-
Notifications
You must be signed in to change notification settings - Fork 23
/
check.py
63 lines (52 loc) · 1.77 KB
/
check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/python3.9
# -*- coding: utf-8 -*-
#
# Copyright (C) 2021 Caps, Inc. All Rights Reserved
#
# @Time : 2022/5/7 23:40
# @Author : Caps
# @Email : admin@safeinfo.me
# @File : check.py
# @Software: PyCharm
import requests
import argparse
requests.packages.urllib3.disable_warnings()
def usage():
print('''
+-----------------------------------------------------------------+
漏洞名称: F5 BIG-IP iControl Rest API exposed Check
功能:单个检测,批量检测
单个检测:python exp.py -u url
批量检测:python exp.py -f url.txt
+-----------------------------------------------------------------+
''')
def check(url):
try:
target_url = url + "/mgmt/shared/authn/login"
res = requests.get(target_url, verify=False, timeout=3)
if "resterrorresponse" in res.text:
print(f"\033[0;31;22m[+] Host: {url} F5 iControl Rest API exposed \033[0m")
else:
print(f"\033[0;32;22m[-] Host: {url} F5 not vulnerability \033[0m")
except Exception as e:
print(f"\033[0;33;22m[x] Host: {url} Connection Fail \033[0m")
def run(filepath):
urls = [x.strip() for x in open(filepath, "r").readlines()]
for u in urls:
check(u)
return check
def main():
parse = argparse.ArgumentParser()
parse.add_argument("-u", "--url", help="Please Poc.py -u host")
parse.add_argument("-f", "--file", help="Please poc.py -f file")
args = parse.parse_args()
url = args.url
filepath = args.file
if url is not None and filepath is None:
check(url)
elif url is None and filepath is not None:
run(filepath)
else:
usage()
if __name__ == '__main__':
main()