TomcatScanPro

TomcatScanPro

TomcatScanPro is an automated vulnerability scanning tool specifically designed for detecting and exploiting various vulnerabilities within Tomcat servers. Key features include:

Key Features

• CVE-2017-12615 Detection: Effective scanning for a specific vulnerability that allows file uploads.
• AJP Protocol Exploitation: Leverage CNVD-2020-10487 for local file inclusion attacks to extract sensitive files.
• Weak Password Detection: Automate the detection of weak passwords across multiple URLs.
• WAR File Deployment: Deploy WAR files to gain remote shell access after successful exploitation.
• Concurrent URL Scanning: Support for scanning multiple URLs simultaneously, maximizing efficiency.

Benefits

• Efficiency: Utilizes a dynamic thread pool mechanism to optimize resource use and reduce scanning time.
• Detailed Logging: Records success and failure states of exploits, providing detailed logs for each attack attempt.
• Educational Use: The tool is designed for educational and testing purposes, ensuring responsible usage in security assessments.

Highlights

• Simple setup using Python and pip for required packages.
• Configurable options via the config.yaml file for tailored scanning.
• Ensure compliance with local laws—this tool should only be used in authorized scenarios.