{"id":13846042,"url":"https://github.com/HightechSec/scarce-apache2","last_synced_at":"2025-07-12T03:33:42.292Z","repository":{"id":201605397,"uuid":"414425270","full_name":"HightechSec/scarce-apache2","owner":"HightechSec","description":"A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public ","archived":false,"fork":false,"pushed_at":"2021-10-07T08:25:26.000Z","size":502,"stargazers_count":62,"open_issues_count":1,"forks_count":18,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-08-05T17:45:34.337Z","etag":null,"topics":["bash-script","bug-hunting","cve-2021-41773","hacktoberfest","pentesting"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HightechSec.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2021-10-07T01:31:13.000Z","updated_at":"2024-07-29T11:14:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"d5bf0cf8-41d4-407f-8bd1-4f45b47cbcf7","html_url":"https://github.com/HightechSec/scarce-apache2","commit_stats":null,"previous_names":["hightechsec/scarce-apache2"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HightechSec%2Fscarce-apache2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HightechSec%2Fscarce-apache2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HightechSec%2Fscarce-apache2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HightechSec%2Fscarce-apache2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HightechSec","download_url":"https://codeload.github.com/HightechSec/scarce-apache2/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225791521,"owners_count":17524799,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash-script","bug-hunting","cve-2021-41773","hacktoberfest","pentesting"],"created_at":"2024-08-04T17:04:18.412Z","updated_at":"2024-11-21T19:31:05.108Z","avatar_url":"https://github.com/HightechSec.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"\n# ScaRCE Framework - CVE-2021-41773 Hunter\n[![License](https://img.shields.io/badge/license-MIT-red.svg?style=flat)](https://github.com/HightechSec/scarce-apache2/blob/master/LICENSE.md)\n![Build](https://img.shields.io/badge/Supported_OS-Linux-yellow.svg?style=flat)\n![Build](https://img.shields.io/badge/Supported_WSL-Windows-blue.svg?style=flat)\n![GitHub code size in bytes](https://img.shields.io/github/languages/code-size/HightechSec/scarce-apache2)\n![GitHub repo size](https://img.shields.io/github/repo-size/HightechSec/scarce-apache2)\n![GitHub last commit](https://img.shields.io/github/last-commit/HightechSec/scarce-apache2)\n![GitHub stars](https://img.shields.io/github/stars/HightechSec/scarce-apache2)\n![GitHub pull requests](https://img.shields.io/github/issues-pr/HightechSec/scarce-apache2)\n![GitHub forks](https://img.shields.io/github/forks/HightechSec/scarce-apache2)\n![GitHub issues](https://img.shields.io/github/issues/HightechSec/scarce-apache2)\n![GitHub watchers](https://img.shields.io/github/watchers/HightechSec/scarce-apache2)\n\nThis tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method (Only if the **MOD_CGI** is Enabled at the targeted webserver). This tool works with the provided Single target or Mass Target from a file list. Only use this tool for `Bug Hunting`/ `Pentesting Purposes`.\n\n\u003cimg src=\"https://raw.githubusercontent.com/HightechSec/scarce-apache2/main/img/1-scarceapache.png\" width=\"30%\"\u003e\u003c/img\u003e \u003cimg src=\"https://raw.githubusercontent.com/HightechSec/scarce-apache2/main/img/2-scarceapache.png\" width=\"30%\"\u003e\u003c/img\u003e \u003cimg src=\"https://raw.githubusercontent.com/HightechSec/scarce-apache2/main/img/3-scarceapache.png\" width=\"30%\"\u003e\u003c/img\u003e \n## Installation\n```\n- git clone https://github.com/HightechSec/scarce-apache2\n- cd scarce-apache2\n- bash scarce.sh\n``` \nor you can install in your system like this\n```\n- git clone https://github.com/HightechSec/scarce-apache2\n- cd scarce-apache2\n- sudo cp scarce.sh /usr/bin/scarce \u0026\u0026 sudo chmod +x /usr/bin/scarce\n- $ scarce\n```\n## Usage\n- Menu's\n  - Menu `1` is for scanning LFI Vulnerability from a provided file that contains the `list of the target url` or a provided `single target url`.\n  - Menu `2` is for scanning RCE Vulnerability from a provided file that contains the `list of the target url` or a provided `single target url`.\n  - Menu `3` is for Executing RCE from a provided `single target url`. This will work for the `Maybe Vuln` Results or sometimes with a `500 Error Response`.  \n- URL Format\n  - Use ```http://``` like ```http://example.com``` or ```https://``` like ```https://example.com``` for the url formatting at Single Target usages\n  - For Url or IP that has been provided from a ```List```, **Don't Use** the URL Formatting like eg:\n    - https://target.com\n    - http://hackerone.com\n    - https://bugcrowd.com\n\n## Requirements\n* curl\n* bash\n* git\n\n# Credits\nThanks to:\n- [CVE-2021-41773 Reproduced](https://twitter.com/ptswarm/status/1445376079548624899) by [@ptswarm](https://twitter.com/ptswarm)\n- [Executing RCE in CVE-2021-41773](https://twitter.com/hackerfantastic/status/1445531829985968137) by [@hackerfantastic](https://twitter.com/hackerfantastic) \n- [Removing 5xx Error when Running RCE](https://twitter.com/lukejahnke/status/1445560511270064138) by [@lukejahnke](https://twitter.com/lukejahnke)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHightechSec%2Fscarce-apache2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FHightechSec%2Fscarce-apache2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHightechSec%2Fscarce-apache2/lists"}