- 🌱 I’m currently learning blueteam backtracking
- Visitor Count
Python3编写的CMS漏洞检测框架
当我的目标是某一个cms时,我只需测试对应的poc即可,如何指定呢?
git主可以试试这种写法,毕竟每次先搜索cms类型,再读.history比较麻烦,需要vps静默执行命令会更方便。
python3 AngelSword.py -s joomla -r all -t url
Please provide english support as well lot of things are written in chinese every time i have to google
具体可以参考
ysrc/xunfeng#133
请问哪些插件用了spawn模块?我试试改一下
参考文献:https://xz.aliyun.com/t/2064
其中评论中已经poc(红日安全写的python3版本)
两个小建议
是否支持自动扫描应用的cms类型,然后自动匹配呢,就是合并-s和-r
是否支持文件列表扫描
环境:
win10
Python 3.9.0
python AngelSword.py
AngelSword.py:248: SyntaxWarning: "is not" with a literal. Did you mean "!="? if line.find(keywords) is not -1: E:\tongzhuopy\play\AngelSword\AngelSword.py:277: SyntaxWarning: "is not" with a literal. Did you mean "!="? if keyword.__str__().find(sys.argv[2].strip()) is not -1: E:\tongzhuopy\play\AngelSword\AngelSword.py:314: SyntaxWarning: "is not" with a literal. Did you mean "!="? if keyword.__str__().find(sys.argv[2].strip()) is not -1: E:\tongzhuopy\play\AngelSword\AngelSword.py:348: SyntaxWarning: "is not" with a literal. Did you mean "!="? if keyword.__str__().find(pocfuck) is not -1: E:\tongzhuopy\play\AngelSword\AngelSword.py:419: SyntaxWarning: "is not" with a literal. Did you mean "!="? if line.find("BaseVerify") is not -1: a bytes-like object is required, not 'str'
[-]不存在phpcms_v96_sqli漏洞
[-]不存在xuezi_ceping_unauth漏洞
[-]不存在cmseasy_header_detail_sqli漏洞
[-] /home/AngelSword/cms/zfsoft/zfsoft_service_stryhm_sqli.py====>可能不存在漏洞
[-]不存在shadowsit_selector_lfi漏洞
[-]不存在phpmyadmin_setup_lfi漏洞
[-]不存在shop360_do_filedownload漏洞
[-]不存在opensns_index_arearank漏洞
[-] /home/AngelSword/cms/zfsoft/zfsoft_database_control.py====>可能不存在漏洞
[-] /home/AngelSword/cms/others/haohan_FileDown_filedownload.py====>可能不存在漏洞
[-] /home/AngelSword/cms/opensns/opensns_index_getshell.py====>可能不存在漏洞
[-] /home/AngelSword/cms/phpcms/phpcms_v961_fileread.py====>可能不存在漏洞
[-]不存在phpcms_digg_add_sqli漏洞
[-]不存在ecshop_uc_code_sqli漏洞
[-] /home/AngelSword/cms/phpcms/phpcms_v9_flash_xss.py====>可能不存在漏洞
[-]不存在phpcms_authkey_disclosure漏洞
[-]不存在zfsoft_default3_bruteforce漏洞
[-]不存在seacms_search_code_exec漏洞
[-]不存在jxt1039_unauth漏洞
[-]不存在seacms_order_code_exec漏洞
list index out of range
>>>>>>>>>超时
When I run it on a website it is showing this error.
How to fix it?
把requirements.txt里面的模块版本号补全,使用pip3 install -r requirements.txt 容易报版本号未知错误
After the above mentioned line executes it throws an exception and the code stops executing.
How to fix it?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.