SpringBoot-Scan
SpringBoot-Scan is a Python-based penetration testing framework targeting Spring Boot applications. It scans for sensitive information leakage endpoints and provides exploitation tools for known Spring Framework vulnerabilities including CVE-2022-22965, CVE-2022-22963, and others.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | AabyssZG/SpringBoot-Scan |
| Owner | AabyssZG |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 2.3k |
| Forks | 177 |
| Open issues | 2 |
| Latest release | 2.7.2 (2025-11-09) |
| Last updated | 2025-11-09 |
| Source | https://github.com/AabyssZG/SpringBoot-Scan |
What SpringBoot-Scan is
Written in Python, SpringBoot-Scan performs endpoint enumeration using built-in dictionaries, supports multiple CVE exploits via pluggable modules, integrates with asset discovery APIs (ZoomEye, Fofa, Hunter), and includes features for HTTP proxy support, custom headers, and batch scanning. The tool offers both CLI and GUI interfaces and supports interactive command execution for RCE vulnerabilities.
Get the SpringBoot-Scan source
Clone the repository and explore it locally.
git clone https://github.com/AabyssZG/SpringBoot-Scan.gitcd SpringBoot-Scan# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Install Python dependencies (pip install -r requirements.txt) and verify Python 3.x; slow pip installs can use Tsinghua mirror.
- Configure HTTP proxy and custom headers via text files if testing behind corporate firewalls or from restricted networks.
- Adjust the global timeout variable (outtime = 10) in core modules (run.py, poc.py, vul.py) if scanning slow or distant targets.
- Review and populate the Dir.txt dictionary; built-in endpoints cover common leakage vectors but may require customization for non-standard Spring Boot layouts.
- Use delay scanning (-uf with user-specified delays) to avoid IP blocks or rate limiting when batch scanning multiple targets.
When to avoid it — and what to weigh
- Unauthorized or Production Testing — Do not use on systems you do not own or have explicit written permission to test. The tool is designed for exploiting real vulnerabilities and could disrupt operations.
- Expecting Passive Reconnaissance — SpringBoot-Scan actively sends HTTP requests and executes exploits; it is not suitable for stealth or evasive assessment scenarios.
- Relying on Outdated Vulnerability Coverage — The tool covers specific published CVEs. If your target runs newer Spring versions or patches, or uses uncommon configurations, detection may fail.
- Legal or Compliance-Sensitive Environments — Ensure your legal and compliance teams approve the tool's use before deploying in regulated industries; exploit code may trigger alerts or compliance violations.
License & commercial use
MIT License: permissive, allows commercial use, modification, and distribution with attribution and inclusion of the license. No patent protection or liability clause.
MIT permits commercial use, but the tool contains exploit code that may violate laws if used on unauthorized systems. Legal review is mandatory before commercializing or bundling this tool. Antivirus software may flag vul.py and GUI executables as malicious due to built-in exploit payloads.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
The tool is designed to *exploit* real vulnerabilities, not merely scan for them. Successful exploitation can lead to remote code execution, arbitrary file access, or data exfiltration on target systems. Use only on systems you own or have explicit legal authorization to test. Output files (error.log, dumpout.txt) may contain sensitive data or exploit artifacts; secure them accordingly. Antivirus and WAF systems may block or quarantine the tool or its outputs. No built-in logging, no egress filtering, and no sandboxing; assume full impact on a vulnerable target.
Alternatives to consider
Burp Suite (with custom extensions)
Commercial, closed-source scanner with broader coverage, professional support, and active vulnerability database updates; suitable for enterprises but lacks Spring-specific exploit automation.
OWASP ZAP
Open-source, community-driven web application scanner; less Spring-specific than SpringBoot-Scan but more general-purpose; no built-in Spring CVE exploits.
Nuclei (with templates)
Lightweight, template-based vulnerability scanner; Spring-related templates exist in the community, offering modularity and ease of contribution, but no interactive command execution for RCE.
Build on SpringBoot-Scan with DEV.co software developers
Devco specializes in custom penetration testing frameworks and security-hardened application development. Contact our team to assess your Spring Boot infrastructure or build a tailored scanning solution.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
SpringBoot-Scan FAQ
Is this tool legal to use?
What if my Spring Boot version is patched?
Can I use this behind a corporate proxy?
Does the tool update its CVE list automatically?
Custom software development services
DEV.co helps companies turn open-source tools like SpringBoot-Scan into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.
Need expert guidance on Spring security testing?
Devco specializes in custom penetration testing frameworks and security-hardened application development. Contact our team to assess your Spring Boot infrastructure or build a tailored scanning solution.