## https://sploitus.com/exploit?id=3ADCEBB2-FF7A-55FB-B74E-18A9AEBC43CA
# Auto-WebLogicScanner
An automated WebLogic vulnerability detection tool that supports batch scanning, CDN identification, FOFA asset expansion, and plugin-based POC verification. ## Features
- โ Intelligent CDN identification and real IP acquisition
- โ Multi-dimensional port and service detection (based on python-nmap)
- โ FOFA API asset expansion
- โ Plugin-based POC structure (supports CVE-2019-2725)
- โ Batch concurrent detection (ThreadPoolExecutor)
- โ Automated workflow
## Installation Requirements
```bash
pip install -r requirements.txt
```
## Configuration Instructions
Edit the `config.yaml` file to configure FOFA API information:
```yaml
fofa:
email: "your_email@example.com"
api_key: "your_api_key"
```
## Usage
### Method 1: Reading targets from a file
Create an `ips.txt` file, with one IP or domain name per line:
```
192.168.1.1
example.com
10.0.0.1
```
Run the scan:
```bash
python main.py
```
### Method 2: Using FOFA to automatically acquire assets
After configuring the FOFA API in `config.yaml`, the tool will automatically retrieve assets from FOFA and perform scans. ## Output Results
- `result_vuln.txt`: List of detected vulnerabilities
- `scanner.log`: Scan logs
## Disclaimer
This tool is intended for security research and authorized testing purposes only. Users must comply with relevant laws and regulations, and it must not be used for illegal purposes.