Scarce-Apache2 – A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public
This tool can
Installation
- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- bash scarce.sh
or you can install in your system like this
- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- sudo cp scarce.sh /usr/bin/scarce && sudo chmod +x /usr/bin/scarce
- $ scarce
Usage
- Menu’s
- Menu
1
is for scanning LFI Vulnerability from a provided file that contains thelist of the target url
or a providedsingle target url
. - Menu
2
is for scanning RCE Vulnerability from a provided file that contains thelist of the target url
or a providedsingle target url
. - Menu
3
is for Executing RCE from a providedsingle target url
. This will work for theMaybe Vuln
Results or sometimes with a500 Error Response
.
- Menu
- URL Format
- Use
http://
likehttp://example.com
orhttps://
likehttps://example.com
for the url formatting at Single Target usages - For Url or IP that has been provided from a
List
, Don’t Use the URL Formatting like eg:- https://target.com
- http://hackerone.com
- https://bugcrowd.com
- Use
Requirements
- curl
- bash
- git
Credits
Thanks to:
- CVE-2021-41773 Reproduced by @ptswarm
- Executing RCE in CVE-2021-41773 by @hackerfantastic
- Removing 5xx Error when Running RCE by @lukejahnke
Download Scarce-Apache2
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.