最近的struts2漏洞检测脚本,现在各大网站应该已经修复。

#!/usr/bin/env python
# -*- coding=utf-8 -*-

'''
author: xjump.me#at#gmail.com
file: struts_s2-016_vul_checker.py
useage: 
    config the check_urls and 
    run `python struts_s2-016_vul_checker.py`
ref:
    http://struts.apache.org/release/2.3.x/docs/s2-016.html
'''

check_urls=[
    'http://localhost:8080/struts2-blank/example/HelloWorld.action',
]

import pycurl
import sys
import urlparse

headers = {
    'User-Agent' : 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)',
    'Accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    'Accept-Language' : 'en-US,en;q=0.8',
    'Accept-Charset' : 'utf-8;q=0.7,*;q=0.3',
    'Connection' : 'keep-alive',
}

payload_scan=r"redirect:http://wooyun.org"

def line_sep():
    print "*" * 79

class Handler:
    def __init__(self):
        self.data = ''
    def write_callback(self, buf):
        self.data = self.data + buf
    def get_data(self):
        return self.data

def debug_cb(debug_type, debug_msg):
    print "debug(%d): %s" % (debug_type, debug_msg)
    
def progress_cb(total, existing, upload_t, upload_d):
    pass
    '''
    try:
        frac = float(existing)/float(total)
    except:
        frac = 0
    sys.stdout.write("\r%s %3i%" % ("file", frac*100)  )
    '''
      
def do_scan(url, arg_timeout=1000, debug=0):
    h_body = Handler()
    h_head = Handler()
    c = pycurl.Curl()
    
    attack_url = url + "?" + payload_scan
    t_url=urlparse.urlparse(url)
    strScheme=t_url.scheme
    strHost = t_url.netloc
    strURL1 = t_url.path
    
    c.setopt(c.URL, attack_url)
    c.setopt(c.HTTPHEADER, ["Host: %s" % strHost] + [i[0]+": "+i[1] for i in headers.items()])
    c.setopt(c.USERAGENT, headers["User-Agent"])

    c.setopt(c.WRITEFUNCTION, h_body.write_callback)
    c.setopt(c.HEADERFUNCTION, h_head.write_callback)
    
    if debug:
        c.setopt(c.NOPROGRESS, 0)
        c.setopt(c.PROGRESSFUNCTION, progress_cb)
        c.setopt(c.DEBUGFUNCTION, debug_cb)
        c.setopt(c.VERBOSE,debug)
    
    c.setopt(c.HTTPGET, 1)
    c.setopt(c.TIMEOUT, arg_timeout)
    c.setopt(c.HTTP_VERSION, c.CURL_HTTP_VERSION_1_1)
    
    try:
        c.perform()
    except Exception as e:
        #print e
        return
        
    c.reset()
    c.close()
    
    body = h_body.get_data()
    head = h_head.get_data()
    #print "[*] GET %s, response header is" % attack_url
    #line_sep()
    #print head
    if r"Location: http://wooyun.org" in head:
        print "\n[+] Vul found for %s.\n" % url
    else:
        print "[-] %s is Secured." % url
    #line_sep()
    
    #check
    #print body

if __name__=="__main__":
    for i in check_urls:
        ret = do_scan(i, debug=0)