Automated scanner + exploit for CVE-2025-24813# CVE-2025-24813 Exploit Toolkit
This is an advanced and automated exploitation tool for **CVE-2025-24813**, targeting Apache Tomcat servers vulnerable to insecure session deserialization.
## 🔍 Features
- Multi-target scanning from file or single URL (`--targets` / `--url`)
- Automatic gadget chain testing (CommonsCollections1-7, BeanShell, Spring, etc.)
- OS detection and post-exploitation payloads (Linux/Windows)
- Session ID discovery from common endpoints
- Verbose logging to both console and file
- TLS (HTTPS) support with optional SSL verification disabling
## ⚙️ Usage
```bash
# Single target
python3 exploit_cve_2025_24813.py \
--url http://target:8080 \
--ysoserial ysoserial.jar \
--no-ssl-verify
# Multiple targets from file
python3 exploit_cve_2025_24813.py \
--targets targets.txt \
--ysoserial ysoserial.jar \
--no-ssl-verify
```
## 📥 Requirements
Python 3.6+
Java Runtime (for ysoserial)
ysoserial Java binary
## ⚠️ Legal Disclaimer
This tool is provided for educational and authorized security testing purposes only. Any unauthorized use against systems you do not own or have explicit permission to test is strictly prohibited and may be illegal.
📚 Credits
This project was inspired by a public PoC published under the Apache License 2.0.
Original PoC author: absholi7ly
Enhanced and rewritten by mehrdad mirabi
登录后查看神龙缓存的 POC 文件快照
登录查看