def check(**kwargs):
if CodeTest.VULN == None:
ExpApacheShiro = ApacheShiro(_urlparse(kwargs['url']),
"echo VuLnEcHoPoCSuCCeSS")
else:
ExpApacheShiro = ApacheShiro(_urlparse(kwargs['url']), kwargs['cmd'])
if kwargs['pocname'] == "cve_2016_4437":
ExpApacheShiro.cve_2016_4437()
else:
ExpApacheShiro.cve_2016_4437()
def check(**kwargs):
if CodeTest.VULN == None:
ExpApacheUnomi = ApacheUnomi(_urlparse(kwargs['url']),
"echo VuLnEcHoPoCSuCCeSS")
else:
ExpApacheUnomi = ApacheUnomi(_urlparse(kwargs['url']), kwargs['cmd'])
if kwargs['pocname'] == "cve_2020_13942":
ExpApacheUnomi.cve_2020_13942()
else:
ExpApacheUnomi.cve_2020_13942()
def check(**kwargs):
if CodeTest.VULN == None:
ExpApacheStruts2 = ApacheStruts2(_urlparse(kwargs['url']),"echo VuLnEcHoPoCSuCCeSS")
else:
ExpApacheStruts2 = ApacheStruts2(_urlparse(kwargs['url']),kwargs['cmd'])
if kwargs['pocname'] == "s2_005":
ExpApacheStruts2.s2_005()
elif kwargs['pocname'] == "s2_008":
ExpApacheStruts2.s2_008()
elif kwargs['pocname'] == "s2_009":
ExpApacheStruts2.s2_009()
elif kwargs['pocname'] == "s2_013":
ExpApacheStruts2.s2_013()
elif kwargs['pocname'] == "s2_015":
ExpApacheStruts2.s2_015()
elif kwargs['pocname'] == "s2_016":
ExpApacheStruts2.s2_016()
elif kwargs['pocname'] == "s2_029":
ExpApacheStruts2.s2_029()
elif kwargs['pocname'] == "s2_032":
ExpApacheStruts2.s2_032()
elif kwargs['pocname'] == "s2_045":
ExpApacheStruts2.s2_045()
elif kwargs['pocname'] == "s2_046":
ExpApacheStruts2.s2_046()
elif kwargs['pocname'] == "s2_048":
ExpApacheStruts2.s2_048()
elif kwargs['pocname'] == "s2_052":
ExpApacheStruts2.s2_052()
elif kwargs['pocname'] == "s2_057":
ExpApacheStruts2.s2_057()
elif kwargs['pocname'] == "s2_059":
ExpApacheStruts2.s2_059()
elif kwargs['pocname'] == "s2_061":
ExpApacheStruts2.s2_061()
elif kwargs['pocname'] == "s2_devMode":
ExpApacheStruts2.s2_devMode()
else:
ExpApacheStruts2.s2_005()
ExpApacheStruts2.s2_008()
ExpApacheStruts2.s2_009()
ExpApacheStruts2.s2_013()
ExpApacheStruts2.s2_015()
ExpApacheStruts2.s2_016()
ExpApacheStruts2.s2_029()
ExpApacheStruts2.s2_032()
ExpApacheStruts2.s2_045()
ExpApacheStruts2.s2_046()
ExpApacheStruts2.s2_048()
ExpApacheStruts2.s2_052()
ExpApacheStruts2.s2_057()
ExpApacheStruts2.s2_059()
ExpApacheStruts2.s2_061()
ExpApacheStruts2.s2_devMode()
def check(**kwargs):
if CodeTest.VULN == None:
ExpJenkins = Jenkins(_urlparse(kwargs['url']),"echo VuLnEcHoPoCSuCCeSS")
else:
ExpJenkins = Jenkins(_urlparse(kwargs['url']),kwargs['cmd'])
if kwargs['pocname'] == "cve_2017_1000353":
ExpJenkins.cve_2017_1000353()
elif kwargs['pocname'] == "cve_2018_1000861":
ExpJenkins.cve_2018_1000861()
else:
ExpJenkins.cve_2017_1000353()
ExpJenkins.cve_2018_1000861()
def check(**kwargs):
if CodeTest.VULN == None:
ExpNexus = Nexus(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS")
else:
ExpNexus = Nexus(_urlparse(kwargs['url']), kwargs['cmd'])
if kwargs['pocname'] == "cve_2019_7238":
ExpNexus.cve_2019_7238()
elif kwargs['pocname'] == "cve_2020_10199":
ExpNexus.cve_2020_10199()
else:
ExpNexus.cve_2019_7238()
ExpNexus.cve_2020_10199()
def check(**kwargs):
if CodeTest.VULN == None:
ExpFastjson = Fastjson(_urlparse(kwargs['url']), DL.dns_host())
else:
ExpFastjson = Fastjson(_urlparse(kwargs['url']), kwargs['cmd'])
if kwargs['pocname'] == "cve_2017_18349_24":
ExpFastjson.cve_2017_18349_24()
elif kwargs['pocname'] == "cve_2017_18349_47":
ExpFastjson.cve_2017_18349_47()
else:
ExpFastjson.cve_2017_18349_24()
ExpFastjson.cve_2017_18349_47()
def check(**kwargs):
if CodeTest.VULN == None:
ExpElasticsearch = Elasticsearch(_urlparse(kwargs['url']),
"echo VuLnEcHoPoCSuCCeSS")
else:
ExpElasticsearch = Elasticsearch(_urlparse(kwargs['url']),
kwargs['cmd'])
if kwargs['pocname'] == "cve_2014_3120":
ExpElasticsearch.cve_2014_3120()
elif kwargs['pocname'] == "cve_2015_1427":
ExpElasticsearch.cve_2015_1427()
else:
ExpElasticsearch.cve_2014_3120()
ExpElasticsearch.cve_2015_1427()
def check(**kwargs):
if CodeTest.VULN == None:
ExpThinkPHP = ThinkPHP(_urlparse(kwargs['url']),
"echo VuLnEcHoPoCSuCCeSS")
#ExpThinkPHP = ThinkPHP(kwargs['url'],"echo VuLnEcHoPoCSuCCeSS")
else:
ExpThinkPHP = ThinkPHP(_urlparse(kwargs['url']), kwargs['cmd'])
if kwargs['pocname'] == "cve_2018_20062":
ExpThinkPHP.cve_2018_20062()
elif kwargs['pocname'] == "cve_2019_9082":
ExpThinkPHP.cve_2019_9082()
else:
ExpThinkPHP.cve_2018_20062()
ExpThinkPHP.cve_2019_9082()
def check(**kwargs):
if CodeTest.VULN == None:
ExpDrupal = Drupal(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS")
else:
ExpDrupal = Drupal(_urlparse(kwargs['url']), kwargs['cmd'])
if kwargs['pocname'] == "cve_2018_7600":
ExpDrupal.cve_2018_7600()
elif kwargs['pocname'] == "cve_2018_7602":
ExpDrupal.cve_2018_7602()
elif kwargs['pocname'] == "cve_2019_6340":
ExpDrupal.cve_2019_6340()
else:
ExpDrupal.cve_2018_7600()
ExpDrupal.cve_2018_7602()
ExpDrupal.cve_2019_6340()
def check(**kwargs):
if CodeTest.VULN == None:
ExpRedHatJBoss = RedHatJBoss(_urlparse(kwargs['url']),"echo VuLnEcHoPoCSuCCeSS")
else:
ExpRedHatJBoss = RedHatJBoss(_urlparse(kwargs['url']),kwargs['cmd'])
if kwargs['pocname'] == "cve_2010_0738":
ExpRedHatJBoss.cve_2010_0738()
elif kwargs['pocname'] == "cve_2010_1428":
ExpRedHatJBoss.cve_2010_1428()
elif kwargs['pocname'] == "cve_2015_7501":
ExpRedHatJBoss.cve_2015_7501()
else:
ExpRedHatJBoss.cve_2010_0738()
ExpRedHatJBoss.cve_2010_1428()
ExpRedHatJBoss.cve_2015_7501()
def check(**kwargs):
if CodeTest.VULN == None:
ExpApacheTomcat = ApacheTomcat(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS")
else:
ExpApacheTomcat = ApacheTomcat(_urlparse(kwargs['url']), kwargs['cmd'])
if kwargs['pocname'] == "tomcat_examples":
ExpApacheTomcat.tomcat_examples()
elif kwargs['pocname'] == "cve_2017_12615":
ExpApacheTomcat.cve_2017_12615()
elif kwargs['pocname'] == "cve_2020_1938":
ExpApacheTomcat.cve_2020_1938()
else:
ExpApacheTomcat.tomcat_examples()
ExpApacheTomcat.cve_2017_12615()
ExpApacheTomcat.cve_2020_1938()
def check(**kwargs):
ExpExchange = Exchange(_urlparse(kwargs['url']), kwargs)
if kwargs['pocname'] != "ALL":
func = getattr(ExpExchange, kwargs['pocname']) #返回对象函数属性值,可以直接调用
func() #调用函数
else: #调用所有函数
for func in dir(Exchange):
if not func.startswith("__"):
methodcaller(func)(ExpExchange)
def check(**kwargs):
#print(kwargs['pocname'])
if CodeTest.VULN == None:
ExpApacheSolr = ApacheSolr(_urlparse(kwargs['url']),
"echo VuLnEcHoPoCSuCCeSS")
else:
ExpApacheSolr = ApacheSolr(_urlparse(kwargs['url']), kwargs['cmd'])
if kwargs['pocname'] == "cve_2017_12629":
ExpApacheSolr.cve_2017_12629()
elif kwargs['pocname'] == "cve_2019_0193":
ExpApacheSolr.cve_2019_0193()
elif kwargs['pocname'] == "cve_2019_17558":
ExpApacheSolr.cve_2019_17558()
else:
ExpApacheSolr.cve_2017_12629()
ExpApacheSolr.cve_2019_0193()
ExpApacheSolr.cve_2019_17558()
def check(**kwargs):
ExpElasticsearch = Elasticsearch(_urlparse(kwargs['url']), kwargs)
if kwargs['pocname'] != 'ALL':
func = getattr(ExpElasticsearch, kwargs['pocname']) #返回对象函数属性值,可以直接调用
func() #调用函数
else: #调用所有函数
for func in dir(Elasticsearch):
if not func.startswith("__"):
methodcaller(func)(ExpElasticsearch)
def check(**kwargs):
ExpApacheActiveMQ = ApacheActiveMQ(_urlparse(kwargs['url']), kwargs)
if kwargs['pocname'] != 'ALL':
func = getattr(ExpApacheActiveMQ, kwargs['pocname']) #返回对象函数属性值,可以直接调用
func() #调用函数
else: #调用所有函数
for func in dir(ApacheActiveMQ):
if not func.startswith("__"):
methodcaller(func)(ExpApacheActiveMQ)
try:
path = '/.php'
path2 = '/.232index' #异常测试时需要,能降低防止误报
res = requests.get(url=url + path, verify=False, timeout=5)
count = len(res.text)
if res.status_code == 200: #判断响应值
res2 = requests.get(url=url + path2, verify=False, timeout=5)
count2 = len(res2.text)
sum = count - count2
if error >= abs(sum): #获取绝对值,计算误差。
print(url + path2 + ' No Loophole')
else:
print(url + ' 确定存在解析漏洞')
return True
else:
print(url + path + ' ' + str(res.status_code))
except Exception as e:
print(url, str(e))
print('[*]请输入目标服务器上存在的静态资源文件链接,如 http://www.baidu.com/robots.txt')
def check(**kwargs):
Nginx_iis_scan(kwargs['url'])
if __name__ == "__main__":
Nginx_iis_scan(_urlparse("http://baidu.com/123.php"))
print('task complete~~~~~~~~~~ 完了')
def check(**kwargs):
url = _urlparse(kwargs['url'])
now.timed(de=0)
color("[+] Scanning target domain " + url, 'green')
ExpApacheActiveMQ = ApacheActiveMQ.ApacheActiveMQ(
url, "echo VuLnEcHoPoCSuCCeSS")
ExpApacheShiro = ApacheShiro.ApacheShiro(url, "echo VuLnEcHoPoCSuCCeSS")
ExpApacheSolr = ApacheSolr.ApacheSolr(url, "echo VuLnEcHoPoCSuCCeSS")
ExpApacheStruts2 = ApacheStruts2.ApacheStruts2(url,
"echo VuLnEcHoPoCSuCCeSS")
ExpApacheTomcat = ApacheTomcat.ApacheTomcat(url, "echo VuLnEcHoPoCSuCCeSS")
ExpApacheUnomi = ApacheUnomi.ApacheUnomi(url, "echo VuLnEcHoPoCSuCCeSS")
ExpDrupal = Drupal.Drupal(url, "echo VuLnEcHoPoCSuCCeSS")
ExpElasticsearch = Elasticsearch.Elasticsearch(url,
"echo VuLnEcHoPoCSuCCeSS")
ExpFastjson = Fastjson.Fastjson(url, "echo VuLnEcHoPoCSuCCeSS")
ExpJenkins = Jenkins.Jenkins(url, "echo VuLnEcHoPoCSuCCeSS")
ExpNexus = Nexus.Nexus(url, "echo VuLnEcHoPoCSuCCeSS")
ExpOracleWeblogic = OracleWeblogic.OracleWeblogic(
url, "echo VuLnEcHoPoCSuCCeSS")
ExpRedHatJBoss = RedHatJBoss.RedHatJBoss(url, "echo VuLnEcHoPoCSuCCeSS")
ExpThinkPHP = ThinkPHP.ThinkPHP(url, "echo VuLnEcHoPoCSuCCeSS")
#ApacheActiveMQ
ExpApacheActiveMQ.cve_2015_5254()
ExpApacheActiveMQ.cve_2016_3088()
#ApacheShiro
ExpApacheShiro.cve_2016_4437()
#ApacheSolr
ExpApacheSolr.cve_2017_12629()
ExpApacheSolr.cve_2019_0193()
ExpApacheSolr.cve_2019_17558()
#ApacheStruts2
ExpApacheStruts2.s2_005()
ExpApacheStruts2.s2_008()
ExpApacheStruts2.s2_009()
ExpApacheStruts2.s2_013()
ExpApacheStruts2.s2_015()
ExpApacheStruts2.s2_016()
ExpApacheStruts2.s2_029()
ExpApacheStruts2.s2_032()
ExpApacheStruts2.s2_045()
ExpApacheStruts2.s2_046()
ExpApacheStruts2.s2_048()
ExpApacheStruts2.s2_052()
ExpApacheStruts2.s2_057()
ExpApacheStruts2.s2_059()
ExpApacheStruts2.s2_061()
ExpApacheStruts2.s2_devMode()
#ApacheTomcat
ExpApacheTomcat.tomcat_examples()
ExpApacheTomcat.cve_2017_12615()
ExpApacheTomcat.cve_2020_1938()
#ApacheUnomi
ExpApacheUnomi.cve_2020_13942()
#Drupal
ExpDrupal.cve_2018_7600()
ExpDrupal.cve_2018_7602()
ExpDrupal.cve_2019_6340()
#Elasticsearch
ExpElasticsearch.cve_2014_3120()
ExpElasticsearch.cve_2015_1427()
#Fastjson
ExpFastjson.cve_2017_18349_24()
ExpFastjson.cve_2017_18349_47()
#Jenkins
ExpJenkins.cve_2017_1000353()
ExpJenkins.cve_2018_1000861()
#Nexus
ExpNexus.cve_2019_7238()
ExpNexus.cve_2020_10199()
#OracleWeblogic
ExpOracleWeblogic.cve_2014_4210()
ExpOracleWeblogic.cve_2017_3506()
ExpOracleWeblogic.cve_2017_10271()
ExpOracleWeblogic.cve_2018_2894()
ExpOracleWeblogic.cve_2019_2725()
ExpOracleWeblogic.cve_2019_2729()
ExpOracleWeblogic.cve_2020_2551()
ExpOracleWeblogic.cve_2020_2555()
ExpOracleWeblogic.cve_2020_2883()
ExpOracleWeblogic.cve_2020_14882()
#RedHatJBoss
ExpRedHatJBoss.cve_2010_0738()
ExpRedHatJBoss.cve_2010_1428()
ExpRedHatJBoss.cve_2015_7501()
#ThinkPHP
ExpThinkPHP.cve_2018_20062()
ExpThinkPHP.cve_2019_9082()
