A commandline tool to perform an security scan against a AEM Dispatcher.
This tool tries to unify all known security relevant AEM Dispatcher URLs from the internet.
If you know some more URLs, please open a GitHub issue to report them.
- Build the Docker image.
$ make build-docker-image
- Run Docker container from built image to print help.
$ make run-docker-image
Usage: cli.py [OPTIONS]
AEM Dispatcher Security Scan
Options:
--url TEXT URL of website e.g. https://www.example.com [required]
--page-path TEXT Page path of website. e.g. /content/geometrixx/en (Default: /)
--timeout INTEGER Timeout for HTTP requests in seconds. (Default: 10)
--file PATH Text file with test paths. (Default: aem-sec-paths.txt)
--help Show this message and exit.
- Run Docker container from built image with custom arguments.
$ docker compose \
--file docker-compose.yml \
run \
--rm \
aem-dispatcher-security-scan \
--url=https://www.example.com \
--page-path=/content/geometrixx/en
- docs.adobe.com
- 0ang3el/aem-hacker
- emadshanab/Adobe-Experience-Manager
- danielmiessler/seclists
- aem-design/ansible-role-aem-security-test
- cognifide/securecq
- perficientdigital.com
- infosecinstitute.com
We welcome contributions of all kinds 🎉.
Please read our Contributing guide to learn how to get started, submit changes, and follow our contribution standards.
This project follows a Code of Conduct to ensure a welcoming and respectful community.
By participating, you agree to uphold this standard.
Found a bug or want to request a feature?
Open an issue here: GitHub Issues
Development is possible via an interactive Docker container in VSCode.
-
Build and launch the DevContainer in VSCode.
-
Initiate the Python Virtual Environment via
poetry env activatein the terminal. -
Run test suite via
pytestin the terminal.
This project is licensed under the MIT License.
See the LICENSE file for details.