简述

    在渗透测试中遇到相同CMS站点时,搞定一个站点,相当于拿了一个站群的通用漏洞,所以我们首先需要标注站点的CMS类型,根据要求编写如下脚本

要求

    1、访问特定目录,如:站点特定 /cmsadmin/;
    2、返回404页面(包含不限于404,根据具体情况而定);
    3、页面包含关键字:如:某某管理平台。

代码实现


  #!/usr/bin/env python
  # -*- coding:utf-8 -*-
  # python3.x.x

  import requests

  headers = {
  "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"
  }

  def open_url():
    with open("./domain.txt",encoding="utf-8") as f: #初始域名列表
    data = f.readlines()
  return data

  def get_result():
    urls = open_url()
    for url in urls:
      name = "http://" + url.strip() +"/cmsadmin/"
      print(name)
      try:
        response = requests.get(url=name,headers=headers)
        if response.status_code == 404:
          if "某某管理平台" in response.text: #匹配页面特定内容
          with open("XXCMS.txt","a+",encoding="utf-8") as f: #相同CMS站点列表
          f.write(url)
          else:
            pass
      except Exception as e:
        print("其它版本")

  if __name__ == "__main__":
    get_result()
02-05 01:05