A python script to scan for Apache Tomcat server vulnerabilities.
Options
- Multithreaded employees to seek for Apache tomcat servers.
- A number of goal supply potential:
- Retrieving listing of computer systems from a Home windows area via an LDAP question to make use of them as an inventory of targets.
- Studying targets line by line from a file.
- Studying particular person targets (IP/DNS/CIDR) from
-tt/--target
possibility.
- Customized listing of ports to check.
- Checks for
/supervisor/html
entry and default credentials. - Checklist the CVEs of every model with the
--list-cves
possibility
Set up
Now you can set up it from pypi with this command:
sudo python3 -m pip set up apachetomcatscanner
Utilization
$ ./ApacheTomcatScanner.py -h
Apache Tomcat Scanner v2.3.2 - by @podalirius_utilization: ApacheTomcatScanner.py [-h] [-v] [--debug] [-C] [-T THREADS] [-s] [--only-http] [--only-https] [--no-check-certificate] [--xlsx XLSX] [--json JSON] [-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [-tf TARGETS_FILE]
[-tt TARGET] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD] [-ah AUTH_HASH]
A python script to scan for Apache Tomcat server vulnerabilities.
non-obligatory arguments:
-h, --help present this assist message and exit
-v, --verbose Verbose mode. (default: False)
--debug Debug mode, for large verbosity. (default: False)
-C, --list-cves Checklist CVE ids affecting every model discovered. (default: False)
-T THREADS, --threads THREADS
Variety of threads (default: 5)
-s, --servers-only If querying ActiveDirectory, solely get servers and never all pc objects. (default: False)
--only-http Scan solely with HTTP scheme. (default: False, scanning with each HTTP and HTTPs)
--only-https Scan solely with HTTPs scheme. (default: False, scanning with each HTTP and HTTPs)
--no-check-certificate
Don't verify certificates. (default: False)
--xlsx XLSX Export outcomes to XLSX
--json JSON Export outcomes to JSON
-PI PROXY_IP, --proxy-ip PROXY_IP
Proxy IP.
-PP PROXY_PORT, --proxy-port PROXY_PORT
Proxy port
-rt REQUEST_TIMEOUT, --request-timeout REQUEST_TIMEOUT
-tf TARGETS_FILE, --targets-file TARGETS_FILE
Path to file containing a line by line listing of targets.
-tt TARGET, --target TARGET
Goal IP, FQDN or CIDR
-tp TARGET_PORTS, --target-ports TARGET_PORTS
Goal ports to scan prime seek for Apache Tomcat servers.
-ad AUTH_DOMAIN, --auth-domain AUTH_DOMAIN
Home windows area to authenticate to.
-ai AUTH_DC_IP, --auth-dc-ip AUTH_DC_IP
IP of the area controller.
-au AUTH_USER, --auth-user AUTH_USER
Username of the area account.
-ap AUTH_PASSWORD, --auth-password AUTH_PASSWORD
Password of the area account.
-ah AUTH_HASH, --auth-hash AUTH_HASH
LM:NT hashes to cross the hash for this consumer.
Instance
Â
You may also listing the CVEs of every model with the --list-cves
possibility:
Contributing
Pull requests are welcome. Be happy to open a difficulty if you wish to add different options.