weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
[*] Start detect weblogic administrator console for 139.196.xxx.xxx:1450.
[-] Target 139.196.xxx.xxx:1450 does not detect weblogic administrator console!
---------------- Heartless Split Line ----------------
[*] Start detect CVE-2014-4210 for 139.196.xxx.xxx:1450.
[-] Target 139.196.xxx.xxx:1450 does not detect CVE-2014-4210!
---------------- Heartless Split Line ----------------
[*] Start detect CVE-2016-0638 for 139.196.xxx.xxx:1450.
Traceback (most recent call last):
File "ws.py", line 56, in <module>
res, msg = instance.light_and_msg(m_target[key]['ip'], m_target[key]['port'])
File "/Volumes/ParadiseDuo/TestTools/weblogicScanner/stars/__init__.py", line 79, in light_and_msg
res, data = self.light_up(dip, dport, *arg, **kwargs)
File "/Volumes/ParadiseDuo/TestTools/weblogicScanner/stars/cve_2016_0638.py", line 57, in light_up
res = sock.recv(4096)
ConnectionResetError: [Errno 54] Connection reset by peer这里可不可以加一个容错机制,如果报错直接执行下一个?
我一直扫描不成功,因为我的目标是http://xx.xx.xx.xx,删掉http才行
然后希望存在漏洞的提示信息改成其他明显颜色
CVE-2023-21839 远程代码执行
CVE-2024-20931 JDNI注入漏洞
CVE-2024-21006 远程命令执行
CVE-2018-2894
这个漏洞你使用判断响应码不是404来判断是否存在漏洞,这个误报率很高,有的站点找不到定页面时会跳转到指定页面,这个页面的响应码一定是200,这样就造成了很多的误报
CVE-2019-2890 (cve_2019_2890.py) - Payload contains a remote IP 104.251.228.50
weblogicScanner# python ws.py
File "ws.py", line 31
item: str
^
SyntaxError: invalid syntax
CVE-2020-2546 能够扫描嘛
this tool need to be fast so could you use asyncio or threading library to make it more fast
可以支持https吗
python3.8 ws.py -t 106.75.45.110:7657
报错:KeyError: timeout('timed out')
python3.8 ws.py -t www.hirsun.com:7001
报错:KeyError: ConnectionResetError(54, 'Connection reset by peer')
一直报错,哪里出问题了
根据说明,python -t 可以跟随ip地址或文件
但测试发现-t ip.txt(自定义ip文件)报错
ip.txt格式:
ip 7001
ip:7001
ip
上述格式均不成功
cve_2020_2551 误报概率非常搞,看发包信息就是开 IIOP 就有漏洞?
Hi,
first of all great tool! This makes weblogic vulnerability testing fast.
I found some applications, which server the /wls-wsat/CoordinatorPortType Endpoint via HTTPS instead of HTTP. So SSL support would be very nice at this point.
Greetings
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
