Home

Awesome

Exploit for WebSocket Vulnerability in Apache Tomcat (CVE-2020-13935)

In the corresponding blog post the analysis and exploitation of the vulnerability is explained in detail.

Usage

Clone the repository, then build the tcdos binary. Run the program as follows to test whether a particular WebSocket endpoint is vulnerable:

$ git clone https://github.com/RedTeamPentesting/CVE-2020-13935
$ cd CVE-2020-13935
$ go build
$ ./tcdos [WebSocket endpoint]