/WeblogicScan

Weblogic一键漏洞检测工具,V1.3

Primary LanguagePython

WeblogicScan

Weblogic一键漏洞检测工具,V1.3

软件作者:Tide_RabbitMask
免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。)
本工具仅用于安全测试,请勿用于非法使用,要乖哦~

V 1.3功能介绍:
提供一键poc检测,收录几乎全部weblogic历史漏洞。
详情如下:

    #控制台路径泄露
    Console  
    
    #SSRF:
    CVE-2014-4210      
    
    #JAVA反序列化
    CVE-2016-0638  
    CVE-2016-3510   
    CVE-2017-3248   
    CVE-2018-2628 
    CVE-2018-2893
    CVE-2019-2725
    CVE-2019-2729
    
    #任意文件上传
    CVE-2018-2894   
    
    #XMLDecoder反序列化
    CVE-2017-3506
    CVE-2017-10271 
    
V 1.1 更新日志:
    删减全部EXP
    删减POC:CVE-2015-4852
    新增POC:CVE-2017-10271,CVE-2019-2725,CVE-2018-2894
    新增日志功能
    全新交互模式
    全新名称、Banner

V 1.2 更新日志:	
    新增离线依赖安装模式,满足内网测试需求:
    即新增文件夹:/whl/
    Usage:python3 install.py

V 1.3 更新日志:	
    全新支持Python3
    重写POC:CVE-2019-2725
    新增POC:CVE-2019-2729

Software using Demo:

__        __   _     _             _        ____
\ \      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __
 \ \ /\ / / _ \ '_ \| |/ _ \ / _` | |/ __| \___ \ / __/ _` | '_ \
  \ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |
   \_/\_/ \___|_.__/|_|\___/ \__, |_|\___| |____/ \___\__,_|_| |_|
			     |___/
			     By Tide_RabbitMask | V 1.3

Welcome To WeblogicScan !!!
Whoami:rabbitmask.github.io
Usage: python3 WeblogicScan [IP] [PORT]
[*]Console path is testing...
[+]The target Weblogic console address is exposed!
[+]The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp
[+]Please try weak password blasting!
[*]CVE_2014_4210 is testing...
[+]The target Weblogic UDDI module is exposed!
[+]The path is: http://127.0.0.1:7001/uddiexplorer/
[+]Please verify the SSRF vulnerability!
[*]CVE_2016_0638 is testing...
[-]Target weblogic not detected CVE-2016-0638
[*]CVE_2016_3510 is testing...
[-]Target weblogic not detected CVE-2016-3510
[*]CVE_2017_3248 is testing...
[-]Target weblogic not detected CVE-2017-3248
[*]CVE_2017_3506 is testing...
[-]Target weblogic not detected CVE-2017-3506
[*]CVE_2017_10271 is testing...
[-]Target weblogic not detected CVE-2017-10271
[*]CVE_2018_2628 is testing...
[-]Target weblogic not detected CVE-2018-2628
[*]CVE_2018_2893 is testing...
[-]Target weblogic not detected CVE-2018-2893
[*]CVE_2018_2894 is testing...
[-]Target weblogic not detected CVE-2018-2894
[*]CVE_2019_2725 is testing...
[+]The target weblogic has a JAVA deserialization vulnerability:CVE-2019-2725
[+]Your current permission is:  rabbitmask\rabbitmask
[*]CVE_2019_2729 is testing...
[+]The target weblogic has a JAVA deserialization vulnerability:CVE-2019-2729
[+]Your current permission is:  rabbitmask\rabbitmask
[*]Happy End,the goal is 127.0.0.1:7001