## https://sploitus.com/exploit?id=D6DF66C8-D21B-5D81-B377-D53384F88D34
# CVE-2026-44825 Apache Solr Scanner
This repository contains a Go-based scanner for detecting and testing Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.
The tool can scan a single target or a list of targets, detect Solr endpoints, attempt authentication checks, and optionally run exploit or interactive RCE workflow modes.
## About This Project
This project is intended for authorized security research, internal validation, and defensive testing in environments where explicit permission has been granted.
The scanner is not intended for unauthorized access or abuse of third-party systems.
## Features
- Scan a single target or a file containing multiple targets
- Detect Apache Solr instances through common service endpoints
- Check for authentication exposure and default credential candidates
- Optionally exploit vulnerable targets after scanning
- Support an interactive RCE mode for approved testing scenarios
- Export scan results to JSON
## Requirements
- Go 1.26 or newer
- Network access to the target Solr instance
- Appropriate authorization before running against any production system
## Build
From the project root, run:
```bash
go build -o solr_scanner .
```
This will produce the binary named solr_scanner.
## Usage
### Scan a single target
```bash
./solr_scanner -t http://target:8983
```
### Scan multiple targets from a file
```bash
./solr_scanner -f targets.txt
```
### Scan and attempt exploitation
```bash
./solr_scanner -t http://target:8983 --exploit
```
### Start interactive RCE mode
```bash
./solr_scanner -t http://target:8983 --rce
```
### Use explicit credentials
```bash
./solr_scanner -t http://target:8983 --rce -u admin -pw SolrRocks
```
## Available Flags
- -t: Single target URL
- -f: File containing a list of target URLs
- -exploit: Attempt exploitation after scanning
- -rce: Start interactive RCE mode
- -u: Username for authentication
- -pw: Password for authentication
- -o: Output file for results
- -w: Number of concurrent workers
- -T: HTTP timeout in seconds
## Output
Results are written to JSON by default in the file specified by -o, which defaults to:
```bash
solr_results.json
```
## Project Structure
- solr_main.go: Main scanner implementation
- go.mod: Go module definition
- solr_scanner: Compiled binary output
## Disclaimer
Use this tool only in environments where you have explicit authorization to test. The maintainers are not responsible for misuse or any unauthorized activity conducted with this software.