This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method (Only if the MOD_CGI is Enabled at the targeted webserver). This tool works with the provided Single target or Mass Target from a file list. Only use this tool for Bug Hunting/ Pentesting Purposes.
- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- bash scarce.sh
or you can install in your system like this
- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- sudo cp scarce.sh /usr/bin/scarce && sudo chmod +x /usr/bin/scarce
- $ scarce
Usage
- Menu's
- Menu
1is for scanning LFI Vulnerability from a provided file that contains thelist of the target urlor a providedsingle target url. - Menu
2is for scanning RCE Vulnerability from a provided file that contains thelist of the target urlor a providedsingle target url. - Menu
3is for Executing RCE from a providedsingle target url. This will work for theMaybe VulnResults or sometimes with a500 Error Response.
- Menu
- URL Format
- Use
http://likehttp://example.comorhttps://likehttps://example.comfor the url formatting at Single Target usages - For Url or IP that has been provided from a
List, Don't Use the URL Formatting like eg:
- Use
Requirements
- curl
- bash
- git
Credits
Thanks to:
- CVE-2021-41773 Reproduced by @ptswarm
- Executing RCE in CVE-2021-41773 by @hackerfantastic
- Removing 5xx Error when Running RCE by @lukejahnke
from KitPloit - PenTest & Hacking Tools https://ift.tt/3EsKp3B
via hacking
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon