def output(target):
print_color('Test server exploit %s...'%target.ip, 2)
paths = ['/robots.txt/.php', '/robots.txt/1.php']
if 'server' in target.header:
server = target.header['server'].lower()
if 'nginx' in server:
target.server = 'Nginx'
print_color('Test server nginx Parsing Vulnerabilities',2)
domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port)
code,content = get(domain, '/')
match = re.search(r'src="(http.+?\.jpg)"', content)
if match:
paths.append('%s/.php' % match.group(1))
paths.append('%s/1.php' % match.group(1))
for p in paths:
code,header = head(domain,p)
if code == 200 and header['content-type'].find('text/html') > -1:
print_color('the server has nginx parsing vulnerabilities',1)
break
elif 'apache' in server:
target.server = 'Apache'
elif 'iis' in server:
target.server = 'IIS'
print('')
def output(target):
powereds = [{'type':'ASP/ASPX','str':'ASP.NET'}, {'type':'PHP','str':'PHP/'}]
scripts = [
{'type':'ASP','path':'/index.asp'},
{'type':'ASPX','path':'/index.aspx'},
{'type':'PHP','path':'/index.php'}
]
searchs = [
{'type':'ASP','path':'/search?q=site:%s+inurl:asp'},
{'type':'ASPX','path':'/search?q=site:%s+inurl:aspx'},
{'type':'PHP','path':'/search?q=site:%s+inurl:php'}
]
domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port)
print_color('Probe website %s script...'%domain, 2)
target.script = 'unknown'
if 'x-powered-by' in target.header:
print_color('Test Script for %s with X-Powered-By'%target.f_domain, 2)
for item in powereds:
if item['str'] in target.header['x-powered-by']:
target.script = item['type']
break
try:
if target.script == 'unknown':
print_color('Test script for %s with HTTP header'%target.f_domain, 2)
for item in scripts:
code,header = head(domain,item['path'],target.protocol)
if code == 200:
target.script = item['type']
break
if target.script == 'unknown':
print_color('Test script for %s with search engine'%target.f_domain, 2)
for item in searchs:
path = item['path'] % target.f_domain if target.f_domain else item['path'] % target.ip
code,content = get('www.google.com.hk',path)
match = search(r'resultStats">(.*?)<nobr>', content)
if match:
target.script = item['type']
except:
log.exception('exception')
print_color(__name__+' faild', 0)
print_color(target.script, 1)
print('')
def output(target):
print_color('Test server exploit %s...' % target.ip, 2)
paths = ['/robots.txt/.php', '/robots.txt/1.php']
if 'server' in target.header:
server = target.header['server'].lower()
if 'nginx' in server:
target.server = 'Nginx'
print_color('Test server nginx Parsing Vulnerabilities', 2)
domain = '%s:%d' % (
target.f_domain,
target.port) if target.f_domain else '%s:%d' % (target.ip,
target.port)
code, content = get(domain, '/')
match = re.search(r'src="(http.+?\.jpg)"', content)
if match:
paths.append('%s/.php' % match.group(1))
paths.append('%s/1.php' % match.group(1))
for p in paths:
code, header = head(domain, p)
if code == 200 and header['content-type'].find(
'text/html') > -1:
print_color('the server has nginx parsing vulnerabilities',
1)
break
elif 'apache' in server:
target.server = 'Apache'
elif 'iis' in server:
target.server = 'IIS'
print('')
def output(target):
powereds = [{
'type': 'ASP/ASPX',
'str': 'ASP.NET'
}, {
'type': 'PHP',
'str': 'PHP/'
}]
scripts = [{
'type': 'ASP',
'path': '/index.asp'
}, {
'type': 'ASPX',
'path': '/index.aspx'
}, {
'type': 'PHP',
'path': '/index.php'
}]
searchs = [{
'type': 'ASP',
'path': '/search?q=site:%s+inurl:asp'
}, {
'type': 'ASPX',
'path': '/search?q=site:%s+inurl:aspx'
}, {
'type': 'PHP',
'path': '/search?q=site:%s+inurl:php'
}]
domain = '%s:%d' % (target.f_domain,
target.port) if target.f_domain else '%s:%d' % (
target.ip, target.port)
print_color('Probe website %s script...' % domain, 2)
target.script = 'unknown'
if 'x-powered-by' in target.header:
print_color('Test Script for %s with X-Powered-By' % target.f_domain,
2)
for item in powereds:
if item['str'] in target.header['x-powered-by']:
target.script = item['type']
break
try:
if target.script == 'unknown':
print_color(
'Test script for %s with HTTP header' % target.f_domain, 2)
for item in scripts:
code, header = head(domain, item['path'], target.protocol)
if code == 200:
target.script = item['type']
break
if target.script == 'unknown':
print_color(
'Test script for %s with search engine' % target.f_domain, 2)
for item in searchs:
path = item[
'path'] % target.f_domain if target.f_domain else item[
'path'] % target.ip
code, content = get('www.google.com.hk', path)
match = search(r'resultStats">(.*?)<nobr>', content)
if match:
target.script = item['type']
except:
log.exception('exception')
print_color(__name__ + ' faild', 0)
print_color(target.script, 1)
print('')
