forked from 1120362990/vulnerability-list
-
Notifications
You must be signed in to change notification settings - Fork 0
/
moon.py
119 lines (112 loc) · 3.96 KB
/
moon.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# -*- coding: utf-8 -*-
import sys
import tomcat.Main_tomcat
import fckeditor.Main_fckeditor
import weblogic.Main_weblogic
import iis.Main_iis
import docker_vuln.Main_docker
import redis_vuln.Main_redis
import zabbix_vuln.Main_zabbix
import navigate_vuln.Main_navigate
import gatepass_vuln.Main_gatepass
import spring_vuln.Main_spring
import jboss.Main_jboss
import kindeditor.Main_kindeditor
import durpal.Main_durpal
import bf_dicts.Main_bf
import thinkphp.Main_thinkphp
import memcache_vuln.Main_memcache_vuln
import js_find.Main_js_find
import search_exploits.Main_search_exploits
import activemq_vuln.Main_activemq
if __name__ == "__main__":
#使用说明
if len(sys.argv) < 3 or sys.argv[1]=="-h":
print('''
漏洞检测:
userage: python -u module http://xx.xx.xx.xx:xx
modul: tomcat fck weblogic iis docker redis zabbix navigate gatepass kindeditor thinkphp memcache actviemq
IP归属查询:
userage: python -u module www.xxxxx.com/xx.xx.xx.xx
modul:ip ipq
Js中敏感信息收集:
userage: python -u module http://xx.xx.xx.xx:xx
modul:js
历史漏洞查询:
modul: exploits
''')
#漏洞利用
elif sys.argv[1] == '-u':
# 处理url末尾可能存在的/
if sys.argv[3][-1] != '/':
pass
else:
sys.argv[3] = sys.argv[3][0:-1]
print('[*]目标:'+sys.argv[3])
if sys.argv[2] == 'tomcat':
tomcat.Main_tomcat.exec(sys.argv[3])
elif sys.argv[2] == 'fck':
fckeditor.Main_fckeditor.exec(sys.argv[3])
elif sys.argv[2] == 'weblogic':
weblogic.Main_weblogic.exec(sys.argv[3])
elif sys.argv[2] == 'iis':
iis.Main_iis.exec(sys.argv[3])
elif sys.argv[2] == 'docker':
docker_vuln.Main_docker.exec(sys.argv[3])
elif sys.argv[2] == 'redis':
redis_vuln.Main_redis.exec(sys.argv[3])
elif sys.argv[2] == 'zabbix':
zabbix_vuln.Main_zabbix.exec(sys.argv[3])
elif sys.argv[2] == 'navigate':
navigate_vuln.Main_navigate.exec(sys.argv[3])
elif sys.argv[2] == 'gatepass':
gatepass_vuln.Main_gatepass.exec(sys.argv[3])
elif sys.argv[2] == 'spring':
spring_vuln.Main_spring.exec(sys.argv[3])
elif sys.argv[2] == 'jboss':
jboss.Main_jboss.exec(sys.argv[3])
elif sys.argv[2] == 'kindeditor':
kindeditor.Main_kindeditor.exec(sys.argv[3])
elif sys.argv[2] == 'drupal':
durpal.Main_durpal.exec(sys.argv[3])
elif sys.argv[2] == 'thinkphp':
thinkphp.Main_thinkphp.exec(sys.argv[3])
elif sys.argv[2] == 'memcache':
memcache_vuln.Main_memcache_vuln.exec(sys.argv[3])
elif sys.argv[2] == 'js':
js_find.Main_js_find.exec(sys.argv[3])
elif sys.argv[2] == 'exploits':
search_exploits.Main_search_exploits.exec(sys.argv[3])
elif sys.argv[2] == 'activemq':
activemq_vuln.Main_activemq.exec(sys.argv[3])
else:
print('''
漏洞检测:
userage: python -u module http://xx.xx.xx.xx:xx
modul: tomcat fck weblogic iis docker redis zabbix navigate gatepass kindeditor thinkphp memcache activemq
IP归属查询:
userage: python -u module www.xxxxx.com/xx.xx.xx.xx
modul:ip ipq
Js中敏感信息收集:
userage: python -u module http://xx.xx.xx.xx:xx
modul:js
历史漏洞查询:
modul: exploits
''')
elif sys.argv[1] == '-p':
print('[+]检测地址:'+sys.argv[2]+sys.argv[3]+sys.argv[4])
bf_dicts.Main_bf.exec(sys.argv[2],sys.argv[3],sys.argv[4])
else:
print('''
漏洞检测:
userage: python -u module http://xx.xx.xx.xx:xx
modul: tomcat fck weblogic iis docker redis zabbix navigate gatepass kindeditor thinkphp memcache activemq
IP归属查询:
userage: python -u module www.xxxxx.com/xx.xx.xx.xx
modul:ip ipq
Js中敏感信息收集:
userage: python -u module http://xx.xx.xx.xx:xx
modul:js
历史漏洞查询:
modul: exploits
''')