<p align="center">
A python script to scan for Apache Tomcat server vulnerabilities.
<br>
<img alt="PyPI" src="https://img.shields.io/pypi/v/apachetomcatscanner">
<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/p0dalirius/ApacheTomcatScanner">
<img alt="Python pip build" src="https://github.com/p0dalirius/ApacheTomcatScanner/actions/workflows/python-pip-build.yml/badge.svg">
<a href="https://twitter.com/intent/follow?screen_name=podalirius_" title="Follow"><img src="https://img.shields.io/twitter/follow/podalirius_?label=Podalirius&style=social"></a>
<a href="https://www.youtube.com/c/Podalirius_?sub_confirmation=1" title="Subscribe"><img alt="YouTube Channel Subscribers" src="https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social"></a>
<br>
</p>
## Features
- [x] Multithreaded workers to search for Apache tomcat servers.
- [x] Multiple target sources accepted:
+ [x] Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets.
+ [x] Reading targets line by line from a file.
+ [x] Reading individual targets (IP/DNS/CIDR) from `-tt/--target` option.
+ [x] Reading individual targets URLs from `-tu/--target-url` option.
- [x] Custom list of ports to test.
- [x] Tests for `/manager/html` accessibility.
- [x] Tests for default credentials to access the Tomcat Manager.
- [x] List the CVEs of each version with the `--list-cves` option, print detailed CVEs descriptions with `--show-cves-descriptions`
## Installation
You can now install it from PyPI (latest version is <img alt="PyPI" src="https://img.shields.io/pypi/v/apachetomcatscanner">) with this command:
```
sudo python3 -m pip install apachetomcatscanner
```
## Usage
```
$ ./ApacheTomcatScanner.py -h
Apache Tomcat Scanner v3.4 - by @podalirius_
usage: ApacheTomcatScanner.py [-h] [-v] [--debug] [-C] [--show-cves-descriptions] [-T THREADS] [-s] [--no-colors] [--only-http] [--only-https] [--export-xlsx EXPORT_XLSX] [--export-json EXPORT_JSON] [--export-sqlite EXPORT_SQLITE]
[-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [--tomcat-username TOMCAT_USERNAME] [--tomcat-usernames-file TOMCAT_USERNAMES_FILE] [--tomcat-password TOMCAT_PASSWORD]
[--tomcat-passwords-file TOMCAT_PASSWORDS_FILE] [-tf TARGETS_FILE] [-tt TARGET] [-tu TARGET_URL] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD]
[-ah AUTH_HASHES] [--ldaps] [--subnets]
A python script to scan for Apache Tomcat server vulnerabilities.
options:
-h, --help show this help message and exit
-v, --verbose Verbose mode. (default: False)
--debug Debug mode, for huge verbosity. (default: False)
-C, --list-cves List CVE ids affecting each version found. (default: False)
--show-cves-descriptions
Show description of found CVEs. (default: False)
-T THREADS, --threads THREADS
Number of threads (default: 250)
-s, --servers-only If querying ActiveDirectory, only get servers and not all computer objects. (default: False)
--no-colors Disable colored output. (default: False)
--only-http Scan only with HTTP scheme. (default: False, scanning with both HTTP and HTTPs)
--only-https Scan only with HTTPs scheme. (default: False, scanning with both HTTP and HTTPs)
Export results:
--export-xlsx EXPORT_XLSX
Output XLSX file to store the results in.
--export-json EXPORT_JSON
Output JSON file to store the results in.
--export-sqlite EXPORT_SQLITE
Output SQLITE3 file to store the results in.
Advanced configuration:
-PI PROXY_IP, --proxy-ip PROXY_IP
Proxy IP.
-PP PROXY_PORT, --proxy-port PROXY_PORT
Proxy port
-rt REQUEST_TIMEOUT, --request-timeout REQUEST_TIMEOUT
Set the timeout of HTTP requests.
--tomcat-username TOMCAT_USERNAME
Single tomcat username to test for login.
--tomcat-usernames-file TOMCAT_USERNAMES_FILE
File containing a list of tomcat usernames to test for login
--tomcat-password TOMCAT_PASSWORD
Single tomcat password to test for login.
--tomcat-passwords-file TOMCAT_PASSWORDS_FILE
File containing a list of tomcat passwords to test for login
Targets:
-tf TARGETS_FILE, --targets-file TARGETS_FILE
Path to file containing a line by line list of targets.
-tt TARGET, --target TARGET
Target IP, FQDN or CIDR.
-tu TARGET_URL, --target-url TARGET_URL
Target URL to the tomcat manager.
-tp TARGET_PORTS, --target-ports TARGET_PORTS
Target ports to scan top search for Apache Tomcat servers.
-ad AUTH_DOMAIN, --auth-domain AUTH_DOMAIN
Windows domain to authenticate to.
-ai AUTH_DC_IP, --auth-dc-ip AUTH_DC_IP
IP of the domain controller.
-au AUTH_USER, --auth-user AUTH_USER
Username of the domain account.
-ap AUTH_PASSWORD, --auth-password AUTH_PASSWORD
Password of the domain account.
-ah AUTH_HASHES, --auth-hashes AUTH_HASHES
LM:NT hashes to pass the hash for this user.
--ldaps Use LDAPS (default: False)
--subnets Get all subnets from the domain and use them as targets (default: False)
```
## Example
You can also list the CVEs of each version with the `--list-cves` option:
## Contributing
Pull requests are welcome. Feel free to open an issue if you want to add other features.
Raw data
{
"_id": null,
"home_page": "https://github.com/p0dalirius/ApacheTomcatScanner",
"name": "apachetomcatscanner",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "",
"author": "Podalirius",
"author_email": "podalirius@protonmail.com",
"download_url": "",
"platform": null,
"description": "\n\n<p align=\"center\">\n A python script to scan for Apache Tomcat server vulnerabilities.\n <br>\n <img alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/apachetomcatscanner\">\n <img alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/p0dalirius/ApacheTomcatScanner\">\n <img alt=\"Python pip build\" src=\"https://github.com/p0dalirius/ApacheTomcatScanner/actions/workflows/python-pip-build.yml/badge.svg\">\n <a href=\"https://twitter.com/intent/follow?screen_name=podalirius_\" title=\"Follow\"><img src=\"https://img.shields.io/twitter/follow/podalirius_?label=Podalirius&style=social\"></a>\n <a href=\"https://www.youtube.com/c/Podalirius_?sub_confirmation=1\" title=\"Subscribe\"><img alt=\"YouTube Channel Subscribers\" src=\"https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social\"></a>\n <br>\n</p>\n\n## Features\n\n - [x] Multithreaded workers to search for Apache tomcat servers.\n - [x] Multiple target sources accepted:\n + [x] Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets.\n + [x] Reading targets line by line from a file.\n + [x] Reading individual targets (IP/DNS/CIDR) from `-tt/--target` option. \n + [x] Reading individual targets URLs from `-tu/--target-url` option. \n - [x] Custom list of ports to test.\n - [x] Tests for `/manager/html` accessibility.\n - [x] Tests for default credentials to access the Tomcat Manager.\n - [x] List the CVEs of each version with the `--list-cves` option, print detailed CVEs descriptions with `--show-cves-descriptions`\n\n\n## Installation\n\nYou can now install it from PyPI (latest version is <img alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/apachetomcatscanner\">) with this command:\n\n```\nsudo python3 -m pip install apachetomcatscanner\n```\n\n## Usage\n\n```\n$ ./ApacheTomcatScanner.py -h\nApache Tomcat Scanner v3.4 - by @podalirius_\n\nusage: ApacheTomcatScanner.py [-h] [-v] [--debug] [-C] [--show-cves-descriptions] [-T THREADS] [-s] [--no-colors] [--only-http] [--only-https] [--export-xlsx EXPORT_XLSX] [--export-json EXPORT_JSON] [--export-sqlite EXPORT_SQLITE]\n [-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [--tomcat-username TOMCAT_USERNAME] [--tomcat-usernames-file TOMCAT_USERNAMES_FILE] [--tomcat-password TOMCAT_PASSWORD]\n [--tomcat-passwords-file TOMCAT_PASSWORDS_FILE] [-tf TARGETS_FILE] [-tt TARGET] [-tu TARGET_URL] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD]\n [-ah AUTH_HASHES] [--ldaps] [--subnets]\n\nA python script to scan for Apache Tomcat server vulnerabilities.\n\noptions:\n -h, --help show this help message and exit\n -v, --verbose Verbose mode. (default: False)\n --debug Debug mode, for huge verbosity. (default: False)\n -C, --list-cves List CVE ids affecting each version found. (default: False)\n --show-cves-descriptions\n Show description of found CVEs. (default: False)\n -T THREADS, --threads THREADS\n Number of threads (default: 250)\n -s, --servers-only If querying ActiveDirectory, only get servers and not all computer objects. (default: False)\n --no-colors Disable colored output. (default: False)\n --only-http Scan only with HTTP scheme. (default: False, scanning with both HTTP and HTTPs)\n --only-https Scan only with HTTPs scheme. (default: False, scanning with both HTTP and HTTPs)\n\nExport results:\n --export-xlsx EXPORT_XLSX\n Output XLSX file to store the results in.\n --export-json EXPORT_JSON\n Output JSON file to store the results in.\n --export-sqlite EXPORT_SQLITE\n Output SQLITE3 file to store the results in.\n\nAdvanced configuration:\n -PI PROXY_IP, --proxy-ip PROXY_IP\n Proxy IP.\n -PP PROXY_PORT, --proxy-port PROXY_PORT\n Proxy port\n -rt REQUEST_TIMEOUT, --request-timeout REQUEST_TIMEOUT\n Set the timeout of HTTP requests.\n --tomcat-username TOMCAT_USERNAME\n Single tomcat username to test for login.\n --tomcat-usernames-file TOMCAT_USERNAMES_FILE\n File containing a list of tomcat usernames to test for login\n --tomcat-password TOMCAT_PASSWORD\n Single tomcat password to test for login.\n --tomcat-passwords-file TOMCAT_PASSWORDS_FILE\n File containing a list of tomcat passwords to test for login\n\nTargets:\n -tf TARGETS_FILE, --targets-file TARGETS_FILE\n Path to file containing a line by line list of targets.\n -tt TARGET, --target TARGET\n Target IP, FQDN or CIDR.\n -tu TARGET_URL, --target-url TARGET_URL\n Target URL to the tomcat manager.\n -tp TARGET_PORTS, --target-ports TARGET_PORTS\n Target ports to scan top search for Apache Tomcat servers.\n -ad AUTH_DOMAIN, --auth-domain AUTH_DOMAIN\n Windows domain to authenticate to.\n -ai AUTH_DC_IP, --auth-dc-ip AUTH_DC_IP\n IP of the domain controller.\n -au AUTH_USER, --auth-user AUTH_USER\n Username of the domain account.\n -ap AUTH_PASSWORD, --auth-password AUTH_PASSWORD\n Password of the domain account.\n -ah AUTH_HASHES, --auth-hashes AUTH_HASHES\n LM:NT hashes to pass the hash for this user.\n --ldaps Use LDAPS (default: False)\n --subnets Get all subnets from the domain and use them as targets (default: False)\n```\n\n## Example\n\n\n\nYou can also list the CVEs of each version with the `--list-cves` option:\n\n\n\n## Contributing\n\nPull requests are welcome. Feel free to open an issue if you want to add other features.\n",
"bugtrack_url": null,
"license": "GPL2",
"summary": "",
"version": "3.7.2",
"project_urls": {
"Homepage": "https://github.com/p0dalirius/ApacheTomcatScanner",
"repository": "https://github.com/p0dalirius/ApacheTomcatScanner"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a8e82432b2fca02c211d9e9039828a3cfd62cb3c7d0e1c82cbdc913658da823e",
"md5": "62b8531215d3a432db4346f561e4a0b7",
"sha256": "84c03400d5dfd9aefb42a53bfe2b60266e118adc459c23f1ee8298415331717c"
},
"downloads": -1,
"filename": "apachetomcatscanner-3.7.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "62b8531215d3a432db4346f561e4a0b7",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 322823,
"upload_time": "2023-12-13T19:51:10",
"upload_time_iso_8601": "2023-12-13T19:51:10.912906Z",
"url": "https://files.pythonhosted.org/packages/a8/e8/2432b2fca02c211d9e9039828a3cfd62cb3c7d0e1c82cbdc913658da823e/apachetomcatscanner-3.7.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-12-13 19:51:10",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "p0dalirius",
"github_project": "ApacheTomcatScanner",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "apachetomcatscanner"
}
JSON
