def Main(Url,FileName,Values,ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua=UserAgentS(Values)#传入用户输入用户指定的浏览器头
RandomAgent=ua.UserAgent()#获取生成的头文件
Medusa = [Mongo_expressRemoteCodeExecutionVulnerability.medusa(Url,RandomAgent,ProxyIp)]
try:
for i in tqdm(Medusa, ascii=True, desc="Mongo plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url,FileName,Values,ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua=UserAgentS(Values)#传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() # 获取生成的头文件
Medusa = [Weaver_db_disclosure.medusa(Url, RandomAgent, ProxyIp),Weaver_sqli.medusa(Url, RandomAgent, ProxyIp),Weaver_filedownload.medusa(Url, RandomAgent, ProxyIp),Weaver_CommandExecution.medusa(Url, RandomAgent, ProxyIp),Weaver_WorkflowCenterTreeDataInterfaceInjectionVulnerability.medusa(Url, RandomAgent, ProxyIp),]
try:
for i in tqdm(Medusa, ascii=True, desc="Weaver plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url,FileName,Values,ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua=UserAgentS(Values)#传入用户输入用户指定的浏览器头
RandomAgent=ua.UserAgent()#获取生成的头文件
Medusa = [AtlassianConfluencePathTraversal_and_CommandExecutionVulnerability.medusa(Url, RandomAgent, ProxyIp), ]
try:
for i in tqdm(Medusa, ascii=True, desc="Confluence plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url,FileName,Values,ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua=UserAgentS(Values)#传入用户输入用户指定的浏览器头
RandomAgent=ua.UserAgent()#获取生成的头文件
Medusa=[ActiveMQArbitraryFileWritingVulnerability.medusa(Url, RandomAgent, ProxyIp),
Log4jRemoteCommandExecutionVulnerability.medusa(Url, RandomAgent, ProxyIp),]
try:
for i in tqdm(Medusa,ascii=True,desc="Apache plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url,FileName,Values,ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua=UserAgentS(Values)#传入用户输入用户指定的浏览器头
RandomAgent=ua.UserAgent()#获取生成的头文件
Medusa = [BugFreeFileContains.medusa(Url,RandomAgent,ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="BugFree plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url,FileName,Values,ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua=UserAgentS(Values)#传入用户输入用户指定的浏览器头
RandomAgent=ua.UserAgent()#获取生成的头文件
Medusa = [BocwebNetworkSystemSensitiveInformationLeakage.medusa(Url,RandomAgent,ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="Bocweb plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
RubyOnRailsArbitraryFileReading.medusa(Url, RandomAgent, ProxyIp)
]
try:
for i in tqdm(Medusa, ascii=True, desc="Rails plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
SpringReflectionFileDownloadVulnerability.medusa(
Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="Spring plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url,FileName,Values,ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua=UserAgentS(Values)#传入用户输入用户指定的浏览器头
RandomAgent=ua.UserAgent()#获取生成的头文件
Medusa = [FiveClibArbitraryFileDownloadVulnerability.medusa(Url,RandomAgent,ProxyIp),
FiveClibArbitraryFileTraversalVulnerability.medusa(Url,RandomAgent,ProxyIp),
FiveClibThereIsAnUnauthorizedLoophole.medusa(Url,RandomAgent,ProxyIp),
FiveClibUnauthorizedAddAdministratorVulnerability.medusa(Url,RandomAgent,ProxyIp),]
try:
for i in tqdm(Medusa, ascii=True, desc="5Clibe plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
NginxDirectoryTraversalVulnerability.medusa(Url, RandomAgent, ProxyIp),
NginxCRLFInjectionVulnerability.medusa(Url, RandomAgent, ProxyIp)
]
try:
for i in tqdm(Medusa, ascii=True, desc="Kibana plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
BlueCMSHasSQLinjectionVulnerability.medusa(Url, RandomAgent, ProxyIp),
BlueCMSMasterPasswordLoginVulnerability.medusa(Url, RandomAgent,
ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="BlueCMS plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
PhpStudyBackdoor.medusa(Url, RandomAgent, ProxyIp),
PhpstudyPhpmyadminDefaultpwd.medusa(Url, RandomAgent, ProxyIp),
PhpstudyProbe.medusa(Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="PHP plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
PbootCommandExecution.medusa(Url, RandomAgent, ProxyIp),
PbootOnlineMessageDeskSqlInjection.medusa(Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="SecCms plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
AdvancedBusBookingScriptSQLInjection.medusa(Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa,
ascii=True,
desc="BusBookingScript plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
MetinfoArbitraryFileReadVulnerability.medusa(Url, RandomAgent,
ProxyIp),
MetinfoInformationDisclosureVulnerability.medusa(
Url, RandomAgent, ProxyIp),
MetinfoSQLInjectionVulnerability.medusa(Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="MetinfoCms plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
JenkinsArbitraryFileReadVulnerability.medusa(Url, RandomAgent,
ProxyIp),
JenkinsRemoteCommandExecutionVulnerability.medusa(
Url, RandomAgent, ProxyIp),
JenkinsConfigurationErrorCausesUnauthorizedCodeExecutionVulnerability.
medusa(Url, RandomAgent, ProxyIp)
]
try:
for i in tqdm(Medusa, ascii=True, desc="Jenkins plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
S2_001.medusa(Url, RandomAgent, ProxyIp),
S2_007.medusa(Url, RandomAgent, ProxyIp),
S2_012.medusa(Url, RandomAgent, ProxyIp),
S2_013.medusa(Url, RandomAgent, ProxyIp),
S2_016.medusa(Url, RandomAgent, ProxyIp),
S2_052.medusa(Url, RandomAgent, ProxyIp),
S2_053.medusa(Url, RandomAgent, ProxyIp),
S2_057.medusa(Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="Struts2 plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
OneCaitongElectronicProcurementSystemUploadsArbitraryFiles2.medusa(
Url, RandomAgent, ProxyIp),
OneCaitongElectronicProcurementSystemUploadsArbitraryFiles.medusa(
Url, RandomAgent, ProxyIp),
OneCaitongElectronicProcurementSystemSQLInjection2.medusa(
Url, RandomAgent, ProxyIp),
OneCaitongElectronicProcurementSystemSQLInjection.medusa(
Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="1Caitong plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() #获取生成的头文件
Medusa = [
B2BbuilderBackgroundCommandExecutionVulnerability.medusa(
Url, RandomAgent, ProxyIp),
B2BbuilderContainsVulnerabilitiesLocally.medusa(
Url, RandomAgent, ProxyIp),
B2BbuilderHeadSQLInjectionVulnerability.medusa(Url, RandomAgent,
ProxyIp),
B2BbuilderSQLInjectionVulnerability.medusa(Url, RandomAgent, ProxyIp),
B2BbuilderSQLInjectionVulnerability2.medusa(Url, RandomAgent, ProxyIp),
B2BbuilderSQLInjectionVulnerability3.medusa(Url, RandomAgent, ProxyIp),
B2BbuilderSQLInjectionVulnerability4.medusa(Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="B2Bbuilder plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def Main(Url, FileName, Values, ProxyIp):
WriteFiles = WriteFile(FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的)
ua = UserAgentS(Values) #传入用户输入用户指定的浏览器头
RandomAgent = ua.UserAgent() # 获取生成的头文件
Medusa = [
Seeyou_a8_logs_disclosure.medusa(Url, RandomAgent, ProxyIp),
Seeyou_cm_info_content_sqli.medusa(Url, RandomAgent, ProxyIp),
Seeyou_ehr_ELTextFile.medusa(Url, RandomAgent, ProxyIp),
Seeyou_fe_treeXml_sqli.medusa(Url, RandomAgent, ProxyIp),
Seeyou_getemaildata_fileread.medusa(Url, RandomAgent, ProxyIp),
Seeyou_icc_struts2.medusa(Url, RandomAgent, ProxyIp),
Seeyou_multi_union_sqli.medusa(Url, RandomAgent, ProxyIp),
Seeyou_NCFindWeb_fileread.medusa(Url, RandomAgent, ProxyIp),
Seeyou_status_default_pwd.medusa(Url, RandomAgent, ProxyIp),
Seeyou_test_sqli.medusa(Url, RandomAgent, ProxyIp),
Seeyou_user_ids_sqli.medusa(Url, RandomAgent, ProxyIp),
]
try:
for i in tqdm(Medusa, ascii=True, desc="Seeyou plugin progress"):
WriteFiles.Write(str(i))
except:
pass
def __init__(self):
self.Thread = [] #多线程列表
self.ThreadNumber = 20000
self.TargetList = [] #存放目标URL
self.headers = {
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'User-Agent': UserAgentS("chrome").UserAgent(),
}
global TargetName
if sys.platform == "win32" or sys.platform == "cygwin":
TargetName = os.path.split(
os.path.realpath(__file__))[0] + "\\Target\\"
elif sys.platform == "linux" or sys.platform == "darwin":
TargetName = os.path.split(
os.path.realpath(__file__))[0] + "/Target/"
with open(TargetName + self.TargetDocument, 'r',
encoding='UTF-8') as f:
line = f.readline()
while line:
self.TargetList.append(line.replace('\n', '')) # 删除\n符号
line = f.readline()
def WebDir(self, url):
scheme, self.url, port = UrlProcessing().result(url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
for dir in self.dirs:
payload = scheme + "://" + self.url + ":" + str(port) + "/" + dir
self.headers = {
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'User-Agent': UserAgentS("chrome").UserAgent(),
}
self.threa_list.append(
threading.Thread(target=self.resp,
args=(
payload,
self.headers,
))) #调用自生的函数,以便开启多线程
for t in tqdm(self.threa_list,
ascii=True,
desc="{}th iteration scan directory:".format(
self.Number)): # 开启列表中的多线程
t.setDaemon(True)
t.start()
while True:
# 判断正在运行的线程数量,如果小于5则退出while循环,
# 进入for循环启动新的进程.否则就一直在while循环进入死循环
if (len(threading.enumerate()) < self.ThreadNumber):
break
for t in self.threa_list:
t.join()
self.Iterative() #调用一次迭代函数后他会自己继续迭代