Coder Social home page Coder Social logo

w20di / weblogicscanner Goto Github PK

View Code? Open in Web Editor NEW

This project forked from 0xn0ne/weblogicscanner

0.0 0.0 1.0 154 KB

weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551

Python 100.00%

weblogicscanner's Introduction

源工具链接:https://github.com/rabbitmask/WeblogicScan

weblogicScaner

简体中文 | English

截至 2020 年 3 月 7 日,weblogic 漏洞扫描工具。若存在未记录且已公开 POC 的漏洞,欢迎提交 issue。

原作者已经收集得比较完整了,在这里做了部分的 bug 修复,部分脚本 POC 未生效,配置错误等问题。之前查了一下发现部分 POC 无法使用。在这个项目里面对脚本做了一些修改,提高准确率。

注意:部分漏洞由于稳定性原因需要多次测试才可验证

目前可检测漏洞编号有(部分非原理检测,需手动验证):

  • weblogic administrator console
  • CVE-2014-4210
  • CVE-2016-0638
  • CVE-2016-3510
  • CVE-2017-3248
  • CVE-2017-3506
  • CVE-2017-10271
  • CVE-2018-2628
  • CVE-2018-2893
  • CVE-2018-2894
  • CVE-2018-3191
  • CVE-2018-3245
  • CVE-2018-3252
  • CVE-2019-2618
  • CVE-2019-2725
  • CVE-2019-2729
  • CVE-2019-2890
  • CVE-2020-2551

快速开始

依赖

  • python >= 3.6

进入项目目录,使用以下命令安装依赖库

$ pip3 install requests

使用说明

usage: ws.py [-h] -t TARGETS [TARGETS ...] -v VULNERABILITY
             [VULNERABILITY ...] [-o OUTPUT]

optional arguments:
  -h, --help            帮助信息
  -t TARGETS [TARGETS ...], --targets TARGETS [TARGETS ...]
                        直接填入目标或文件列表(默认使用端口7001). 例子:
                        127.0.0.1:7001
  -v VULNERABILITY [VULNERABILITY ...], --vulnerability VULNERABILITY [VULNERABILITY ...]
                        漏洞名称或CVE编号,例子:"weblogic administrator console"
  -o OUTPUT, --output OUTPUT
                        输出 json 结果的路径。默认不输出结果

结果样例

(venv) ~/weblogicScanner$ python ws.py -t 192.168.124.129
[*] Start to detect weblogic administrator console for 192.168.124.129:7001.
[+] Found a module with weblogic administrator console at 192.168.124.129:7001!
[*] Please verify weblogic administrator console vulnerability manually!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2014-4210 for 192.168.124.129:7001.
[+] Found a module with CVE-2014-4210 at 192.168.124.129:7001!
[*] Please verify CVE-2014-4210 vulnerability manually!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2016-0638 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2016-0638 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2016-3510 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2016-3510 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2017-3248 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2017-3248 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2017-3506 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2017-3506 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2017-10271 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2017-10271 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2018-2628 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2018-2628 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2018-2893 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2018-2893 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2018-2894 for 192.168.124.129:7001.
[-] Target 192.168.124.129:7001 does not detect CVE-2018-2894!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2018-3191 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2018-3191 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2018-3245 for 192.168.124.129:7001.
[-] Target 192.168.124.129:7001 does not detect CVE-2018-3245 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2018-3252 for 192.168.124.129:7001.
[+] Found a module with CVE-2018-3252 at 192.168.124.129:7001!
[*] Please verify CVE-2018-3252 vulnerability manually!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2019-2618 for 192.168.124.129:7001.
[+] Found a module with CVE-2019-2618 at 192.168.124.129:7001!
[*] Please verify CVE-2019-2618 vulnerability manually!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2018-2725 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2018-2725 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2019-2729 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2019-2729 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2019-2890 for 192.168.124.129:7001.
[-] Target 192.168.124.129:7001 does not detect CVE-2019-2890 vulnerability!
---------------- Heartless Split Line ----------------
[*] Start to detect CVE-2020-2551 for 192.168.124.129:7001.
[+] Target 192.168.124.129:7001 has a CVE-2020-2551 vulnerability!
---------------- Heartless Split Line ----------------

weblogicscanner's People

Forkers

tainge

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.