WebLogicScan 模块并入主模块

Lv1Y2 · May 22, 2020 · 26eb372 · 26eb372
1 parent abbcfe8
commit 26eb372
Show file tree

Hide file tree

Showing 33 changed files with 70 additions and 51 deletions.
diff --git a/BaseMessage.py b/BaseMessage.py
@@ -6,7 +6,10 @@
 import get_message
 import ImportToRedis
 import redis
-
+from WebLogicScan import WebLogicScan
+from init import app,redispool
+from exts import db
+from models import BugList
 
 '''
 获取输入网址基础信息:
@@ -67,6 +70,18 @@ def PortScan(self):
     def SenDir(self):
         return get_message.SenFileScan(self.domain, self.redispool)
 
+    def WebLogicScan(self):
+        results=WebLogicScan.run(self.domain)
+        with app.app_context():
+            for result in results:
+                vulnerable, bugurl, bugname, bugdetail = result
+                if vulnerable:
+                    bug = BugList(oldurl=self.domain, bugurl=bugurl, bugname=bugname,
+                                  buggrade=redispool.hget('bugtype', bugname),
+                                  payload=bugurl, bugdetail=bugdetail)
+                    db.session.add(bug)
+            db.session.commit()
+
 
 if __name__=='__main__':
     # redispool=redis.ConnectionPool(host='127.0.0.1',port=6379, decode_responses=True)

diff --git a/POCScan/cms/yonyou/__pycache__/yonyou_initData_disclosure.cpython-37.pyc b/POCScan/cms/yonyou/__pycache__/yonyou_initData_disclosure.cpython-37.pyc
diff --git a/POCScan/cms/zfsoft/__pycache__/zfsoft_database_control.cpython-37.pyc b/POCScan/cms/zfsoft/__pycache__/zfsoft_database_control.cpython-37.pyc
diff --git a/SZheConsole.py b/SZheConsole.py
@@ -49,6 +49,8 @@ def SZheScan(url):
         pattern = re.compile('^\d+\.\d+\.\d+\.\d+(:(\d+))?$')
         if pattern.findall(url) and ":" in url:
             infourl=url.strip(":")[0]
+        else:
+            infourl=url
         if pattern.findall(url):
             boolcheck = True
             ipinfo = IPMessage(infourl)
@@ -59,6 +61,7 @@ def SZheScan(url):
             info = BaseInfo(url=url, boolcheck=boolcheck, status=baseinfo.GetStatus(), title=baseinfo.GetTitle(),
                             date=baseinfo.GetDate(), responseheader=baseinfo.GetResponseHeader(),
                             Server=baseinfo.GetFinger(), portserver=baseinfo.PortScan(), sendir=baseinfo.SenDir())
+            info.WebLogicScan()
             db.session.add(info)
             db.session.flush()
             if boolcheck:

diff --git a/WebLogicScan/WebLogicScan.py b/WebLogicScan/WebLogicScan.py
@@ -1,16 +1,16 @@
 import sys
-import poc.Console
-import poc.CVE_2014_4210
-import poc.CVE_2016_0638
-import poc.CVE_2016_3510
-import poc.CVE_2017_3248
-import poc.CVE_2017_3506
-import poc.CVE_2017_10271
-import poc.CVE_2018_2628
-import poc.CVE_2018_2893
-import poc.CVE_2018_2894
-import poc.CVE_2019_2725
-import poc.CVE_2019_2729
+import WebLogicScan.poc.Console
+import WebLogicScan.poc.CVE_2014_4210
+import WebLogicScan.poc.CVE_2016_0638
+import WebLogicScan.poc.CVE_2016_3510
+import WebLogicScan.poc.CVE_2017_3248
+import WebLogicScan.poc.CVE_2017_3506
+import WebLogicScan.poc.CVE_2017_10271
+import WebLogicScan.poc.CVE_2018_2628
+import WebLogicScan.poc.CVE_2018_2893
+import WebLogicScan.poc.CVE_2018_2894
+import WebLogicScan.poc.CVE_2019_2725
+import WebLogicScan.poc.CVE_2019_2729
 
 '''
 白嫖魔改自rabbitmask师傅的Weblogic一键漏洞检测工具，V1.3
@@ -25,84 +25,85 @@ def PocS(rip,rport):
     result=[]
     print('[*]Console path is testing...')
     try:
-        result.append(poc.Console.run(rip, rport))
+        result.append(WebLogicScan.poc.Console.run(rip, rport))
     except:
         print ("[-]Target Weblogic console address not found.")
 
     print('[*]CVE_2014_4210 is testing...')
     try:
-        result.append(poc.CVE_2014_4210.run(rip, rport))
+        result.append(WebLogicScan.poc.CVE_2014_4210.run(rip, rport))
     except:
         print ("[-]CVE_2014_4210 not detected.")
 
     print('[*]CVE_2016_0638 is testing...')
     try:
-        result.append(poc.CVE_2016_0638.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2016_0638.run(rip, rport, 0))
     except:
         print ("[-]CVE_2016_0638 not detected.")
 
     print('[*]CVE_2016_3510 is testing...')
     try:
-        result.append(poc.CVE_2016_3510.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2016_3510.run(rip, rport, 0))
     except:
         print ("[-]CVE_2016_3510 not detected.")
 
     print('[*]CVE_2017_3248 is testing...')
     try:
-        result.append(poc.CVE_2017_3248.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2017_3248.run(rip, rport, 0))
     except:
         print ("[-]CVE_2017_3248 not detected.")
 
     print('[*]CVE_2017_3506 is testing...')
     try:
-        result.append(poc.CVE_2017_3506.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2017_3506.run(rip, rport, 0))
     except:
         print ("[-]CVE_2017_3506 not detected.")
 
     print('[*]CVE_2017_10271 is testing...')
     try:
-        result.append(poc.CVE_2017_10271.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2017_10271.run(rip, rport, 0))
     except:
         print("[-]CVE_2017_10271 not detected.")
 
     print('[*]CVE_2018_2628 is testing...')
     try:
-        result.append(poc.CVE_2018_2628.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2018_2628.run(rip, rport, 0))
     except:
         print("[-]CVE_2018_2628 not detected.")
 
     print('[*]CVE_2018_2893 is testing...')
     try:
-        result.append(poc.CVE_2018_2893.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2018_2893.run(rip, rport, 0))
     except:
         print("[-]CVE_2018_2893 not detected.")
 
     print('[*]CVE_2018_2894 is testing...')
     try:
-        result.append(poc.CVE_2018_2894.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2018_2894.run(rip, rport, 0))
     except:
         print("[-]CVE_2018_2894 not detected.")
 
     print('[*]CVE_2019_2725 is testing...')
     try:
-        result.append(poc.CVE_2019_2725.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2019_2725.run(rip, rport, 0))
     except:
         print("[-]CVE_2019_2725 not detected.")
 
     print('[*]CVE_2019_2729 is testing...')
     try:
-        result.append(poc.CVE_2019_2729.run(rip, rport, 0))
+        result.append(WebLogicScan.poc.CVE_2019_2729.run(rip, rport, 0))
     except:
         print("[-]CVE_2019_2729 not detected.")
 
     print ("[*]Happy End,the goal is {}:{}".format(rip,rport))
+    return result
 
 def run(url):
     if ":" not in url:
         return False
     ip=url.split(":")[0]
     port=url.split(":")[1]
-    PocS(ip,port)
+    return PocS(ip,port)
     # if len(sys.argv)<3:
     #     print('Usage: python3 WeblogicScan [IP] [PORT]')
     # else:

diff --git a/WebLogicScan/__pycache__/WebLogicScan.cpython-37.pyc b/WebLogicScan/__pycache__/WebLogicScan.cpython-37.pyc
diff --git a/WebLogicScan/poc/CVE_2014_4210.py b/WebLogicScan/poc/CVE_2014_4210.py
@@ -25,8 +25,8 @@ def run(url,port):
     status, text = islive(url, port)
     if status==200:
         u='http://' + str(url)+':'+str(port)+'/uddiexplorer/'
-        return True,u,"Weblogic UDDI module is exposed! verify the SSRF vulnerability",text
-    return False,None
+        return True, u, "CVE_2014_4210", u, text
+    return False,None,None,None
 
 if __name__=="__main__":
     url = sys.argv[1]

diff --git a/WebLogicScan/poc/CVE_2016_0638.py b/WebLogicScan/poc/CVE_2016_0638.py
@@ -59,8 +59,8 @@ def run(rip,rport,index=0):
     rs=sendEvilObjData(sock,PAYLOAD[index])
     p=re.findall(VER_SIG[index], rs, re.S)
     if len(p)>0:
-        return True,str(rip)+":"+str(rport),"weblogic has a JAVA deserialization vulnerability:CVE-2016-0638","weblogic has a JAVA deserialization vulnerability:CVE-2016-0638"
-    return False,None
+        return True, str(rip)+":"+str(rport), "CVE_2014_0638", "weblogic has a JAVA deserialization vulnerability:CVE-2016-0638"
+    return False,None,None,None
 
 if __name__=="__main__":
     dip = sys.argv[1]

diff --git a/WebLogicScan/poc/CVE_2016_3510.py b/WebLogicScan/poc/CVE_2016_3510.py
@@ -57,8 +57,8 @@ def run(rip,rport,index=0):
     rs=sendEvilObjData(sock,PAYLOAD[index])
     p=re.findall(VER_SIG[index], rs, re.S)
     if len(p)>0:
-        return True,str(rip)+":"+str(rport),"weblogic has a JAVA deserialization vulnerability:CVE-2016-3510","weblogic has a JAVA deserialization vulnerability:CVE-2016-3510"
-    return False,None
+        return True, str(rip)+":"+str(rport), "CVE_2016_3510", "weblogic has a JAVA deserialization vulnerability:CVE-2016-3510"
+    return False,None,None,None
 
 if __name__=="__main__":
     dip = sys.argv[1]

diff --git a/WebLogicScan/poc/CVE_2017_10271.py b/WebLogicScan/poc/CVE_2017_10271.py
@@ -54,8 +54,8 @@ def poc(url):
         response = ""
 
     if '<faultstring>java.lang.ProcessBuilder' in response or "<faultstring>0" in response:
-        return True,url,"weblogic has a JAVA deserialization vulnerability:CVE-2017-10271",response
-    return False,None
+        return True, url, "CVE_2017_10271", response
+    return False,None,None,None
 
 
 def run(rip,rport):

diff --git a/WebLogicScan/poc/CVE_2017_3248.py b/WebLogicScan/poc/CVE_2017_3248.py
@@ -58,8 +58,8 @@ def run(rip,rport,index=0):
     rs=sendEvilObjData(sock,PAYLOAD[index])
     p=re.findall(VER_SIG[index], rs, re.S)
     if len(p) > 0:
-        return True, str(rip) + ":" + str(rport), "weblogic has a JAVA deserialization vulnerability:CVE-2017-3248", "weblogic has a JAVA deserialization vulnerability:CVE-2017-3248"
-    return False, None
+        return True, str(rip)+":"+str(rport), "CVE_2017_3248", "weblogic has a JAVA deserialization vulnerability:CVE-2017-3248"
+    return False, None,None,None
 
 if __name__=="__main__":
     dip = sys.argv[1]

diff --git a/WebLogicScan/poc/CVE_2017_3506.py b/WebLogicScan/poc/CVE_2017_3506.py
@@ -56,8 +56,8 @@ def poc(url):
         response = ""
 
     if '<faultstring>java.lang.ProcessBuilder' in response or "<faultstring>0" in response:
-        return True,url,"weblogic has a JAVA deserialization vulnerability:CVE-2017-3506",response
-    return False,None
+        return True, url, "CVE_2017_3506", response
+    return False,None,None,None
 
 
 def run(rip,rport):

diff --git a/WebLogicScan/poc/CVE_2018_2628.py b/WebLogicScan/poc/CVE_2018_2628.py
@@ -63,8 +63,8 @@ def run(dip,dport,index=0):
     rs=sendEvilObjData(sock,PAYLOAD[index])
     p = re.findall(VER_SIG[index], rs, re.S)
     if len(p) > 0:
-        return True,str(dip)+":"+str(dport),"weblogic has a JAVA deserialization vulnerability:CVE-2018-2628","weblogic has a JAVA deserialization vulnerability:CVE-2018-2628"
-    return False,None
+        return True, str(dip)+":"+str(dport), "CVE_2018_2628", "weblogic has a JAVA deserialization vulnerability:CVE-2018-2628"
+    return False,None,None,None
 
 
 if __name__=="__main__":

diff --git a/WebLogicScan/poc/CVE_2018_2893.py b/WebLogicScan/poc/CVE_2018_2893.py
@@ -67,8 +67,8 @@ def run(dip,dport,index=0):
     rs=sendEvilObjData(sock,PAYLOAD[index])
     p=re.findall(VER_SIG[index], rs, re.S)
     if len(p)>0:
-        return True,str(dip)+":"+str(dport),"weblogic has a JAVA deserialization vulnerability:CVE-2018-2893","weblogic has a JAVA deserialization vulnerability:CVE-2018-2893"
-    return False,None
+        return True, str(dip)+":"+str(dport), "CVE_2018_2893", "weblogic has a JAVA deserialization vulnerability:CVE-2018-2893"
+    return False,None,None,None
 
 if __name__=="__main__":
     dip = sys.argv[1]

diff --git a/WebLogicScan/poc/CVE_2018_2894.py b/WebLogicScan/poc/CVE_2018_2894.py
@@ -26,8 +26,8 @@ def run(url,port):
     status,text=islive(url,port)
     if status!=404:
         u='http://' + str(url)+':'+str(port)+'/ws_utc/resources/setting/options/general'
-        return True,u,"weblogic has a JAVA deserialization vulnerability:CVE-2018-2894",text
-    return False,None
+        return True, u, "CVE_2018_2894", text
+    return False,None,None,None
 
 if __name__=="__main__":
     url = sys.argv[1]

diff --git a/WebLogicScan/poc/CVE_2019_2725.py b/WebLogicScan/poc/CVE_2019_2725.py
@@ -106,11 +106,11 @@ def run(dip,dport):
     dport=int(dport)
     ip = "http://{}:{}".format(dip, dport)
     if weblogic_10_3_6(ip)[0]==200:
-        return True,ip,"weblogic has a JAVA deserialization vulnerability:CVE-2019-2725",'Your current permission is:{}'.format(weblogic_10_3_6(ip)[1].replace('whoami : \r\n',''))
+        return True, ip, "CVE_2019_2725", 'Your current permission is:{}'.format(weblogic_10_3_6(ip)[1].replace('whoami : \r\n',''))
     elif weblogic_12_1_3(ip)[0]==200:
-        return True, ip, "weblogic has a JAVA deserialization vulnerability:CVE-2019-2725",'Your current permission is:{}'.format(weblogic_12_1_3(ip)[1].replace('whoami : \r\n', ''))
+        return True, ip, "CVE_2019_2725", 'Your current permission is:{}'.format(weblogic_12_1_3(ip)[1].replace('whoami : \r\n', ''))
     else:
-        return False,None
+        return False,None,None,None
 
 
 

diff --git a/WebLogicScan/poc/CVE_2019_2729.py b/WebLogicScan/poc/CVE_2019_2729.py
@@ -3552,8 +3552,8 @@ def run(ip,port):
     time.sleep(1)
     r3 = requests.get('http://' + str(ip) + ':' + str(port) + '/_async/favicon.ico')
     if ((r1.status_code == 200) and 'uid' in r1.text) or ((r2.status_code == 202) and 'Vulnerable' in r3.text):
-        return True,str(ip)+":"+str(port),"weblogic has a JAVA deserialization vulnerability:CVE-2019-2729",'[+]Your current permission is:  {}'.format(r1.text.replace('whoami : \r\n', ''))
-    return False,None
+        return True, str(ip)+":"+str(port), "CVE_2019_2729", '[+]Your current permission is:  {}'.format(r1.text.replace('whoami : \r\n', ''))
+    return False,None,None,None
 
 if __name__ == '__main__':
     dip = sys.argv[1]

diff --git a/WebLogicScan/poc/Console.py b/WebLogicScan/poc/Console.py
@@ -24,8 +24,8 @@ def run(url,port):
     status,text=islive(url,port)
     if status==200:
         u='http://' + str(url)+':'+str(port)+'/console/login/LoginForm.jsp'
-        return True,u,"Weblogic console address is exposed!try weak password blasting!",text
-    return False,None
+        return True, u, "Console_path", u, text
+    return False,None,None,None
 
 if __name__=="__main__":
     url = sys.argv[1]

diff --git a/WebLogicScan/poc/__pycache__/CVE_2014_4210.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2014_4210.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2016_0638.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2016_0638.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2016_3510.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2016_3510.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2017_10271.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2017_10271.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2017_3248.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2017_3248.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2017_3506.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2017_3506.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2018_2628.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2018_2628.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2018_2893.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2018_2893.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2018_2894.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2018_2894.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2019_2725.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2019_2725.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/CVE_2019_2729.cpython-37.pyc b/WebLogicScan/poc/__pycache__/CVE_2019_2729.cpython-37.pyc
diff --git a/WebLogicScan/poc/__pycache__/Console.cpython-37.pyc b/WebLogicScan/poc/__pycache__/Console.cpython-37.pyc
diff --git a/__pycache__/BaseMessage.cpython-37.pyc b/__pycache__/BaseMessage.cpython-37.pyc
diff --git a/__pycache__/ImportToRedis.cpython-37.pyc b/__pycache__/ImportToRedis.cpython-37.pyc
diff --git a/__pycache__/SZheConsole.cpython-37.pyc b/__pycache__/SZheConsole.cpython-37.pyc