#/usr/bin/env python
#coding=utf-8
import re, Queue, json
from threading import Thread
from libs.core.common import logging, runtime
from libs.core.common import print_color
from libs.core.network import get
from libs.core.network import tPing
log = logging.getLogger(__name__)
class tThread(Thread):
def __init__(self, queue, jsons):
Thread.__init__(self)
self.queue = queue
self.jsons = jsons
def run(self):
from libs.core.network import get
while not self.queue.empty():
path = self.queue.get()
try:
code, content = get('dns.aizhan.com', path)
self.jsons += json.loads(content)
except:
continue
def output(target):
if hasattr(target, 'iscdn') and not target.iscdn and target.f_domain:
#/usr/bin/env python
#coding=utf-8
import re
from libs.core.common import logging,runtime
from libs.core.common import print_color
from libs.core.network import get,head
log = logging.getLogger(__name__)
def output(target):
print_color('Test server exploit %s...'%target.ip, 2)
paths = ['/robots.txt/.php', '/robots.txt/1.php']
if 'server' in target.header:
server = target.header['server'].lower()
if 'nginx' in server:
target.server = 'Nginx'
print_color('Test server nginx Parsing Vulnerabilities',2)
domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port)
code,content = get(domain, '/')
match = re.search(r'src="(http.+?\.jpg)"', content)
if match:
paths.append('%s/.php' % match.group(1))
paths.append('%s/1.php' % match.group(1))
for p in paths: