A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public
This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method (Only if the MOD_CGI is Enabled at the targeted webserver). This tool works with the provided Single target or Mass Target from a file list. Only use this tool for Bug Hunting
/ Pentesting Purposes
.
- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- bash scarce.sh
or you can install in your system like this
- git clone https://github.com/HightechSec/scarce-apache2
- cd scarce-apache2
- sudo cp scarce.sh /usr/bin/scarce && sudo chmod +x /usr/bin/scarce
- $ scarce
1
is for scanning LFI Vulnerability from a provided file that contains the list of the target url
or a provided single target url
.2
is for scanning RCE Vulnerability from a provided file that contains the list of the target url
or a provided single target url
.3
is for Executing RCE from a provided single target url
. This will work for the Maybe Vuln
Results or sometimes with a 500 Error Response
.http://
like http://example.com
or https://
like https://example.com
for the url formatting at Single Target usagesList
, Don't Use the URL Formatting like eg:
Thanks to: