Python注入点位置识别

2016-10-14 小屿 Python

最近在写主动爬虫漏洞检测。写了个注入点位置判断的小脚本,识别各种类型的网址判断可能注入的位置。

例如http://xia0yu.win/index.php/xxxx/14
http://xia0yu.win/index.php/123/xxxx/341.html
http://xia0yu.win/test/2333.php?id=1&xxxx=xxx&aaaa=123等。

没写注释、以后满养成写注释习惯、 

#! /usr/bin/env python
# -*- coding: utf-8 -*-
import re

class find_injectid:
    def __init__(self,url):
        self.url = url

    def findInjectId(self):
        result = []
        UrlSplit = self.url.split('/')
        # print UrlSplit

        for i in UrlSplit:
            try:
                if '&' in i and '=' in i:
                    for x in i.split('&'):
                        reResult = re.findall(r'(?:\w+=).*',x,re.S|re.I)
                        InjectUrl = self.url.replace(reResult[0],reResult[0]+' ~*Inject*~ ')
                        result.append(InjectUrl)

                elif '=' in i:
                    reResult = re.findall(r'(?:\w+=).*',i,re.S|re.I)
                    InjectUrl = self.url.replace(reResult[0],reResult[0]+' ~*Inject*~ ')
                    result.append(InjectUrl)

                if i.isdigit():
                    InjectUrl = self.url.replace('/'+i,'/'+i+' ~*Inject*~ ')
                    result.append(InjectUrl)

                if re.search('.html|.htm|.sthml', i):
                    reResult = re.findall(r'(\d+\.)(?:html|htm|sthml)',i,re.S|re.I)
                    InjectUrl = self.url.replace(reResult[0],reResult[0][0:-1]+' ~*Inject*~ '+'.')
                    result.append(InjectUrl)
            except:
                pass

        return result

t = find_injectid('http://xia0yu.win/22222/2333.php?id=1&xxxx=xxx')
result = t.findInjectId()
for i in result:
    print i

标签: 注入

« 机器学习之初探验证码识别-Scikit learn | ElasticSearch搭建社工库-集群配置»

评论:

凯哥自媒体
2017-01-09 14:05
挺好的,感谢博主的分享。
回复
Doll
2017-01-06 23:51
A bit suriepsrd it seems to simple and yet useful.
回复

发表评论:

Powered by xia0yu