Scarce-Apache2 tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method (Only if the MOD_CGI is Enabled at the targeted webserver). This tool works with the provided Single target or Mass Target from a file list. Only use this tool for Bug Hunting/ Pentesting Purposes.
Installation
- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- bash scarce.sh
or you can install in your system like this
- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- sudo cp scarce.sh /usr/bin/scarce && sudo chmod +x /usr/bin/scarce
- $ scarce
Usage
- Menu’s
- Menu
1is for scanning LFI Vulnerability from a provided file that contains thelist of the target urlor a providedsingle target url. - Menu
2is for scanning RCE Vulnerability from a provided file that contains thelist of the target urlor a providedsingle target url. - Menu
3is for Executing RCE from a providedsingle target url. This will work for theMaybe VulnResults or sometimes with a500 Error Response.
- Menu
- URL Format
- Use
http://likehttp://example.comorhttps://likehttps://example.comfor the url formatting at Single Target usages - For Url or IP that has been provided from a
List, Don’t Use the URL Formatting like eg:- https://target.com
- http://hackerone.com
- https://bugcrowd.com
- Use
- curl
- bash
- git
