Jenkins

Framework/console_attack.py

@@ -11,6 +11,7 @@ import datetime
 from multiprocessing import Pool, Manager
 
 from Config.config_print import status_print
+from Tools.NoRepeat import Norepeat
 from Tools.ReBuild import get_payload
 from Config.config_logging import loglog
 from Moudle.Moudle_index import *
@@ -28,7 +29,7 @@ def get_urls(file):
     res=[]
     for i in r:
         res.append(urlcheck(i).replace('\n',''))
-    return res
+    return Norepeat(res)
 
 def record_res(dic):
     if dic:
@@ -39,7 +40,7 @@ def record_res(dic):
         status_print(res,1)
         loglog(res)
 
-
+# 讲道理，框架不该对脚本做异常屏蔽的，但是孩子们不听话，不做异常捕获，导致批量异常相互干扰，先启用吧
 def pocs(target,moudle,q):
     q.put(target)
     res=""
@@ -63,6 +64,7 @@ def run_poc(*args):
         if isinstance(args[1],str):
             record_res(eval(args[0]).poc(urlcheck(args[1])))
         elif isinstance(args[1], list):
+            status_print('任务加载数量：' + str(len(args[1])), 0)
             poolmana(args[0], args[1])
 
 def run_moudle(*args):

Moudle/Jenkins/CVE_2018_1000861.py

@@ -13,7 +13,7 @@ requests.packages.urllib3.disable_warnings()
 NAME = 'CVE_2018_1000861'
 AUTHOR = "RabbitMask"
 REMARK = 'Jenkins远程命令执行漏洞'
-FOFA_RULE = '对应漏洞框架的fofa语法'
+FOFA_RULE = 'app="Jenkins"'
 
 ########################################################################################################################
 # 漏洞检测模块

Moudle/Jenkins/UnauthorizedScript.py

@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+# _*_ coding:utf-8 _*_
+
+import requests
+import re
+import urllib
+import binascii
+from Config.config_requests import headers
+requests.packages.urllib3.disable_warnings()
+
+########################################################################################################################
+# 脚本信息
+NAME = 'UnauthorizedScript'
+AUTHOR = "RabbitMask"
+REMARK = 'Jenkins未授权脚本执行'
+FOFA_RULE = 'app="Jenkins"'
+
+########################################################################################################################
+# 漏洞检测模块
+def poc(target):
+    result = {}
+    try:
+        req = requests.get(target+'/script', headers=headers, timeout=5)
+        if req.status_code == 200 and 'Jenkins.instance.pluginManager.plugins' in req.text:
+            result['target'] = target
+            result['poc'] = NAME
+            result['url'] = target+'/script'
+            return result
+    except:
+        pass
+
+

Moudle/Moudle_index.py

@@ -1,5 +1,5 @@
-MOUDLE_NUM=29
-PAYLOAD_NUM=62
+MOUDLE_NUM=30
+PAYLOAD_NUM=64
 
 # AlibabaCanal
 from Moudle.AlibabaCanal import Alibaba_Canal_Info_Leak
@@ -48,6 +48,7 @@ from Moudle.Jeecms import Jeecms_ssrf_getshell
 
 # Jenkins
 from Moudle.Jenkins import CVE_2018_1000861
+from Moudle.Jenkins import UnauthorizedScript
 
 # Joomla
 from Moudle.Joomla import joomla_config_find
@@ -74,6 +75,9 @@ from Moudle.Seeyon import Seeyon_OA_SessionLeak_Upload
 from Moudle.Seeyon import Seeyon_OA_Session_Leak
 from Moudle.Seeyon import Seeyon_OA_SQLInjection
 
+# ShowDoc
+from Moudle.ShowDoc import CNVD_2020_26585
+
 # SonarQube
 from Moudle.SonarQube import CVE_2020_27986
 

Tools/NoRepeat.py

@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+# _*_ coding:utf-8 _*_
+'''
+ ____       _     _     _ _   __  __           _    
+|  _ \ __ _| |__ | |__ (_) |_|  \/  | __ _ ___| | __
+| |_) / _` | '_ \| '_ \| | __| |\/| |/ _` / __| |/ /
+|  _ < (_| | |_) | |_) | | |_| |  | | (_| \__ \   < 
+|_| \_\__,_|_.__/|_.__/|_|\__|_|  |_|\__,_|___/_|\_\
+                                                    
+'''
+from Config.config_print import status_print
+
+
+def Norepeat(mylist):
+    status_print("数据去重前：{}条数据".format(len(mylist)),0)
+    data = list(set(mylist))
+    data.sort()
+    status_print("数据去重后：{}条数据".format(len(data)),0)
+    return data