{"id":18676166,"url":"https://github.com/foospidy/web-cve-tests","last_synced_at":"2025-04-12T02:12:17.268Z","repository":{"id":75133596,"uuid":"162748290","full_name":"foospidy/web-cve-tests","owner":"foospidy","description":"A simple framework for sending test payloads for known web CVEs.","archived":false,"fork":false,"pushed_at":"2020-12-16T14:06:24.000Z","size":204,"stargazers_count":134,"open_issues_count":0,"forks_count":42,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-04-12T02:12:12.154Z","etag":null,"topics":["application-sec","cve","cve-scanning","payloads","struts","tests","web"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/foospidy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-21T18:58:13.000Z","updated_at":"2025-03-22T11:00:11.000Z","dependencies_parsed_at":"2023-06-05T11:30:51.227Z","dependency_job_id":null,"html_url":"https://github.com/foospidy/web-cve-tests","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foospidy%2Fweb-cve-tests","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foospidy%2Fweb-cve-tests/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foospidy%2Fweb-cve-tests/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foospidy%2Fweb-cve-tests/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/foospidy","download_url":"https://codeload.github.com/foospidy/web-cve-tests/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248505926,"owners_count":21115354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-sec","cve","cve-scanning","payloads","struts","tests","web"],"created_at":"2024-11-07T09:27:58.042Z","updated_at":"2025-04-12T02:12:17.260Z","avatar_url":"https://github.com/foospidy.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# web-cve-tests\n\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)\n\nThe goal of this tool is to send PoC payloads to verify server-side attack detection solutions. If detected, the server side should return a specified HTTP status code.\n\n__This tool is not intended to actually exploit the vulnerability or to test for the existence of the vulnerability.__\n\n## Usage\n\nBasic:\n\n```shell\n./webcve.py --url https://target-site.com\n```\n\nSpecify detected response code (default is 403):\n\n```shell\n./webcve.py --url https://target-site.com --status-code 406\n```\n\nVerbose (output CVE descriptions):\n\n```shell\n./webcve.py --url https://target-site.com -v\n```\n\nTest a single CVE (with example output):\n\n```shell\n./webcve.py --url https://target-site.com --status-code 406 --cve CVE-2017-9791 -v\nCVE-2017-9791\nThe Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution\nvia a malicious field value passed in a raw message to the ActionMessage.\n        Test passed (406)\n        Test passed (406)\n        Test passed (406)\n        Test passed (406)\n```\n\nTest for a group of CVEs. Groups are defined in [groups.json](groups.json).\n\n```shell\n./webcve.py --url https://target-site.com --group struts\n```\n\nTest for a group type of CVEs. Types are defined in [groups.json](groups.json).\n\n```shell\n./webcve.py --url https://target-site.com --type cms\n```\n\nList available groups or types.\n\n```shell\n./webcve.py --list group\n```\n\n```shell\n./webcve.py --list type\n```\n\n## Contributions\n\nPull requests are welcome. Please use the existing CVE directories as examples of how you should structure your submission.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoospidy%2Fweb-cve-tests","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffoospidy%2Fweb-cve-tests","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoospidy%2Fweb-cve-tests/lists"}