Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
-
1 + #!/usr/bin/python3.9 2 + # -*- coding: utf-8 -*- 3 + # 4 + # Copyright (C) 2021 Caps, Inc. All Rights Reserved 5 + # 6 + # @Time : 2022/5/7 23:40 7 + # @Author : Caps 8 + # @Email : [email protected] 9 + # @File : check.py 10 + # @Software: PyCharm 11 + import requests 12 + import argparse 13 + 14 + requests.packages.urllib3.disable_warnings() 15 + 16 + 17 + def usage(): 18 + print(''' 19 + +-----------------------------------------------------------------+ 20 + 漏洞名称: F5 BIG-IP iControl Rest API exposed Check 21 + 功能:单个检测,批量检测 22 + 单个检测:python exp.py -u url 23 + 批量检测:python exp.py -f url.txt 24 + +-----------------------------------------------------------------+ 25 + ''') 26 + 27 + 28 + def check(url): 29 + try: 30 + target_url = url + "/mgmt/shared/authn/login" 31 + res = requests.get(target_url, verify=False, timeout=3) 32 + if "resterrorresponse" in res.text: 33 + print(f"\033[0;31;22m[+] Host: {url} F5 iControl Rest API exposed \033[0m") 34 + else: 35 + print(f"\033[0;32;22m[-] Host: {url} F5 not vulnerability \033[0m") 36 + except Exception as e: 37 + print(f"\033[0;33;22m[x] Host: {url} Connection Fail \033[0m") 38 + 39 + 40 + def run(filepath): 41 + urls = [x.strip() for x in open(filepath, "r").readlines()] 42 + for u in urls: 43 + check(u) 44 + return check 45 + 46 + 47 + def main(): 48 + parse = argparse.ArgumentParser() 49 + parse.add_argument("-u", "--url", help="Please Poc.py -u host") 50 + parse.add_argument("-f", "--file", help="Please poc.py -f file") 51 + args = parse.parse_args() 52 + url = args.url 53 + filepath = args.file 54 + if url is not None and filepath is None: 55 + check(url) 56 + elif url is None and filepath is not None: 57 + run(filepath) 58 + else: 59 + usage() 60 + 61 + 62 + if __name__ == '__main__': 63 + main() 64 +