Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/dietcokesec/tomcat

🐱 Brute force tomcat authentication
https://github.com/dietcokesec/tomcat

apache-tomcat java penetration-testing penetration-testing-tools tomcat

Last synced: 2 months ago
JSON representation

🐱 Brute force tomcat authentication

Awesome Lists containing this project

README 

          
*This work has been sponsored by [Sythe Labs](https://sythelabs.com)*.



# Tomcat

🐱 Some tomcat scripts. Built to be cleaner and easier to use and a bit more configurable for things like debugging.



## Usage

```



 Usage: main.py [OPTIONS]



╭─ Options ─────────────────────────────────────────────────────────╮

│ *  --url                 -U      TEXT  The Tomcat URL to brute    │

│                                        force.                     │

│                                        [default: None]            │

│                                        [required]                 │

│ *  --path                -P      TEXT  The manager or             │

│                                        host-manager URI           │

│                                        [default: None]            │

│                                        [required]                 │

│    --usernames           -u      TEXT  The file or                │

│                                        comma-separated username   │

│                                        list.                      │

│                                        [default: tomcat,admin]    │

│    --passwords           -p      TEXT  The file or                │

│                                        comma-separated password   │

│                                        list.                      │

│                                        [default: tomcat,admin]    │

│    --verbose             -v            Show passed and failed     │

│                                        inputs.                    │

│    --debug               -d            Show the HTTP request      │

│                                        being made                 │

│    --install-completion                Install completion for the │

│                                        current shell.             │

│    --show-completion                   Show completion for the    │

│                                        current shell, to copy it  │

│                                        or customize the           │

│                                        installation.              │

│    --help                              Show this message and      │

│                                        exit.                      │

╰───────────────────────────────────────────────────────────────────╯

```



## In Action



![action](action.png)



## Examples

If you only have one username or password, make sure you end it with `,`.

```bash

uv run main.py -U :8180/ -P /manager -u tomcat, -p /path/to/pws.txt

```



```bash

uv run main.py -U :8180/ -P /manager -u /path/to/wordlist -p /path/to/pws

```



### Credits:

- [mgr_brute](https://github.com/b33lz3bub-1/Tomcat-Manager-Bruteforce/blob/master/mgr_brute.py) - Basis for the brute force script.