Method and system for automatically detecting ActiveMQ known vulnerabilities

The invention relates to a method and a system for automatically detecting ActiveMQ known vulnerabilities. The method comprises the following steps: searching an ActiveMQ server to be detected; sending an HTTP request, judging whether a default management background exists or not, and if not, directly detecting whether a CVE-2016-3088 vulnerability exists or not; if yes, blasting the user name andthe password, and detecting whether a weak password exists or not; detecting whether a CVE-2015-5254 vulnerability exists or not; and detecting whether a CVE-2016-3088 vulnerability exists or not. According to the method, whether the ActiveMQ has the management background weak password, the CVE-2015-5254 vulnerability and the CVE-2016-3088 vulnerability or not can be detected. 本发明涉及一种自动化检测ActiveMQ已知漏洞的方法及系统，包括步骤：查找需要检测的ActiveMQ服务器；发送HTTP请求，判断是否存在默认的管理后台，若否，则直接检测是否存在CVE-2016-3088漏洞；若是，则爆破用户名与密码，检测是否存在弱口令；检测是否存在CVE-2015-5254漏洞；检测是否存在CVE-2016-3088漏洞。本发明能够完成检测ActiveMQ是否存在管理后台弱口令、CVE-2015-5254以及CVE-2016-3088漏洞。