A penetration testing tool that identifies writable web directories via HTTP PUT method, specifically designed to detect CVE-2025-24813 (Arbitrary File Upload in Apache Tomcat).
- Smart Protocol Handling: Auto-detects HTTPS/HTTP with fallback
- Comprehensive Checks: Tests all common Tomcat directories
- Two-Stage Verification: PUT + GET validation to eliminate false positives
- Pentester-Friendly Output: Color-coded results with manual verification commands
- CVE-Focused: Optimized for detecting assets with pre-requisites for CVE-2025-24813
git clone https://github.com/x00byte/PutScanner.git
cd PutScanner./putscanner.py target.com:8080
| Flag | Description |
|---|---|
-v |
Verbose mode |
--ignore-ssl |
Bypass SSL certificate verification |
-f targets.txt |
Scan multiple targets from file |
- Start the included test server:
python3 test_server.py- Run the scanner against it:
./putscanner.py http://localhost:8080 -vBelow is a demonstration of putscanner in use and the different scenarios it can test for.
## π Legal Disclaimer
**WARNING**: This tool is intended for **authorized penetration testing only**.
Unauthorized use against systems without explicit permission is illegal.
## π License
MIT License - See [LICENSE](LICENSE) for full text.