No project description provided
Project description
A python script to scan for Apache Tomcat server vulnerabilities.
Features
- Multithreaded workers to search for Apache tomcat servers.
- Multiple target sources accepted:
- Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets.
- Reading targets line by line from a file.
- Reading individual targets (IP/DNS/CIDR) from
-tt/--targetoption. - Reading individual targets URLs from
-tu/--target-urloption.
- Custom list of ports to test.
- Tests for
/manager/htmlaccessibility. - Tests for default credentials to access the Tomcat Manager.
- List the CVEs of each version with the
--list-cvesoption, print detailed CVEs descriptions with--show-cves-descriptions
Installation
You can now install it from PyPI (latest version is
sudo python3 -m pip install apachetomcatscanner
Usage
$ ./ApacheTomcatScanner.py -h
Apache Tomcat Scanner v3.4 - by @podalirius_
usage: ApacheTomcatScanner.py [-h] [-v] [--debug] [-C] [--show-cves-descriptions] [-T THREADS] [-s] [--no-colors] [--only-http] [--only-https] [--export-xlsx EXPORT_XLSX] [--export-json EXPORT_JSON] [--export-sqlite EXPORT_SQLITE]
[-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [--tomcat-username TOMCAT_USERNAME] [--tomcat-usernames-file TOMCAT_USERNAMES_FILE] [--tomcat-password TOMCAT_PASSWORD]
[--tomcat-passwords-file TOMCAT_PASSWORDS_FILE] [-tf TARGETS_FILE] [-tt TARGET] [-tu TARGET_URL] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD]
[-ah AUTH_HASHES] [--ldaps] [--subnets]
A python script to scan for Apache Tomcat server vulnerabilities.
options:
-h, --help show this help message and exit
-v, --verbose Verbose mode. (default: False)
--debug Debug mode, for huge verbosity. (default: False)
-C, --list-cves List CVE ids affecting each version found. (default: False)
--show-cves-descriptions
Show description of found CVEs. (default: False)
-T THREADS, --threads THREADS
Number of threads (default: 250)
-s, --servers-only If querying ActiveDirectory, only get servers and not all computer objects. (default: False)
--no-colors Disable colored output. (default: False)
--only-http Scan only with HTTP scheme. (default: False, scanning with both HTTP and HTTPs)
--only-https Scan only with HTTPs scheme. (default: False, scanning with both HTTP and HTTPs)
Export results:
--export-xlsx EXPORT_XLSX
Output XLSX file to store the results in.
--export-json EXPORT_JSON
Output JSON file to store the results in.
--export-sqlite EXPORT_SQLITE
Output SQLITE3 file to store the results in.
Advanced configuration:
-PI PROXY_IP, --proxy-ip PROXY_IP
Proxy IP.
-PP PROXY_PORT, --proxy-port PROXY_PORT
Proxy port
-rt REQUEST_TIMEOUT, --request-timeout REQUEST_TIMEOUT
Set the timeout of HTTP requests.
--tomcat-username TOMCAT_USERNAME
Single tomcat username to test for login.
--tomcat-usernames-file TOMCAT_USERNAMES_FILE
File containing a list of tomcat usernames to test for login
--tomcat-password TOMCAT_PASSWORD
Single tomcat password to test for login.
--tomcat-passwords-file TOMCAT_PASSWORDS_FILE
File containing a list of tomcat passwords to test for login
Targets:
-tf TARGETS_FILE, --targets-file TARGETS_FILE
Path to file containing a line by line list of targets.
-tt TARGET, --target TARGET
Target IP, FQDN or CIDR.
-tu TARGET_URL, --target-url TARGET_URL
Target URL to the tomcat manager.
-tp TARGET_PORTS, --target-ports TARGET_PORTS
Target ports to scan top search for Apache Tomcat servers.
-ad AUTH_DOMAIN, --auth-domain AUTH_DOMAIN
Windows domain to authenticate to.
-ai AUTH_DC_IP, --auth-dc-ip AUTH_DC_IP
IP of the domain controller.
-au AUTH_USER, --auth-user AUTH_USER
Username of the domain account.
-ap AUTH_PASSWORD, --auth-password AUTH_PASSWORD
Password of the domain account.
-ah AUTH_HASHES, --auth-hashes AUTH_HASHES
LM:NT hashes to pass the hash for this user.
--ldaps Use LDAPS (default: False)
--subnets Get all subnets from the domain and use them as targets (default: False)
Example
You can also list the CVEs of each version with the --list-cves option:
Contributing
Pull requests are welcome. Feel free to open an issue if you want to add other features.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
File details
Details for the file apachetomcatscanner-3.7.2-py3-none-any.whl.
File metadata
- Download URL: apachetomcatscanner-3.7.2-py3-none-any.whl
- Upload date:
- Size: 322.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 84c03400d5dfd9aefb42a53bfe2b60266e118adc459c23f1ee8298415331717c |
|
| MD5 | 62b8531215d3a432db4346f561e4a0b7 |
|
| BLAKE2b-256 | a8e82432b2fca02c211d9e9039828a3cfd62cb3c7d0e1c82cbdc913658da823e |
