Spring4Shell-Scan is a fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities.
The Spring4Shell RCE is a critical vulnerability that FullHunt has been researching since it was released. We worked with our customers in scanning their environments for Spring4Shell and Spring Cloud RCE vulnerabilities.
We’re open-sourcing an open detection scanning tool for discovering Spring4Shell (CVE-2022-22965) and Spring Cloud RCE (CVE-2022-22963) vulnerabilities. This shall be used by security teams to scan their infrastructure, as well as test for WAF bypasses that can result in achieving successful exploitation of the organization’s environment.
If your organization requires help, please contact (team at fullhunt.io) directly for a full attack surface discovery and scanning for the Spring4Shell vulnerabilities.
$ ./spring4shell-scan.py -h
[•] CVE-2022-22965 – Spring4Shell RCE Scanner
[•] Scanner provided by FullHunt.io – The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
usage: spring4shell-scan.py [-h] [-u URL] [-p PROXY] [-l USEDLIST] [–payloads-file PAYLOADS_FILE] [–waf-bypass] [–request-type REQUEST_TYPE] [–test-CVE-2022-22963]
optional arguments:
-h, –help show this help message and exit
-u URL, –url URL Check a single URL.
-p PROXY, –proxy PROXY
Send requests through proxy
-l USEDLIST, –list USEDLIST
Check a list of URLs.
–payloads-file PAYLOADS_FILE
Payloads file – [default: payloads.txt].
–waf-bypass Extend scans with WAF bypass payloads.
–request-type REQUEST_TYPE
Request Type: (get, post, all) – [Default: all].
–test-CVE-2022-22963
Test for CVE-2022-22963 (Spring Cloud RCE).
$ python3 spring4shell-scan.py -u https://spring4shell.lab.secbot.local
$ python3 spring4shell-scan.py -u https://spring4shell.lab.secbot.local –waf-bypass
$ python3 spring4shell-scan.py -l urls.txt
$ python3 spring4shell-scan.py -l urls.txt –test-CVE-2022-22963
$ pip3 install -r requirements.txt
git clone https://github.com/fullhunt/spring4shell-scan.git
cd spring4shell-scan
sudo docker build -t spring4shell-scan .
sudo docker run -it –rm spring4shell-scan
With URL list “urls.txt” in current directory
docker run -it –rm -v $PWD:/data spring4shell-scan -l /data/urls.txt
bevigil-cli provides a unified command line interface and python library for using BeVigil OSINT API. BeVigil…
Explore the comprehensive world of Open-Source Intelligence (OSINT) with our curated list of active links…
BBOT (Bighuge BLS OSINT Tool) is a recursive internet scanner inspired by Spiderfoot, but designed to…
Andriller - is software utility with a collection of forensic tools for smartphones. It performs…
Designed as a full-stack web application, this tool amalgamates a plethora of services to streamline…
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything…