Admin HTTP Auxiliary Modules


The “tomcat_administration” module scans a range of IP addresses and locates the Tomcat Server administration panel and version.

msf > use auxiliary/admin/http/tomcat_administration
msf auxiliary(tomcat_administration) > show options

Module options (auxiliary/admin/http/tomcat_administration):

   Name         Current Setting                                     Required  Description
   ----         ---------------                                     --------  -----------
   Proxies                                                          no        Use a proxy chain
   RHOSTS                                                           yes       The target address range or CIDR identifier
   RPORT        8180                                                yes       The target port
   THREADS      1                                                   yes       The number of concurrent threads
   TOMCAT_PASS                                                      no        The password for the specified username
   TOMCAT_USER                                                      no        The username to authenticate as
   UserAgent    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)  yes       The HTTP User-Agent sent in the request
   VHOST                                                            no        HTTP server virtual host

To configure the module, we set the RHOSTS and THREADS values and let it run against the default port.

msf auxiliary(tomcat_administration) > set RHOSTS
msf auxiliary(tomcat_administration) > set THREADS 11
msf auxiliary(tomcat_administration) > run

[*] [Apache-Coyote/1.1] [Apache Tomcat/5.5] [Tomcat Server Administration] [tomcat/tomcat]
[*] Scanned 05 of 11 hosts (045% complete)
[*] Scanned 06 of 11 hosts (054% complete)
[*] Scanned 08 of 11 hosts (072% complete)
[*] Scanned 09 of 11 hosts (081% complete)
[*] Scanned 11 of 11 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(tomcat_administration) >