bonfatti81 / CheckMyAEM / 0.6.0

Check your AEM Publish instance configuration.

This service allows you to check your publish instance most common and dangerous vulnerability.
For security reasons we don't provide the vulnerability details through the API and we don't allow scan of not owned websites.
Before you start your scan, you must add the following tag to your site's homepage:<div name="CheckMyAEM" content="allow-scan" style="display:none;"></div>
By adding the DIV tag, you explicitly allow the API to run the following check list:
- Check default passwords
- Check most common entries that allow the attacker to gather juicy information
- Check accessibility of private JCR sections (/home, /var, /apps...)

No details about the vulnerability are retained by this algorithm

The test runs a limited set of checks, a "NO-DETECTED-ISSUES" response doesn't mean that the instance is completely secure.

For further information about this tool or if you need any consulting on AEM instances configuration do not hesitate to contact us  (+1 617 621 3300), or visit

- Coresecure Client Services: 
        Michael Cormio (
Software Engineer - Adobe AEM Solution Architect: 
         Alessandro Bonfatti (