ExploitCVE2025 - SAP Path Traversal Auto-Exploit Tool
An automated exploitation tool for CVE-2025-31324, targeting SAP systems vulnerable to arbitrary file upload via path traversal.
-
π Automatic path traversal payload generation
-
π Multi-target exploitation (bulk targets list)
-
π₯ SAP system detection
-
π°οΈ Proxy support (e.g., Burp Suite interception)
-
π‘οΈ SSL certificate bypass option
-
π Brute-force common upload endpoints
-
π Auto-deployment and interaction with uploaded WebShells
-
π Detailed logs (
exploit_log.txt) and HTML reporting (report.html)
Clone the repository and install locally:
git clone https://github.com/Profanatic/ExploitCVE2025
cd exploitcve2025
chmod +x *.py
python3 exploitcve2025.py --help
Examples Basic usage:
python3 exploitcve2025.py --targets targets.txt
Ignore SSL certificate verification:
python3 exploitcve2025.py --targets targets.txt --no-verify
Use a proxy (e.g., Burp Suite or mitmproxy):
python3 exploitcve2025.py --targets targets.txt --proxy http://127.0.0.1:8080
Example targets.txt
https://sap-vulnerable.example.com/
192.168.1.105
sapserver.target.net
Output Files
exploit_log.txt β A detailed exploitation log file.
report.html β A graphical HTML report listing discovered WebShells.
Disclaimer This tool is intended for authorized penetration testing and educational purposes only. Unauthorized exploitation of systems without permission is illegal and unethical. Use it responsibly.
Author Profanatica