@@ -35,11 +35,12 @@ python vulmap.py -u http://example.com
3535 -a APP, --app APP 指定 Web 容器、Web 服务器、Web 中间件或 CMD(例如: "weblogic")不指定则默认扫描全部
3636 -c CMD, --cmd CMD 自定义远程命令执行执行的命令,默认是echo
3737 -v VULN, --vuln VULN 利用漏洞,需要指定漏洞编号 (示例: -v "CVE-2020-2729")
38+ -o, --output FILE 文本模式输出结果 (示例: -o "result.txt")
3839 --list 显示支持的漏洞列表
3940 --debug Debug 模式,将显示 request 和 responses
4041 --delay DELAY 延时时间,每隔多久发送一次,默认0s
4142 --timeout TIMEOUT 超时时间,默认10s
42- --output FILE 文本模式输出结果 (示例: -o "result.txt")
43+
4344```
4445## 🐾 Examples
4546```
@@ -69,6 +70,8 @@ python3 vulmap.py -u http://example.com:7001 -o result.txt
6970 +-------------------+------------------+-----+-----+-------------------------------------------------------------+
7071 | Target type | Vuln Name | Poc | Exp | Impact Version && Vulnerability description |
7172 +-------------------+------------------+-----+-----+-------------------------------------------------------------+
73+ | Apache ActiveMQ | CVE-2015-5254 | Y | N | < 5.13.0, deserialization remote code execution |
74+ | Apache ActiveMQ | CVE-2016-3088 | Y | Y | < 5.14.0, http put&move upload webshell |
7275 | Apache Shiro | CVE-2016-4437 | Y | Y | <= 1.2.4, shiro-550, rememberme deserialization rce |
7376 | Apache Solr | CVE-2017-12629 | Y | Y | < 7.1.0, runexecutablelistener rce & xxe, only rce is here |
7477 | Apache Solr | CVE-2019-0193 | Y | N | < 8.2.0, dataimporthandler module remote code execution |
@@ -86,18 +89,22 @@ python3 vulmap.py -u http://example.com:7001 -o result.txt
8689 | Apache Struts2 | S2-048 | Y | Y | 2.3.x, cve-2017-9791 struts2-struts1-plugin rce |
8790 | Apache Struts2 | S2-052 | Y | Y | 2.1.2 - 2.3.33, 2.5 - 2.5.12 cve-2017-9805 rest plugin rce |
8891 | Apache Struts2 | S2-057 | Y | Y | 2.0.4 - 2.3.34, 2.5.0-2.5.16, cve-2018-11776 namespace rce |
89- | Apache Struts2 | S2-059 | Y | Y | 2.0.0 - 2.5.20 cve-2019-0230 ognl interpreter rce |
92+ | Apache Struts2 | S2-059 | Y | Y | 2.0.0 - 2.5.20, cve-2019-0230 ognl interpreter rce |
93+ | Apache Struts2 | S2-061 | Y | Y | 2.0.0-2.5.25, cve-2020-17530 ognl interpreter rce |
9094 | Apache Struts2 | S2-devMode | Y | Y | 2.1.0 - 2.5.1, devmode remote code execution |
91- | Apache Tomcat | Examples File | Y | N | all version, /examples/servlets/servlet/SessionExample |
95+ | Apache Tomcat | Examples File | Y | N | all version, /examples/servlets/servlet |
9296 | Apache Tomcat | CVE-2017-12615 | Y | Y | 7.0.0 - 7.0.81, put method any files upload |
9397 | Apache Tomcat | CVE-2020-1938 | Y | Y | 6, 7 < 7.0.100, 8 < 8.5.51, 9 < 9.0.31 arbitrary file read |
98+ | Apache Unomi | CVE-2020-13942 | Y | Y | < 1.5.2, apache unomi remote code execution |
9499 | Drupal | CVE-2018-7600 | Y | Y | 6.x, 7.x, 8.x, drupalgeddon2 remote code execution |
95100 | Drupal | CVE-2018-7602 | Y | Y | < 7.59, < 8.5.3 (except 8.4.8) drupalgeddon2 rce |
96101 | Drupal | CVE-2019-6340 | Y | Y | < 8.6.10, drupal core restful remote code execution |
102+ | Elasticsearch | CVE-2014-3120 | Y | Y | < 1.2, elasticsearch remote code execution |
103+ | Elasticsearch | CVE-2015-1427 | Y | Y | 1.4.0 < 1.4.3, elasticsearch remote code execution |
97104 | Jenkins | CVE-2017-1000353 | Y | N | <= 2.56, LTS <= 2.46.1, jenkins-ci remote code execution |
98105 | Jenkins | CVE-2018-1000861 | Y | Y | <= 2.153, LTS <= 2.138.3, remote code execution |
99106 | Nexus OSS/Pro | CVE-2019-7238 | Y | Y | 3.6.2 - 3.14.0, remote code execution vulnerability |
100- | Nexus OSS/Pro | CVE-2020-10199 | Y | Y | 3.x <= 3.21.1, remote code execution vulnerability |
107+ | Nexus OSS/Pro | CVE-2020-10199 | Y | Y | 3.x <= 3.21.1, remote code execution vulnerability |
101108 | Oracle Weblogic | CVE-2014-4210 | Y | N | 10.0.2 - 10.3.6, weblogic ssrf vulnerability |
102109 | Oracle Weblogic | CVE-2017-3506 | Y | Y | 10.3.6.0, 12.1.3.0, 12.2.1.0-2, weblogic wls-wsat rce |
103110 | Oracle Weblogic | CVE-2017-10271 | Y | Y | 10.3.6.0, 12.1.3.0, 12.2.1.1-2, weblogic wls-wsat rce |
0 commit comments