Kali Linux

ApacheTomcatScanner : A Python Script To Scan For Apache Tomcat Server Vulnerabilities

ApacheTomcatScanner is a python script to scan for Apache Tomcat server vulnerabilities.

Features

  • Multithreaded workers to search for Apache tomcat servers.
  • Multiple target source possible:
    • Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets.
    • Reading targets line by line from a file.
    • Reading individual targets (IP/DNS/CIDR) from -tt/--target option.
  • Custom list of ports to test.
  • Tests for /manager/html access and default credentials.
  • List the CVEs of each version with the --list-cves option

Installation

You can now install it from pypi (latest version is ) with this command:

sudo python3 -m pip install apachetomcatscanner

Usage

$ ./ApacheTomcatScanner.py -h
Apache Tomcat Scanner v2.3.2 – by @podalirius_
usage: ApacheTomcatScanner.py [-h] [-v] [–debug] [-C] [-T THREADS] [-s] [–only-http] [–only-https] [–no-check-certificate] [–xlsx XLSX] [–json JSON] [-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [-tf TARGETS_FILE]
[-tt TARGET] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD] [-ah AUTH_HASH]
A python script to scan for Apache Tomcat server vulnerabilities.
optional arguments:
-h, –help show this help message and exit
-v, –verbose Verbose mode. (default: False)
–debug Debug mode, for huge verbosity. (default: False)
-C, –list-cves List CVE ids affecting each version found. (default: False)
-T THREADS, –threads THREADS
Number of threads (default: 5)
-s, –servers-only If querying ActiveDirectory, only get servers and not all computer objects. (default: False)
–only-http Scan only with HTTP scheme. (default: False, scanning with both HTTP and HTTPs)
–only-https Scan only with HTTPs scheme. (default: False, scanning with both HTTP and HTTPs)
–no-check-certificate
Do not check certificate. (default: False)
–xlsx XLSX Export results to XLSX
–json JSON Export results to JSON
-PI PROXY_IP, –proxy-ip PROXY_IP
Proxy IP.
-PP PROXY_PORT, –proxy-port PROXY_PORT
Proxy port
-rt REQUEST_TIMEOUT, –request-timeout REQUEST_TIMEOUT
-tf TARGETS_FILE, –targets-file TARGETS_FILE
Path to file containing a line by line list of targets.
-tt TARGET, –target TARGET
Target IP, FQDN or CIDR
-tp TARGET_PORTS, –target-ports TARGET_PORTS
Target ports to scan top search for Apache Tomcat servers.
-ad AUTH_DOMAIN, –auth-domain AUTH_DOMAIN
Windows domain to authenticate to.
-ai AUTH_DC_IP, –auth-dc-ip AUTH_DC_IP
IP of the domain controller.
-au AUTH_USER, –auth-user AUTH_USER
Username of the domain account.
-ap AUTH_PASSWORD, –auth-password AUTH_PASSWORD
Password of the domain account.
-ah AUTH_HASH, –auth-hash AUTH_HASH
LM:NT hashes to pass the hash for this user.

Example

You can also list the CVEs of each version with the --list-cves option:

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago