View Issue Details

IDProjectCategoryView StatusLast Update
0001024Kali LinuxQueued Tool Additionpublic2021-05-18 11:02
Reporterg0tmi1k Assigned Todookie  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version1.0.7 
Fixed in Version1.0.7 
Summary0001024: Clusterd

Name: clusterd
Description: clusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. See the wiki for more information.

Additional Information
 bryan@debdev:~/tools/clusterd$ ./ 

         clusterd/0.1 - clustered attack toolkit
           Supporting jboss, coldfusion, weblogic, tomcat

 usage: ./ [options]

 optional arguments:
   -h, --help            show this help message and exit

   Options for configuring the connection

   -i [ip address]       Server address
   -iL [file]            Server list
   -p [port]             Server port
   --proxy [proxy://server:port]
                         Connect through proxy [http|https]
   --proxy-auth [username:password]
                         Proxy credentials
   --timeout [seconds]   Connection timeout [5s]
   --random-agent        Use a random User-Agent for requests
   --ssl                 Force SSL

 Remote Host:
   Settings specific to the remote host

   -a [jboss|coldfusion|weblogic|tomcat]
                         Hint at remote host service
   -o [windows|linux]    Hint at remote host OS
   -v [version]          Specific version to test
   --usr-auth [username:password]
                         Login credentials for service
   --fingerprint         Fingerprint the remote system
   --arch [x86|x64]      Specify remote OS architecture

   Deployment flags and settings

   --deploy [file]       Deploy to the discovered service
   --deployer [deployer]
                         Specify a deployer to use
   --invoke              Invoke payload after deployment
   -b [user]             Brute force credentials for user [admin]
   --wordlist [path]     Wordlist for brute forcing passwords

 jboss modules:
   --jb-info             Dump host information
   --jb-list             List deployed WARs
   --jb-smb              Obtain SMB hash

 coldfusion modules:
   --cf-info             Dump host information

 weblogic modules:
   --wl-info             Gather WebLogic info
   --wl-list             List deployed apps
   --wl-smb              Obtain SMB hash

 tomcat modules:
   --tc-info             Gather Tomcat info
   --tc-list             List deployed WARs
   --tc-smb              Obtain SMB hash

   Miscellaneous flags

   --deploy-list         List all available deployers
   --aux-list            List all available exploits
   --gen-payload [host:port] for reverse connection
                         Generate a reverse shell payload
   -d                    Enable debug output
   -l                    Log output to file [$time$_log.log]     




2014-02-10 20:00

reporter   ~0001515

Added in clusterd_0.1.1+git20140210-0kali1. It will be in the repos soon.

Thanks for the suggestion.

Issue History

Date Modified Username Field Change
2014-02-09 21:34 g0tmi1k New Issue
2014-02-10 20:00 dookie Note Added: 0001515
2014-02-10 20:00 dookie Status new => resolved
2014-02-10 20:00 dookie Fixed in Version => 1.0.7
2014-02-10 20:00 dookie Resolution open => fixed
2014-02-10 20:00 dookie Assigned To => dookie
2021-05-18 11:02 g0tmi1k Category New Tool Requests => Queued Tool Addition