Skip to content

Fingerprint the Adobe Experience Manager CMS framework#1003

Open
thomashartm wants to merge 3 commits intoArachni:experimentalfrom
thomashartm:fingerprint-adobe-aem-framework
Open

Fingerprint the Adobe Experience Manager CMS framework#1003
thomashartm wants to merge 3 commits intoArachni:experimentalfrom
thomashartm:fingerprint-adobe-aem-framework

Conversation

@thomashartm
Copy link
Copy Markdown

This pull requests adds a fingerprinter to identify the Adobe Experience Manager (AEM) which is a java and OSGi based content management framework and platform.
AEM driven web sites can be identified by very specific paths referenced from within the HTML source or includes scripts e.g.

  • /etc/design as a primary location of CSS and JS resources
  • The term granite e.g. in the path /libs/granite/token.json which stands for an Adobe internal UI framework
  • /etc.clientlibs which is the a proxy erefrencing so called CSS and JS clientlibraries
  • jcr_content which maps to a subnode of the current page inside AEM's cotent repository

AEM is pretty common among fortune 500 companies and can be pretty challenging to secure if not done right.

Thomas Hartmann added 3 commits August 4, 2018 13:20
…dobe Experience Manager (AEM), which is java based content management framework commonly used in big enterprises. Checks wether certain specific paths can be identified or a servlet engine specific response header value is set.
…to the URL can beused to identify the website as an AEM driven project
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant