记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

weblogic 漏洞扫描工具

2021-07-31 08:29

师傅们周末快乐,周末也要学习呀

目前可检测漏洞编号有(部分非原理检测,需手动验证):

  • weblogic administrator console

  • CVE-2014-4210

  • CVE-2016-0638

  • CVE-2016-3510

  • CVE-2017-3248

  • CVE-2017-3506

  • CVE-2017-10271

  • CVE-2018-2628

  • CVE-2018-2893

  • CVE-2018-2894

  • CVE-2018-3191

  • CVE-2018-3245

  • CVE-2018-3252

  • CVE-2019-2618

  • CVE-2019-2725

  • CVE-2019-2729

  • CVE-2019-2890

  • CVE-2020-2551

  • CVE-2020-14882

  • CVE-2020-14883

大佬可自己加最新poc。
使用环境:

  • python >= 3.6

进入项目目录,使用以下命令安装依赖库

$ pip3 install requests

使用说明:

usage: ws.py [-h] -t TARGETS [TARGETS ...] -v VULNERABILITY             [VULNERABILITY ...] [-o OUTPUT]
optional arguments: -h, --help 帮助信息 -t TARGETS [TARGETS ...], --targets TARGETS [TARGETS ...] 直接填入目标或文件列表(默认使用端口7001). 例子: 127.0.0.1:7001 -v VULNERABILITY [VULNERABILITY ...], --vulnerability VULNERABILITY [VULNERABILITY ...] 漏洞名称或CVE编号,例子:"weblogic administrator console" -o OUTPUT, --output OUTPUT 输出 json 结果的路径。默认不输出结果  -s--ssl             强制使用 https 协议请求

示例:

(venv) ~/weblogicScanner$ python ws.py -t 192.168.124.129[23:03:04][INFO] [*][Weblogic Console][192.168.56.129:7001] Start...[23:03:04][INFO] [+][Weblogic Console][192.168.56.129:7001] Found module![23:03:04][INFO] [*][Weblogic Console][192.168.56.129:7001] Please verify manually![23:03:04][INFO] [*][CVE-2014-4210][192.168.56.129:7001] Start...[23:03:04][INFO] [-][CVE-2014-4210][192.168.56.129:7001] Not found.[23:03:04][INFO] [*][CVE-2016-0638][192.168.56.129:7001] Start...[23:03:06][INFO] [-][CVE-2016-0638][192.168.56.129:7001] Not vulnerability.[23:03:06][INFO] [*][CVE-2016-3510][192.168.56.129:7001] Start...[23:03:08][INFO] [-][CVE-2016-3510][192.168.56.129:7001] Not vulnerability.[23:03:08][INFO] [*][CVE-2017-3248][192.168.56.129:7001] Start...[23:03:10][INFO] [-][CVE-2017-3248][192.168.56.129:7001] Not vulnerability.[23:03:10][INFO] [*][CVE-2017-3506][192.168.56.129:7001] Start...[23:03:10][INFO] [-][CVE-2017-3506][192.168.56.129:7001] Not vulnerability.[23:03:10][INFO] [*][CVE-2017-10271][192.168.56.129:7001] Start...[23:03:10][INFO] [-][CVE-2017-10271][192.168.56.129:7001] Not vulnerability.[23:03:10][INFO] [*][CVE-2018-2628][192.168.56.129:7001] Start...[23:03:14][INFO] [+][CVE-2018-2628][192.168.56.129:7001] Exists vulnerability![23:03:14][INFO] [*][CVE-2018-2893][192.168.56.129:7001] Start...[23:03:18][INFO] [+][CVE-2018-2893][192.168.56.129:7001] Exists vulnerability![23:03:18][INFO] [*][CVE-2018-2894][192.168.56.129:7001] Start...[23:03:19][INFO] [+][CVE-2018-2894][192.168.56.129:7001] Found module![23:03:19][INFO] [*][CVE-2018-2894][192.168.56.129:7001] Please verify manually![23:03:19][INFO] [*][CVE-2018-3191][192.168.56.129:7001] Start...[23:03:23][INFO] [+][CVE-2018-3191][192.168.56.129:7001] Exists vulnerability![23:03:23][INFO] [*][CVE-2018-3245][192.168.56.129:7001] Start...[23:03:29][INFO] [-][CVE-2018-3245][192.168.56.129:7001] Not vulnerability.[23:03:29][INFO] [*][CVE-2018-3252][192.168.56.129:7001] Start...[23:03:36][INFO] [+][CVE-2018-3252][192.168.56.129:7001] Found module![23:03:36][INFO] [*][CVE-2018-3252][192.168.56.129:7001] Please verify manually![23:03:36][INFO] [*][CVE-2019-2618][192.168.56.129:7001] Start...[23:03:36][INFO] [+][CVE-2019-2618][192.168.56.129:7001] Found module![23:03:36][INFO] [*][CVE-2019-2618][192.168.56.129:7001] Please verify manually![23:03:36][INFO] [*][CVE-2019-2725][192.168.56.129:7001] Start...[23:03:46][INFO] [-][CVE-2019-2725][192.168.56.129:7001] Not vulnerability.[23:03:46][INFO] [*][CVE-2019-2729][192.168.56.129:7001] Start...[23:03:54][INFO] [-][CVE-2019-2729][192.168.56.129:7001] Not vulnerability.[23:03:54][INFO] [*][CVE-2019-2888][192.168.56.129:7001] Start...[23:03:56][INFO] [+][CVE-2019-2888][192.168.56.129:7001] Found module![23:03:56][INFO] [*][CVE-2019-2888][192.168.56.129:7001] Please verify manually![23:03:56][INFO] [*][CVE-2019-2890][192.168.56.129:7001] Start...[23:03:58][INFO] [-][CVE-2019-2890][192.168.56.129:7001] Not vulnerability.[23:03:58][INFO] [*][CVE-2020-2551][192.168.56.129:7001] Start...[23:03:58][INFO] [+][CVE-2020-2551][192.168.56.129:7001] Found module![23:03:58][INFO] [*][CVE-2020-2551][192.168.56.129:7001] Please verify manually![23:03:58][INFO] [*][CVE-2020-2555][192.168.56.129:7001] Start...[23:04:02][INFO] [+][CVE-2020-2555][192.168.56.129:7001] Exists vulnerability![23:04:02][INFO] [*][CVE-2020-2883][192.168.56.129:7001] Start...[23:04:06][INFO] [+][CVE-2020-2883][192.168.56.129:7001] Exists vulnerability![23:04:06][INFO] [*][CVE-2020-14882][192.168.56.129:7001] Start...[23:04:23][INFO] [-][CVE-2020-14882][192.168.56.129:7001] Not vulnerability.[23:04:23][INFO] [*][CVE-2020-14883][192.168.56.129:7001] Start...[23:04:23][INFO] [+][CVE-2020-14883][192.168.56.129:7001] Exists vulnerability!


私聊公众号发送“weblogic”获取下载链接。


“如侵权请私聊公众号删文”


欢迎关注 系统安全运维 

觉得不错点个“赞”、“在看”哦


知识来源: https://mp.weixin.qq.com/s?__biz=Mzk0NjE0NDc5OQ==&mid=2247489107&idx=1&sn=662b7cbd654a3c3d15bc8410c2b7a052

阅读:130329 | 评论:0 | 标签:扫描 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“weblogic 漏洞扫描工具”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

黑帝公告 📢

永久免费持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

广而告之 💖

标签云 ☁