weblogicScanner: weblogic Vulnerability Scanning Tool

weblogicScaner

weblogicScaner

weblogic Vulnerability Scanning Tool. If there is an unrecorded and open POC vulnerability, please submit the issue.

Some bug fixes were made, some POC did not take effect or configuration errors. I checked before and found that some POC could not be used. In this project, some modifications have been made to the script to improve accuracy.

Note:Some vulnerabilities require multiple tests to verify due to stability reasons.

Currently, detectable vulnerabilities are (some non-principles detection, manual verification required):

  • weblogic administrator console
  • CVE-2014-4210
  • CVE-2016-0638
  • CVE-2016-3510
  • CVE-2017-3248
  • CVE-2017-3506
  • CVE-2017-10271
  • CVE-2018-2628
  • CVE-2018-2893
  • CVE-2018-2894
  • CVE-2018-3191
  • CVE-2018-3245
  • CVE-2018-3252
  • CVE-2019-2618
  • CVE-2019-2725
  • CVE-2019-2729
  • CVE-2019-2890
  • CVE-2020-2551

Download

git clone https://github.com/0xn0ne/weblogicScanner.git

Use

Source: https://github.com/0xn0ne/