## https://sploitus.com/exploit?id=795C0ACC-26BB-5FDD-B83C-AFBA17969A8E
# SAP CVE-2025-31324 Analyzer
A Python-based security scanner for identifying the **CVE-2025-31324** vulnerability in SAP Visual Composer systems, and detecting known Indicators of Compromise (IOCs) such as malicious `.jsp`.
---
## ๐ Features
- Detects vulnerable Visual Composer endpoints
- Scans for known malicious `.jsp` files (webshells)
- Multi-target scanning from a CSV file
- Custom IOC file support
- Saves results to CSV (optional)
- Optional verbosity
---
## ๐ Requirements
- Python 3.6+
- `requests` library (installed via `requirements.txt`)
---
## ๐ฆ Installation
```bash
# 1. Clone the repository
git clone https://github.com/youruser/CVE-2025-31324.git
cd CVE-2025-31324
# 2. Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# 3. Install dependencies
pip install -r requirements.txt
```
---
## ๐ฆ File Structure
```
scan.py # Main scanner
targets.csv # Input list of targets
ioc_list.txt # Optional IOC signature list
results.csv # Output report (if --output used)
requirements.txt # Python dependencies
```
---
## ๐ CSV Input Format
Create a file named `targets.csv` with the following **semicolon-separated** format with IP, Port and SSL option:
```csv
192.168.1.10;50000;false
myunsafelocation.example.com;443;true
10.0.0.5;8080;false
```
- **ssl**: Use `true`, `false`, `yes`, or `no`
---
## ๐ต๏ธ IOC List Format
Create a file named `ioc_list.txt`:
```text
# Default IOCs
cache.jsp
helper.jsp
nzwcnktc.jsp
# Add your own signatures
shell.jsp
webadmin.jsp
```
---
## โ๏ธ Usage
```bash
python3 scan.py --input targets.csv
```
### Optional Flags:
| Flag | Description |
|----------------------|----------------------------------------------|
| `--iocfile` | Path to custom IOC list (`.txt`) |
| `--output` or `-o` | Save results to CSV |
| `--verbose` or `-v` | Enable detailed debug output |
### Example:
```bash
python3 scan.py --input targets.csv --iocfile ioc_list.txt --output results.csv --verbose
```
---
## ๐จ Output Explanation
The script prints a result block for each host:
```
__________________________________
โ Target 1 : 192.168.1.10:50000
Connection: Online
Status: Not Vulnerable
IOC: None detected
__________________________________
```
### Icons:
| Icon | Meaning |
|--------|----------------------------------------|
| โ | Safe (Not vulnerable, no IOCs) |
| โ | Vulnerable, but no IOCs found |
| ๐ฅ | Vulnerable + IOC(s) detected |
| โ | Host not reachable / connection failed |
---
## ๐งช Local Testing
To test locally, run a Python HTTP server simulating a vulnerable SAP system:
```bash
mkdir -p test/developmentserver
mkdir -p test/irj
echo "" > test/developmentserver/metadatauploader
echo "<%-- fake webshell --%>" > test/irj/cache.jsp
cd test
python3 -m http.server 8000
```
Add to `targets.csv`:
```csv
0.0.0.0;8000;false
```
---
## ๐ก Disclaimer
This tool is provided **for authorized security testing and research only**. Do not use against systems you do not own or have explicit permission to scan.
---
## ๐ฌ Feedback
For suggestions or improvements, please open an issue or submit a PR.
---
## โ License
This project is licensed under the [MIT License](LICENSE).
You are free to use, modify, and distribute it โ commercially or privately.
**Disclaimer**:
This tool is provided **as-is**, without any warranty or guarantee.
The authors are not responsible for any damage or legal issues caused by its usage.
Use it only in environments where you have **explicit authorization** to scan and test systems.