TomcatScanPro
TomcatScanPro is an automated vulnerability scanning tool specifically designed for detecting and exploiting various vulnerabilities within Tomcat servers. Key features include:
Key Features
- CVE-2017-12615 Detection: Effective scanning for a specific vulnerability that allows file uploads.
- AJP Protocol Exploitation: Leverage CNVD-2020-10487 for local file inclusion attacks to extract sensitive files.
- Weak Password Detection: Automate the detection of weak passwords across multiple URLs.
- WAR File Deployment: Deploy WAR files to gain remote shell access after successful exploitation.
- Concurrent URL Scanning: Support for scanning multiple URLs simultaneously, maximizing efficiency.
Benefits
- Efficiency: Utilizes a dynamic thread pool mechanism to optimize resource use and reduce scanning time.
- Detailed Logging: Records success and failure states of exploits, providing detailed logs for each attack attempt.
- Educational Use: The tool is designed for educational and testing purposes, ensuring responsible usage in security assessments.
Highlights
- Simple setup using Python and pip for required packages.
- Configurable options via the
config.yamlfile for tailored scanning. - Ensure compliance with local laws—this tool should only be used in authorized scenarios.