https://raz0r.name/releases/adobe-experience-manager-vulnerability-scanner/
- Default credentials bruteforce
- Info leak via default error page
- WebDav support check (WebDav OSGI XXE CVE-2015-1833)
- Version detection
- Useful paths scanner
$ python setup.py install
$ aemscan <url>
- CVE-2016-0956 "Apache Sling Framework 2.3.6 Information Disclosure"
- CVE-2018-5006, CVE-2018-12809 "Adobe Experience Manager Server-Side Request Forgery"