This tool is intended for security testing purposes only. Do not engage in any illegal activities. Any consequences resulting from misuse are solely your responsibility.
The CVE-2023-25194 detection tool utilizes JNDI to load the response content returned by the DNS log platform to determine the presence of vulnerabilities. The logic for determining the response content involves successful utilization of the content received through testing. Some response contents can establish connections with the target via the DNS log platform, but they are ultimately ignored as they cannot be exploited.
python3 CVE-2023-25194_Scan.py -h
_______ ________ ___ ____ ___ _____ ___ _____________ __ __
/ ____/ | / / ____/ |__ \ / __ \__ \|__ / |__ \ / ____< / __ \/ // /
/ / | | / / __/________/ // / / /_/ / /_ <________/ //___ \ / / /_/ / // /_
/ /___ | |/ / /__/_____/ __// /_/ / __/___/ /_____/ __/____/ // /\__, /__ __/
\____/ |___/_____/ /____/\____/____/____/ /____/_____//_//____/ /_/
PowerBy:YongYe__Security
usage: CVE-2023-25194_Scan.py [-h] (-u URL | -f FILE)
Send POST requests to URLs
options:
-h, --help show this help message and exit
-u URL, --url URL URL, Single target detection
-f FILE, --file FILE URL File, Batch scan
Single target exploitation
python3 CVE-2023-25194_Scan.py -u http://127.0.0.1:8080
Batch target scanning
The URLs with vulnerabilities will be stored in the file "result.txt" in the current directory.
python3 CVE-2023-25194_Scan.py -f url.txt
If necessary, you can modify the actual DNS log platform address in line 34 of the code. However, not changing it will not affect the program's execution.