server参数
推荐配合http://ceye.io之类的工具使用,server格式为http://xxx.ceye.io

使用方式比较简单,目前支持两种模式

1、扫描url.txt中的所有url

python3 weblogic-scan

2、扫描单一的url

python3 weblogic-scan 127.0.0.1:7001

console弱口令和CVE-2018-2628的扫描结果会直接在控制台中输出。

uuid页面的SSRF以及wls-wsat反序列化会在server服务器中留下日志文件。
会在域名前带上受影响机子的地址,这样扫描多个地址的时候方便做区分。

prepare

ENV

  • version: python3
  • expand : requests

config.py

  • timeout: ​ 自定义timeout的时间,包括requests和socket的timeout
  • server(没有默认值,务必填写): 由于一些exp发送后具体有没有成功需要看服务器是否有数据返回 需要一个服务器来接受这种数据,例如http://ceye.io 攻击成功会在dns记录以及http的log部分留下数据

url.txt

支持如下几种格式的url

不填写端口默认端口为80,https起头的默认端口为443

weblogic-scan's People

Contributors

kingkaki avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.