diff --git a/WebScan/pocs/poc-yaml-weblogic-console-weak.yml b/WebScan/pocs/poc-yaml-weblogic-console-weak.yml new file mode 100644 index 0000000..99b5151 --- /dev/null +++ b/WebScan/pocs/poc-yaml-weblogic-console-weak.yml @@ -0,0 +1,29 @@ +name: poc-yaml-weblogic-console-weak +sets: + username: + - weblogic + password: + - weblogic + - weblogic1 + - welcome1 + - Oracle@123 + - weblogic123 + payload: + - UTF-8 +rules: + - method: HEAD + path: /console/j_security_check + follow_redirects: false + expression: | + response.status == 302 && response.headers['Set-Cookie'].contains("ADMINCONSOLESESSION") + - method: POST + path: /console/j_security_check + follow_redirects: false + headers: + Content-type: application/x-www-form-urlencoded + body: | + j_username={{username}}&j_password={{password}}&j_character_encoding={{payload}} + expression: | + !response.body.bcontains(b"LoginForm.jsp") +detail: + author: shadown1ng(https://github.com/shadown1ng) \ No newline at end of file diff --git a/WebScan/pocs/tomcat-manager-week.yml b/WebScan/pocs/tomcat-manager-weak.yml similarity index 88% rename from WebScan/pocs/tomcat-manager-week.yml rename to WebScan/pocs/tomcat-manager-weak.yml index c11d349..b167851 100644 --- a/WebScan/pocs/tomcat-manager-week.yml +++ b/WebScan/pocs/tomcat-manager-weak.yml @@ -1,12 +1,16 @@ -name: poc-yaml-tomcat-manager-week +name: poc-yaml-tomcat-manager-weak sets: username: - tomcat - admin + - root + - manager password: - - tomcat + - "" - admin + - tomcat - 123456 + - root payload: - base64(username+":"+password) rules: diff --git a/common/flag.go b/common/flag.go index f3bdd39..f0f6467 100644 --- a/common/flag.go +++ b/common/flag.go @@ -30,7 +30,7 @@ func Flag(Info *HostInfo) { flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh") flag.StringVar(&Info.Path, "path", "", "fcgi、smb romote file path") flag.IntVar(&Threads, "t", 600, "Thread nums") - flag.StringVar(&HostFile, "hf", "", "host file, -hs ip.txt") + flag.StringVar(&HostFile, "hf", "", "host file, -hf ip.txt") flag.StringVar(&Userfile, "userf", "", "username file") flag.StringVar(&Passfile, "pwdf", "", "password file") flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")