Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public

#433
Topic created · 1 Posts · 0 Views

  • This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method (Only if the MOD_CGI is Enabled at the targeted webserver). This tool works with the provided Single target or Mass Target from a file list. Only use this tool for Bug Hunting/ Pentesting Purposes.



    Installation

    - git clone https://github.com/HightechSec/scarce-apache2  
    - cd scarce-apache2  
    - bash scarce.sh  
    

    or you can install in your system like this

    - git clone https://github.com/HightechSec/scarce-apache2  
    - cd scarce-apache2  
    - sudo cp scarce.sh /usr/bin/scarce && sudo chmod +x /usr/bin/scarce  
    - $ scarce  
    

    Usage

    • Menu's
    • Menu 1 is for scanning LFI Vulnerability from a provided file that contains the list of the target url or a provided single target url.
    • Menu 2 is for scanning RCE Vulnerability from a provided file that contains the list of the target url or a provided single target url.
    • Menu 3 is for Executing RCE from a provided single target url. This will work for the Maybe Vuln Results or sometimes with a 500 Error Response.
    • URL Format
    • Use http:// like http://example.com or https:// like https://example.com for the url formatting at Single Target usages
    • For Url or IP that has been provided from a List, Don't Use the URL Formatting like eg:
Log in to reply