There is also another extremely powerful tool, called JexBoss, that is made for JBoss and other cases of technology enumeration and exploitation. It was developed by João F. M. Figueiredo. In this section, we will take a quick look at using JexBoss. The tool can be downloaded and installed at https://github.com/joaomatosf/jexboss.
Once this is all set up, we can run the tool using the following command:
./jexboss.py -u http://<websiteurlhere.com>
Let's use this tool (shown in the following screenshot) to find the vulnerabilities in a JBoss AS instance:
The command used in the preceding screenshot will look for vulnerable Apache Tomcat Struts, servlet deserialization, and Jenkins. The tool will also check for various JBoss vulnerabilities and we will find out whether the server is vulnerable to any of them.