def output(target): print_color('Test server exploit %s...'%target.ip, 2) paths = ['/robots.txt/.php', '/robots.txt/1.php'] if 'server' in target.header: server = target.header['server'].lower() if 'nginx' in server: target.server = 'Nginx' print_color('Test server nginx Parsing Vulnerabilities',2) domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port) code,content = get(domain, '/') match = re.search(r'src="(http.+?\.jpg)"', content) if match: paths.append('%s/.php' % match.group(1)) paths.append('%s/1.php' % match.group(1)) for p in paths: code,header = head(domain,p) if code == 200 and header['content-type'].find('text/html') > -1: print_color('the server has nginx parsing vulnerabilities',1) break elif 'apache' in server: target.server = 'Apache' elif 'iis' in server: target.server = 'IIS' print('')
def output(target): powereds = [{'type':'ASP/ASPX','str':'ASP.NET'}, {'type':'PHP','str':'PHP/'}] scripts = [ {'type':'ASP','path':'/index.asp'}, {'type':'ASPX','path':'/index.aspx'}, {'type':'PHP','path':'/index.php'} ] searchs = [ {'type':'ASP','path':'/search?q=site:%s+inurl:asp'}, {'type':'ASPX','path':'/search?q=site:%s+inurl:aspx'}, {'type':'PHP','path':'/search?q=site:%s+inurl:php'} ] domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port) print_color('Probe website %s script...'%domain, 2) target.script = 'unknown' if 'x-powered-by' in target.header: print_color('Test Script for %s with X-Powered-By'%target.f_domain, 2) for item in powereds: if item['str'] in target.header['x-powered-by']: target.script = item['type'] break try: if target.script == 'unknown': print_color('Test script for %s with HTTP header'%target.f_domain, 2) for item in scripts: code,header = head(domain,item['path'],target.protocol) if code == 200: target.script = item['type'] break if target.script == 'unknown': print_color('Test script for %s with search engine'%target.f_domain, 2) for item in searchs: path = item['path'] % target.f_domain if target.f_domain else item['path'] % target.ip code,content = get('www.google.com.hk',path) match = search(r'resultStats">(.*?)<nobr>', content) if match: target.script = item['type'] except: log.exception('exception') print_color(__name__+' faild', 0) print_color(target.script, 1) print('')
def output(target): print_color('Test server exploit %s...' % target.ip, 2) paths = ['/robots.txt/.php', '/robots.txt/1.php'] if 'server' in target.header: server = target.header['server'].lower() if 'nginx' in server: target.server = 'Nginx' print_color('Test server nginx Parsing Vulnerabilities', 2) domain = '%s:%d' % ( target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port) code, content = get(domain, '/') match = re.search(r'src="(http.+?\.jpg)"', content) if match: paths.append('%s/.php' % match.group(1)) paths.append('%s/1.php' % match.group(1)) for p in paths: code, header = head(domain, p) if code == 200 and header['content-type'].find( 'text/html') > -1: print_color('the server has nginx parsing vulnerabilities', 1) break elif 'apache' in server: target.server = 'Apache' elif 'iis' in server: target.server = 'IIS' print('')
def output(target): powereds = [{ 'type': 'ASP/ASPX', 'str': 'ASP.NET' }, { 'type': 'PHP', 'str': 'PHP/' }] scripts = [{ 'type': 'ASP', 'path': '/index.asp' }, { 'type': 'ASPX', 'path': '/index.aspx' }, { 'type': 'PHP', 'path': '/index.php' }] searchs = [{ 'type': 'ASP', 'path': '/search?q=site:%s+inurl:asp' }, { 'type': 'ASPX', 'path': '/search?q=site:%s+inurl:aspx' }, { 'type': 'PHP', 'path': '/search?q=site:%s+inurl:php' }] domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % ( target.ip, target.port) print_color('Probe website %s script...' % domain, 2) target.script = 'unknown' if 'x-powered-by' in target.header: print_color('Test Script for %s with X-Powered-By' % target.f_domain, 2) for item in powereds: if item['str'] in target.header['x-powered-by']: target.script = item['type'] break try: if target.script == 'unknown': print_color( 'Test script for %s with HTTP header' % target.f_domain, 2) for item in scripts: code, header = head(domain, item['path'], target.protocol) if code == 200: target.script = item['type'] break if target.script == 'unknown': print_color( 'Test script for %s with search engine' % target.f_domain, 2) for item in searchs: path = item[ 'path'] % target.f_domain if target.f_domain else item[ 'path'] % target.ip code, content = get('www.google.com.hk', path) match = search(r'resultStats">(.*?)<nobr>', content) if match: target.script = item['type'] except: log.exception('exception') print_color(__name__ + ' faild', 0) print_color(target.script, 1) print('')