def read_url(url, port): # taking the url as a unique parameter I change it to obtain an IP address ip_to_url = subprocess.check_output([ 'dig', url, '+short', '|', 'sed', "'/[a-z]/d'", '|', 'sed', '-n', 'lp' ]) if ip_to_url.decode(): value = ip_to_url.decode().split('\n') ip = value[-2] print('Starting scanner against:', ip) # with this, I try to create a Timeout Exception to finish the program if applies.. try: response = requests.get('http://' + str(ip) + ':' + '7001', verify=False, timeout=10) except Timeout as e: print( Color.OKBLUE + '-\nTimeout Limit exceeded - Looks like your target is not a WebLogic ' 'Server\n- ' + Color.ENDC) sys.exit() if response.status_code == 200: pentest(ip, port) else: sys.exit() else: sys.exit() print('\nScan and exploitation completed\n') return
def exception(ip, port): try: response = requests.get('http://' + str(ip) + ':' + '7001', verify=False, timeout=10) except Timeout as e: print(Color.OKBLUE + '-\nTimeout Limit exceeded - Destination Host [' + str(ip) + '] unreachable\n- ' + Color.ENDC) return except requests.exceptions.ConnectionError as i: print(Color.OKBLUE + '-\nConnection Error - Destination Host [' + str(ip) + '] unreachable\n- ' + Color.ENDC) return print(response.status_code) if response.status_code == 200: pentest(ip, port) else: return return
#!/usr/bin/env python # _*_ coding:utf-8 _*_ import sys from concurrent.futures import ThreadPoolExecutor, wait, as_completed from app.main import pentest from app.platform import Color version = "1.3.1" if len(sys.argv) < 2: print("Usage: python3 WeblogicScan [IP]:[PORT]") else: a = sys.argv[1].split(":") ip = a[0].strip() port = int(a[1].strip()) pentest(ip, port)
\ \ /\ / / _ \ '_ \| |/ _ \ / _` | |/ __| \___ \ / __/ _` | '_ \ \ V V / __/ |_) | | (_) | (_| | | (__ ___) | (_| (_| | | | | \_/\_/ \___|_.__/|_|\___/ \__, |_|\___| |____/ \___\__,_|_| |_| |___/ ''' print(Color.OKYELLOW + banner + Color.ENDC) if __name__ == '__main__': parser = argparse.ArgumentParser() group = parser.add_mutually_exclusive_group() group.add_argument("-u", "--url", help="URL (e.g. 'http://127.0.0.1:7001/')") group.add_argument("-f", "--file", help="FILE (e.g. 'targets.txt')") parser.add_argument("-n", "--name", help="NAME (e.g. 'CVE-2019-2729')") parser.add_argument("-e", "--exec", help="EXEC (e.g. 'whoami')") args = parser.parse_args() if args.url: pentest(args.url, poc=args.name, cmd=args.exec) elif args.file: with open(args.file) as f: urls = f.read().splitlines() # pentestmore(targets) for url in urls: pentest(url, poc=args.name) else: print( "error: missing a mandatory option (-u or -f), use -h for basic help" )