Adobe Experience Manager Vulnerability Scanner

Adobe Experience Manager is content management system that is based on Apache Sling – a framework for RESTful web-applications based on an extensible content tree. Apache Sling in its turn is basically a REST API for Apache Jackrabbit, which is an implementation of Content Repository API for Java (JCR). The main principle of JCR is that everything is a resource. It means that any object in JCR repository can be retrieved in multiple ways depending on requested selector. E.g. if you make a request to /index.html you will get an HTML page, but if you replace .html with a .json selector you can get metadata of this resource:

{
  "jcr:primaryType":"cq:Page",
  "jcr:createdBy":"transport-user",
  "jcr:created":"Mon Jun 13 2018 22:09:46 GMT+0000"
}

AEM installations typically have lots of hidden gems (even password hashes) if selectors are improperly configured. aemscan helps to discover such weaknesses and much more:

  • Default credentials bruteforce
  • Info leak via default error page
  • WebDav support check (WebDav OSGI XXE CVE-2015-1833)
  • Version detection
  • Useful paths scanner

You can grab the source code from GitHub: https://github.com/Raz0r/aemscan. Pull requests are welcome!

Comments

4 responses to “Adobe Experience Manager Vulnerability Scanner”

  1. Kim Pham Avatar
    Kim Pham

    Hello! My name is Kim, and I am current TAM intern for Adobe. I wanted to know if this website is still active? If the information on here is still up to date? I am thinking of including this website as a source on an internal Adobe site. Thank you so much!

  2. Raz0r Avatar

    Yes, it is active. AEM Scanner has not been updated in a while though.

  3. samfisher Avatar
    samfisher

    Great work man ,thanks for the tool ,i know its outdated ,but still amazing work.
    Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.