Features
- Support for lists of URLs.
- Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
- Fuzzing for HTTP GET and POST methods.
- Automatic validation of the vulnerability upon discovery.
- Randomized and non-intrusive payloads.
- WAF Bypass payloads.
Description
The Spring4Shell RCE is a critical vulnerability that FullHunt has been researching since it was released. We worked with our customers in scanning their environments for Spring4Shell and Spring Cloud RCE vulnerabilities.
We're open-sourcing an open detection scanning tool for discovering Spring4Shell (CVE-2022-22965) and Spring Cloud RCE (CVE-2022-22963) vulnerabilities. This shall be used by security teams to scan their infrastructure, as well as test for WAF bypasses that can result in achieving successful exploitation of the organization's environment.
If your organization requires help, please contact (team at fullhunt.io) directly for a full attack surface discovery and scanning for the Spring4Shell vulnerabilities.
Usage
$ ./spring4shell-scan.py -h
[•] CVE-2022-22965 - Spring4Shell RCE Scanner
[•] Scanner provided....
Author
- BlogMay 2, 2022Lupo - Malware IOC Extractor and Debugging module for Malware Analysis Automation
- BlogMay 2, 2022DDexec - a technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process
- BlogApril 28, 2022ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
- BlogApril 27, 2022Shhhloader - SysWhispers Shellcode Loader