Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Raz0r/aemscan
Adobe Experience Manager Vulnerability Scanner
https://github.com/Raz0r/aemscan
aem scanner vulnerability web
Last synced: about 1 month ago
JSON representation
Adobe Experience Manager Vulnerability Scanner
- Host: GitHub
- URL: https://github.com/Raz0r/aemscan
- Owner: Raz0r
- License: mit
- Created: 2018-07-12T10:20:06.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-05-22T21:34:42.000Z (over 1 year ago)
- Last Synced: 2024-08-01T23:31:14.915Z (4 months ago)
- Topics: aem, scanner, vulnerability, web
- Language: Python
- Homepage: https://raz0r.name/releases/adobe-experience-manager-vulnerability-scanner/
- Size: 17.6 KB
- Stars: 181
- Watchers: 7
- Forks: 50
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-bugbounty-tools - aemscan - Adobe Experience Manager Vulnerability Scanner (Miscellaneous / CMS)
README
[![Build Status](https://travis-ci.com/Raz0r/aemscan.svg?branch=master)](https://travis-ci.com/Raz0r/aemscan)
## aemscan
#### *Adobe Experience Manager Vulnerability Scanner*https://raz0r.name/releases/adobe-experience-manager-vulnerability-scanner/
### Features
* Default credentials bruteforce
* Info leak via default error page
* WebDav support check (WebDav OSGI XXE CVE-2015-1833)
* Version detection
* Useful paths scanner### Installation
`$ python setup.py install`
### Usage
`$ aemscan `
### TODO
* CVE-2016-0956 "Apache Sling Framework 2.3.6 Information Disclosure"
* CVE-2018-5006, CVE-2018-12809 "Adobe Experience Manager Server-Side Request Forgery"### Links
* [Adobe CQ Pentesting Guide](https://resources.infosecinstitute.com/adobe-cq-pentesting-guide-part-1/)
* [Hacking Adobe Experience Manager sites](https://www.slideshare.net/0ang3el/hacking-aem-sites)
* [Adobe Experience Manager Security Check List](https://helpx.adobe.com/experience-manager/6-3/sites/administering/using/security-checklist.html)