AEM SPY

A command-line tool for checking a list of URLs for possible Adobe Experience Manager (AEM) detection.

• This tool does basic check and i highly recommend to use Tool - AEM-Hacker - Recommended Tool

Usage

python aem-spy.py --target target.txt

Options

• --target: Path to file containing URLs to check. (required)

Example

python aem-spy.py --target urls.txt

Requirements

• Python 3.x
• argparse module
• requests module

Sample Run

Author

• @FR13ND0x7F

Blogs/ AEM Exploit POCs

• Hunting for security bugs in AEM webapps
• Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps
• Tool - AEM-Hacker - Recommended Tool
• Youtube - AEMSecurity
• Reflected XSS at Philips.com
• How I found my first AEM related bug.
• accounts.informatica.com - RCE due to exposed Groovy console
• Twitter/ AEMSecurity
• The CVE That Will Never Die!
• How to get RCE on AEM instance without Java knowledge
• AEM Hacking
• Adobe Experience Manager Security Issues
• Adobe Experience Manager Exploitation
• Quikc wins with Adobe Experience Manager
• AEM POST Servlet
• AEM /etc/groovyconsole.html RCE

License

This project is licensed under the MIT License - see the LICENSE file for details.