关联漏洞
描述
A Python-based security scanner for identifying the CVE-2025-31324 vulnerability in SAP Visual Composer systems, and detecting known Indicators of Compromise (IOCs) such as malicious .jsp.
介绍
# SAP CVE-2025-31324 Analyzer
A Python-based security scanner for identifying the **CVE-2025-31324** vulnerability in SAP Visual Composer systems, and detecting known Indicators of Compromise (IOCs) such as malicious `.jsp`.
---
## 🚀 Features
- Detects vulnerable Visual Composer endpoints
- Scans for known malicious `.jsp` files (webshells)
- Multi-target scanning from a CSV file
- Custom IOC file support
- Saves results to CSV (optional)
- Optional verbosity
---
## 🛠 Requirements
- Python 3.6+
- `requests` library (installed via `requirements.txt`)
---
## 📦 Installation
```bash
# 1. Clone the repository
git clone https://github.com/youruser/CVE-2025-31324.git
cd CVE-2025-31324
# 2. Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# 3. Install dependencies
pip install -r requirements.txt
```
---
## 📦 File Structure
```
scan.py # Main scanner
targets.csv # Input list of targets
ioc_list.txt # Optional IOC signature list
results.csv # Output report (if --output used)
requirements.txt # Python dependencies
```
---
## 📄 CSV Input Format
Create a file named `targets.csv` with the following **semicolon-separated** format with IP, Port and SSL option:
```csv
192.168.1.10;50000;false
myunsafelocation.example.com;443;true
10.0.0.5;8080;false
```
- **ssl**: Use `true`, `false`, `yes`, or `no`
---
## 🕵️ IOC List Format
Create a file named `ioc_list.txt`:
```text
# Default IOCs
cache.jsp
helper.jsp
nzwcnktc.jsp
# Add your own signatures
shell.jsp
webadmin.jsp
```
---
## ⚙️ Usage
```bash
python3 scan.py --input targets.csv
```
### Optional Flags:
| Flag | Description |
|----------------------|----------------------------------------------|
| `--iocfile` | Path to custom IOC list (`.txt`) |
| `--output` or `-o` | Save results to CSV |
| `--verbose` or `-v` | Enable detailed debug output |
### Example:
```bash
python3 scan.py --input targets.csv --iocfile ioc_list.txt --output results.csv --verbose
```
---
## 🎨 Output Explanation
The script prints a result block for each host:
```
__________________________________
✅ Target 1 : 192.168.1.10:50000
Connection: Online
Status: Not Vulnerable
IOC: None detected
__________________________________
```
### Icons:
| Icon | Meaning |
|--------|----------------------------------------|
| ✅ | Safe (Not vulnerable, no IOCs) |
| ❗ | Vulnerable, but no IOCs found |
| 💥 | Vulnerable + IOC(s) detected |
| ❌ | Host not reachable / connection failed |
---
## 🧪 Local Testing
To test locally, run a Python HTTP server simulating a vulnerable SAP system:
```bash
mkdir -p test/developmentserver
mkdir -p test/irj
echo "" > test/developmentserver/metadatauploader
echo "<%-- fake webshell --%>" > test/irj/cache.jsp
cd test
python3 -m http.server 8000
```
Add to `targets.csv`:
```csv
0.0.0.0;8000;false
```
---
## 🛡 Disclaimer
This tool is provided **for authorized security testing and research only**. Do not use against systems you do not own or have explicit permission to scan.
---
## 📬 Feedback
For suggestions or improvements, please open an issue or submit a PR.
---
## ⚖ License
This project is licensed under the [MIT License](LICENSE).
You are free to use, modify, and distribute it — commercially or privately.
**Disclaimer**:
This tool is provided **as-is**, without any warranty or guarantee.
The authors are not responsible for any damage or legal issues caused by its usage.
Use it only in environments where you have **explicit authorization** to scan and test systems.
文件快照
[4.0K] /data/pocs/bc5160529ae02c7d8f97b6ee9fff81c1c4ee7cf2
├── [ 101] ioc_list.txt
├── [1.0K] LICENSE
├── [3.9K] README.md
├── [ 9] requirements.txt
├── [ 100] results.csv
├── [8.3K] scan.py
└── [ 25] targets.csv
0 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。