Skip to content

Instantly share code, notes, and snippets.

@haykuro

haykuro/discover_vuln_paths.py

Last active August 5, 2018 20:15
Show Gist options
  • Save haykuro/497ec0c0c39e36db9fbef5b800968fa3 to your computer and use it in GitHub Desktop.
Save haykuro/497ec0c0c39e36db9fbef5b800968fa3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
discover_vuln_paths.py
"""..."""
from requests import get
from requests.exceptions import ConnectionError
from netaddr import IPNetwork
from pprint import pprint
CONFIG = {
"HOST": "192.168.1.0/24",
"SCHEME": "http",
"CONNECT_TIMEOUT": 3,
"VULN_PATHS": [
"jmx-console/", # Jboss
"web-console/ServerInfo.jsp", # Jboss
"invoker/JMXInvokerServlet", # Jboss
"lc/system/console", # Adobe LiveCycle OSGi console
"axis2/axis2-admin/", # Apache Axis2
"manager/html/", # Tomcat
"tomcat/manager/html/", # Tomcat
"wp-admin", # Wordpress
"workorder/FileDownload.jsp", #Manage Engine
"ibm/console/logon.jsp?action=OK", # WebSphere
"data/login", # Dell iDrac
"script/", # Jenkins Script Conosle
"opennms/" # OpenNMS
]
}
def discover(ip_addr):
"""..."""
discovered = dict(vuln_urls=[], is_up=False)
print '[!] Discovering paths for %s://%s' % (CONFIG['SCHEME'], ip_addr)
for vuln_path in CONFIG['VULN_PATHS']:
url = "%s://%s/%s" % (CONFIG['SCHEME'], ip_addr, vuln_path)
res_obj = dict(url=url, status=-1, headers={})
print '\tTrying %s' % url
try:
res = get(url, timeout=CONFIG['CONNECT_TIMEOUT'])
except ConnectionError as error:
if "retries exceeded" in str(error):
continue
res_obj['status'] = res.status_code
res_obj['headers'] = res.headers
if not discovered['is_up']:
discovered['is_up'] = True
if res_obj['status'] in [401, 404]:
continue
discovered['vuln_urls'].append(res_obj)
return discovered
def main():
for ip_addr in IPNetwork(CONFIG['HOST']):
pprint((ip_addr, discover(ip_addr)))
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment