web中间件相关漏洞扫描脚本N-MiddlewareScan新版插件主体编写

这次编写了只需添加数据即可的主体插件

毕竟poc和exp只是一个简单的请求,判断返回包,重复的工作一个函数解决即可

pocs模板.py

#coding=utf-8
pocs=[
{"requests_option":"",
"url":[],
"params":[],
"data":[],
"flag":[],
"success":"",
"fail":"",
"end":"",
"admin_bursk":"",
"username":[],
"password":[],
},
]

new_plugins.py

#coding=utf-8
import sys
import requests
import os
import json
import traceback
from concurrent.futures import ThreadPoolExecutor
sys.path.append("plugins")
import plugins
current_file=os.path.dirname(os.path.abspath(__file__))
from user_agent import get_user_agent
class plugins(object):
def __init__(self,arg,ThreadNum):
self.url=arg.url
self.options=arg.options
self.ThreadNum=ThreadNum
def run(self):
files=os.listdir(current_file)
with ThreadPoolExecutor(self.ThreadNum) as excetor:
for file in files:
if "_plugin.py" in file:
module = file.rstrip(".py")
pocs = __import__(module).pocs
excetor.submit(self.check(pocs))
def request_get(self,url,params,data,flags,success_num,success,fail):
try:
headers = {'User-Agent': get_user_agent()}
s = requests.get(url=url, params=params, headers=headers)
for flag in flags:
if flag in s.text:
success_num = success_num + 1
if success_num > 0:
print(success + " , url: " + url)
except Exception:
success_num=success_num+1
if success_num<=2:
self.request_get(url, params, data, flags, success_num,success,fail)
def request_post(self,url,params,data,flag,success_num,username,password,success,fail):
try:
headers = {'User-Agent': get_user_agent()}
s = requests.post(url=url, data=data, headers=headers)
for flag in poc["flag"]:
if flag in s.text:
success_num = success_num + 1
if success_num > 0:
print("success url:" + utl + " " + success + ",username:%s password:%s" % (username, password))
except Exception:
success_num=success_num+1
if success_num<=2:
self.request_post(url,params,data,flag,success_num,username,password,success,fail)
def check(self,pocs):
with ThreadPoolExecutor(self.ThreadNum) as excetor:
for poc in pocs:
for url in poc["url"]:
try:
url = self.url + url
if poc["requests_option"] == "GET":
if not poc["params"]:
poc["params"].append("seize")
for params in poc["params"]:
success_num = 0
try:
excetor.submit(self.request_get(url, params, poc["data"], poc["flag"], success_num, poc["success"],poc["fail"]))
except Exception:
print(traceback.print_exc())
if poc["requests_option"] == "POST":
if not poc["data"]:
poc["data"].append("seize")
for data in poc["data"]:
try:
if poc["admin_bursk"] == "True":
for username in poc["username"]:
for password in poc["password"]:
success_num = 0
try:
excetor.submit(self.request_post(url, poc["params"], data, poc["flag"],success_num, username, password, poc["success"],poc["fail"]))
except Exception:
print(traceback.print_exc())
except Exception:
print(traceback.print_exc())
else:
success_num = 0
try:
for data in poc["data"]:
success_num = 0
try:
excetor.submit(self.request_post(url, poc["params"], data, poc["flag"], success_num,poc["username"], poc["password"], poc["success"],poc["fail"]))
except Exception:
print(traceback.print_exc())
except Exception:
print(traceback.print_exc())
except Exception:
print(traceback.print_exc())
print(poc["end"])



2019.28

发表评论

电子邮件地址不会被公开。 必填项已用*标注