AttackCheckEngine/check_fileread_attack.py at master · luyg24/AttackCheckEngine · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# !/usr/bin/env python
# -*- coding:utf-8 -*-
"""
check file reading type attack! return id and vul
"""

import base64
import requests
import record_err
import re


def checkstatus(id, hostname, url, method, status, postdata):
    hostname = str(hostname)
    url = str(base64.b64decode(url))
    method = str(method)
    if method.lower() == 'post':
        if len(method) > 0:
            postdata = str(base64.b64decode(postdata))
    if len(status) > 0:
        if status != 200:
            print method, 'attack failed'
        else :
            print id, hostname, url, method, status, postdata
            pass
            # need to be check
    else:
        print 'no status'

def check(id, hostname, url, method, status, postdata):
    try:
        result1 = ''
        result2 = ''
        # print id, hostname, url, method, status, postdata
        # print type(id), type(hostname), type(url), type(method), type(status), type(postdata)
        url = base64.b64decode(url)
        headers = {'user-agent':'Chrome/60.0.3112.113 Safarids24/537.36'}
        if method.lower() == 'post':
            postdata = base64.b64decode(postdata)
            # print postdata
        if method.lower() == 'get':
            httpurl = 'http://' + hostname + url
            httpsurl = 'https://' + hostname + url
            try:
                r1 = requests.get(httpurl, headers = headers)
            except:
                r1 = ''
            if r1 is not '':
                tmp1 = str(r1)
                tmp2 = tmp1.split()
                httpstatus = tmp2[1]
                if httpstatus:
                    if re.search('200', httpstatus):
                        httpcontent = r1.text
                        id, result1 = content_process(id, httpcontent)
            try:
                r2 = requests.get(httpsurl, headers = headers, verify = False)
            except:
                r2 = ''
            if r2 is not '':
                print r2
                result = ''
                tmp3 = str(r2)
                tmp4 = tmp3.split()
                httpsstatus = tmp4[1]
                if httpsstatus:
                    if re.search('200', httpsstatus):
                        httpscontent = r2.text
                        id, result2 = content_process(id, httpscontent)
        if result1 is not '':
            print id, result1
        elif result2 is not '':
            print id, result2
        elif result1 is '' and result2 is '':
            print id, 'cannot open!'
        else:
            pass
    except Exception as e:
        record_err.logrecord()

def content_process(id, content):
    try:
        if len(content) < 10:
            result = 'N'
            return id, result
        else:
            print content
    except Exception as e:
        record_err.logrecord()