-u URL, --url URL target URL (e.g. -u "http://example.com")
-f FILE, --file FILE select a target list file (e.g. -f "list.txt")
--fofa keyword call fofa api to scan (e.g. --fofa "app=Apache-Shiro")
--shodan keyword call shodan api to scan (e.g. --shodan "Shiro")
mode:
options vulnerability scanning or exploit mode
-a APP [APP ...] specify webapps (e.g. -a "tomcat") allow multiple
general:
general options
-h, --help show this help message and exit
-t NUM, --thread NUM number of scanning function threads, default 10 threads
--dnslog server dnslog server (hyuga,dnslog,ceye) default automatic
--output-text file result export txt file (e.g. "result.txt")
--output-json file result export json file (e.g. "result.json")
--proxy-socks SOCKS socks proxy (e.g. --proxy-socks 127.0.0.1:1080)
--proxy-http HTTP http proxy (e.g. --proxy-http 127.0.0.1:8080)
--fofa-size SIZE fofa query target number, default 100 (1-10000)
--user-agent UA you can customize the user-agent headers
--delay DELAY delay check time, default 0s
--timeout TIMEOUT scan timeout time, default 10s
--list display the list of supported vulnerabilities
--debug exp echo request and responses, poc echo vuln lists
--check survival check (on and off), default on
py -3 vulmap.py --help [ | | | .--..--. ,--. .--. [ \ [ ][ | | | | | [
.-. .-. |
'\ :[ '/'`\ \ \ \/ / | _/ |, | | | | | | | | // | |,| _/ | __/ '..'/[][_||||]'-;__/| ;._/ [| usage: python3 vulmap [options]target: you must to specify target
-u URL, --url URL target URL (e.g. -u "http://example.com") -f FILE, --file FILE select a target list file (e.g. -f "list.txt") --fofa keyword call fofa api to scan (e.g. --fofa "app=Apache-Shiro") --shodan keyword call shodan api to scan (e.g. --shodan "Shiro")
mode: options vulnerability scanning or exploit mode
-a APP [APP ...] specify webapps (e.g. -a "tomcat") allow multiple
general: general options
-h, --help show this help message and exit -t NUM, --thread NUM number of scanning function threads, default 10 threads --dnslog server dnslog server (hyuga,dnslog,ceye) default automatic --output-text file result export txt file (e.g. "result.txt") --output-json file result export json file (e.g. "result.json") --proxy-socks SOCKS socks proxy (e.g. --proxy-socks 127.0.0.1:1080) --proxy-http HTTP http proxy (e.g. --proxy-http 127.0.0.1:8080) --fofa-size SIZE fofa query target number, default 100 (1-10000) --user-agent UA you can customize the user-agent headers --delay DELAY delay check time, default 0s --timeout TIMEOUT scan timeout time, default 10s --list display the list of supported vulnerabilities --debug exp echo request and responses, poc echo vuln lists --check survival check (on and off), default on
support: types of vulnerability scanning: all, activemq, flink, shiro, solr, struts2, tomcat, unomi, drupal elasticsearch, fastjson, jenkins, laravel, nexus, weblogic, jboss spring, thinkphp, druid, exchange, nodejs, saltstack, vmware bigip, ofbiz, coremail, ecology, eyou, qianxin, ruijie
examples: python3 vulmap.py -u http://example.com python3 vulmap.py -u http://example.com -a struts2 python3 vulmap.py -f list.txt -a weblogic -t 20 python3 vulmap.py -f list.txt --output-json results.json python3 vulmap.py --fofa "app=Apache-Shiro"