This tool is intended for security testing purposes only. Do not engage in any illegal activities. Any consequences resulting from misuse are solely your responsibility.

The CVE-2023-25194 detection tool utilizes JNDI to load the response content returned by the DNS log platform to determine the presence of vulnerabilities. The logic for determining the response content involves successful utilization of the content received through testing. Some response contents can establish connections with the target via the DNS log platform, but they are ultimately ignored as they cannot be exploited.

python3 CVE-2023-25194_Scan.py -h

_______    ________    ___   ____ ___  _____      ___   _____________  __ __
  / ____/ |  / / ____/   |__ \ / __ \__ \|__  /     |__ \ / ____<  / __ \/ // /
 / /    | | / / __/________/ // / / /_/ / /_ <________/ //___ \ / / /_/ / // /_
/ /___  | |/ / /__/_____/ __// /_/ / __/___/ /_____/ __/____/ // /\__, /__  __/
\____/  |___/_____/    /____/\____/____/____/     /____/_____//_//____/  /_/

                                                    PowerBy:YongYe__Security

usage: CVE-2023-25194_Scan.py [-h] (-u URL | -f FILE)

Send POST requests to URLs

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL, Single target detection
  -f FILE, --file FILE  URL File, Batch scan

Single target exploitation

python3 CVE-2023-25194_Scan.py -u http://127.0.0.1:8080

Batch target scanning

The URLs with vulnerabilities will be stored in the file "result.txt" in the current directory.

python3 CVE-2023-25194_Scan.py -f url.txt

If necessary, you can modify the actual DNS log platform address in line 34 of the code. However, not changing it will not affect the program's execution.