├── README.md
├── TomcatWeakScan.exe
├── image
    ├── 01.jpg
    └── 02.jpg
├── password.db
├── url.txt
└── username.db


/README.md:
--------------------------------------------------------------------------------
 1 | # TomcatWeakScan / Tomcat弱口令批量扫描器
 2 | 
 3 | ## Code By:Tas9er @A.E.0.S Security Team
 4 | 
 5 | ######################################################################## 
 6 | 
 7 | ##### :x:风险概述:
 8 | 
 9 | 本工具仅限授权安全测试使用,禁止非法攻击未授权站点
10 | 
11 | 
12 | 
13 | ##### :eight_pointed_black_star:文件MD5 Hash校对
14 | 
15 | 文件:TomcatWeakScan.exe
16 | 
17 | MD5 HASH:754845fbc5ef4cda43949d594b75e54a
18 | 
19 | 
20 | 
21 | ##### :ballot_box_with_check:使用教程
22 | 
23 | 1.将整理好的扫描目标放入url.txt里
24 | 
25 | 2.username.db以及password.db为默认字典文件，可以按照需要扩展添加
26 | 
27 | 3.命令行输入TomcatWeakScan.exe即可
28 | 
29 | 4.程序扫描结束后会在当前文件夹下生成日期时间戳的结果文件txt
30 | 
31 | 注意:
32 | 
33 | A.建议扫描的站点均为已经确认的Tomcat终端管理页面，提高效率
34 | 
35 | B.Windows2008及以下版本Windows需要安装Curl，并且进行全局环境变量配置
36 | 
37 | ![01](/image/01.jpg)
38 | 
39 | 基本上Tomcat弱口令必拿WebShell，这个就不多赘述
40 | 
41 | ![02](/image/02.jpg)
42 | 
43 | WebShell免杀生成可以见我Github项目:
44 | 
45 | https://github.com/Tas9er/ByPassBehinder
46 | 
47 | https://github.com/Tas9er/ByPassBehinder4J
48 | 
49 | 
50 | 
51 | ##### :part_alternation_mark:问题反馈
52 | 
53 | 别你🐴天天问东问西，有bug有想法自己想办法。
54 | 
55 | 


--------------------------------------------------------------------------------
/TomcatWeakScan.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Tas9er/TomcatWeakScan/c44a63f9a8e3e9720990761ca233a3d9d80de7fa/TomcatWeakScan.exe


--------------------------------------------------------------------------------
/image/01.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Tas9er/TomcatWeakScan/c44a63f9a8e3e9720990761ca233a3d9d80de7fa/image/01.jpg


--------------------------------------------------------------------------------
/image/02.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Tas9er/TomcatWeakScan/c44a63f9a8e3e9720990761ca233a3d9d80de7fa/image/02.jpg


--------------------------------------------------------------------------------
/password.db:
--------------------------------------------------------------------------------
1 | admin
2 | manager
3 | 123456
4 | tomcat
5 | admin888
6 | 


--------------------------------------------------------------------------------
/url.txt:
--------------------------------------------------------------------------------
1 | https://xxx.xxx.xxx.xxx
2 | http://xxx.xxx.xxx.xxx


--------------------------------------------------------------------------------
/username.db:
--------------------------------------------------------------------------------
1 | admin
2 | root
3 | manager
4 | tomcat
5 | administrator
6 | web


--------------------------------------------------------------------------------