Scarce-Apache2 – A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public

This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method (Only if the MOD_CGI is Enabled at the targeted webserver). This tool works with the provided Single target or Mass Target from a file list. Only use this tool for Bug Hunting/ Pentesting Purposes.

AVvXsEhcRO Dx6ScPy zCqhbv9ZsB2Y5EC8Fo6FWrpWx7sC6H81feJvY1pb5uzirFi7KR2oxTamEqKPWFhxXCSe1KxDJRM7o OPtZ0E opEOIPdRH5 K7CLTLOPqYl8AVpIYyPIVzHN2y0b oX3qT8PJHymUb zEDweKomCW IrxvpHMUWYDhxdLHAhrbYyhRg=w640 h316

AVvXsEibLpxQqYUk e42cAQqZ79qpvIPld94BKnn9nRm5UKHJHHzCrxMmSyMaEe6e5oqhtxC1eNWqnS fVBYSzclUT22R3QBDK dVg6xZmz UNeVjr8xPea5WH1k8ewTWW1cOFovZuFQKAI3eMTGsaEzRgRzc5Y Zps4nILNgDM7M8lXAq dR8u VQ14vRnw4w=w640 h316

AVvXsEgITNTPLGq s81ClmEAdJnpep5lS i7ge88cEABBssuGeWiMh sGZKgZdfBjaSBtF28FxHMTgOgdYMX41 cRlbCm9fsupSbxh9IpupmTp8sfqoEJrktxbd5YYiIb9wjULUrKMQ24wVyYOMXEdo5voYEA9DjZ10AtWjOsnZGvMJj5h9sgKsomPSldh1xw=w640 h330

Installation

- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- bash scarce.sh

or you can install in your system like this

- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- sudo cp scarce.sh /usr/bin/scarce && sudo chmod +x /usr/bin/scarce
- $ scarce

Usage

  • Menu’s
    • Menu 1 is for scanning LFI Vulnerability from a provided file that contains the list of the target url or a provided single target url.
    • Menu 2 is for scanning RCE Vulnerability from a provided file that contains the list of the target url or a provided single target url.
    • Menu 3 is for Executing RCE from a provided single target url. This will work for the Maybe Vuln Results or sometimes with a 500 Error Response.
  • URL Format

Requirements

  • curl
  • bash
  • git

Credits

Thanks to:

8 TI1 FA7is

click here to read full Article

Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: