python写的wordpress漏洞检测工具

2012-07-02 | pyinx | python

自己根据网上的wordpress漏洞列表写了个简单的检测工具。

脚本内容如下：

#!/usr/bin/env python

-- coding:utf-8 --
import sys

import httplib

import socket

import re

try:

vul=open(‘wp-vul.txt’).readlines()

exp=open(‘wp-exp.txt’).readlines()

except:

print ‘file not find’

sys.exit(1)

dic1={}

dic2={}

s=re.compile(r’[\d+]’)

for i in vul:

a=i.split(‘=’)[0]

b=i.split(‘=’)[1]

k=’’.join(s.findall(a))

v=’/‘+b.replace(‘“‘,’’).strip()

dic1[k]=v

for i in exp:

a=i.split(‘=’)[0]

b=i.split(‘=’)[1]

k=’’.join(s.findall(a))

v=b. eplace(‘“‘,’’)

dic2[k]=v

if len(sys.argv)!=2:

print ‘-‘10,’help’,’-‘10

print sys.argv[0],’ site’

print ‘example’,sys.argv[0],’ http://www.netcat.tk‘

print ‘-‘10,’help’,’-‘10

sys.exit(1)

site=sys.argv[1]

site=site.replace(‘http://‘,’’)

if site.endswith(‘/‘):

site=site[:-1]

try:

print ‘\tChecking website http://%s/ …’%site

print ‘\tResult will be saved to %s.txt’%site

con=httplib.HTTPConnection(site)

con.connect()

except (httplib.HTTPResponse,socket.error):

print ‘Server offline or invalid URL’

sys.exit(1)

find=0

all=0

res=[]

for k in dic1:

v=dic1[k]

print ‘+[Check %d]: http://%s/%s'%(all,site,v)

conn=httplib.HTTPConnection(site)

conn.request(‘GET’,v)

response=conn.getresponse()

if response.status in (200,403):

find+=1

res.append(dic2[k])

all+=1

open(‘%s.txt’%site,’w’).writelines(res)

print ‘[Result]: Scan %d Vuls, Find %d Exps.’%(all,find)

下载地址：WP-Check.zip

-- coding:utf-8 --