def check(**kwargs): if CodeTest.VULN == None: ExpApacheShiro = ApacheShiro(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS") else: ExpApacheShiro = ApacheShiro(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "cve_2016_4437": ExpApacheShiro.cve_2016_4437() else: ExpApacheShiro.cve_2016_4437()
def check(**kwargs): if CodeTest.VULN == None: ExpApacheUnomi = ApacheUnomi(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS") else: ExpApacheUnomi = ApacheUnomi(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "cve_2020_13942": ExpApacheUnomi.cve_2020_13942() else: ExpApacheUnomi.cve_2020_13942()
def check(**kwargs): if CodeTest.VULN == None: ExpApacheStruts2 = ApacheStruts2(_urlparse(kwargs['url']),"echo VuLnEcHoPoCSuCCeSS") else: ExpApacheStruts2 = ApacheStruts2(_urlparse(kwargs['url']),kwargs['cmd']) if kwargs['pocname'] == "s2_005": ExpApacheStruts2.s2_005() elif kwargs['pocname'] == "s2_008": ExpApacheStruts2.s2_008() elif kwargs['pocname'] == "s2_009": ExpApacheStruts2.s2_009() elif kwargs['pocname'] == "s2_013": ExpApacheStruts2.s2_013() elif kwargs['pocname'] == "s2_015": ExpApacheStruts2.s2_015() elif kwargs['pocname'] == "s2_016": ExpApacheStruts2.s2_016() elif kwargs['pocname'] == "s2_029": ExpApacheStruts2.s2_029() elif kwargs['pocname'] == "s2_032": ExpApacheStruts2.s2_032() elif kwargs['pocname'] == "s2_045": ExpApacheStruts2.s2_045() elif kwargs['pocname'] == "s2_046": ExpApacheStruts2.s2_046() elif kwargs['pocname'] == "s2_048": ExpApacheStruts2.s2_048() elif kwargs['pocname'] == "s2_052": ExpApacheStruts2.s2_052() elif kwargs['pocname'] == "s2_057": ExpApacheStruts2.s2_057() elif kwargs['pocname'] == "s2_059": ExpApacheStruts2.s2_059() elif kwargs['pocname'] == "s2_061": ExpApacheStruts2.s2_061() elif kwargs['pocname'] == "s2_devMode": ExpApacheStruts2.s2_devMode() else: ExpApacheStruts2.s2_005() ExpApacheStruts2.s2_008() ExpApacheStruts2.s2_009() ExpApacheStruts2.s2_013() ExpApacheStruts2.s2_015() ExpApacheStruts2.s2_016() ExpApacheStruts2.s2_029() ExpApacheStruts2.s2_032() ExpApacheStruts2.s2_045() ExpApacheStruts2.s2_046() ExpApacheStruts2.s2_048() ExpApacheStruts2.s2_052() ExpApacheStruts2.s2_057() ExpApacheStruts2.s2_059() ExpApacheStruts2.s2_061() ExpApacheStruts2.s2_devMode()
def check(**kwargs): if CodeTest.VULN == None: ExpJenkins = Jenkins(_urlparse(kwargs['url']),"echo VuLnEcHoPoCSuCCeSS") else: ExpJenkins = Jenkins(_urlparse(kwargs['url']),kwargs['cmd']) if kwargs['pocname'] == "cve_2017_1000353": ExpJenkins.cve_2017_1000353() elif kwargs['pocname'] == "cve_2018_1000861": ExpJenkins.cve_2018_1000861() else: ExpJenkins.cve_2017_1000353() ExpJenkins.cve_2018_1000861()
def check(**kwargs): if CodeTest.VULN == None: ExpNexus = Nexus(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS") else: ExpNexus = Nexus(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "cve_2019_7238": ExpNexus.cve_2019_7238() elif kwargs['pocname'] == "cve_2020_10199": ExpNexus.cve_2020_10199() else: ExpNexus.cve_2019_7238() ExpNexus.cve_2020_10199()
def check(**kwargs): if CodeTest.VULN == None: ExpFastjson = Fastjson(_urlparse(kwargs['url']), DL.dns_host()) else: ExpFastjson = Fastjson(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "cve_2017_18349_24": ExpFastjson.cve_2017_18349_24() elif kwargs['pocname'] == "cve_2017_18349_47": ExpFastjson.cve_2017_18349_47() else: ExpFastjson.cve_2017_18349_24() ExpFastjson.cve_2017_18349_47()
def check(**kwargs): if CodeTest.VULN == None: ExpElasticsearch = Elasticsearch(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS") else: ExpElasticsearch = Elasticsearch(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "cve_2014_3120": ExpElasticsearch.cve_2014_3120() elif kwargs['pocname'] == "cve_2015_1427": ExpElasticsearch.cve_2015_1427() else: ExpElasticsearch.cve_2014_3120() ExpElasticsearch.cve_2015_1427()
def check(**kwargs): if CodeTest.VULN == None: ExpThinkPHP = ThinkPHP(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS") #ExpThinkPHP = ThinkPHP(kwargs['url'],"echo VuLnEcHoPoCSuCCeSS") else: ExpThinkPHP = ThinkPHP(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "cve_2018_20062": ExpThinkPHP.cve_2018_20062() elif kwargs['pocname'] == "cve_2019_9082": ExpThinkPHP.cve_2019_9082() else: ExpThinkPHP.cve_2018_20062() ExpThinkPHP.cve_2019_9082()
def check(**kwargs): if CodeTest.VULN == None: ExpDrupal = Drupal(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS") else: ExpDrupal = Drupal(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "cve_2018_7600": ExpDrupal.cve_2018_7600() elif kwargs['pocname'] == "cve_2018_7602": ExpDrupal.cve_2018_7602() elif kwargs['pocname'] == "cve_2019_6340": ExpDrupal.cve_2019_6340() else: ExpDrupal.cve_2018_7600() ExpDrupal.cve_2018_7602() ExpDrupal.cve_2019_6340()
def check(**kwargs): if CodeTest.VULN == None: ExpRedHatJBoss = RedHatJBoss(_urlparse(kwargs['url']),"echo VuLnEcHoPoCSuCCeSS") else: ExpRedHatJBoss = RedHatJBoss(_urlparse(kwargs['url']),kwargs['cmd']) if kwargs['pocname'] == "cve_2010_0738": ExpRedHatJBoss.cve_2010_0738() elif kwargs['pocname'] == "cve_2010_1428": ExpRedHatJBoss.cve_2010_1428() elif kwargs['pocname'] == "cve_2015_7501": ExpRedHatJBoss.cve_2015_7501() else: ExpRedHatJBoss.cve_2010_0738() ExpRedHatJBoss.cve_2010_1428() ExpRedHatJBoss.cve_2015_7501()
def check(**kwargs): if CodeTest.VULN == None: ExpApacheTomcat = ApacheTomcat(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS") else: ExpApacheTomcat = ApacheTomcat(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "tomcat_examples": ExpApacheTomcat.tomcat_examples() elif kwargs['pocname'] == "cve_2017_12615": ExpApacheTomcat.cve_2017_12615() elif kwargs['pocname'] == "cve_2020_1938": ExpApacheTomcat.cve_2020_1938() else: ExpApacheTomcat.tomcat_examples() ExpApacheTomcat.cve_2017_12615() ExpApacheTomcat.cve_2020_1938()
def check(**kwargs): ExpExchange = Exchange(_urlparse(kwargs['url']), kwargs) if kwargs['pocname'] != "ALL": func = getattr(ExpExchange, kwargs['pocname']) #返回对象函数属性值,可以直接调用 func() #调用函数 else: #调用所有函数 for func in dir(Exchange): if not func.startswith("__"): methodcaller(func)(ExpExchange)
def check(**kwargs): #print(kwargs['pocname']) if CodeTest.VULN == None: ExpApacheSolr = ApacheSolr(_urlparse(kwargs['url']), "echo VuLnEcHoPoCSuCCeSS") else: ExpApacheSolr = ApacheSolr(_urlparse(kwargs['url']), kwargs['cmd']) if kwargs['pocname'] == "cve_2017_12629": ExpApacheSolr.cve_2017_12629() elif kwargs['pocname'] == "cve_2019_0193": ExpApacheSolr.cve_2019_0193() elif kwargs['pocname'] == "cve_2019_17558": ExpApacheSolr.cve_2019_17558() else: ExpApacheSolr.cve_2017_12629() ExpApacheSolr.cve_2019_0193() ExpApacheSolr.cve_2019_17558()
def check(**kwargs): ExpElasticsearch = Elasticsearch(_urlparse(kwargs['url']), kwargs) if kwargs['pocname'] != 'ALL': func = getattr(ExpElasticsearch, kwargs['pocname']) #返回对象函数属性值,可以直接调用 func() #调用函数 else: #调用所有函数 for func in dir(Elasticsearch): if not func.startswith("__"): methodcaller(func)(ExpElasticsearch)
def check(**kwargs): ExpApacheActiveMQ = ApacheActiveMQ(_urlparse(kwargs['url']), kwargs) if kwargs['pocname'] != 'ALL': func = getattr(ExpApacheActiveMQ, kwargs['pocname']) #返回对象函数属性值,可以直接调用 func() #调用函数 else: #调用所有函数 for func in dir(ApacheActiveMQ): if not func.startswith("__"): methodcaller(func)(ExpApacheActiveMQ)
try: path = '/.php' path2 = '/.232index' #异常测试时需要,能降低防止误报 res = requests.get(url=url + path, verify=False, timeout=5) count = len(res.text) if res.status_code == 200: #判断响应值 res2 = requests.get(url=url + path2, verify=False, timeout=5) count2 = len(res2.text) sum = count - count2 if error >= abs(sum): #获取绝对值,计算误差。 print(url + path2 + ' No Loophole') else: print(url + ' 确定存在解析漏洞') return True else: print(url + path + ' ' + str(res.status_code)) except Exception as e: print(url, str(e)) print('[*]请输入目标服务器上存在的静态资源文件链接,如 http://www.baidu.com/robots.txt') def check(**kwargs): Nginx_iis_scan(kwargs['url']) if __name__ == "__main__": Nginx_iis_scan(_urlparse("http://baidu.com/123.php")) print('task complete~~~~~~~~~~ 完了')
def check(**kwargs): url = _urlparse(kwargs['url']) now.timed(de=0) color("[+] Scanning target domain " + url, 'green') ExpApacheActiveMQ = ApacheActiveMQ.ApacheActiveMQ( url, "echo VuLnEcHoPoCSuCCeSS") ExpApacheShiro = ApacheShiro.ApacheShiro(url, "echo VuLnEcHoPoCSuCCeSS") ExpApacheSolr = ApacheSolr.ApacheSolr(url, "echo VuLnEcHoPoCSuCCeSS") ExpApacheStruts2 = ApacheStruts2.ApacheStruts2(url, "echo VuLnEcHoPoCSuCCeSS") ExpApacheTomcat = ApacheTomcat.ApacheTomcat(url, "echo VuLnEcHoPoCSuCCeSS") ExpApacheUnomi = ApacheUnomi.ApacheUnomi(url, "echo VuLnEcHoPoCSuCCeSS") ExpDrupal = Drupal.Drupal(url, "echo VuLnEcHoPoCSuCCeSS") ExpElasticsearch = Elasticsearch.Elasticsearch(url, "echo VuLnEcHoPoCSuCCeSS") ExpFastjson = Fastjson.Fastjson(url, "echo VuLnEcHoPoCSuCCeSS") ExpJenkins = Jenkins.Jenkins(url, "echo VuLnEcHoPoCSuCCeSS") ExpNexus = Nexus.Nexus(url, "echo VuLnEcHoPoCSuCCeSS") ExpOracleWeblogic = OracleWeblogic.OracleWeblogic( url, "echo VuLnEcHoPoCSuCCeSS") ExpRedHatJBoss = RedHatJBoss.RedHatJBoss(url, "echo VuLnEcHoPoCSuCCeSS") ExpThinkPHP = ThinkPHP.ThinkPHP(url, "echo VuLnEcHoPoCSuCCeSS") #ApacheActiveMQ ExpApacheActiveMQ.cve_2015_5254() ExpApacheActiveMQ.cve_2016_3088() #ApacheShiro ExpApacheShiro.cve_2016_4437() #ApacheSolr ExpApacheSolr.cve_2017_12629() ExpApacheSolr.cve_2019_0193() ExpApacheSolr.cve_2019_17558() #ApacheStruts2 ExpApacheStruts2.s2_005() ExpApacheStruts2.s2_008() ExpApacheStruts2.s2_009() ExpApacheStruts2.s2_013() ExpApacheStruts2.s2_015() ExpApacheStruts2.s2_016() ExpApacheStruts2.s2_029() ExpApacheStruts2.s2_032() ExpApacheStruts2.s2_045() ExpApacheStruts2.s2_046() ExpApacheStruts2.s2_048() ExpApacheStruts2.s2_052() ExpApacheStruts2.s2_057() ExpApacheStruts2.s2_059() ExpApacheStruts2.s2_061() ExpApacheStruts2.s2_devMode() #ApacheTomcat ExpApacheTomcat.tomcat_examples() ExpApacheTomcat.cve_2017_12615() ExpApacheTomcat.cve_2020_1938() #ApacheUnomi ExpApacheUnomi.cve_2020_13942() #Drupal ExpDrupal.cve_2018_7600() ExpDrupal.cve_2018_7602() ExpDrupal.cve_2019_6340() #Elasticsearch ExpElasticsearch.cve_2014_3120() ExpElasticsearch.cve_2015_1427() #Fastjson ExpFastjson.cve_2017_18349_24() ExpFastjson.cve_2017_18349_47() #Jenkins ExpJenkins.cve_2017_1000353() ExpJenkins.cve_2018_1000861() #Nexus ExpNexus.cve_2019_7238() ExpNexus.cve_2020_10199() #OracleWeblogic ExpOracleWeblogic.cve_2014_4210() ExpOracleWeblogic.cve_2017_3506() ExpOracleWeblogic.cve_2017_10271() ExpOracleWeblogic.cve_2018_2894() ExpOracleWeblogic.cve_2019_2725() ExpOracleWeblogic.cve_2019_2729() ExpOracleWeblogic.cve_2020_2551() ExpOracleWeblogic.cve_2020_2555() ExpOracleWeblogic.cve_2020_2883() ExpOracleWeblogic.cve_2020_14882() #RedHatJBoss ExpRedHatJBoss.cve_2010_0738() ExpRedHatJBoss.cve_2010_1428() ExpRedHatJBoss.cve_2015_7501() #ThinkPHP ExpThinkPHP.cve_2018_20062() ExpThinkPHP.cve_2019_9082()