import requests
def check_vulnerability(url):
try:
url_with_payload = url + '/jmx-console/'
response = requests.get(url_with_payload, verify=False, timeout=3)
if 'jboss.deployer' in response.text:
return True, url_with_payload
else:
return False, None
except requests.exceptions.Timeout:
print(url_with_payload + ' 请求超时,跳过此URL。')
return False, None
except requests.exceptions.RequestException as e:
print(url_with_payload + ' 请求异常: ' + str(e))
return False, None
def save_vulnerable_url(url):
with open('target.txt', 'a') as f:
f.write(url + '\n')
def main():
with open('url.txt', 'r') as f:
urls = f.readlines()
for url in urls:
url = url.strip()
is_vulnerable, vulnerable_url = check_vulnerability(url)
if is_vulnerable:
print('漏洞存在:', vulnerable_url)
save_vulnerable_url(vulnerable_url)
else:
print('漏洞不存在:', url)
if __name__ == '__main__':
main()
https需要的话前面加一段判断http和https的即可,然后https走post请求
所有内容仅供安全检测和学习使用,未经授权攻击他人网站是犯法行为,责任自负