Skip to content

Commit 6dd9419

Browse files
AabyssZGAabyssZG
authored
Update run.py
1 parent 8f126b9 commit 6dd9419

File tree

1 file changed

+26
-22
lines changed

1 file changed

+26
-22
lines changed

inc/run.py

Lines changed: 26 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,11 @@
88
import requests, sys, random
99
from tqdm import tqdm
1010
from termcolor import cprint
11+
from time import sleep
1112
import requests.packages.urllib3
1213
requests.packages.urllib3.disable_warnings()
1314

14-
ua = [
15-
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36,Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36",
15+
ua = ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36,Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36",
1616
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36,Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36",
1717
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36,Mozilla/5.0 (X11; NetBSD) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36",
1818
"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36",
@@ -24,6 +24,9 @@ def url(urllist,proxies):
2424
f1 = open("urlout.txt", "wb+")
2525
f1.close()
2626
cprint(f"======开始对目标URL测试SpringBoot信息泄露端点======", "cyan")
27+
sleeps = input("\n是否要延时扫描 (默认0秒): ")
28+
if sleeps == '':
29+
sleeps = "0"
2730
with open("Dir.txt", 'r') as web:
2831
webs = web.readlines()
2932
for web in webs:
@@ -33,23 +36,24 @@ def url(urllist,proxies):
3336
header = {"User-Agent": random.choice(ua)}
3437
requests.packages.urllib3.disable_warnings()
3538
r = requests.get(url=u, headers=header, timeout=6, allow_redirects=False, verify=False, proxies=proxies) # 设置超时6秒
39+
sleep(int(sleeps))
3640
if r.status_code == 503:
3741
sys.exit()
42+
if ((r.status_code == 200) and ('need login' not in r.text) and ('禁止访问' not in r.text) and (len(r.content) != 3318) and ('无访问权限' not in r.text) and ('认证失败' not in r.text)):
43+
cprint("[+] 状态码%d" % r.status_code + ' ' + "信息泄露URL为:" + u + ' ' + "页面长度为:" + str(len(r.content)),"red")
44+
f2 = open("urlout.txt", "a")
45+
f2.write(u + '\n')
46+
f2.close()
47+
elif(r.status_code == 200):
48+
cprint("[+] 状态码%d" % r.status_code + ' ' + "但无法获取信息 URL为:" + u + ' ' + "页面长度为:" + str(len(r.content)),"magenta")
49+
else:
50+
cprint("[-] 状态码%d" % r.status_code + ' ' + "无法访问URL为:" + u ,"yellow")
3851
except KeyboardInterrupt:
3952
print("Ctrl + C 手动终止了进程")
4053
sys.exit()
41-
except:
54+
except Exception as e:
4255
cprint("[-] URL为 " + u + " 的目标积极拒绝请求,予以跳过!", "magenta")
4356
#break
44-
if ((r.status_code == 200) and ('need login' not in r.text) and ('禁止访问' not in r.text) and (len(r.content) != 3318) and ('无访问权限' not in r.text)):
45-
cprint("[+] 状态码%d" % r.status_code + ' ' + "信息泄露URL为:" + u + ' ' + "页面长度为:" + str(len(r.content)),"red")
46-
f2 = open("urlout.txt", "a")
47-
f2.write(u + '\n')
48-
f2.close()
49-
elif(r.status_code == 200):
50-
cprint("[+] 状态码%d" % r.status_code + ' ' + "但无法获取信息 URL为:" + u + ' ' + "页面长度为:" + str(len(r.content)),"magenta")
51-
else:
52-
cprint("[-] 状态码%d" % r.status_code + ' ' + "无法访问URL为:" + u ,"yellow")
5357
count = len(open("urlout.txt", 'r').readlines())
5458
if count >= 1:
5559
print('\n')
@@ -77,21 +81,21 @@ def file(filename,proxies):
7781
header = {"User-Agent": random.choice(ua)}
7882
requests.packages.urllib3.disable_warnings()
7983
r = requests.get(url=u, headers=header, timeout=6, allow_redirects=False, verify=False, proxies=proxies) # 设置超时6秒
84+
if ((r.status_code == 200) and ('need login' not in r.text) and ('禁止访问' not in r.text) and (len(r.content) != 3318) and ('无访问权限' not in r.text) and ('认证失败' not in r.text)):
85+
cprint("[+] 状态码%d" % r.status_code + ' ' + "信息泄露URL为:" + u + ' ' + "页面长度为:" + str(len(r.content)),"red")
86+
f2 = open("output.txt", "a")
87+
f2.write(u + '\n')
88+
f2.close()
89+
elif(r.status_code == 200):
90+
cprint("[+] 状态码%d" % r.status_code + ' ' + "但无法获取信息 URL为:" + u + ' ' + "页面长度为:" + str(len(r.content)),"magenta")
91+
else:
92+
cprint("[-] 状态码%d" % r.status_code + ' ' + "无法访问URL为:" + u ,"yellow")
8093
except KeyboardInterrupt:
8194
print("Ctrl + C 手动终止了进程")
8295
sys.exit()
83-
except:
96+
except Exception as e:
8497
cprint("[-] URL为 " + u + " 的目标积极拒绝请求,予以跳过!", "magenta")
8598
#break
86-
if ((r.status_code == 200) and ('need login' not in r.text) and ('禁止访问' not in r.text) and (len(r.content) != 3318) and ('无访问权限' not in r.text)):
87-
cprint("[+] 状态码%d" % r.status_code + ' ' + "信息泄露URL为:" + u + ' ' + "页面长度为:" + str(len(r.content)),"red")
88-
f2 = open("output.txt", "a")
89-
f2.write(u + '\n')
90-
f2.close()
91-
elif(r.status_code == 200):
92-
cprint("[+] 状态码%d" % r.status_code + ' ' + "但无法获取信息 URL为:" + u + ' ' + "页面长度为:" + str(len(r.content)),"magenta")
93-
else:
94-
cprint("[-] 状态码%d" % r.status_code + ' ' + "无法访问URL为:" + u ,"yellow")
9599
count = len(open("output.txt", 'r').readlines())
96100
if count >= 1:
97101
print('\n')

0 commit comments

Comments
 (0)