diff --git a/N-MiddlewareScan.py b/N-MiddlewareScan.py index 611fbf7..f031188 100644 --- a/N-MiddlewareScan.py +++ b/N-MiddlewareScan.py @@ -51,6 +51,4 @@ def main(): print("相关漏洞检测完成。") if __name__ == '__main__': print("开始检测中间件相关漏洞:") - main() - - +main() \ No newline at end of file diff --git a/plugins/deal.py b/plugins/CVE的原理分析网址处理脚本/deal.py similarity index 85% rename from plugins/deal.py rename to plugins/CVE的原理分析网址处理脚本/deal.py index da11eca..22ff866 100644 --- a/plugins/deal.py +++ b/plugins/CVE的原理分析网址处理脚本/deal.py @@ -4,5 +4,6 @@ with open("temp.txt",encoding="utf-8") as f: i=i.rstrip("\n").split(" ")[0] i=i.replace("-","_") #i="def "+i+"(url):\n"+" "+"headers = {'User-Agent': get_user_agent()}" - print(i+"(url)") + #print(i+"(url)") + print(i) f.close() diff --git a/plugins/CVE的原理分析网址处理脚本/deal2.py b/plugins/CVE的原理分析网址处理脚本/deal2.py new file mode 100644 index 0000000..256709f --- /dev/null +++ b/plugins/CVE的原理分析网址处理脚本/deal2.py @@ -0,0 +1,31 @@ +#coding=utf-8 +import requests +import re +from concurrent.futures import ThreadPoolExecutor +import traceback +''' +s=requests.get(url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9158") +s=s.text +s=re.findall("MISC:http.*",s)[0].rstrip("").lstrip("MISC") +print(s) +''' +def requests_url(cve): + try: + url = "http://cve.mitre.org/cgi-bin/cvename.cgi?name=" + cve + s = requests.get(url=url) + s = s.text + s = re.findall("MISC:http.*", s)[0].rstrip("").lstrip("MISC:") + print(s) + except Exception: + print(traceback.print_exc()) + + +with open("temp2.txt") as f: + for i in f.readlines(): + name = i.rstrip("\n") + with ThreadPoolExecutor(40) as excetor: + excetor.submit(requests_url(name)) +f.close() + + + diff --git a/plugins/temp.txt b/plugins/CVE的原理分析网址处理脚本/temp.txt similarity index 100% rename from plugins/temp.txt rename to plugins/CVE的原理分析网址处理脚本/temp.txt diff --git a/plugins/CVE的原理分析网址处理脚本/temp2.txt b/plugins/CVE的原理分析网址处理脚本/temp2.txt new file mode 100644 index 0000000..fe9fe3e --- /dev/null +++ b/plugins/CVE的原理分析网址处理脚本/temp2.txt @@ -0,0 +1,15 @@ +CVE_2018_9158 +CVE_2018_9157 +CVE_2018_9156 +CVE_2018_8032 +CVE_2018_19334 +CVE_2018_10664 +CVE_2018_10663 +CVE_2018_10662 +CVE_2018_10661 +CVE_2018_10660 +CVE_2018_10659 +CVE_2018_10658 +CVE_2017_9765 +CVE_2017_15885 +CVE_2017_12413 \ No newline at end of file diff --git a/plugins/__pycache__/axis.cpython-37.pyc b/plugins/__pycache__/axis.cpython-37.pyc index 97c70b9..ac1409d 100644 Binary files a/plugins/__pycache__/axis.cpython-37.pyc and b/plugins/__pycache__/axis.cpython-37.pyc differ diff --git a/plugins/__pycache__/plugins.cpython-37.pyc b/plugins/__pycache__/plugins.cpython-37.pyc index 46bd2d4..0eeaac3 100644 Binary files a/plugins/__pycache__/plugins.cpython-37.pyc and b/plugins/__pycache__/plugins.cpython-37.pyc differ diff --git a/plugins/axis.py b/plugins/axis.py index b80287d..1d244f3 100644 --- a/plugins/axis.py +++ b/plugins/axis.py @@ -1,50 +1,57 @@ #coding=utf-8 +import requests from user_agent import get_user_agent -def CVE_2018_9158(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2018_9157(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2018_9156(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2018_8032(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2018_19334(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2018_10664(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2018_10663(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2018_10662(url): - headers = {'User-Agent': get_user_agent()} def CVE_2018_10661(url): headers = {'User-Agent': get_user_agent()} -def CVE_2018_10660(url): + data={"action":"abc","return_page":"it_worked"} + url=url.rstrip("/")+"/index.html/a.srv" + s=requests.post(url=url,data=data,headers=headers) + if "it_worked" in s.text: + return "exist CVE_2018_10661" + else: + return "not exist CVE_2018_10661" +def axis_admin(host): + url = "http://%s"%(host) headers = {'User-Agent': get_user_agent()} -def CVE_2018_10659(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2018_10658(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2017_9765(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2017_15885(url): - headers = {'User-Agent': get_user_agent()} -def CVE_2017_12413(url): - headers = {'User-Agent': get_user_agent()} -def axis(url): - CVE_2018_9158(url) - CVE_2018_9157(url) - CVE_2018_9156(url) - CVE_2018_8032(url) - CVE_2018_19334(url) - CVE_2018_10664(url) - CVE_2018_10663(url) - CVE_2018_10662(url) - CVE_2018_10661(url) - CVE_2018_10660(url) - CVE_2018_10659(url) - CVE_2018_10658(url) - CVE_2017_9765(url) - CVE_2017_15885(url) - CVE_2017_12413(url) - pass + error_i=0 + flag_list=['Administration Page','System Components','"axis2-admin/upload"','include page="footer.inc">','axis2-admin/logout'] + user_list=['axis','admin','manager','root'] + pass_list=['','axis','axis2','123456','12345678','password','123456789','admin123','admin888','admin1','administrator','8888888','123123','admin','manager','root'] + for user in user_list: + for password in pass_list: + try: + login_url = url+'/axis2/axis2-admin/login' + PostStr='userName=%s&password=%s&submit=+Login+'%(user,password) + request = requests.post(url=login_url,data=PostStr,headers=headers) + res_html = res.text + except Exception: + return 'axis no weak password。' + for flag in flag_list: + if flag in res_html: + info = '%s Axis Weak password %s:%s'%(login_url,user,password) + return 'YES|'+info + return 'axis no weak password。' + +def axis_info(host): + url = "http://%s"%(host) + vul_url = url + "/axis2/axis2-web/HappyAxis.jsp" + try: + s=requests.get(url=url) + res_html=s.text + except Exception: + return 'no axis info。' + if "Axis2 Happiness Page" in res_html: + info = vul_url + " Axis Information Disclosure" + return 'YES|'+info + return 'no axis info。' + + +def axis(url): + cve__2018_10661=CVE_2018_10661(url) + print(cve__2018_10661) + axis_admins=axis_admin(url) + print(axis_admins) + axis_infos=axis_info(url) + print(axis_infos) + diff --git a/plugins/plugins.py b/plugins/plugins.py index e1d17a4..940dbf0 100644 --- a/plugins/plugins.py +++ b/plugins/plugins.py @@ -8,5 +8,6 @@ class plugins(object): self.options=options def run(self): axis(self.url) + #others