Lucifer1993/AngelSword
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
AngelSword/information/jsp_conf_find.py

36 lines
1023 B
Python
Raw Permalink Normal View History

add all files
2017-02-20 17:25:03 +08:00
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
name: java配置文件文件发现
referer: unknow
author: Lucifer
description: web.xml是java框架使用的配置文件可以获取敏感信息
'''
import sys
import requests
import warnings
from termcolor import cprint
class jsp_conf_find_BaseVerify:
def __init__(self, url):
self.url = url
def run(self):
payload = "/WEB-INF/web.xml"
vulnurl = self.url + payload
try:
req = requests.get(vulnurl, timeout=10, verify=False)
update rules
2017-03-17 11:21:52 +08:00
if req.headers["Content-Type"] == "application/xml":
add all files
2017-02-20 17:25:03 +08:00
cprint("[+]存在web.xml配置文件...(敏感信息)\tpayload: "+vulnurl, "green")
update
2018-10-31 11:40:59 +08:00
else:
cprint("[-]不存在jsp_conf_find漏洞", "white", "on_grey")
add all files
2017-02-20 17:25:03 +08:00
except:
update
2018-10-31 11:40:59 +08:00
cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
add all files
2017-02-20 17:25:03 +08:00
if __name__ == "__main__":
warnings.filterwarnings("ignore")
testVuln = jsp_conf_find_BaseVerify(sys.argv[1])
testVuln.run()
Reference in New Issue Copy Permalink