Ejemplo n.º 1
0
    def scan(self):
        # 尝试访问目标域名下的/crossdomain.xml文件
        crossdomain_url = self.url.rstrip("/") + "/crossdomain.xml"
        response = requests.get(url=crossdomain_url,
                                headers=get_headers(),
                                verify=False,
                                timeout=5)

        # 如果目标域名未设置该文件则不存在Flash CSRF
        if response.status_code == 404:
            print(
                "[-]There is no Flash CSRF vulnerability, because the domain doesn't have crossdomain.xml."
            )
        elif response.status_code == 200:
            content = response.text
            if re.search(FLASH_CSRF_RULE, content):
                print("[+]Found Flash CSRF vulnerability:", crossdomain_url)
            else:
                # 正则匹配响应内容是否为crossdomain.xml相关内容
                domains = re.findall(GET_DOMAIN_VALUE, content)
                if len(domains) > 0:
                    print(
                        "[-]The domain value is not equal '*', "
                        "please check if the whitelist domains allow user to upload a Flash file."
                    )
                    print("[*]WhiteList domains:", end=" ")
                    for domain in domains:
                        print(domain, end="  ")
                    print()
                else:
                    print("[-]Can't access crossdomain.xml.")
        else:
            print("[-]Response status code wrong.")
Ejemplo n.º 2
0
def send(url):
    response = requests.get(url,
                            headers=get_headers(),
                            verify=False,
                            timeout=5)
    if response.status_code != 200:
        return None
    return response
Ejemplo n.º 3
0
def get_proxy_ips():
    url = "http://www.89ip.cn/tqdl.html?api=1&num=10&port=&address=&isp="
    response = requests.get(url=url,
                            headers=get_headers(),
                            timeout=10,
                            verify=False)
    # 粗糙的正则,获取ip+port足矣
    pattern = re.compile(r'\d{2,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{2,5}')
    ip_list = re.findall(pattern, response.text)
    print(ip_list)
    return ip_list
Ejemplo n.º 4
0
def upload_to_whatweb(url):
    response = requests.get(url,
                            headers=get_headers(),
                            verify=False,
                            timeout=5)
    whatweb_dict = {
        "url": response.url,
        "text": response.text,
        "headers": dict(response.headers)
    }
    whatweb_dict = json.dumps(whatweb_dict)
    whatweb_dict = whatweb_dict.encode()
    whatweb_dict = zlib.compress(whatweb_dict)
    data = {"info": whatweb_dict}
    return requests.post("http://whatweb.bugscaner.com/api.go", files=data)
Ejemplo n.º 5
0
def check_ip_valid(ip):
    url = "http://202020.ip138.com/"
    proxy = dict()
    proxy["http"] = ip
    try:
        print(proxy)
        r = requests.get(url=url,
                         proxies=proxy,
                         headers=get_headers(),
                         timeout=5,
                         verify=False)
        new_ip = re.findall(r'\[(.*?)\]', r.text)[0]
        if new_ip == ip:
            print('[*] Successful ! The IP is available ! ')
            print(proxy)
    except Exception as e:
        pass