Exploit for Nessus-CVE-POC-Finder CVE-2015-4852 CVE-2016-6816 CVE-2017-12617 CVE-2017-3248 CVE-2018-2628 CVE-2020-1938

Name: Exploit for Nessus-CVE-POC-Finder CVE-2015-4852 CVE-2016-6816 CVE-2017-12617 CVE-2017-3248 CVE-2018-2628 CVE-2020-1938
Rating: 5 (4 reviews)
2026-06-30 | CVSS 9.8
## https://sploitus.com/exploit?id=0EB7005F-1AF8-5D82-BFB3-0885D0E7AA8B
# Nessus-CVE-POC-Finder
Python script to parse .nessus file, extract CVE numbers, and search for exploits using "searchsploit".

## Usage

```
usage: Nessus-CVE-POC-Finder.py [-h] [--unique] [--csv OUTPUT.csv] [--exploits] nessus_file

Extract CVE numbers from a .nessus file.

positional arguments:
  nessus_file       Path to the .nessus file

options:
  -h, --help        show this help message and exit
  --unique          Print only the unique, sorted list of CVE IDs
  --csv OUTPUT.csv  Write full results (with host/plugin context) to a CSV file
  --exploits        Cross-reference unique CVEs against searchsploit (exact match) and print any exploits found
```

## Example

```
$ python3 Nessus-CVE-POC-Finder.py --exploits example.nessus

Querying searchsploit for 149 unique CVE(s)...


CVE-2015-4852
10.0.0.2
  [EDB-ID 42806] Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
      /usr/share/exploitdb/exploits/java/remote/42806.py
  [EDB-ID 46628] Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
      /usr/share/exploitdb/exploits/multiple/remote/46628.rb
  [EDB-ID 44552] Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution
      /usr/share/exploitdb/exploits/multiple/remote/44552.sh

CVE-2016-6816
10.0.0.1
10.0.0.2
10.0.0.3
  [EDB-ID 41783] Apache Tomcat 6/7/8/9 - Information Disclosure
      /usr/share/exploitdb/exploits/multiple/remote/41783.txt

CVE-2017-12617
10.0.0.1
10.0.0.2
10.0.0.3
  [EDB-ID 42966] Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)
      /usr/share/exploitdb/exploits/jsp/webapps/42966.py
  [EDB-ID 43008] Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)
      /usr/share/exploitdb/exploits/java/remote/43008.rb

CVE-2017-3248
10.0.0.4
  [EDB-ID 44998] Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
      /usr/share/exploitdb/exploits/multiple/webapps/44998.py

CVE-2018-2628
10.0.0.3
  [EDB-ID 45193] Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)
      /usr/share/exploitdb/exploits/windows/remote/45193.rb
  [EDB-ID 45193] Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)
      /usr/share/exploitdb/exploits/windows/remote/45193.rb
  [EDB-ID 44553] Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution
      /usr/share/exploitdb/exploits/multiple/remote/44553.py

CVE-2020-1938
10.0.0.1
  [EDB-ID 48143] Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
      /usr/share/exploitdb/exploits/multiple/webapps/48143.py
  [EDB-ID 49039] Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit)
      /usr/share/exploitdb/exploits/multiple/webapps/49039.rb


CVEs with exact-match exploits: 6 / 149

Total CVE occurrences: 1123
Unique CVEs: 149
```