Skip to content

A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public

License

Notifications You must be signed in to change notification settings

HightechSec/scarce-apache2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

ScaRCE Framework - CVE-2021-41773 Hunter

License Build Build GitHub code size in bytes GitHub repo size GitHub last commit GitHub stars GitHub pull requests GitHub forks GitHub issues GitHub watchers

This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method (Only if the MOD_CGI is Enabled at the targeted webserver). This tool works with the provided Single target or Mass Target from a file list. Only use this tool for Bug Hunting/ Pentesting Purposes.

Installation

- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- bash scarce.sh

or you can install in your system like this

- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- sudo cp scarce.sh /usr/bin/scarce && sudo chmod +x /usr/bin/scarce
- $ scarce

Usage

  • Menu's
    • Menu 1 is for scanning LFI Vulnerability from a provided file that contains the list of the target url or a provided single target url.
    • Menu 2 is for scanning RCE Vulnerability from a provided file that contains the list of the target url or a provided single target url.
    • Menu 3 is for Executing RCE from a provided single target url. This will work for the Maybe Vuln Results or sometimes with a 500 Error Response.
  • URL Format

Requirements

  • curl
  • bash
  • git

Credits

Thanks to:

About

A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages