solr-grab-steal-apache-solr-instance-queries-with-or-without-a-username-and-password

Steal Apache Solr instance Queries with or without a username and password.

DISCLAIMER: This project should be used for authorized testing and educational purposes only.
Download

git clone https://github.com/GnosticPlayers/Solr-GRAB

Usage

You can search for Apache Solr Instances via Censys, with the dork "Welcome To Solr" or "Apache Solr Admin". To grab queries, simply go to the http access point, sometimes being on port 80, 443 or 8080.

  • Replace “http://URLHERE/” with a desired URL, such as "http://127.0.0.1/".
  • Replace “PROJECTHERE/” with a desired project entry, such as a directory "users/".
  • Replace “IDHERE” with an ID that is unique per entry in JSON on the apache solr query, such as "id" or "global_id".
  • Lastly, replace “AMOUNTOFROWSHERE” with the amount of rows found in the query, such as "74332".

Now execute it with:  bash index.sh.

Sometimes, you’ll have an error where it’s a 404 not found. If that’s the case, add "/solr/" between "http://URLHERE/" & "PROJECTHERE", such as: https://127.0.0.1/solr/users/. This should fix the problem.
Author & Credits

Written by GnosticPlayers & g9648
g9648

Emailg9648@riseup.net
Gnostic Contacts

Emaildreammarket@riseup.net

Download Solr-GRAB

+————————————————-

This is only an educational purposes only I am not responsible for further activities

Join my forum and learn more ethical hacking and penetration testing

https://t.me/whiteHatHacks

Get me at

alex14324.blogspot.com

https://t.me/alex14324

https://github.com/alex14324

https://www.instagram.com/alex_14324

https://discord.gg/6NPtGxZ

——————————————————-+

Leave a Reply

Your email address will not be published. Required fields are marked *