├── requirements.txt ├── README.md ├── main.py └── unauthorizedV2.py /requirements.txt: -------------------------------------------------------------------------------- 1 | certifi==2025.1.31 2 | charset-normalizer==3.4.1 3 | dnspython==2.7.0 4 | hashring==1.5.1 5 | idna==3.10 6 | ldap3==2.9.1 7 | memcache==0.12.0 8 | pyasn1==0.6.1 9 | pymongo==4.11.3 10 | PyQt5==5.15.11 11 | PyQt5-Qt5==5.15.2 12 | PyQt5_sip==12.17.0 13 | redis==5.2.1 14 | requests==2.32.3 15 | urllib3==2.3.0 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 常见的未授权漏洞检测 2 | --命令行版已放出支持多线程,批量扫描,指定服务扫描,命令行版地址https://github.com/xk11z/unauthorized_com 3 | --GUI版unauthorizedV2已更新,可批量ip检测导出结果 4 | 5 | 6 | 项目包含1 、FTP 未授权访问(21) 7 | 2 、LDAP 未授权访问(389) 8 | 3 、Rsync 未授权访问(873) 9 | 4 、ZooKeeper 未授权访问(2181) 10 | 5 、Docker 未授权访问(2375) 11 | 6 、Docker Registry未授权(5000) 12 | 7 、Kibana 未授权访问(5601) 13 | 8 、VNC 未授权访问(5900、5901) 14 | 9 、CouchDB 未授权访问(5984) 15 | 10 、Apache Spark 未授权访问(6066、8081、8082) 16 | 11 、Redis 未授权访问(6379) 17 | 12 、Weblogic 未授权访问(7001) 18 | 13 、HadoopYARN 未授权访问(8088) 19 | 14 、JBoss 未授权访问(8080) 20 | 15 、Jenkins 未授权访问(8080) 21 | 16 、Kubernetes Api Server 未授权(8080、10250) 22 | 17 、Active MQ 未授权访问(8161) 23 | 18 、Jupyter Notebook 未授权访问(8888) 24 | 19 、Elasticsearch 未授权访问(9200、9300) 25 | 20 、Zabbix 未授权访问(10051) 26 | 21 、Memcached 未授权访问(11211) 27 | 22 、RabbitMQ 未授权访问(15672、15692、25672) 28 | 23 、MongoDB 未授权访问(27017) 29 | 24 、NFS 未授权访问(2049、20048) 30 | 25 、Dubbo 未授权访问(28096) 31 | 26 、Druid 未授权访问 32 | 27 、Solr 未授权访问 33 | 28 、SpringBoot Actuator 未授权访问 34 | 29 、SwaggerUI未授权访问漏洞 35 | 30 、Harbor未授权添加管理员漏洞 36 | 31 、Windows ipc共享未授权访问漏洞 37 | 32 、宝塔phpmyadmin未授权访问 38 | 33 、WordPress未授权访问漏洞 39 | 34 、Atlassian Crowd 未授权访问 40 | 35 、PHP-FPM Fastcgi未授权访问漏洞 41 | 36 、uWSGI未授权访问漏洞 42 | 37 、Kong未授权访问漏洞 43 | 38 、ThinkAdminV6未授权访问漏洞 44 | # 代码规范,可以自己添加其他漏洞检测 45 | # Usage 46 | pip install -r requestments.txt 47 | python3 main.py 48 | # Screenshot 49 | ![存在漏洞](https://user-images.githubusercontent.com/126586204/235194877-b84ffd82-469b-4016-b924-672bc671d652.PNG) 50 | # UNauthorizedV2 51 | ![v2](https://user-images.githubusercontent.com/126586204/236142851-429e5ba1-1056-417e-b86e-f90487470c07.PNG) 52 | 53 | # 免责声明 54 | 本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。 在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。 如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。 55 | -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | import ftplib 2 | import socket 3 | import sys 4 | 5 | import memcache 6 | import pymongo 7 | import requests 8 | from PyQt5.QtWidgets import QApplication, QWidget, QLabel, QLineEdit, QPushButton 9 | 10 | class SecurityChecker(QWidget): 11 | def __init__(self): 12 | super().__init__() 13 | self.initUI() 14 | 15 | def initUI(self): 16 | self.setWindowTitle('常见端口未授权漏洞检测系统 designd by xkllz date:2023-04-28') 17 | 18 | # 创建标签和输入框 19 | self.url_label = QLabel('IP:', self) 20 | self.url_label.move(20, 20) 21 | self.url_input = QLineEdit(self) 22 | self.url_input.move(80, 20) 23 | 24 | # 创建按钮 25 | self.ftp_button = QPushButton('ftp', self) 26 | self.ftp_button.move(20, 50) 27 | self.ftp_button.clicked.connect(self.check_ftp) 28 | 29 | self.vnc_button = QPushButton('vnc', self) 30 | self.vnc_button.move(20, 100) 31 | self.vnc_button.clicked.connect(self.check_vnc) 32 | 33 | self.solr_button = QPushButton('solr', self) 34 | self.solr_button.move(20, 150) 35 | self.solr_button.clicked.connect(self.check_solr) 36 | 37 | self.weblogic_button = QPushButton('weblogic', self) 38 | self.weblogic_button.move(20, 200) 39 | self.weblogic_button.clicked.connect(self.check_weblogic) 40 | 41 | self.jboss_button = QPushButton('JBoss', self) 42 | self.jboss_button.move(120, 50) 43 | self.jboss_button.clicked.connect(self.check_jboss) 44 | 45 | self.es_button = QPushButton('elasticsearch', self) 46 | self.es_button.move(120, 100) 47 | self.es_button.clicked.connect(self.check_elasticsearch) 48 | 49 | self.kubernetes_button = QPushButton('kubernetes', self) 50 | self.kubernetes_button.move(120, 150) 51 | self.kubernetes_button.clicked.connect(self.check_kubernetes_api_server) 52 | 53 | self.dockerreg_button = QPushButton('docker registry', self) 54 | self.dockerreg_button.move(120, 200) 55 | self.dockerreg_button.clicked.connect(self.check_docker_registry) 56 | 57 | self.ldap_button = QPushButton('LDAP', self) 58 | self.ldap_button.move(220, 50) 59 | self.ldap_button.clicked.connect(self.check_ldap) 60 | 61 | self.jenkins_button = QPushButton('jenkins', self) 62 | self.jenkins_button.move(220, 100) 63 | self.jenkins_button.clicked.connect(self.check_jenkins) 64 | 65 | self.couchdb_button = QPushButton('couchdb', self) 66 | self.couchdb_button.move(220, 150) 67 | self.couchdb_button.clicked.connect(self.check_couchdb) 68 | 69 | self.hadoopyarn_button = QPushButton('hadoopYARN', self) 70 | self.hadoopyarn_button.move(220, 200) 71 | self.hadoopyarn_button.clicked.connect(self.check_hadoop_yarn) 72 | 73 | self.redis_button = QPushButton('Redis', self) 74 | self.redis_button.move(320, 50) 75 | self.redis_button.clicked.connect(self.check_redis) 76 | 77 | self.kibana_button = QPushButton('kibana', self) 78 | self.kibana_button.move(320, 100) 79 | self.kibana_button.clicked.connect(self.check_kibana) 80 | 81 | self.spat_button = QPushButton('spring actuator', self) 82 | self.spat_button.move(320, 150) 83 | self.spat_button.clicked.connect(self.check_spring_boot_actuator) 84 | 85 | self.wordpress_button = QPushButton('wordpress', self) 86 | self.wordpress_button.move(320, 200) 87 | self.wordpress_button.clicked.connect(self.check_wordpress) 88 | 89 | self.nfs_button = QPushButton('Nfs', self) 90 | self.nfs_button.move(420, 50) 91 | self.nfs_button.clicked.connect(self.check_nfs) 92 | 93 | self.ipc_button = QPushButton('ipc', self) 94 | self.ipc_button.move(420, 100) 95 | self.ipc_button.clicked.connect(self.check_ipc) 96 | 97 | self.uwsgi_button = QPushButton('uwsgi', self) 98 | self.uwsgi_button.move(420, 150) 99 | self.uwsgi_button.clicked.connect(self.check_uwsgi) 100 | 101 | self.harbor_button = QPushButton('harbor', self) 102 | self.harbor_button.move(420, 200) 103 | self.harbor_button.clicked.connect(self.check_harbor) 104 | 105 | self.zookeeper_button = QPushButton('zookeeper', self) 106 | self.zookeeper_button.move(520, 50) 107 | self.zookeeper_button.clicked.connect(self.check_zookeeper) 108 | 109 | self.druid_button = QPushButton('druid', self) 110 | self.druid_button.move(520, 100) 111 | self.druid_button.clicked.connect(self.check_druid) 112 | 113 | self.tkad6_button = QPushButton('thinkadmin_v6', self) 114 | self.tkad6_button.move(520, 150) 115 | self.tkad6_button.clicked.connect(self.check_thinkadmin_v6) 116 | 117 | self.activemq_button = QPushButton('activemq', self) 118 | self.activemq_button.move(520, 200) 119 | self.activemq_button.clicked.connect(self.check_activemq) 120 | 121 | self.swaggerui_button = QPushButton('swaggerui', self) 122 | self.swaggerui_button.move(620, 50) 123 | self.swaggerui_button.clicked.connect(self.check_swaggerui) 124 | 125 | self.rabbitmq_button = QPushButton('rabbitmq', self) 126 | self.rabbitmq_button.move(620, 100) 127 | self.rabbitmq_button.clicked.connect(self.check_rabbitmq) 128 | 129 | self.phpfpm_button = QPushButton('php_fpm_fastcgi', self) 130 | self.phpfpm_button.move(620, 150) 131 | self.phpfpm_button.clicked.connect(self.check_php_fpm_fastcgi) 132 | 133 | self.atlc_button = QPushButton('atlassianc', self) 134 | self.atlc_button.move(620, 200) 135 | self.atlc_button.clicked.connect(self.check_atlassian_crowd) 136 | 137 | self.docker_button = QPushButton('docker', self) 138 | self.docker_button.move(720, 50) 139 | self.docker_button.clicked.connect(self.check_docker) 140 | 141 | self.dubbo_button = QPushButton('dubbo', self) 142 | self.dubbo_button.move(720, 100) 143 | self.dubbo_button.clicked.connect(self.check_dubbo) 144 | 145 | self.mongodb_button = QPushButton('mongodb', self) 146 | self.mongodb_button.move(720, 150) 147 | self.mongodb_button.clicked.connect(self.check_mongodb) 148 | 149 | self.zabbix_button = QPushButton('zabbix', self) 150 | self.zabbix_button.move(720, 200) 151 | self.zabbix_button.clicked.connect(self.check_zabbix) 152 | 153 | self.memcached_button = QPushButton('memcached', self) 154 | self.memcached_button.move(820, 50) 155 | self.memcached_button.clicked.connect(self.check_memcached) 156 | 157 | self.btphp_button = QPushButton('bt_phpmyadmin', self) 158 | self.btphp_button.move(820, 100) 159 | self.btphp_button.clicked.connect(self.check_bt_phpmyadmin) 160 | 161 | self.jupyter_button = QPushButton('jupyter', self) 162 | self.jupyter_button.move(820, 150) 163 | self.jupyter_button.clicked.connect(self.check_jupyter_notebook) 164 | 165 | self.rsync_button = QPushButton('rsync', self) 166 | self.rsync_button.move(920, 50) 167 | self.rsync_button.clicked.connect(self.check_rsync) 168 | 169 | self.apsk_button = QPushButton('apache_spark', self) 170 | self.apsk_button.move(920, 100) 171 | self.apsk_button.clicked.connect(self.check_apache_spark) 172 | 173 | self.kong_button = QPushButton('kong', self) 174 | self.kong_button.move(920, 150) 175 | self.kong_button.clicked.connect(self.check_kong) 176 | 177 | # 创建结果标签 178 | self.result_label = QLabel('检测结果..........', self) 179 | self.result_label.move(20, 300) 180 | self.result_label.setFixedHeight(60) # 设置固定高度 181 | self.result_label.setFixedWidth(500) 182 | # 将结果标签的背景颜色设置为红色 183 | self.result_label.setStyleSheet('background-color: white; border: 1px solid black') 184 | # self.result_label.setWordWrap(True) # 开启自动换行 185 | 186 | # 设置窗口大小和显示 187 | self.setGeometry(600, 600, 1000, 400) 188 | self.show() 189 | 190 | def check_jboss(self): 191 | url = self.url_input.text() 192 | 193 | # 检查 JBoss 是否存在未授权访问漏洞 194 | jboss_url = url + '/jmx-console/' 195 | jboss_response = requests.get(jboss_url) 196 | if 'jboss' in jboss_response.headers.get('Server', '') and 'Welcome to JBossAS' in jboss_response.text: 197 | jboss_result = '存在jboss未授权访问漏洞\n' 198 | else: 199 | jboss_result = '不存在jboss未授权访问漏洞\n' 200 | 201 | # 显示结果 202 | self.result_label.setText(jboss_result) 203 | 204 | def check_ldap(self): 205 | url = self.url_input.text() 206 | 207 | # 检查 LDAP 是否存在未授权访问漏洞 208 | ldap_url = url + ':389' 209 | ldap_response = requests.get(ldap_url) 210 | if 'OpenLDAP' in ldap_response.headers.get('Server', '') and '80090308' in ldap_response.text: 211 | ldap_result = '存在ldap未授权访问漏洞\n' 212 | else: 213 | ldap_result = '不存在ldap未授权访问漏洞\n' 214 | 215 | # 显示结果 216 | self.result_label.setText(ldap_result) 217 | 218 | def check_redis(self): 219 | url = self.url_input.text() 220 | 221 | # 检查 Redis 是否存在未授权访问漏洞 222 | redis_url = url + ':6379/info' 223 | redis_response = requests.get(redis_url, allow_redirects=False) 224 | if redis_response.status_code == 200 and 'redis_version' in redis_response.text: 225 | redis_result = '存在redis未授权访问漏洞\n' 226 | else: 227 | redis_result = '不存在redis未授权访问漏洞\n' 228 | 229 | # 显示结果 230 | self.result_label.setText(redis_result) 231 | 232 | def check_nfs(self): 233 | ip = self.url_input.text() 234 | 235 | # 检查 NFS 是否存在未授权访问漏洞 236 | try: 237 | nfs_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 238 | nfs_socket.settimeout(3) 239 | nfs_socket.connect((ip, 2049)) 240 | nfs_socket.sendall(b'\x80\x00\x00\x28\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x20\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') 241 | response = nfs_socket.recv(1024) 242 | if b'\x80\x00\x00\x28\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x20\x00\x00\x02\x00\x00\x00\x01' in response: 243 | nfs_result = '存在nfs未授权访问漏洞\n' 244 | else: 245 | nfs_result = '不存在nfs未授权访问漏洞\n' 246 | except: 247 | nfs_result = '无法连接到该 IP\n' 248 | 249 | # 显示结果 250 | self.result_label.setText(nfs_result) 251 | 252 | def check_ftp(self): 253 | ip = self.url_input.text() 254 | 255 | # 检查 FTP 是否存在未授权访问漏洞 256 | try: 257 | ftp = ftplib.FTP(ip) 258 | ftp.login() 259 | ftp.cwd('/') 260 | ftp.quit() 261 | ftp_result = '存在ftp未授权访问漏洞\n' 262 | except: 263 | ftp_result = '不存在ftp未授权访问漏洞\n' 264 | 265 | # 显示结果 266 | self.result_label.setText(ftp_result) 267 | 268 | def check_zookeeper(self): 269 | url = self.url_input.text() 270 | # 检查 Zookeeper 是否存在未授权访问漏洞 271 | zookeeper_url = url + ':2181' 272 | try: 273 | zookeeper_response = requests.get(zookeeper_url, timeout=5) 274 | if 'Zookeeper' in zookeeper_response.headers.get('Server', 275 | '') and zookeeper_response.status_code == 200: 276 | zookeeper_result = '存在zookeeper未授权访问漏洞\n' 277 | else: 278 | zookeeper_result = '不存在zookeeper未授权访问漏洞\n' 279 | except: 280 | zookeeper_result = '无法连接到 Zookeeper 服务\n' 281 | # 显示结果 282 | self.result_label.setText(zookeeper_result) 283 | 284 | # 检查 VNC 是否存在未授权访问漏洞 285 | def check_vnc(self): 286 | ip = self.url_input.text() 287 | vnc_url = f'vnc://{ip}' 288 | try: 289 | tigerVNC_response = requests.get(vnc_url, timeout=5) 290 | if "RFB 003.008\n" in tigerVNC_response.content.decode('utf-8'): 291 | vnc_result = '存在vnc未授权访问漏洞\n' 292 | else: 293 | vnc_result = '不存在vnc未授权访问漏洞\n' 294 | except: 295 | vnc_result = '不存在vnc未授权访问漏洞\n' 296 | 297 | # 显示结果 298 | self.result_label.setText(vnc_result) 299 | 300 | # 检查 Elasticsearch 是否存在未授权访问漏洞 301 | def check_elasticsearch(self): 302 | ip = self.url_input.text() 303 | url = f'http://{ip}:9200/_cat' 304 | try: 305 | response = requests.get(url, timeout=5) 306 | if '/_cat/master' in response.text: 307 | elasticsearch_result = '存在elasticsearch未授权访问漏洞\n' 308 | else: 309 | elasticsearch_result = '不存在elasticsearch未授权访问漏洞\n' 310 | except: 311 | elasticsearch_result = '不存在elasticsearch未授权访问漏洞\n' 312 | 313 | # 显示结果 314 | self.result_label.setText(elasticsearch_result) 315 | 316 | # 检查 Jenkins 是否存在未授权访问漏洞 317 | def check_jenkins(self): 318 | ip = self.url_input.text() 319 | jenkins_url = f'http://{ip}:8080' 320 | try: 321 | response = requests.get(jenkins_url, timeout=5) 322 | if 'jenkins' in response.headers.get('X-Jenkins', '') and 'Dashboard [Jenkins]' in response.text: 323 | jenkins_result = '存在jenkins未授权访问漏洞\n' 324 | else: 325 | jenkins_result = '不存在jenkins未授权访问漏洞\n' 326 | except: 327 | jenkins_result = '不存在jenkins未授权访问漏洞\n' 328 | 329 | # 显示结果 330 | self.result_label.setText(jenkins_result) 331 | 332 | # 检查 Kibana 是否存在未授权访问漏洞 333 | def check_kibana(self): 334 | ip = self.url_input.text() 335 | kibana_url = f'http://{ip}:5601' 336 | try: 337 | response = requests.get(kibana_url, timeout=5) 338 | if 'kbn-name="kibana"' in response.text: 339 | kibana_result = '存在kibana未授权访问漏洞\n' 340 | else: 341 | kibana_result = '不存在kibana未授权访问漏洞\n' 342 | except: 343 | kibana_result = '不存在kibana未授权访问漏洞\n' 344 | 345 | # 显示结果 346 | self.result_label.setText(kibana_result) 347 | 348 | # 检查 IPC 是否存在未授权访问漏洞 349 | def check_ipc(self): 350 | ip = self.url_input.text() 351 | ipc_url = f'http://{ip}:445' 352 | try: 353 | response = requests.get(ipc_url, timeout=5) 354 | if 'IPC Service' in response.text: 355 | ipc_result = '存在ipc未授权访问漏洞\n' 356 | else: 357 | ipc_result = '不存在ipc未授权访问漏洞\n' 358 | except: 359 | ipc_result = '不存在ipc未授权访问漏洞\n' 360 | 361 | # 显示结果 362 | self.result_label.setText(ipc_result) 363 | 364 | # 检查 Druid 是否存在未授权访问漏洞 365 | def check_druid(self): 366 | ip = self.url_input.text() 367 | druid_url = f'http://{ip}:8888/druid/index.html' 368 | try: 369 | response = requests.get(druid_url, timeout=5) 370 | if 'Druid Console' in response.text: 371 | druid_result = '存在druid未授权访问漏洞\n' 372 | else: 373 | druid_result = '不存在druid未授权访问漏洞\n' 374 | except: 375 | druid_result = '不存在druid未授权访问漏洞\n' 376 | 377 | # 显示结果 378 | self.result_label.setText(druid_result) 379 | def check_swaggerui(self): 380 | url = self.url_input.text() 381 | # 检查 SwaggerUI 是否存在未授权访问漏洞 382 | swaggerui_url = url + '/swagger-ui.html' 383 | try: 384 | swaggerui_response = requests.get(swaggerui_url, timeout=5) 385 | if 'Swagger' in swaggerui_response.text: 386 | swaggerui_result = '存在swaggerui未授权访问漏洞\n' 387 | else: 388 | swaggerui_result = '不存在swaggerui未授权访问漏洞\n' 389 | except: 390 | swaggerui_result = '无法连接到 SwaggerUI 应用程序\n' 391 | # 显示结果 392 | self.result_label.setText(swaggerui_result) 393 | def check_docker(self): 394 | url = self.url_input.text() 395 | # 检查 Docker 是否存在未授权访问漏洞 396 | docker_url = 'http://' + url + ':2375/version' 397 | try: 398 | docker_response = requests.get(docker_url, timeout=5) 399 | if docker_response.status_code == 200 and 'ApiVersion' in docker_response.json(): 400 | docker_result = '存在docker未授权访问漏洞\n' 401 | else: 402 | docker_result = '不存在docker未授权访问漏洞\n' 403 | except: 404 | docker_result = '无法连接到 Docker 守护进程\n' 405 | # 显示结果 406 | self.result_label.setText(docker_result) 407 | 408 | # 检查 RabbitMQ 是否存在未授权访问漏洞 409 | def check_rabbitmq(self): 410 | ip = self.url_input.text() 411 | rabbitmq_url = f'http://{ip}:15672/' 412 | 413 | try: 414 | response = requests.get(rabbitmq_url, timeout=5) 415 | if 'RabbitMQ Management' in response.text and 'overview-module' in response.text: 416 | rabbitmq_result = '存在rabbitmq未授权访问漏洞\n' 417 | else: 418 | rabbitmq_result = '不存在rabbitmq未授权访问漏洞\n' 419 | except: 420 | rabbitmq_result = '不存在rabbitmq未授权访问漏洞\n' 421 | 422 | # 显示结果 423 | self.result_label.setText(rabbitmq_result) 424 | 425 | # 检查 Memcached 是否存在未授权访问漏洞 426 | def check_memcached(self): 427 | ip = self.url_input.text() 428 | 429 | try: 430 | memcached_client = memcache.Client([ip], timeout=5) 431 | stats = memcached_client.get_stats() 432 | if len(stats) > 0: 433 | memcached_result = '存在memcached未授权访问漏洞\n' 434 | else: 435 | memcached_result = '不存在memcached未授权访问漏洞\n' 436 | except: 437 | memcached_result = '不存在memcached未授权访问漏洞\n' 438 | 439 | # 显示结果 440 | self.result_label.setText(memcached_result) 441 | 442 | # 检查 Dubbo 是否存在未授权访问漏洞 443 | def check_dubbo(self): 444 | ip = self.url_input.text() 445 | url = f'http://{ip}:8080/' 446 | try: 447 | response = requests.get(url, timeout=5) 448 | if 'dubbo' in response.headers and 'Welcome to the Dubbo' in response.text: 449 | dubbo_result = '存在dubbo未授权访问漏洞\n' 450 | else: 451 | dubbo_result = '不存在dubbo未授权访问漏洞\n' 452 | except: 453 | dubbo_result = '不存在dubbo未授权访问漏洞\n' 454 | 455 | # 显示结果 456 | self.result_label.setText(dubbo_result) 457 | 458 | # 检查宝塔phpmyadmin是否存在未授权访问漏洞 459 | def check_bt_phpmyadmin(self): 460 | ip = self.url_input.text() 461 | phpmyadmin_url = f'http://{ip}/phpmyadmin/' 462 | try: 463 | response = requests.get(phpmyadmin_url, timeout=5) 464 | if 'phpMyAdmin' in response.text: 465 | bt_phpmyadmin_result = '存在bt_phpmyadmin未授权访问漏洞\n' 466 | else: 467 | bt_phpmyadmin_result = '不存在bt_phpmyadmin未授权访问漏洞\n' 468 | except: 469 | bt_phpmyadmin_result = '不存在bt_phpmyadmin未授权访问漏洞\n' 470 | 471 | # 显示结果 472 | self.result_label.setText(bt_phpmyadmin_result) 473 | 474 | # 检查 Rsync 是否存在未授权访问漏洞 475 | def check_rsync(self): 476 | ip = self.url_input.text() 477 | rsync_url = f'rsync://{ip}' 478 | try: 479 | response = requests.get(rsync_url, timeout=5) 480 | if 'rsync' in response.headers.get('Server', '') and 'rsyncd.conf' in response.text: 481 | rsync_result = '存在rsync未授权访问漏洞\n' 482 | else: 483 | rsync_result = '不存在rsync未授权访问漏洞\n' 484 | except: 485 | rsync_result = '不存在rsync未授权访问漏洞\n' 486 | 487 | # 显示结果 488 | self.result_label.setText(rsync_result) 489 | 490 | # 检查 Solr 是否存在未授权访问漏洞 491 | def check_solr(self): 492 | ip = self.url_input.text() 493 | solr_url = f'http://{ip}:8983/solr/' 494 | try: 495 | response = requests.get(solr_url, timeout=5) 496 | if 'Apache Solr' in response.text: 497 | solr_result = '存在solr未授权访问漏洞\n' 498 | else: 499 | solr_result = '不存在solr未授权访问漏洞\n' 500 | 501 | except: 502 | solr_result = '不存在solr未授权访问漏洞\n' 503 | # 显示结果 504 | self.result_label.setText(solr_result) 505 | 506 | # 检查 Kubernetes Api Server 是否存在未授权访问漏洞 507 | def check_kubernetes_api_server(self): 508 | ip = self.url_input.text() 509 | api_server_url = f'https://{ip}:6443/api/' 510 | 511 | try: 512 | response = requests.get(api_server_url, verify=False, timeout=5) 513 | if 'Unauthorized' in response.text: 514 | kubernetes_api_server_result = '存在kubernetes_api_server未授权访问漏洞\n' 515 | else: 516 | kubernetes_api_server_result = '不存在kubernetes_api_server未授权访问漏洞\n' 517 | except: 518 | kubernetes_api_server_result = '不存在kubernetes_api_server未授权访问漏洞\n' 519 | 520 | # 显示结果 521 | self.result_label.setText(kubernetes_api_server_result) 522 | 523 | # 检查 CouchDB 是否存在未授权访问漏洞 524 | def check_couchdb(self): 525 | ip = self.url_input.text() 526 | couchdb_url = f'http://{ip}:5984/_utils/' 527 | 528 | try: 529 | response = requests.get(couchdb_url, timeout=5) 530 | if 'Welcome to CouchDB' in response.text: 531 | couchdb_result = '存在couchdb未授权访问漏洞\n' 532 | else: 533 | couchdb_result = '不存在couchdb未授权访问漏洞\n' 534 | except: 535 | couchdb_result = '不存在couchdb未授权访问漏洞\n' 536 | 537 | # 显示结果 538 | self.result_label.setText(couchdb_result) 539 | 540 | # 检查 Spring Boot Actuator 是否存在未授权访问漏洞 541 | def check_spring_boot_actuator(self): 542 | ip = self.url_input.text() 543 | actuator_url = f'http://{ip}:8080/actuator/' 544 | 545 | try: 546 | response = requests.get(actuator_url, timeout=5) 547 | if 'Hystrix' in response.text and 'health" : {' in response.text: 548 | spring_boot_actuator_result = '存在spring_boot_actuator未授权访问漏洞\n' 549 | else: 550 | spring_boot_actuator_result = '不存在spring_boot_actuator未授权访问漏洞\n' 551 | except: 552 | spring_boot_actuator_result = '不存在spring_boot_actuator未授权访问漏洞\n' 553 | 554 | # 显示结果 555 | self.result_label.setText(spring_boot_actuator_result) 556 | 557 | # 检查 uWSGI 是否存在未授权访问漏洞 558 | def check_uwsgi(self): 559 | ip = self.url_input.text() 560 | uwsgi_url = f'http://{ip}:1717/' 561 | 562 | try: 563 | response = requests.get(uwsgi_url, timeout=5) 564 | if 'uWSGI Status' in response.text: 565 | uwsgi_result = '存在uwsgi未授权访问漏洞\n' 566 | else: 567 | uwsgi_result = '不存在uwsgi未授权访问漏洞\n' 568 | except: 569 | uwsgi_result = '不存在uwsgi未授权访问漏洞\n' 570 | 571 | # 显示结果 572 | self.result_label.setText(uwsgi_result) 573 | 574 | # 检查 ThinkAdmin V6 是否存在未授权访问漏洞 575 | def check_thinkadmin_v6(self): 576 | ip = self.url_input.text() 577 | thinkadmin_url = f'http://{ip}/index/login.html' 578 | 579 | try: 580 | response = requests.get(thinkadmin_url, timeout=5) 581 | if 'ThinkAdmin' in response.text and 'logincheck' in response.text: 582 | thinkadmin_v6_result = '存在thinkadmin_v6未授权访问漏洞\n' 583 | else: 584 | thinkadmin_v6_result = '不存在thinkadmin_v6未授权访问漏洞\n' 585 | except: 586 | thinkadmin_v6_result = '不存在thinkadmin_v6未授权访问漏洞\n' 587 | 588 | # 显示结果 589 | self.result_label.setText(thinkadmin_v6_result) 590 | 591 | # 检查 PHP-FPM Fastcgi 是否存在未授权访问漏洞 592 | def check_php_fpm_fastcgi(self): 593 | ip = self.url_input.text() 594 | php_fpm_url = f'http://{ip}/php-fpm_status' 595 | 596 | try: 597 | response = requests.get(php_fpm_url, timeout=5) 598 | if 'pool:' in response.text and 'processes' in response.text: 599 | php_fpm_result = '存在php_fpm_fastcgi未授权访问漏洞\n' 600 | else: 601 | php_fpm_result = '不存在php_fpm_fastcgi未授权访问漏洞\n' 602 | except: 603 | php_fpm_result = '不存在php_fpm_fastcgi未授权访问漏洞\n' 604 | 605 | # 显示结果 606 | self.result_label.setText(php_fpm_result) 607 | 608 | # 检查 MongoDB 是否存在未授权访问漏洞 609 | def check_mongodb(self): 610 | ip = self.url_input.text() 611 | mongodb_url = f'mongodb://{ip}:27017/' 612 | 613 | try: 614 | client = pymongo.MongoClient(mongodb_url, serverSelectionTimeoutMS=5000) 615 | dbs = client.list_database_names() 616 | if len(dbs) > 0: 617 | mongodb_result = '存在mongodb未授权访问漏洞\n' 618 | else: 619 | mongodb_result = '不存在mongodb未授权访问漏洞\n' 620 | except: 621 | mongodb_result = '不存在mongodb未授权访问漏洞\n' 622 | 623 | # 显示结果 624 | self.result_label.setText(mongodb_result) 625 | 626 | # 检查 Jupyter Notebook 是否存在未授权访问漏洞 627 | def check_jupyter_notebook(self): 628 | ip = self.url_input.text() 629 | notebook_url = f'http://{ip}:8888/' 630 | 631 | try: 632 | response = requests.get(notebook_url, timeout=5) 633 | if 'Jupyter Notebook' in response.text: 634 | jupyter_notebook_result = '存在jupyter_notebook未授权访问漏洞\n' 635 | else: 636 | jupyter_notebook_result = '不存在jupyter_notebook未授权访问漏洞\n' 637 | except: 638 | jupyter_notebook_result = '不存在jupyter_notebook未授权访问漏洞\n' 639 | 640 | # 显示结果 641 | self.result_label.setText(jupyter_notebook_result) 642 | 643 | # 检查 Apache Spark 是否存在未授权访问漏洞 644 | def check_apache_spark(self): 645 | ip = self.url_input.text() 646 | spark_url = f'http://{ip}:8080/' 647 | 648 | try: 649 | response = requests.get(spark_url, timeout=5) 650 | if 'Spark Master at' in response.text and 'Workers' in response.text: 651 | apache_spark_result = '存在apache_spark未授权访问漏洞\n' 652 | else: 653 | apache_spark_result = '不存在apache_spark未授权访问漏洞\n' 654 | except: 655 | apache_spark_result = '不存在apache_spark未授权访问漏洞\n' 656 | 657 | # 显示结果 658 | self.result_label.setText(apache_spark_result) 659 | 660 | # 检查 WebLogic 是否存在未授权访问漏洞 661 | def check_weblogic(self): 662 | ip = self.url_input.text() 663 | weblogic_url = f'http://{ip}:7001/console/login/LoginForm.jsp' 664 | 665 | try: 666 | response = requests.get(weblogic_url, timeout=5) 667 | if 'Oracle WebLogic Server' in response.text: 668 | weblogic_result = '存在weblogic未授权访问漏洞\n' 669 | else: 670 | weblogic_result = '不存在weblogic未授权访问漏洞\n' 671 | except: 672 | weblogic_result = '不存在weblogic未授权访问漏洞\n' 673 | 674 | # 显示结果 675 | self.result_label.setText(weblogic_result) 676 | 677 | # 检查 Docker Registry 是否存在未授权访问漏洞 678 | def check_docker_registry(self): 679 | ip = self.url_input.text() 680 | registry_url = f'http://{ip}/v2/_catalog' 681 | 682 | try: 683 | response = requests.get(registry_url, timeout=5) 684 | if 'repositories' in response.json(): 685 | docker_registry_result = '存在docker_registry未授权访问漏洞\n' 686 | else: 687 | docker_registry_result = '不存在docker_registry未授权访问漏洞\n' 688 | except: 689 | docker_registry_result = '不存在docker_registry未授权访问漏洞\n' 690 | 691 | # 显示结果 692 | self.result_label.setText(docker_registry_result) 693 | 694 | # 检查 Hadoop YARN 是否存在未授权访问漏洞 695 | def check_hadoop_yarn(self): 696 | ip = self.url_input.text() 697 | yarn_url = f'http://{ip}:8088/ws/v1/cluster/info' 698 | 699 | try: 700 | response = requests.get(yarn_url, timeout=5) 701 | if 'resourceManagerVersion' in response.json()['clusterInfo']: 702 | hadoop_yarn_result = '存在hadoop_yarn未授权访问漏洞\n' 703 | else: 704 | hadoop_yarn_result = '不存在hadoop_yarn未授权访问漏洞\n' 705 | except: 706 | hadoop_yarn_result = '不存在hadoop_yarn未授权访问漏洞\n' 707 | 708 | # 显示结果 709 | self.result_label.setText(hadoop_yarn_result) 710 | 711 | # 检查 Kong 是否存在未授权访问漏洞 712 | def check_kong(self): 713 | ip = self.url_input.text() 714 | kong_url = f'http://{ip}:8001/' 715 | 716 | try: 717 | response = requests.get(kong_url, timeout=5) 718 | if 'Welcome to Kong' in response.text: 719 | kong_result = '存在kong未授权访问漏洞\n' 720 | else: 721 | kong_result = '不存在kong未授权访问漏洞\n' 722 | except: 723 | kong_result = '不存在kong未授权访问漏洞\n' 724 | 725 | # 显示结果 726 | self.result_label.setText(kong_result) 727 | 728 | # 检查 WordPress 是否存在未授权访问漏洞 729 | def check_wordpress(self): 730 | ip = self.url_input.text() 731 | wordpress_url = f'http://{ip}/wp-login.php' 732 | 733 | try: 734 | response = requests.get(wordpress_url, timeout=5) 735 | if 'WordPress' in response.text: 736 | wordpress_result = '存在wordpress未授权访问漏洞\n' 737 | else: 738 | wordpress_result = '不存在wordpress未授权访问漏洞\n' 739 | except: 740 | wordpress_result = '不存在wordpress未授权访问漏洞\n' 741 | 742 | # 显示结果 743 | self.result_label.setText(wordpress_result) 744 | 745 | # 检查 Zabbix 是否存在未授权访问漏洞 746 | def check_zabbix(self): 747 | ip = self.url_input.text() 748 | zabbix_url = f'http://{ip}/zabbix/jsrpc.php' 749 | 750 | try: 751 | headers = { 752 | 'Content-Type': 'application/json-rpc', 753 | 'User-Agent': 'Mozilla/5.0' 754 | } 755 | data = '{"jsonrpc":"2.0","method":"user.login","params":{"user":"","password":""},"id":0}' 756 | response = requests.post(zabbix_url, headers=headers, data=data, timeout=5) 757 | if 'result' in response.json(): 758 | zabbix_result = '存在zabbix未授权访问漏洞\n' 759 | else: 760 | zabbix_result = '不存在zabbix未授权访问漏洞\n' 761 | except: 762 | zabbix_result = '不存在zabbix未授权访问漏洞\n' 763 | 764 | # 显示结果 765 | self.result_label.setText(zabbix_result) 766 | 767 | # 检查 Active MQ 是否存在未授权访问漏洞 768 | def check_activemq(self): 769 | ip = self.url_input.text() 770 | activemq_url = f'http://{ip}:8161/admin/' 771 | 772 | try: 773 | response = requests.get(activemq_url, timeout=5) 774 | if 'Apache ActiveMQ' in response.text: 775 | activemq_result = '存在activemq未授权访问漏洞\n' 776 | else: 777 | activemq_result = '不存在activemq未授权访问漏洞\n' 778 | except: 779 | activemq_result = '不存在activemq未授权访问漏洞\n' 780 | 781 | # 显示结果 782 | self.result_label.setText(activemq_result) 783 | 784 | # 检查 Harbor 是否存在未授权访问漏洞 785 | def check_harbor(self): 786 | ip = self.url_input.text() 787 | harbor_url = f'http://{ip}/api/v2.0/statistics' 788 | 789 | try: 790 | response = requests.get(harbor_url, timeout=5) 791 | if 'total_projects' in response.json(): 792 | harbor_result = '存在harbor未授权访问漏洞\n' 793 | else: 794 | harbor_result = '不存在harbor未授权访问漏洞\n' 795 | except: 796 | harbor_result = '不存在harbor未授权访问漏洞\n' 797 | 798 | # 显示结果 799 | self.result_label.setText(harbor_result) 800 | 801 | # 检查 Atlassian Crowd 是否存在未授权访问漏洞 802 | def check_atlassian_crowd(self): 803 | ip = self.url_input.text() 804 | crowd_url = f'http://{ip}:8095/crowd/' 805 | 806 | try: 807 | response = requests.get(crowd_url, timeout=5) 808 | if 'Atlassian Crowd' in response.text: 809 | atlassian_crowd_result = '存在atlassian_crowd未授权访问漏洞\n' 810 | else: 811 | atlassian_crowd_result = '不存在atlassian_crowd未授权访问漏洞\n' 812 | except: 813 | atlassian_crowd_result = '不存在atlassian_crowd未授权访问漏洞\n' 814 | 815 | # 显示结果 816 | self.result_label.setText(atlassian_crowd_result) 817 | if __name__ == '__main__': 818 | app = QApplication(sys.argv) 819 | security_checker = SecurityChecker() 820 | sys.exit(app.exec_()) 821 | -------------------------------------------------------------------------------- /unauthorizedV2.py: -------------------------------------------------------------------------------- 1 | import ftplib 2 | import json 3 | import socket 4 | import sys 5 | import memcache 6 | import pymongo 7 | import ldap3 8 | import redis 9 | import requests 10 | from PyQt5 import QtWidgets 11 | from PyQt5.QtWidgets import QApplication, QWidget, QPushButton, QFileDialog 12 | 13 | 14 | class SecurityChecker(QWidget): 15 | def __init__(self): 16 | super().__init__() 17 | self.initUI() 18 | 19 | def initUI(self): 20 | self.setWindowTitle( 21 | '常见端口未授权漏洞检测系统_V2 designed by xkllz date:2023-05-04') 22 | self.text = QtWidgets.QTextEdit(self) 23 | self.text.setPlaceholderText("请导入IP地址文件") 24 | self.text.move(20, 50) 25 | self.btn_import = QtWidgets.QPushButton("导入", self) 26 | self.btn_import.clicked.connect(self.import_file) 27 | self.btn_import.move(300, 50) 28 | # 创建保存结果按钮 29 | self.save_button = QPushButton('保存结果', self) 30 | self.save_button.move(300, 150) 31 | self.save_button.clicked.connect(self.save_results) 32 | # 创建按钮 33 | self.ftp_button = QPushButton('ftp', self) 34 | self.ftp_button.move(500, 50) 35 | self.ftp_button.clicked.connect(lambda: self.test_all_ips(self.check_ftp)) 36 | 37 | self.vnc_button = QPushButton('vnc', self) 38 | self.vnc_button.move(500, 100) 39 | self.vnc_button.clicked.connect(lambda: self.test_all_ips(self.check_vnc)) 40 | 41 | self.solr_button = QPushButton('solr', self) 42 | self.solr_button.move(500, 150) 43 | self.solr_button.clicked.connect(lambda: self.test_all_ips(self.check_solr)) 44 | 45 | self.weblogic_button = QPushButton('weblogic', self) 46 | self.weblogic_button.move(500, 200) 47 | self.weblogic_button.clicked.connect(lambda: self.test_all_ips(self.check_weblogic)) 48 | 49 | self.jboss_button = QPushButton('JBoss', self) 50 | self.jboss_button.move(500, 250) 51 | self.jboss_button.clicked.connect(lambda: self.test_all_ips(self.check_jboss)) 52 | 53 | self.es_button = QPushButton('elasticsearch', self) 54 | self.es_button.move(500, 300) 55 | self.es_button.clicked.connect(lambda: self.test_all_ips(self.check_elasticsearch)) 56 | 57 | self.kubernetes_button = QPushButton('kubernetes', self) 58 | self.kubernetes_button.move(500, 350) 59 | self.kubernetes_button.clicked.connect(lambda: self.test_all_ips(self.check_kubernetes_api_server)) 60 | 61 | self.dockerreg_button = QPushButton('docker registry', self) 62 | self.dockerreg_button.move(500, 400) 63 | self.dockerreg_button.clicked.connect(lambda: self.test_all_ips(self.check_docker_registry)) 64 | 65 | self.ldap_button = QPushButton('LDAP', self) 66 | self.ldap_button.move(500, 450) 67 | self.ldap_button.clicked.connect(lambda: self.test_all_ips(self.check_ldap)) 68 | 69 | self.jenkins_button = QPushButton('jenkins', self) 70 | self.jenkins_button.move(500, 500) 71 | self.jenkins_button.clicked.connect(lambda: self.test_all_ips(self.check_jenkins)) 72 | 73 | 74 | self.redis_button = QPushButton('Redis', self) 75 | self.redis_button.move(600, 50) 76 | self.redis_button.clicked.connect(lambda: self.test_all_ips(self.check_redis)) 77 | 78 | self.kibana_button = QPushButton('kibana', self) 79 | self.kibana_button.move(600, 100) 80 | self.kibana_button.clicked.connect(lambda: self.test_all_ips(self.check_kibana)) 81 | 82 | self.spat_button = QPushButton('spring actuator', self) 83 | self.spat_button.move(600, 150) 84 | self.spat_button.clicked.connect(lambda: self.test_all_ips(self.check_spring_boot_actuator)) 85 | 86 | self.wordpress_button = QPushButton('wordpress', self) 87 | self.wordpress_button.move(600, 200) 88 | self.wordpress_button.clicked.connect(lambda: self.test_all_ips(self.check_wordpress)) 89 | 90 | self.nfs_button = QPushButton('Nfs', self) 91 | self.nfs_button.move(600, 250) 92 | self.nfs_button.clicked.connect(lambda: self.test_all_ips(self.check_nfs)) 93 | 94 | self.ipc_button = QPushButton('ipc', self) 95 | self.ipc_button.move(600, 300) 96 | self.ipc_button.clicked.connect(lambda: self.test_all_ips(self.check_ipc)) 97 | 98 | self.uwsgi_button = QPushButton('uwsgi', self) 99 | self.uwsgi_button.move(600, 350) 100 | self.uwsgi_button.clicked.connect(lambda: self.test_all_ips(self.check_uwsgi)) 101 | 102 | self.harbor_button = QPushButton('harbor', self) 103 | self.harbor_button.move(600, 400) 104 | self.harbor_button.clicked.connect(lambda: self.test_all_ips(self.check_harbor)) 105 | 106 | self.zookeeper_button = QPushButton('zookeeper', self) 107 | self.zookeeper_button.move(600, 450) 108 | self.zookeeper_button.clicked.connect(lambda: self.test_all_ips(self.check_zookeeper)) 109 | 110 | self.druid_button = QPushButton('druid', self) 111 | self.druid_button.move(600, 500) 112 | self.druid_button.clicked.connect(lambda: self.test_all_ips(self.check_druid)) 113 | 114 | self.swaggerui_button = QPushButton('swaggerui', self) 115 | self.swaggerui_button.move(700, 50) 116 | self.swaggerui_button.clicked.connect(lambda: self.test_all_ips(self.check_swaggerui)) 117 | 118 | self.rabbitmq_button = QPushButton('rabbitmq', self) 119 | self.rabbitmq_button.move(700, 100) 120 | self.rabbitmq_button.clicked.connect(lambda: self.test_all_ips(self.check_rabbitmq)) 121 | 122 | self.phpfpm_button = QPushButton('php_fpm_fastcgi', self) 123 | self.phpfpm_button.move(700, 150) 124 | self.phpfpm_button.clicked.connect(lambda: self.test_all_ips(self.check_php_fpm_fastcgi)) 125 | 126 | self.atlc_button = QPushButton('atlassianc', self) 127 | self.atlc_button.move(700, 200) 128 | self.atlc_button.clicked.connect(lambda: self.test_all_ips(self.check_atlassian_crowd)) 129 | 130 | self.docker_button = QPushButton('docker', self) 131 | self.docker_button.move(700, 250) 132 | self.docker_button.clicked.connect(lambda: self.test_all_ips(self.check_docker)) 133 | 134 | self.dubbo_button = QPushButton('dubbo', self) 135 | self.dubbo_button.move(700, 300) 136 | self.dubbo_button.clicked.connect(lambda: self.test_all_ips(self.check_dubbo)) 137 | 138 | self.mongodb_button = QPushButton('mongodb', self) 139 | self.mongodb_button.move(700, 350) 140 | self.mongodb_button.clicked.connect(lambda: self.test_all_ips(self.check_mongodb)) 141 | 142 | self.zabbix_button = QPushButton('zabbix', self) 143 | self.zabbix_button.move(700, 400) 144 | self.zabbix_button.clicked.connect(lambda: self.test_all_ips(self.check_zabbix)) 145 | 146 | self.memcached_button = QPushButton('memcached', self) 147 | self.memcached_button.move(700, 450) 148 | self.memcached_button.clicked.connect(lambda: self.test_all_ips(self.check_memcached)) 149 | 150 | self.btphp_button = QPushButton('bt_phpmyadmin', self) 151 | self.btphp_button.move(700, 500) 152 | self.btphp_button.clicked.connect(lambda: self.test_all_ips(self.check_bt_phpmyadmin)) 153 | 154 | self.rsync_button = QPushButton('rsync', self) 155 | self.rsync_button.move(800, 50) 156 | self.rsync_button.clicked.connect(lambda: self.test_all_ips(self.check_rsync)) 157 | 158 | self.apsk_button = QPushButton('apache_spark', self) 159 | self.apsk_button.move(800, 100) 160 | self.apsk_button.clicked.connect(lambda: self.test_all_ips(self.check_apache_spark)) 161 | 162 | self.kong_button = QPushButton('kong', self) 163 | self.kong_button.move(800, 150) 164 | self.kong_button.clicked.connect(lambda: self.test_all_ips(self.check_kong)) 165 | 166 | self.couchdb_button = QPushButton('couchdb', self) 167 | self.couchdb_button.move(800, 200) 168 | self.couchdb_button.clicked.connect(lambda: self.test_all_ips(self.check_couchdb)) 169 | 170 | self.hadoopyarn_button = QPushButton('hadoopYARN', self) 171 | self.hadoopyarn_button.move(800, 250) 172 | self.hadoopyarn_button.clicked.connect(lambda: self.test_all_ips(self.check_hadoop_yarn)) 173 | 174 | self.jupyter_button = QPushButton('jupyter', self) 175 | self.jupyter_button.move(800, 300) 176 | self.jupyter_button.clicked.connect(lambda: self.test_all_ips(self.check_jupyter_notebook)) 177 | 178 | self.tkad6_button = QPushButton('thinkadmin_v6', self) 179 | self.tkad6_button.move(800, 350) 180 | self.tkad6_button.clicked.connect(lambda: self.test_all_ips(self.check_thinkadmin_v6)) 181 | 182 | self.activemq_button = QPushButton('activemq', self) 183 | self.activemq_button.move(800, 400) 184 | self.activemq_button.clicked.connect(lambda: self.test_all_ips(self.check_activemq)) 185 | 186 | self.result_label = QtWidgets.QPlainTextEdit(self) 187 | self.result_label.setReadOnly(True) 188 | self.result_label.setPlaceholderText("检测结果将显示在这里。") 189 | self.result_label.setGeometry(20, 350, 460, 200) 190 | 191 | self.setGeometry(600, 600, 1000, 600) 192 | self.show() 193 | 194 | # 导入IP地址文件并将其显示在文本框中 195 | def import_file(self): 196 | file_name, _ = QFileDialog.getOpenFileName(self, "选择文件", "", "Text Files (*.txt)") 197 | 198 | if file_name: 199 | try: 200 | with open(file_name, "r") as f: 201 | ip_list = f.read().splitlines() 202 | self.text.setPlainText("\n".join(ip_list)) 203 | except Exception as e: 204 | QtWidgets.QMessageBox.warning(self, "警告", str(e)) 205 | 206 | # 测试所有IP地址并将结果显示在结果标签中 207 | def test_all_ips(self, check_fn): 208 | ip_list = self.text.toPlainText().splitlines() 209 | if not ip_list: 210 | QtWidgets.QMessageBox.warning(self, "警告", "请导入IP地址文件或输入IP地址") 211 | return 212 | 213 | results = [] 214 | for ip in ip_list: 215 | results.append(check_fn(ip)) 216 | 217 | self.result_label.setPlainText("\n".join(results)) 218 | # 保存结果到txt文件中 219 | 220 | def save_results(self): 221 | file_name, _ = QFileDialog.getSaveFileName(self, "保存文件", "", "Text Files (*.txt)") 222 | 223 | if file_name: 224 | with open(file_name, "w") as f: 225 | f.write(self.result_label.toPlainText()) 226 | # 检查 FTP 是否存在未授权访问漏洞 227 | 228 | def check_ftp(self, ip): 229 | try: 230 | ftp = ftplib.FTP(ip) 231 | ftp.login() 232 | ftp.cwd('/') 233 | ftp.quit() 234 | result = f"{ip}[+]存在FTP未授权访问漏洞" 235 | except: 236 | # 尝试常见弱密码 237 | weak_passwords = [('admin', 'admin'), ('anonymous', 'anonymous')] 238 | for user, pwd in weak_passwords: 239 | try: 240 | ftp = ftplib.FTP(ip) 241 | ftp.login(user, pwd) 242 | ftp.cwd('/') 243 | ftp.quit() 244 | result = f"{ip}[+]存在FTP未授权访问漏洞(弱密码)" 245 | return result 246 | except: 247 | continue 248 | result = f"{ip} ftp无法连接" 249 | return result 250 | 251 | def check_jboss(self, ip): 252 | # 检查 JBoss 是否存在未授权访问漏洞 253 | endpoints = [ 254 | f'http://{ip}:8080/jmx-console/', 255 | f'http://{ip}:8080/console/', 256 | f'http://{ip}:8080/invoker/JMXInvokerServlet' 257 | ] 258 | for url in endpoints: 259 | try: 260 | jboss_response = requests.get(url, timeout=5) 261 | if 'jboss' in jboss_response.headers.get('Server', '') and 'Welcome to JBossAS' in jboss_response.text: 262 | result = f"{ip}[+]存在jboss未授权访问漏洞" 263 | return result 264 | except: 265 | continue 266 | result = f"{ip}不存在jboss未授权访问漏洞" 267 | return result 268 | 269 | # 检查 Solr 是否存在未授权访问漏洞 270 | def check_solr(self, ip): 271 | endpoints = [ 272 | f'http://{ip}:8983/solr/', 273 | f'http://{ip}:8983/solr/admin/', 274 | f'http://{ip}:8983/solr/select' 275 | ] 276 | for url in endpoints: 277 | try: 278 | response = requests.get(url, timeout=5) 279 | if 'Apache Solr' in response.text: 280 | result = f"{ip}[+]存在solr未授权访问漏洞" 281 | return result 282 | except: 283 | continue 284 | result = f"{ip}不存在solr未授权访问漏洞" 285 | return result 286 | # 检查 WebLogic 是否存在未授权访问漏洞 287 | def check_weblogic(self, ip): 288 | endpoints = [ 289 | f'http://{ip}:7001/console/login/LoginForm.jsp', 290 | f'http://{ip}:7001/wls-wsat/CoordinatorPortType', 291 | f'http://{ip}:7001/console/css/console.css' 292 | ] 293 | for url in endpoints: 294 | try: 295 | response = requests.get(url, timeout=5) 296 | if 'Oracle WebLogic Server' in response.text: 297 | result = f"{ip}[+]存在weblogic未授权访问漏洞" 298 | return result 299 | except: 300 | continue 301 | result = f"{ip}不存在weblogic未授权访问漏洞" 302 | return result 303 | def check_ldap(self, ip): 304 | 305 | try: 306 | server = ldap3.Server(f'ldap://{ip}:389') 307 | conn = ldap3.Connection(server) 308 | if conn.bind(): 309 | result = f"{ip}[+]存在ldap未授权访问漏洞" 310 | else: 311 | result = f"{ip}不存在ldap未授权访问漏洞" 312 | conn.unbind() 313 | except: 314 | result = f"{ip}ldap无法连接" 315 | return result 316 | def check_redis(self, ip): 317 | # 检查 Redis 是否存在未授权访问漏洞 318 | redis_port = 6379 319 | try: 320 | # 尝试连接 Redis 服务 321 | r = redis.Redis(host=ip, port=redis_port, socket_timeout=3) 322 | # 尝试获取 Redis 信息 323 | info = r.info() 324 | result = f"{ip}[+]存在 redis 未授权访问漏洞" 325 | except redis.exceptions.AuthenticationError: 326 | result = f"{ip}不存在 redis 未授权访问漏洞" 327 | except redis.exceptions.ConnectionError: 328 | result = f"{ip}redis 无法连接" 329 | except Exception: 330 | result = f"{ip}检测时出现未知错误" 331 | # 显示结果 332 | return result 333 | def check_nfs(self, ip): 334 | # 检查 NFS 是否存在未授权访问漏洞 335 | try: 336 | nfs_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 337 | nfs_socket.settimeout(3) 338 | nfs_socket.connect((ip, 2049)) 339 | nfs_socket.sendall( 340 | b'\x80\x00\x00\x28\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x20\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') 341 | response = nfs_socket.recv(1024) 342 | if b'\x80\x00\x00\x28\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x20\x00\x00\x02\x00\x00\x00\x01' in response: 343 | result = f"{ip}[+]存在nfs未授权访问漏洞" 344 | else: 345 | result = f"{ip}不存在nfs未授权访问漏洞" 346 | except: 347 | result = f"nfs无法连接到该 {ip}" 348 | return result 349 | def check_zookeeper(self, ip): 350 | import socket 351 | try: 352 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 353 | sock.settimeout(3) 354 | sock.connect((ip, 2181)) 355 | sock.send(b'stat') 356 | data = sock.recv(1024) 357 | if data: 358 | result = f"{ip}[+]存在zookeeper未授权访问漏洞" 359 | else: 360 | result = f"{ip}不存在zookeeper未授权访问漏洞" 361 | sock.close() 362 | except: 363 | result = f"{ip}无法连接到 Zookeeper 服务" 364 | return result 365 | def check_vnc(self, ip): 366 | try: 367 | import pyvnc # 使用pyvnc库进行VNC连接尝试,需先安装该库 368 | client = pyvnc.VNC(ip, 5900) # 假设默认端口5900,可根据实际调整 369 | client.connect() 370 | result = f"{ip}[+]存在vnc未授权访问漏洞" 371 | client.disconnect() 372 | except: 373 | result = f"{ip}vnc无法连接" 374 | return result 375 | # 检查 Elasticsearch 是否存在未授权访问漏洞 376 | def check_elasticsearch(self, ip): 377 | endpoints = [ 378 | f'http://{ip}:9200/_cat', 379 | f'http://{ip}:9200/_nodes', 380 | f'http://{ip}:9200/_cluster/health' 381 | ] 382 | for url in endpoints: 383 | try: 384 | response = requests.get(url, timeout=5) 385 | if response.status_code == 200: 386 | result = f"{ip}[+]存在elasticsearch未授权访问漏洞" 387 | return result 388 | except: 389 | continue 390 | result = f"{ip}不存在elasticsearch未授权访问漏洞" 391 | return result 392 | def check_jenkins(self, ip): 393 | jenkins_url = f'http://{ip}:8080' 394 | try: 395 | response = requests.get(jenkins_url, timeout=5) 396 | if 'jenkins' in response.headers.get('X-Jenkins', '') and 'Dashboard [Jenkins]' in response.text: 397 | # 增加判断是否能访问关键接口,如获取任务列表接口 398 | jobs_url = jenkins_url + "/api/json?tree=jobs[name]" 399 | jobs_response = requests.get(jobs_url, timeout=5) 400 | if jobs_response.status_code == 200: 401 | result = f"{ip}[+]存在jenkins未授权访问漏洞" 402 | else: 403 | result = f"{ip}不存在jenkins未授权访问漏洞" 404 | else: 405 | result = f"{ip}不存在jenkins未授权访问漏洞" 406 | except: 407 | result = f"{ip}jenkins无法连接" 408 | return result 409 | def check_kibana(self, ip): 410 | kibana_url = f'http://{ip}:5601' 411 | endpoints = [ 412 | kibana_url, 413 | kibana_url + "/app/dashboards", 414 | kibana_url + "/api/saved_objects/_find?type=dashboard" 415 | ] 416 | for url in endpoints: 417 | try: 418 | response = requests.get(url, timeout=5) 419 | if response.status_code == 200: 420 | result = f"{ip}[+]存在kibana未授权访问漏洞" 421 | return result 422 | except: 423 | continue 424 | result = f"{ip}不存在kibana未授权访问漏洞" 425 | return result 426 | # 检查 IPC 是否存在未授权访问漏洞 427 | def check_ipc(self, ip): 428 | try: 429 | import smbclient 430 | try: 431 | smbclient.register_session(ip, username='', password='') 432 | result = f"{ip}[+]存在ipc未授权访问漏洞" 433 | except smbclient.AccessDenied: 434 | result = f"{ip}不存在ipc未授权访问漏洞" 435 | except: 436 | result = f"{ip}ipc无法连接" 437 | except ImportError: 438 | result = f"{ip}缺少 smbclient 库,无法检测 IPC" 439 | return result 440 | # 检查 Druid 是否存在未授权访问漏洞 441 | def check_druid(self, ip): 442 | endpoints = [ 443 | f'http://{ip}:8888/druid/index.html', 444 | f'http://{ip}:8888/druid/console.html', 445 | f'http://{ip}:8888/druid/sql.html' 446 | ] 447 | for url in endpoints: 448 | try: 449 | response = requests.get(url, timeout=5) 450 | if 'Druid' in response.text: 451 | result = f"{ip}[+]存在druid未授权访问漏洞" 452 | return result 453 | except: 454 | continue 455 | result = f"{ip}不存在druid未授权访问漏洞" 456 | return result 457 | def check_swaggerui(self, ip): 458 | endpoints = [ 459 | ip + '/swagger-ui.html', 460 | ip + '/v2/api-docs', 461 | ip + '/swagger-resources' 462 | ] 463 | for url in endpoints: 464 | try: 465 | swaggerui_response = requests.get(url, timeout=5) 466 | if 'Swagger' in swaggerui_response.text: 467 | result = f"{ip}[+]存在swaggerui未授权访问漏洞" 468 | return result 469 | except: 470 | continue 471 | result = f"{ip}不存在swaggerui未授权访问漏洞" 472 | return result 473 | def check_docker(self, ip): 474 | docker_url = 'http://' + ip + ':2375/version' 475 | try: 476 | response = requests.get(docker_url, timeout=5) 477 | if response.status_code == 200: 478 | try: 479 | data = response.json() 480 | if 'ApiVersion' in data: 481 | result = f"{ip}[+]存在docker未授权访问漏洞" 482 | else: 483 | result = f"{ip}不存在docker未授权访问漏洞" 484 | except json.JSONDecodeError: 485 | result = f"{ip}不存在docker未授权访问漏洞" 486 | else: 487 | result = f"{ip}不存在docker未授权访问漏洞" 488 | except: 489 | result = f"{ip}无法连接到 Docker 守护进程" 490 | return result 491 | # 检查 RabbitMQ 是否存在未授权访问漏洞 492 | def check_rabbitmq(self, ip): 493 | endpoints = [ 494 | f'http://{ip}:15672/', 495 | f'http://{ip}:15672/api/nodes', 496 | f'http://{ip}:15672/api/queues' 497 | ] 498 | for url in endpoints: 499 | try: 500 | response = requests.get(url, timeout=5) 501 | if 'RabbitMQ Management' in response.text and 'overview-module' in response.text: 502 | result = f"{ip}[+]存在rabbitmq未授权访问漏洞" 503 | return result 504 | except: 505 | continue 506 | result = f"{ip}不存在rabbitmq未授权访问漏洞" 507 | return result 508 | def check_memcached(self, ip): 509 | try: 510 | memcached_client = memcache.Client([ip], timeout=5) 511 | # 尝试获取多个不同类型的统计信息来增加判断准确性 512 | stats = memcached_client.get_stats() 513 | settings = memcached_client.get_settings() 514 | if len(stats) > 0 or len(settings) > 0: 515 | result = f"{ip}[+]存在memcached未授权访问漏洞" 516 | else: 517 | result = f"{ip}不存在memcached未授权访问漏洞" 518 | except: 519 | result = f"{ip}memcached无法连接" 520 | return result 521 | # 检查 Dubbo 是否存在未授权访问漏洞 522 | def check_dubbo(self, ip): 523 | url = f'http://{ip}:8080/' 524 | try: 525 | response = requests.get(url, timeout=5) 526 | if 'dubbo' in response.headers and 'Welcome to the Dubbo' in response.text: 527 | result = f"{ip}[+]存在dubbo未授权访问漏洞" 528 | else: 529 | result = f"{ip}不存在dubbo未授权访问漏洞" 530 | except: 531 | result = f"{ip}dubbo无法连接" 532 | return result 533 | # 检查宝塔phpmyadmin是否存在未授权访问漏洞 534 | def check_bt_phpmyadmin(self, ip): 535 | endpoints = [ 536 | f'http://{ip}/phpmyadmin/', 537 | f'http://{ip}/phpmyadmin/index.php', 538 | f'http://{ip}/phpmyadmin/config.inc.php' 539 | ] 540 | for url in endpoints: 541 | try: 542 | response = requests.get(url, timeout=5) 543 | if 'phpMyAdmin' in response.text: 544 | result = f"{ip}[+]存在bt_phpmyadmin未授权访问漏洞" 545 | return result 546 | except: 547 | continue 548 | result = f"{ip}不存在bt_phpmyadmin未授权访问漏洞" 549 | return result 550 | def check_rsync(self, ip): 551 | try: 552 | import subprocess 553 | # 尝试使用rsync命令连接并获取信息 554 | command = f"rsync --list-only rsync://{ip}/" 555 | process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 556 | output, error = process.communicate() 557 | if process.returncode == 0: 558 | result = f"{ip}[+]存在rsync未授权访问漏洞" 559 | else: 560 | result = f"{ip}不存在rsync未授权访问漏洞" 561 | except: 562 | result = f"{ip}rsync无法连接" 563 | return result 564 | # 检查 Kubernetes Api Server 是否存在未授权访问漏洞 565 | def check_kubernetes_api_server(self, ip): 566 | api_server_url = f'https://{ip}:6443/api/' 567 | try: 568 | response = requests.get(api_server_url, timeout=5, verify=False) 569 | if response.status_code == 401: # 更准确的判断未授权状态码 570 | result = f"{ip}[+]存在kubernetes_api_server未授权访问漏洞" 571 | elif response.status_code == 200: 572 | # 200可能表示已授权访问,也可能表示开放了未授权可访问的接口,进一步判断 573 | try: 574 | data = response.json() 575 | if "kind" in data: 576 | result = f"{ip}[+]存在kubernetes_api_server未授权访问漏洞" 577 | else: 578 | result = f"{ip}不存在kubernetes_api_server未授权访问漏洞" 579 | except json.JSONDecodeError: 580 | result = f"{ip}不存在kubernetes_api_server未授权访问漏洞" 581 | else: 582 | result = f"{ip}不存在kubernetes_api_server未授权访问漏洞" 583 | except: 584 | result = f"{ip}kubernetes无法连接" 585 | return result 586 | # 检查 CouchDB 是否存在未授权访问漏洞 587 | def check_couchdb(self, ip): 588 | endpoints = [ 589 | f'http://{ip}:5984/_utils/', 590 | f'http://{ip}:5984/_all_dbs', 591 | f'http://{ip}:5984/_stats' 592 | ] 593 | for url in endpoints: 594 | try: 595 | response = requests.get(url, timeout=5) 596 | if 'Welcome to CouchDB' in response.text: 597 | result = f"{ip}[+]存在couchdb未授权访问漏洞" 598 | return result 599 | except: 600 | continue 601 | result = f"{ip}不存在couchdb未授权访问漏洞" 602 | return result 603 | # 检查 Spring Boot Actuator 是否存在未授权访问漏洞 604 | def check_spring_boot_actuator(self, ip): 605 | endpoints = [ 606 | f'http://{ip}:8080/actuator/', 607 | f'http://{ip}:8080/actuator/health', 608 | f'http://{ip}:8080/actuator/info', 609 | f'http://{ip}:8080/actuator/env' 610 | ] 611 | for url in endpoints: 612 | try: 613 | response = requests.get(url, timeout=5) 614 | if response.status_code == 200: 615 | result = f"{ip}[+]存在spring_boot_actuator未授权访问漏洞" 616 | return result 617 | except: 618 | continue 619 | result = f"{ip}不存在spring_boot_actuator未授权访问漏洞" 620 | return result 621 | # 检查 uWSGI 是否存在未授权访问漏洞 622 | def check_uwsgi(self, ip): 623 | endpoints = [ 624 | f'http://{ip}:1717/', 625 | f'http://{ip}:1717/admin', 626 | f'http://{ip}:1717/stats' 627 | ] 628 | for url in endpoints: 629 | try: 630 | response = requests.get(url, timeout=5) 631 | if 'uWSGI' in response.text: 632 | result = f"{ip}[+]存在uwsgi未授权访问漏洞" 633 | return result 634 | except: 635 | continue 636 | result = f"{ip}不存在uwsgi未授权访问漏洞" 637 | return result 638 | # 检查 ThinkAdmin V6 是否存在未授权访问漏洞 639 | def check_thinkadmin_v6(self, ip): 640 | endpoints = [ 641 | f'http://{ip}/index/login.html', 642 | f'http://{ip}/admin', 643 | f'http://{ip}/api' 644 | ] 645 | for url in endpoints: 646 | try: 647 | response = requests.get(url, timeout=5) 648 | if 'ThinkAdmin' in response.text: 649 | result = f"{ip}[+]存在thinkadmin_v6未授权访问漏洞" 650 | return result 651 | except: 652 | continue 653 | result = f"{ip}不存在thinkadmin_v6未授权访问漏洞" 654 | return result 655 | # 检查 PHP-FPM Fastcgi 是否存在未授权访问漏洞 656 | def check_php_fpm_fastcgi(self, ip): 657 | endpoints = [ 658 | f'http://{ip}/php-fpm_status', 659 | f'http://{ip}/status.php', 660 | f'http://{ip}/ping.php' 661 | ] 662 | for url in endpoints: 663 | try: 664 | response = requests.get(url, timeout=5) 665 | if 'PHP' in response.text and ('pool' in response.text or 'processes' in response.text): 666 | result = f"{ip}[+]存在php_fpm_fastcgi未授权访问漏洞" 667 | return result 668 | except: 669 | continue 670 | result = f"{ip}不存在php_fpm_fastcgi未授权访问漏洞" 671 | return result 672 | # 检查 MongoDB 是否存在未授权访问漏洞 673 | def check_mongodb(self, ip): 674 | mongodb_url = f'mongodb://{ip}:27017/' 675 | try: 676 | client = pymongo.MongoClient(mongodb_url, serverSelectionTimeoutMS=5000) 677 | dbs = client.list_database_names() 678 | if len(dbs) > 0: 679 | result = f"{ip}[+]存在mongodb未授权访问漏洞" 680 | else: 681 | result = f"{ip}不存在mongodb未授权访问漏洞" 682 | except: 683 | result = f"{ip}mongodb无法连接" 684 | return result 685 | # 检查 Jupyter Notebook 是否存在未授权访问漏洞 686 | def check_jupyter_notebook(self, ip): 687 | endpoints = [ 688 | f'http://{ip}:8888/', 689 | f'http://{ip}:8888/api', 690 | f'http://{ip}:8888/user' 691 | ] 692 | for url in endpoints: 693 | try: 694 | response = requests.get(url, timeout=5) 695 | if 'Jupyter' in response.text: 696 | result = f"{ip}[+]存在jupyter_notebook未授权访问漏洞" 697 | return result 698 | except: 699 | continue 700 | result = f"{ip}不存在jupyter_notebook未授权访问漏洞" 701 | return result 702 | 703 | def check_apache_spark(self, ip): 704 | spark_url = f'http://{ip}:8080/' 705 | try: 706 | response = requests.get(spark_url, timeout=5) 707 | response.raise_for_status() 708 | if 'Spark Master at' in response.text and 'Workers' in response.text: 709 | result = f"{ip}[+]存在apache_spark未授权访问漏洞" 710 | else: 711 | result = f"{ip}不存在apache_spark未授权访问漏洞" 712 | except requests.RequestException: 713 | result = f"{ip}spark无法连接" 714 | except ValueError: 715 | result = f"{ip}spark响应内容解析错误" 716 | return result 717 | 718 | def check_docker_registry(self, ip): 719 | registry_url = f'http://{ip}/v2/_catalog' 720 | try: 721 | response = requests.get(registry_url, timeout=5) 722 | response.raise_for_status() 723 | json_data = response.json() 724 | if 'repositories' in json_data: 725 | result = f"{ip}[+]存在docker_registry未授权访问漏洞" 726 | else: 727 | result = f"{ip}不存在docker_registry未授权访问漏洞" 728 | except requests.RequestException: 729 | result = f"{ip}registry无法连接" 730 | except ValueError: 731 | result = f"{ip}registry响应内容不是有效的JSON格式" 732 | return result 733 | 734 | def check_hadoop_yarn(self, ip): 735 | yarn_url = f'http://{ip}:8088/ws/v1/cluster/info' 736 | try: 737 | response = requests.get(yarn_url, timeout=5) 738 | response.raise_for_status() 739 | json_data = response.json() 740 | if 'resourceManagerVersion' in json_data.get('clusterInfo', {}): 741 | result = f"{ip}[+]存在hadoop_yarn未授权访问漏洞" 742 | else: 743 | result = f"{ip}不存在hadoop_yarn未授权访问漏洞" 744 | except requests.RequestException: 745 | result = f"{ip}yarn无法连接" 746 | except ValueError: 747 | result = f"{ip}yarn响应内容不是有效的JSON格式" 748 | return result 749 | 750 | def check_kong(self, ip): 751 | kong_url = f'http://{ip}:8001/' 752 | try: 753 | response = requests.get(kong_url, timeout=5) 754 | response.raise_for_status() 755 | if 'Welcome to Kong' in response.text: 756 | result = f"{ip}[+]存在kong未授权访问漏洞" 757 | else: 758 | result = f"{ip}不存在kong未授权访问漏洞" 759 | except requests.RequestException: 760 | result = f"{ip}kong无法连接" 761 | except ValueError: 762 | result = f"{ip}kong响应内容解析错误" 763 | return result 764 | 765 | def check_wordpress(self, ip): 766 | wordpress_url = f'http://{ip}/wp-login.php' 767 | try: 768 | response = requests.get(wordpress_url, timeout=5) 769 | response.raise_for_status() 770 | if 'WordPress' in response.text: 771 | result = f"{ip}[+]存在wordpress未授权访问漏洞" 772 | else: 773 | result = f"{ip}不存在wordpress未授权访问漏洞" 774 | except requests.RequestException: 775 | result = f"{ip}wordpress无法连接" 776 | except ValueError: 777 | result = f"{ip}wordpress响应内容解析错误" 778 | return result 779 | 780 | def check_zabbix(self, ip): 781 | zabbix_url = f'http://{ip}/zabbix/jsrpc.php' 782 | headers = { 783 | 'Content-Type': 'application/json-rpc', 784 | 'User-Agent': 'Mozilla/5.0' 785 | } 786 | data = '{"jsonrpc":"2.0","method":"user.login","params":{"user":"","password":""},"id":0}' 787 | try: 788 | response = requests.post(zabbix_url, headers=headers, data=data, timeout=5) 789 | response.raise_for_status() 790 | json_data = response.json() 791 | if 'result' in json_data: 792 | result = f"{ip}[+]存在zabbix未授权访问漏洞" 793 | else: 794 | result = f"{ip}不存在zabbix未授权访问漏洞" 795 | except requests.RequestException: 796 | result = f"{ip}zabbix无法连接" 797 | except ValueError: 798 | result = f"{ip}zabbix响应内容不是有效的JSON格式" 799 | return result 800 | 801 | def check_activemq(self, ip): 802 | activemq_url = f'http://{ip}:8161/admin/' 803 | try: 804 | response = requests.get(activemq_url, timeout=5) 805 | response.raise_for_status() 806 | if 'Apache ActiveMQ' in response.text: 807 | result = f"{ip}[+]存在activemq未授权访问漏洞" 808 | else: 809 | result = f"{ip}不存在activemq未授权访问漏洞" 810 | except requests.RequestException: 811 | result = f"{ip}activemq无法连接" 812 | except ValueError: 813 | result = f"{ip}activemq响应内容解析错误" 814 | return result 815 | 816 | def check_harbor(self, ip): 817 | harbor_url = f'http://{ip}/api/v2.0/statistics' 818 | try: 819 | response = requests.get(harbor_url, timeout=5) 820 | response.raise_for_status() 821 | json_data = response.json() 822 | if 'total_projects' in json_data: 823 | result = f"{ip}[+]存在harbor未授权访问漏洞" 824 | else: 825 | result = f"{ip}不存在harbor未授权访问漏洞" 826 | except requests.RequestException: 827 | result = f"{ip}harbor无法连接" 828 | except ValueError: 829 | result = f"{ip}harbor响应内容不是有效的JSON格式" 830 | return result 831 | 832 | def check_atlassian_crowd(self, ip): 833 | crowd_url = f'http://{ip}:8095/crowd/' 834 | try: 835 | response = requests.get(crowd_url, timeout=5) 836 | response.raise_for_status() 837 | if 'Atlassian Crowd' in response.text: 838 | result = f"{ip}[+]存在atlassian_crowd未授权访问漏洞" 839 | else: 840 | result = f"{ip}不存在atlassian_crowd未授权访问漏洞" 841 | except requests.RequestException: 842 | result = f"{ip}atlassian无法连接" 843 | except ValueError: 844 | result = f"{ip}atlassian响应内容解析错误" 845 | return result 846 | if __name__ == '__main__': 847 | app = QApplication(sys.argv) 848 | security_checker = SecurityChecker() 849 | sys.exit(app.exec_()) 850 | --------------------------------------------------------------------------------