Kali Linux

ApacheTomcatScanner : A Python Script To Scan For Apache Tomcat Server Vulnerabilities

ApacheTomcatScanner is a python script to scan for Apache Tomcat server vulnerabilities.

Features

  • Multithreaded workers to search for Apache tomcat servers.
  • Multiple target source possible:
    • Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets.
    • Reading targets line by line from a file.
    • Reading individual targets (IP/DNS/CIDR) from -tt/--target option.
  • Custom list of ports to test.
  • Tests for /manager/html access and default credentials.
  • List the CVEs of each version with the --list-cves option

Installation

You can now install it from pypi (latest version is ) with this command:

sudo python3 -m pip install apachetomcatscanner

Usage

$ ./ApacheTomcatScanner.py -h
Apache Tomcat Scanner v2.3.2 – by @podalirius_
usage: ApacheTomcatScanner.py [-h] [-v] [–debug] [-C] [-T THREADS] [-s] [–only-http] [–only-https] [–no-check-certificate] [–xlsx XLSX] [–json JSON] [-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [-tf TARGETS_FILE]
[-tt TARGET] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD] [-ah AUTH_HASH]
A python script to scan for Apache Tomcat server vulnerabilities.
optional arguments:
-h, –help show this help message and exit
-v, –verbose Verbose mode. (default: False)
–debug Debug mode, for huge verbosity. (default: False)
-C, –list-cves List CVE ids affecting each version found. (default: False)
-T THREADS, –threads THREADS
Number of threads (default: 5)
-s, –servers-only If querying ActiveDirectory, only get servers and not all computer objects. (default: False)
–only-http Scan only with HTTP scheme. (default: False, scanning with both HTTP and HTTPs)
–only-https Scan only with HTTPs scheme. (default: False, scanning with both HTTP and HTTPs)
–no-check-certificate
Do not check certificate. (default: False)
–xlsx XLSX Export results to XLSX
–json JSON Export results to JSON
-PI PROXY_IP, –proxy-ip PROXY_IP
Proxy IP.
-PP PROXY_PORT, –proxy-port PROXY_PORT
Proxy port
-rt REQUEST_TIMEOUT, –request-timeout REQUEST_TIMEOUT
-tf TARGETS_FILE, –targets-file TARGETS_FILE
Path to file containing a line by line list of targets.
-tt TARGET, –target TARGET
Target IP, FQDN or CIDR
-tp TARGET_PORTS, –target-ports TARGET_PORTS
Target ports to scan top search for Apache Tomcat servers.
-ad AUTH_DOMAIN, –auth-domain AUTH_DOMAIN
Windows domain to authenticate to.
-ai AUTH_DC_IP, –auth-dc-ip AUTH_DC_IP
IP of the domain controller.
-au AUTH_USER, –auth-user AUTH_USER
Username of the domain account.
-ap AUTH_PASSWORD, –auth-password AUTH_PASSWORD
Password of the domain account.
-ah AUTH_HASH, –auth-hash AUTH_HASH
LM:NT hashes to pass the hash for this user.

Example

You can also list the CVEs of each version with the --list-cves option:

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

18 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

19 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago