ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresses from a text file and mass run the exploit on them, this can be useful if you are running mutiple websites and you want to see if they can all be exploited or not.

Luckily this will only work if the apache server has CGI enabled on it therefore a large portion of the servers cannot be exploited. As of today 11/11/21 fofa is showing that there are over 145k server running these versions combined and I would estimate a good 20-30% of these will have CGI enabled. When creating this script I got a fresh server and installed both apache version on it with CGI enabled and the code works flawlessly


Make sure python is installed.

Use the package manager pip to install requests.

pip3 install requests


python3 exploit.py <version> <ip_file>

It is important to note that I am only releasing this script with the intention of system administrators checking their web servers running on the network so that attackers do not use this exploit to get into their network.


Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.




View Github