No project description provided

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Podalirius from gravatar.com Podalirius

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v2 (GPLv2) (GPL2)

Author: Podalirius

Requires: Python >=3.6

Classifiers

Project description

A python script to scan for Apache Tomcat server vulnerabilities.
PyPI GitHub release (latest by date) Python pip build YouTube Channel Subscribers

Features

  • Multithreaded workers to search for Apache tomcat servers.
  • Multiple target source possible:
    • Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets.
    • Reading targets line by line from a file.
    • Reading individual targets (IP/DNS/CIDR) from -tt/--target option.
  • Custom list of ports to test.
  • Tests for /manager/html access and default credentials.
  • List the CVEs of each version with the --list-cves option

Installation

You can now install it from pypi (latest version is PyPI) with this command:

sudo python3 -m pip install apachetomcatscanner

Usage

$ ./ApacheTomcatScanner.py -h
Apache Tomcat Scanner v2.1 - by @podalirius_

usage: ApacheTomcatScanner.py [-h] [-v] [-C] [-T THREADS] [-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [-tf TARGETS_FILE] [-tt TARGET] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD]
                              [-ah AUTH_HASH]

A python script to scan for Apache Tomcat server vulnerabilities.

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Verbose mode. (default: False)
  -C, --list-cves       List CVE ids affecting each version found. (default: False)
  -T THREADS, --threads THREADS
                        Number of threads (default: 5)

  -PI PROXY_IP, --proxy-ip PROXY_IP
                        Proxy IP.
  -PP PROXY_PORT, --proxy-port PROXY_PORT
                        Proxy port
  -rt REQUEST_TIMEOUT, --request-timeout REQUEST_TIMEOUT

  -tf TARGETS_FILE, --targets-file TARGETS_FILE
  -tt TARGET, --target TARGET
                        Target IP, FQDN or CIDR
  -tp TARGET_PORTS, --target-ports TARGET_PORTS
                        Target ports to scan top search for Apache Tomcat servers.
  -ad AUTH_DOMAIN, --auth-domain AUTH_DOMAIN
  -ai AUTH_DC_IP, --auth-dc-ip AUTH_DC_IP
  -au AUTH_USER, --auth-user AUTH_USER
  -ap AUTH_PASSWORD, --auth-password AUTH_PASSWORD
  -ah AUTH_HASH, --auth-hash AUTH_HASH

Example

You can also list the CVEs of each version with the --list-cves option:

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Podalirius from gravatar.com Podalirius

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v2 (GPLv2) (GPL2)

Author: Podalirius

Requires: Python >=3.6

Classifiers

Release history Release notifications | RSS feed

3.7.2

3.7.1

3.7

3.6.1

3.6

3.5

3.4

3.3

3.2

3.0

2.3.5

2.3.4

2.3.3

This version

2.3.2

2.3.1

2.2

2.0

1.3

1.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apachetomcatscanner-2.3.2.tar.gz (580.1 kB view hashes)

Uploaded Source

Built Distribution

apachetomcatscanner-2.3.2-py3-none-any.whl (296.8 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page