WingsSec/Meppo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4 from rabbitmask/main

Browse Source 
v2.0 发布
This commit is contained in:
RabbitMask
2022-04-07 18:35:55 +08:00
committed by GitHub
parent 3181e53519 7cfe3decf0
commit 13000694c2
7 changed files with 260 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Config/config_banner.py
View File

@@ -9,9 +9,10 @@
'''
import random
from Config.config_print import status_print
from Moudle.Moudle_index import PAYLOAD_NUM, MOUDLE_NUM
Version = 'V 1.1'
Version = 'V 2.0'
info = '\n\t\t漏洞检测框架 Meppo | By WingsSec | {}\n'.format(Version)
NUM='\t\t [ {} MOUDLES\t\t{} PAYLOADS ]'.format(str(MOUDLE_NUM).center(3),str(PAYLOAD_NUM).center(3))
@@ -46,7 +47,7 @@ bannerlist = [banner1, banner2, banner3]
def Banner():
print(bannerlist[random.randrange(len(bannerlist))])
status_print(bannerlist[random.randrange(len(bannerlist))],5)
if __name__ == '__main__':

171
Config/config_print.py Normal file
View File

@@ -0,0 +1,171 @@
#!/usr/bin/env python3
# _*_ coding:utf-8 _*_
'''
____ _ _ _ _ __ __ _
| _ \ __ _| |__ | |__ (_) |_| \/ | __ _ ___| | __
| |_) / _` | '_ \| '_ \| | __| |\/| |/ _` / __| |/ /
| _ < (_| | |_) | |_) | | |_| | | | (_| \__ \ <
|_| \_\__,_|_.__/|_.__/|_|\__|_| |_|\__,_|___/_|\_\
'''
import platform
import time
if 'Windows' in platform.system():
import ctypes, sys
STD_INPUT_HANDLE = -10
STD_OUTPUT_HANDLE = -11
STD_ERROR_HANDLE = -12
# 字体颜色定义 text colors
FOREGROUND_BLUE = 0x09 # blue.
FOREGROUND_GREEN = 0x0a # green.
FOREGROUND_DEEPGREEN = 0x02 # dark green.
FOREGROUND_RED = 0x0c # red.
FOREGROUND_YELLOW = 0x0e # yellow.
FOREGROUND_WHITE = 0x0f # white.
FOREGROUND_PINK = 0x0d # pink.
# get handle
std_out_handle = ctypes.windll.kernel32.GetStdHandle(STD_OUTPUT_HANDLE)
def set_cmd_text_color(color, handle=std_out_handle):
Bool = ctypes.windll.kernel32.SetConsoleTextAttribute(handle, color)
return Bool
# reset white
def resetColor():
set_cmd_text_color(FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE)
# green
def printGreen(mess):
set_cmd_text_color(FOREGROUND_GREEN)
sys.stdout.write(mess)
sys.stdout.flush()
resetColor()
# red
def printRed(mess):
set_cmd_text_color(FOREGROUND_RED)
sys.stdout.write(mess)
sys.stdout.flush()
resetColor()
# yellow
def printYellow(mess):
set_cmd_text_color(FOREGROUND_YELLOW)
sys.stdout.write(mess)
sys.stdout.flush()
resetColor()
def printDeepGreen(mess):
set_cmd_text_color(FOREGROUND_DEEPGREEN)
sys.stdout.write(mess)
sys.stdout.flush()
resetColor()
def printBlue(mess):
set_cmd_text_color(FOREGROUND_BLUE)
sys.stdout.write(mess)
sys.stdout.flush()
resetColor()
def printBluen(mess):
set_cmd_text_color(FOREGROUND_BLUE)
sys.stdout.write(mess + '\n')
sys.stdout.flush()
resetColor()
def printWhite(mess):
set_cmd_text_color(FOREGROUND_WHITE)
sys.stdout.write(mess + '\n')
sys.stdout.flush()
resetColor()
def printPink(mess):
set_cmd_text_color(FOREGROUND_PINK)
sys.stdout.write(mess + '\n')
sys.stdout.flush()
resetColor()
def get_INFO():
printBlue('[{0}] '.format(get_time()))
printDeepGreen('[INFO] ')
def get_SUCCESS():
printBlue('[{0}] '.format(get_time()))
printGreen('[SUCCESS] ')
def get_WARNING():
printBlue('[{0}] '.format(get_time()))
printYellow('[WARNING] ')
def get_CRITICAL():
printBlue('[{0}] '.format(get_time()))
printRed('[CRITICAL] ')
else:
DEEP_GREEN = "\033[30;1m{0}\033[0m"
GREEN = "\033[32;1m{0}\033[0m"
WHITE = "\033[29;1m{0}\033[0m"
RED = "\033[31;1m{0}\033[0m"
YELLOW = "\033[33;1m{0}\033[0m"
BLUE = "\033[34;1m{0}\033[0m"
PINK = "\033[35;1m{0}\033[0m"
def get_INFO():
print('{0} {1} '.format(BLUE.format('[' + get_time() + ']'), DEEP_GREEN.format('[INFO]')), end='')
def get_SUCCESS():
print('{0} {1} '.format(BLUE.format('[' + get_time() + ']'), GREEN.format('[SUCCESS]')), end='')
def get_WARNING():
print('{0} {1} '.format(BLUE.format('[' + get_time() + ']'), YELLOW.format('[WARNING]')), end='')
def get_CRITICAL():
print('{0} {1} '.format(BLUE.format('[' + get_time() + ']'), RED.format('[CRITICAL]')), end='')
def printWhite(mess):
print('{0}'.format(WHITE.format(mess)))
def printBlue(mess):
print('{0}'.format(BLUE.format(mess)))
def printBluen(mess):
print('{0}'.format(BLUE.format(mess)))
def printPink(mess):
print('{0}'.format(PINK.format(mess)))
def get_time():
return time.strftime("%H:%M:%S", time.localtime())
def status_print(value='', status = -1): # 输出函数
if status == -1: # default status = -1
print(value)
elif status == 0: # INFO status = 0
get_INFO()
print(value)
elif status == 1: # SUCCESS status = 1
get_SUCCESS()
printWhite(value)
elif status == 2: # WARNING status = 2
get_WARNING()
print(value)
elif status == 3: # CRITICAL status = 3
get_CRITICAL()
print(value)
elif status == 4: # 加粗 status = 4
printWhite(value)
elif status == 5: # 主色 猛男粉 status = 5
printPink(value)
elif status == 6: # 副色 蓝色 status = 6
printBluen(value)
if __name__ == '__main__':
for i in range(-1,7):
status_print(str(i),i)

38
Framework/console_list.py
View File

@@ -7,6 +7,7 @@
| _ < (_| | |_) | |_) | | |_| | | | (_| \__ \ <
|_| \_\__,_|_.__/|_.__/|_|\__|_| |_|\__,_|___/_|\_\
'''
from Config.config_print import status_print
from Tools.ReBuild import get_moudle, get_payload
def get_cn_number(char):
@@ -18,38 +19,37 @@ def get_cn_number(char):
def moudle_list():
list=get_moudle()
print('【Moudle List】'.center(30))
print('================================')
status_print('【Moudle List】'.center(30),6)
status_print('Moudle'.center(30), 6)
status_print('================================',6)
for i in list:
print('--------------------------------')
print('|{}|'.format(i.center(30-get_cn_number(i))))
print('================================')
status_print('--------------------------------',6)
status_print('|{}|'.format(i.center(30-get_cn_number(i))),6)
status_print('================================',6)
def payload_list(moudle):
list=get_payload(moudle)
print('【Payload List】'.center(110))
print('==================================================================================================================')
print('|{}|{}|{}|'.format('Moudle'.center(20),'Payload'.center(30), 'Remark'.center(60)))
status_print('【Payload List】'.center(110),6)
status_print('==================================================================================================================',6)
status_print('|{}|{}|{}|'.format('Moudle'.center(20),'Payload'.center(30), 'Remark'.center(60)))
for i in list:
print('------------------------------------------------------------------------------------------------------------------')
print('|{}|{}|{}|'.format(moudle.center(20),i[0].center(30-get_cn_number(i[0])),i[1].center(60-get_cn_number(i[1]))))
print('==================================================================================================================')
status_print('------------------------------------------------------------------------------------------------------------------',6)
status_print('|{}|{}|{}|'.format(moudle.center(20),i[0].center(30-get_cn_number(i[0])),i[1].center(60-get_cn_number(i[1]))),6)
status_print('==================================================================================================================',6)
def payload_list_all():
print('【Payload List】'.center(110))
print('==================================================================================================================')
print('|{}|{}|{}|'.format('Moudle'.center(20),'Payload'.center(30), 'Remark'.center(60)))
status_print('【Payload List】'.center(110),6)
status_print('==================================================================================================================',6)
status_print('|{}|{}|{}|'.format('Moudle'.center(20),'Payload'.center(30), 'Remark'.center(60)),6)
for i in get_moudle():
list = get_payload(i)
for j in list:
print('------------------------------------------------------------------------------------------------------------------')
print('|{}|{}|{}|'.format(i.center(20-get_cn_number(i)),j[0].center(30-get_cn_number(j[0])),j[1].center(60-get_cn_number(j[1]))))
print('==================================================================================================================')
status_print('------------------------------------------------------------------------------------------------------------------',6)
status_print('|{}|{}|{}|'.format(i.center(20-get_cn_number(i)),j[0].center(30-get_cn_number(j[0])),j[1].center(60-get_cn_number(j[1]))),6)
status_print('==================================================================================================================',6)
if __name__ == '__main__':
payload_list_all()

12
Framework/console_main.py
View File

@@ -78,9 +78,9 @@ def Console():
elif args.file:
console_attack.run_poc(args.poc, get_urls(args.file))
else:
print("Usage:\n\tpython Meppo.py -poc xxx -u http:xxx\n\tpython Meppo.py -poc xxx -f target.txt")
status_print("Usage:\n\tpython Meppo.py -poc xxx -u http:xxx\n\tpython Meppo.py -poc xxx -f target.txt",5)
except:
print("Usage:\n\tpython Meppo.py -poc xxx -u http:xxx\n\tpython Meppo.py -poc xxx -f target.txt")
status_print("Usage:\n\tpython Meppo.py -poc xxx -u http:xxx\n\tpython Meppo.py -poc xxx -f target.txt",5)
elif args.moudle:
try:
if args.list:
@@ -90,15 +90,15 @@ def Console():
elif args.file:
console_attack.run_moudle(args.moudle, get_urls(args.file))
else:
print("Usage:\n\tpython Meppo.py -m -l\n\tpython Meppo.py -m xxx -u http:xxx\n\tpython Meppo.py -m -f target.txt")
status_print("Usage:\n\tpython Meppo.py -m -l\n\tpython Meppo.py -m xxx -u http:xxx\n\tpython Meppo.py -m -f target.txt",5)
except:
print("Usage:\n\tpython Meppo.py -m -l\n\tpython Meppo.py -m xxx -u http:xxx\n\tpython Meppo.py -m -f target.txt")
status_print("Usage:\n\tpython Meppo.py -m -l\n\tpython Meppo.py -m xxx -u http:xxx\n\tpython Meppo.py -m -f target.txt",5)
elif args.list:
moudle_list()
elif args.listall:
payload_list_all()
else:
print("Usage:"
status_print("Usage:"
"\n\tpython Meppo.py -l\t\t\t\tList All Moudles"
"\n\tpython Meppo.py -ll\t\t\t\tList All Payloads"
"\n\tpython Meppo.py -m xxx -l\t\t\tList Payload Of The Moudle"
@@ -109,7 +109,7 @@ def Console():
"\n\tpython Meppo.py -fofa APP=\"DEMO\"\t\tFOFA API 报告导出 num默认1000"
"\n\tpython Meppo.py -fofa APP=\"DEMO\" -num 100\tFOFA API 报告导出 自定义数量"
"\n\tpython Meppo.py -shodan APP=\"DEMO\"\t\tSHODAN API 报告导出 num默认1000"
"\n\tpython Meppo.py -shodan APP=\"DEMO\" -num 100\tSHODAN API 报告导出 自定义数量")
"\n\tpython Meppo.py -shodan APP=\"DEMO\" -num 100\tSHODAN API 报告导出 自定义数量",5)
########################################################################################################################

7
Moudle/Moudle_index.py
View File

@@ -1,5 +1,5 @@
MOUDLE_NUM=27
PAYLOAD_NUM=59
MOUDLE_NUM=28
PAYLOAD_NUM=60
# AlibabaCanal
from Moudle.AlibabaCanal import Alibaba_Canal_Info_Leak
@@ -46,6 +46,8 @@ from Moudle.Inspur import Inspur_sysShell_RCE
# Jeecms
from Moudle.Jeecms import Jeecms_ssrf_getshell
# Joomla
# Kangle
from Moudle.Kangle import Kangle_default_password
@@ -73,6 +75,7 @@ from Moudle.SonarQube import CVE_2020_27986
# Spring
from Moudle.Spring import CVE_2022_22947
from Moudle.Spring import CVE_2022_22963
from Moudle.Spring import CVE_2022_22965
# TDXK

79
README.md
View File

@@ -1,36 +1,38 @@
# Meppo
漏洞利用框架 Meppo | By WingsSec
漏洞检测框架 Meppo | By WingsSec
### Version
##### V1.1 `2022-03-23`
##### V1.1 `2022-03-23` `正式开源`
##### V2.0 `2022-04-07` `版本重大更新,我们换了套皮肤 /手动狗头`
![](show.png)
```angular2html
python Meppo.py
__ __
| \/ | ___ _ __ _ __ ___
| |\/| |/ _ \ '_ \| '_ \ / _ \
| | | | __/ |_) | |_) | (_) |
|_| |_|\___| .__/| .__/ \___/
|_| |_|
__ ___
/ |/ /__ ____ ____ ____
/ /|_/ / _ \/ __ \/ __ \/ __ \
/ / / / __/ /_/ / /_/ / /_/ /
/_/ /_/\___/ .___/ .___/\____/
/_/ /_/
漏洞检测框架 Meppo | By WingsSec | V 1.1
[ 26 MOUDLES 55 PAYLOADS ]
漏洞检测框架 Meppo | By WingsSec | V 2.0
[ 28 MOUDLES 60 PAYLOADS ]
Usage:
python Meppo.py -l List All Moudles
python Meppo.py -ll List All Payloads
python Meppo.py -m xxx -l List Payload Of The Moudle
python Meppo.py -poc xxx -u target 单目标 单POC
python Meppo.py -poc xxx -f targets.txt 多目标 单POC
python Meppo.py -m xxx -u target 单目标 模块
python Meppo.py -m xxx -f targets.txt 多目标 模块
python Meppo.py -poc xxx -u target 单目标 单POC
python Meppo.py -poc xxx -f targets.txt 多目标 单POC
python Meppo.py -m xxx -u target 单目标 模块
python Meppo.py -m xxx -f targets.txt 多目标 模块
python Meppo.py -fofa APP="DEMO" FOFA API 报告导出 num默认1000
python Meppo.py -fofa APP="DEMO" -num 100 FOFA API 报告导出 自定义数量
python Meppo.py -shodan APP="DEMO" SHODAN API 报告导出 num默认1000
python Meppo.py -shodan APP="DEMO" -num 100 SHODAN API 报告导出 自定义数量
```
```angular2html
python Meppo.py -h
__ ___
/ |/ /__ ____ ____ ____
/ /|_/ / _ \/ __ \/ __ \/ __ \
@@ -38,9 +40,9 @@ python Meppo.py -h
/_/ /_/\___/ .___/ .___/\____/
/_/ /_/
漏洞检测框架 Meppo | By WingsSec | V 1.1
[ 26 MOUDLES 55 PAYLOADS ]
usage: Meppo.py [-h] [-l] [-ll] [-m MOUDLE] [-u URL] [-f FILE] [-poc POC] [-fofa FOFA] [-num NUM]
漏洞检测框架 Meppo | By WingsSec | V 2.0
[ 28 MOUDLES 60 PAYLOADS ]
usage: Meppo.py [-h] [-l] [-ll] [-m MOUDLE] [-u URL] [-f FILE] [-poc POC] [-fofa FOFA] [-shodan SHODAN] [-num NUM]
options:
-h, --help show this help message and exit
@@ -55,9 +57,19 @@ options:
资产爬取模块:
-fofa FOFA 资产爬取
-shodan SHODAN 资产爬取
-num NUM 资产数量
```
```angular2html
_____
/ \ ____ ______ ______ ____
/ \ / \_/ __ \\____ \\____ \ / _ \
/ Y \ ___/| |_> > |_> > <_> )
\____|__ /\___ > __/| __/ \____/
\/ \/|__| |__|
漏洞检测框架 Meppo | By WingsSec | V 2.0
[ 28 MOUDLES 60 PAYLOADS ]
【Payload List】
==================================================================================================================
| Moudle | Payload | Remark |
@@ -76,6 +88,10 @@ options:
------------------------------------------------------------------------------------------------------------------
| Drupal | CVE_2018_7600 | Drupal 7 RCE |
------------------------------------------------------------------------------------------------------------------
| Drupal | CVE_2018_7600_8 | Drupal 8 RCE |
------------------------------------------------------------------------------------------------------------------
| Drupal | CVE_2019_6340 | drupal8-REST-RCE |
------------------------------------------------------------------------------------------------------------------
| ESAFENET | CNVD_2021_26058 | 亿赛通电子文档安全管理系统远程命令执行漏洞 |
------------------------------------------------------------------------------------------------------------------
| EyouCMS | EyouCMS_qiantai_rce | 易优CMS前台RCE |
@@ -86,6 +102,8 @@ options:
------------------------------------------------------------------------------------------------------------------
| Fikker | Fikker_admin | fikker Console default password |
------------------------------------------------------------------------------------------------------------------
| H3C | IMC_RCE | H3C IMC RCE |
------------------------------------------------------------------------------------------------------------------
| Inspur | CVE_2020_21224 | Inspur ClusterEngine V4.0 RCE |
------------------------------------------------------------------------------------------------------------------
| Inspur | Inspur_Any_user_login | 浪潮任意用户登录漏洞 |
@@ -122,27 +140,16 @@ options:
------------------------------------------------------------------------------------------------------------------
| Spring | CVE_2022_22947 | Spring Cloud Gateway RCE |
------------------------------------------------------------------------------------------------------------------
| Spring | CVE_2022_22963 | spring_function_rce |
------------------------------------------------------------------------------------------------------------------
| Spring | CVE_2022_22965 | Spring Core RCE |
------------------------------------------------------------------------------------------------------------------
| TDXK | TDXK_Any_file_upload | TDXK_前台任意文件上传 |
------------------------------------------------------------------------------------------------------------------
| TDXK | TDXK_Any_user_login | TDXK_任意用户登录 |
------------------------------------------------------------------------------------------------------------------
| TDXK | TDXK_logined_any_file_upload | TDXK_登录后任意文件上传 |
------------------------------------------------------------------------------------------------------------------
| TDXK | TDXK_online_user_login | TDXK_任意在线用户登录 |
------------------------------------------------------------------------------------------------------------------
| TDXK | TDXK_weakpwd | TDXK_弱口令 |
------------------------------------------------------------------------------------------------------------------
| TianQing | TianQing_SQLinjection | 天擎终端安全管理系统SQL注入 |
------------------------------------------------------------------------------------------------------------------
| TianQing | TianQing_Unauthorized | 天擎终端安全管理系统未授权访问 |
------------------------------------------------------------------------------------------------------------------
| VCenter | CVE_2021_21972 | VCenter6.7及以下版本任意文件上传漏洞 |
------------------------------------------------------------------------------------------------------------------
| VCenter | CVE_2021_22005 | VMware vCenter Analytics 任意文件上传漏洞 |
------------------------------------------------------------------------------------------------------------------
| VRealize | CVE_2021_21975 | VMware vRealize&Cloud Foundation SSRF漏洞 |
------------------------------------------------------------------------------------------------------------------
| VRealize | CVE_2021_21983 | VMware vRealize 认证后任意文件上传漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weaver | CNVD_2019_32204 | 泛微OA Bsh 远程代码执行漏洞 |
------------------------------------------------------------------------------------------------------------------

BIN
show.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 573 KiB