code-scan starred WeblogicScan
2021-03-20 13:30:23 Author: github.com(查看原文) 阅读量:287 收藏

Weblogic一键漏洞检测工具,V1.5

软件作者:Tide_RabbitMask
免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。)
本工具仅用于安全测试,请勿用于非法使用,要乖哦~

V 1.5功能介绍:
提供一键poc检测,收录几乎全部weblogic历史漏洞。
详情如下:

    #控制台路径泄露
    Console  
    
    #SSRF:
    CVE-2014-4210      
    
    #JAVA反序列化
    CVE-2016-0638  
    CVE-2016-3510   
    CVE-2017-3248   
    CVE-2018-2628 
    CVE-2018-2893
    CVE-2019-2725
    CVE-2019-2729
    CVE_2019_2890
    
    #任意文件上传
    CVE-2018-2894   
    
    #XMLDecoder反序列化
    CVE-2017-3506
    CVE-2017-10271 
    
V 1.1 更新日志:
    删减全部EXP
    删减POC:CVE-2015-4852
    新增POC:CVE-2017-10271,CVE-2019-2725,CVE-2018-2894
    新增日志功能
    全新交互模式
    全新名称、Banner

V 1.2 更新日志:	
    新增离线依赖安装模式,满足内网测试需求:
    即新增文件夹:/whl/
    Usage:python3 install.py

V 1.3 更新日志:	
    全新支持Python3
    重写POC:CVE-2019-2725
    新增POC:CVE-2019-2729

V 1.4 更新日志:	[20200729]
    新增POC:CVE_2019_2890
    全新框架设计,高度封装与拟人化
    舍弃离线安装模块
    重点修复:从根本上解决脚本异常卡死问题(不同目标版本的异常通信造成)
    重点升级:从根本上解决脚本漏报误报问题(部分原因由py2->py3升级造成)
    # Not End:
    话说大家一直好奇其它同类型工具增加的CVE-2020-* 为什么一直没有在这里出现。
    其实相关的漏洞利用链以及最新的EXP我都有自己去复现或自己去写,手头也差不多是全的,
    但是如何把他们去靠谱的自动化集成一直是个问题,很多公开利用链是依赖ldap或没有回显可供正则的。
    :) 至于1.4高度封装与框架重新设计的目的,V1.5批量版本近期更新,敬请期待。

V 1.5 更新日志:	[20200730] [快不快?/嚣张脸:)]
    新增模块:Whoareu,基于T3的目标版本精确识别
    重点升级:增加批量扫描功能,智能兼容默认端口或自定义端口
    仅打印检测成功的内容,更多内容详见weblogic.log日志    

python WeblogicScan.py -h

__        __   _     _             _        ____
\ \      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __
 \ \ /\ / / _ \ '_ \| |/ _ \ / _` | |/ __| \___ \ / __/ _` | '_ \
  \ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |
   \_/\_/ \___|_.__/|_|\___/ \__, |_|\___| |____/ \___\__,_|_| |_|
                             |___/
                             By Tide_RabbitMask | V 1.5

Welcome To WeblogicScan !!!
Whoami:https://github.com/rabbitmask
usage: WeblogicScan.py [-h] [-u IP] [-p PORT] [-f FILE]

optional arguments:
  -h, --help  show this help message and exit

Scanner:
  -u IP       target ip
  -p PORT     target port
  -f FILE     target list

python WeblogicScan.py -u 127.0.0.1 -p 7001

__        __   _     _             _        ____
\ \      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __
 \ \ /\ / / _ \ '_ \| |/ _ \ / _` | |/ __| \___ \ / __/ _` | '_ \
  \ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |
   \_/\_/ \___|_.__/|_|\___/ \__, |_|\___| |____/ \___\__,_|_| |_|
                             |___/
                             By Tide_RabbitMask | V 1.5

Welcome To WeblogicScan !!!
Whoami:https://github.com/rabbitmask
[*] =========Task Start=========
[+] [127.0.0.1:7001] Weblogic Version Is 10.3.6.0
[+] [127.0.0.1:7001] Weblogic console address is exposed! The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp
[+] [127.0.0.1:7001] Weblogic UDDI module is exposed! The path is: http://127.0.0.1:7001/uddiexplorer/
[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638
[-] [127.0.0.1:7001] weblogic not detected CVE-2016-3510
[-] [127.0.0.1:7001] weblogic not detected CVE-2017-10271
[-] [127.0.0.1:7001] weblogic not detected CVE-2017-3248
[-] [127.0.0.1:7001] weblogic not detected CVE-2017-3506
[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628
[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893
[-] [127.0.0.1:7001] weblogic not detected CVE-2018-2894
[-] [127.0.0.1:7001] weblogic not detected CVE-2019-2725
[-] [127.0.0.1:7001] weblogic not detected CVE-2019-2729
[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890
[*] ==========Task End==========

python WeblogicScan.py -f target.txt

__        __   _     _             _        ____
\ \      / /__| |__ | | ___   __ _(_) ___  / ___|  ___ __ _ _ __
 \ \ /\ / / _ \ '_ \| |/ _ \ / _` | |/ __| \___ \ / __/ _` | '_ \
  \ V  V /  __/ |_) | | (_) | (_| | | (__   ___) | (_| (_| | | | |
   \_/\_/ \___|_.__/|_|\___/ \__, |_|\___| |____/ \___\__,_|_| |_|
                             |___/
                             By Tide_RabbitMask | V 1.5

Welcome To WeblogicScan !!!
Whoami:https://github.com/rabbitmask
[*] ========Task Num: [2]========
[*] =========Task Start=========
[+] [127.0.0.1:7001] Weblogic Version Is 10.3.6.0
[+] [172.19.19.19:7001] Weblogic Version Is 10.3.6.0
[+] [127.0.0.1:7001] Weblogic console address is exposed! The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp
[+] [172.19.19.19:7001] Weblogic console address is exposed! The path is: http://172.19.19.19:7001/console/login/LoginForm.jsp
[+] [127.0.0.1:7001] Weblogic UDDI module is exposed! The path is: http://127.0.0.1:7001/uddiexplorer/
[+] [172.19.19.19:7001] Weblogic UDDI module is exposed! The path is: http://172.19.19.19:7001/uddiexplorer/
[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638
[+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638
[+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628
[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628
[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893
[+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893
[+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890
[+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890
[*] ==========Task End==========
# Demo target.txt (端口默认为7001)

127.0.0.1:7001
192.168.1.1
192.168.1.1:80
# Demo Weblogic.log

2020-07-30 14:15:48,266 [+] [127.0.0.1:7001] Weblogic Version Is 10.3.6.0
2020-07-30 14:15:48,267 [+] [172.19.19.19:7001] Weblogic Version Is 10.3.6.0
2020-07-30 14:15:48,276 [+] [127.0.0.1:7001] Weblogic console address is exposed! The path is: http://127.0.0.1:7001/console/login/LoginForm.jsp
2020-07-30 14:15:48,314 [+] [172.19.19.19:7001] Weblogic console address is exposed! The path is: http://172.19.19.19:7001/console/login/LoginForm.jsp
2020-07-30 14:15:48,376 [+] [127.0.0.1:7001] Weblogic UDDI module is exposed! The path is: http://127.0.0.1:7001/uddiexplorer/
2020-07-30 14:15:48,393 [+] [172.19.19.19:7001] Weblogic UDDI module is exposed! The path is: http://172.19.19.19:7001/uddiexplorer/
2020-07-30 14:16:01,584 [+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638
2020-07-30 14:16:01,598 [+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2016-0638
2020-07-30 14:16:14,800 [-] [127.0.0.1:7001] weblogic not detected CVE-2016-3510
2020-07-30 14:16:14,802 [-] [172.19.19.19:7001] weblogic not detected CVE-2016-3510
2020-07-30 14:16:14,818 [-] [127.0.0.1:7001] weblogic not detected CVE-2017-10271
2020-07-30 14:16:14,821 [-] [172.19.19.19:7001] weblogic not detected CVE-2017-10271
2020-07-30 14:16:28,031 [-] [127.0.0.1:7001] weblogic not detected CVE-2017-3248
2020-07-30 14:16:28,035 [-] [172.19.19.19:7001] weblogic not detected CVE-2017-3248
2020-07-30 14:16:28,041 [-] [172.19.19.19:7001] weblogic not detected CVE-2017-3506
2020-07-30 14:16:28,048 [-] [127.0.0.1:7001] weblogic not detected CVE-2017-3506
2020-07-30 14:16:51,253 [+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628
2020-07-30 14:16:51,261 [+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2628
2020-07-30 14:17:04,466 [+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893
2020-07-30 14:17:04,471 [-] [127.0.0.1:7001] weblogic not detected CVE-2018-2894
2020-07-30 14:17:04,609 [-] [127.0.0.1:7001] weblogic not detected CVE-2019-2725
2020-07-30 14:17:06,381 [+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2018-2893
2020-07-30 14:17:06,385 [-] [172.19.19.19:7001] weblogic not detected CVE-2018-2894
2020-07-30 14:17:06,553 [-] [172.19.19.19:7001] weblogic not detected CVE-2019-2725
2020-07-30 14:17:06,649 [-] [127.0.0.1:7001] weblogic not detected CVE-2019-2729
2020-07-30 14:17:08,591 [-] [172.19.19.19:7001] weblogic not detected CVE-2019-2729
2020-07-30 14:17:19,854 [+] [127.0.0.1:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890
2020-07-30 14:17:21,805 [+] [172.19.19.19:7001] weblogic has a JAVA deserialization vulnerability:CVE-2019-2890
Thanks for the support from JetBrains.

文章来源: https://github.com/rabbitmask/WeblogicScan
如有侵权请联系:admin#unsafe.sh