Python中文网 - 问答频道, 解决您学习工作中的Python难题和Bug
Python常见问题
如果连接花费的时间太长,它会在
**正在检查主机:http://221.22.145.11**
停机的主机:http://221.22.145.11
# coding: utf-8
# JexBoss v1.0. @autor: João Filho Matos Figueiredo (joaomatosf@gmail.com)
# Updates: https://github.com/joaomatosf/jexboss
# Free for distribution and modification, but the authorship should be preserved.
import httplib, sys, urllib, os, time
from urllib import urlencode
RED = '\x1b[91m'
RED1 = '\033[31m'
BLUE = '\033[94m'
GREEN = '\033[32m'
BOLD = '\033[1m'
NORMAL = '\033[0m'
ENDC = '\033[0m'
def getHost(url):
tokens = url.split("://")
if len(tokens) == 2: #foi fornecido protocolo
return tokens[1].split(":")[0]
else:
return tokens.split(":")[0]
def getProtocol(url):
tokens = url.split("://")
if tokens[0] == "https":
return "https"
else:
return "http"
def getPort(url):
token = url[6:].split(":")
if len(token) == 2:
return token[1]
elif getProtocol(url) == "https":
return 443
else:
return 80
def getConnection(url):
if getProtocol(url) == "https":
return httplib.HTTPSConnection(getHost(url), getPort(url))
else:
return httplib.HTTPConnection(getHost(url), getPort(url))
def getSuccessfully(url, path):
result = 404
time.sleep(5)
conn = getConnection(url)
conn.request("GET", path)
result = conn.getresponse().status
if result == 404:
conn.close()
time.sleep(7)
conn = getConnection(url)
conn.request("GET", path)
result = conn.getresponse().status
conn.close()
return result
def checkVul(url):
print ( GREEN +" ** Checking Host: %s **\n" %url )
path = { "jmx-console" : "/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo",
"web-console" : "/web-console/ServerInfo.jsp",
"JMXInvokerServlet" : "/invoker/JMXInvokerServlet"}
for i in path.keys():
try:
print GREEN + " * Checking %s: \t" %i + ENDC,
conn = getConnection(url)
conn.request("HEAD", path[i])
path[i] = conn.getresponse().status
if path[i] == 200 or path[i] == 500:
print RED + "[ VULNERABLE ]" + ENDC
else: print GREEN + "[ OK ]"
conn.close()
except:
print RED + "\n * An error ocurred while contaction the host %s\n" %url + ENDC
path[i] = 505
return path
def clear():
if os.name == 'posix':
os.system('clear')
elif os.name == ('ce', 'nt', 'dos'):
os.system('cls')
def checkArgs(args):
if len(args) < 2 or args[1].count('.') < 1:
return 1,"You must provide the host name or IP address you want to test."
elif len(args[1].split('://')) == 1:
return 2, 'Changing address "%s" to "http://%s"' %(args[1], args[1])
elif args[1].count('http') == 1 and args[1].count('.') > 1:
return 0, ""
else:
return 1, 'Parâmetro inválido'
def banner():
clear()
print (RED1+"\n * --- JexBoss: Jboss verify and EXploitation Tool --- *\n"
" | |\n"
" | @author: João Filho Matos Figueiredo |\n"
" | @contact: joaomatosf@gmail.com |\n"
" | |\n"
" | @update: https://github.com/joaomatosf/jexboss |\n"
" #______________________________________________________#\n\n" )
banner()
# check python version
if sys.version_info[0] == 3:
print (RED + "\n * Not compatible with version 3 of python.\n"
" Please run it with version 2.7 or lower.\n\n"
+BLUE+" * Example:\n"
" python2.7 " + sys.argv[0]+ " https://example.com\n\n"+ENDC )
sys.exit(1)
# check Args
status, message = checkArgs(sys.argv)
if status == 0:
url = sys.argv[1]
elif status == 1:
print RED + "\n * Error: %s" %message
print BLUE + "\n Example:\n python %s https://site.com.br\n" %sys.argv[0] + ENDC
sys.exit(status)
elif status == 2:
url = ''.join(['http://',sys.argv[1]])
# check vulnerabilities
mapResult = checkVul(url)
# performs exploitation
for i in ["jmx-console", "web-console", "JMXInvokerServlet"]:
if mapResult[i] == 200 or mapResult[i] == 500:
print BLUE + ("\n\n * Do you want to try to run an automated exploitation via \""+BOLD+i+NORMAL+"\" ?\n"
" This operation will provide a simple command shell to execute commands on the server..\n"
+RED+" Continue only if you have permission!" +ENDC)
if raw_input(" yes/NO ? ").lower() == "yes":
autoExploit(url, i)
# resume results
if mapResult.values().count(200) > 0:
banner()
print RED+ " Results: potentially compromised server!" +ENDC
print (GREEN+" * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*\n\n"
" Recommendations: \n"
" - If possible, discard this server!\n\n"
" * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*\n" )
elif mapResult.values().count(505) == 0:
print ( GREEN+ "\n\n * Results: \n"
" The server is not vulnerable to bugs tested ... :D\n\n" + ENDC)
# infos
print (ENDC+" * Info: review, suggestions, updates, etc: \n"
" https://github.com/joaomatosf/jexboss\n"
" joaomatosf@gmail.com\n")
print ENDC
完整代码在 https://raw.githubusercontent.com/joaomatosf/jexboss/master/jexboss.py
Tags: pathhttpscomhttpurlreturnifdef
热门问题
- 是什么导致导入库时出现这种延迟?
- 是什么导致导入时提交大内存
- 是什么导致导入错误:“没有名为modules的模块”?
- 是什么导致局部变量引用错误?
- 是什么导致循环中的属性错误以及如何解决此问题
- 是什么导致我使用kivy的代码内存泄漏?
- 是什么导致我在python2.7中的代码中出现这种无意的无限循环?
- 是什么导致我的ATLAS工具在尝试构建时失败?
- 是什么导致我的Brainfuck transpiler的输出C文件中出现中止陷阱?
- 是什么导致我的Django文件上载代码内存峰值?
- 是什么导致我的json文件在添加kivy小部件后重置?
- 是什么导致我的python 404检查脚本崩溃/冻结?
- 是什么导致我的Python脚本中出现这种无效语法错误?
- 是什么导致我的while循环持续时间延长到12分钟?
- 是什么导致我的代码膨胀文本文件的大小?
- 是什么导致我的函数中出现“ValueError:cannot convert float NaN to integer”
- 是什么导致我的安跑的时间大大减少了?
- 是什么导致我的延迟触发,除了添加回调、启动反应器和连接端点之外什么都没做?
- 是什么导致我的条件[Python]中出现缩进错误
- 是什么导致我的游戏有非常低的fps
热门文章
- Python覆盖写入文件
- 怎样创建一个 Python 列表?
- Python3 List append()方法使用
- 派森语言
- Python List pop()方法
- Python Django Web典型模块开发实战
- Python input() 函数
- Python3 列表(list) clear()方法
- Python游戏编程入门
- 如何创建一个空的set?
- python如何定义(创建)一个字符串
- Python标准库 [The Python Standard Library by Ex
- Python网络数据爬取及分析从入门到精通(分析篇)
- Python3 for 循环语句
- Python List insert() 方法
- Python 字典(Dictionary) update()方法
- Python编程无师自通 专业程序员的养成
- Python3 List count()方法
- Python 网络爬虫实战 [Web Crawler With Python]
- Python Cookbook(第2版)中文版
使用
REQUEST_TIMEOUTstatus code,方法如下(取自Python文档):就像您检查响应状态代码一样,在您的代码中:
^{pr2}$编辑:在您的
getConnection(url)函数中设置所需的timeout,方法如下:在本例中,函数将尝试连接到您的
url,如果无法建立连接,则将在5秒内timeout。在相关问题 更多 >
编程相关推荐