Kali Linux

Spring4Shell-Scan : A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell

Spring4Shell-Scan is a fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities.

Features

  • Support for lists of URLs.
  • Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
  • Fuzzing for HTTP GET and POST methods.
  • Automatic validation of the vulnerability upon discovery.
  • Randomized and non-intrusive payloads.
  • WAF Bypass payloads.

Description

The Spring4Shell RCE is a critical vulnerability that FullHunt has been researching since it was released. We worked with our customers in scanning their environments for Spring4Shell and Spring Cloud RCE vulnerabilities.

We’re open-sourcing an open detection scanning tool for discovering Spring4Shell (CVE-2022-22965) and Spring Cloud RCE (CVE-2022-22963) vulnerabilities. This shall be used by security teams to scan their infrastructure, as well as test for WAF bypasses that can result in achieving successful exploitation of the organization’s environment.

If your organization requires help, please contact (team at fullhunt.io) directly for a full attack surface discovery and scanning for the Spring4Shell vulnerabilities.

Usage

$ ./spring4shell-scan.py -h
[•] CVE-2022-22965 – Spring4Shell RCE Scanner
[•] Scanner provided by FullHunt.io – The Next-Gen Attack Surface Management Platform.
[•] Secure your External Attack Surface with FullHunt.io.
usage: spring4shell-scan.py [-h] [-u URL] [-p PROXY] [-l USEDLIST] [–payloads-file PAYLOADS_FILE] [–waf-bypass] [–request-type REQUEST_TYPE] [–test-CVE-2022-22963]
optional arguments:
-h, –help show this help message and exit
-u URL, –url URL Check a single URL.
-p PROXY, –proxy PROXY
Send requests through proxy
-l USEDLIST, –list USEDLIST
Check a list of URLs.
–payloads-file PAYLOADS_FILE
Payloads file – [default: payloads.txt].
–waf-bypass Extend scans with WAF bypass payloads.
–request-type REQUEST_TYPE
Request Type: (get, post, all) – [Default: all].
–test-CVE-2022-22963
Test for CVE-2022-22963 (Spring Cloud RCE).

Scan a Single URL

$ python3 spring4shell-scan.py -u https://spring4shell.lab.secbot.local

Discover WAF bypasses against the environment

$ python3 spring4shell-scan.py -u https://spring4shell.lab.secbot.local –waf-bypass

Scan a list of URLs

$ python3 spring4shell-scan.py -l urls.txt

Include checks for Spring Cloud RCE (CVE-2022-22963)

$ python3 spring4shell-scan.py -l urls.txt –test-CVE-2022-22963

Installation

$ pip3 install -r requirements.txt

Docker Support

git clone https://github.com/fullhunt/spring4shell-scan.git
cd spring4shell-scan
sudo docker build -t spring4shell-scan .
sudo docker run -it –rm spring4shell-scan
With URL list “urls.txt” in current directory
docker run -it –rm -v $PWD:/data spring4shell-scan -l /data/urls.txt

R K

Recent Posts

Set Up Nginx Server Blocks on Ubuntu 18.04: Host Multiple Sites

Nginx server blocks let you run more than one website on a single server. Each block…

18 minutes ago

Install Tor Browser on Ubuntu 18.04: Anonymous Browsing Guide

Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…

35 minutes ago

Install Vagrant on Ubuntu 18.04: Complete Setup Guide for Developers

Vagrant is a command-line tool that makes it easy to build and manage virtual machine environments.…

2 hours ago

Install VMware Tools on Ubuntu 18.04: Open VM Tools and ISO Guide

VMware Tools is a set of drivers and services that improves the performance of an Ubuntu…

2 hours ago

Install Apache Maven on Ubuntu 18.04: Stable or Latest Version

Java developers use project management tools to automate building their applications. Apache Maven is an open source…

2 hours ago

Install Mono on Ubuntu 18.04: C# Compiler and Runtime Guide

Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…

1 day ago