-
Notifications
You must be signed in to change notification settings - Fork 1
/
VoAPIVerification.py
65 lines (61 loc) · 3.15 KB
/
VoAPIVerification.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# -*- coding: UTF-8 -*-
import os, re, socket, argparse
RequestVulnerabilityList = ["ssrf", "command_injection", "xss"]
def create_verification_server(server_ip="127.0.0.1", server_port=4444):
verification_server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
verification_server.bind((server_ip, server_port))
verification_server.listen(4)
print("verification_server listen...")
return verification_server
def vul_verification(verification_server, vul_dir):
while True:
try:
socket_conn, _ = verification_server.accept()
socket_data = socket_conn.recv(1024).decode('utf-8', errors='ignore')
if socket_data:
for RequestVulnerability in RequestVulnerabilityList:
if RequestVulnerability in socket_data:
print("find ", RequestVulnerability)
print(socket_data)
vul_filename = socket_data[socket_data.find(RequestVulnerability)+len(RequestVulnerability):socket_data.find(" HTTP/")]
vul_output_dir = vul_dir + RequestVulnerability + "/"
if not os.path.exists(vul_output_dir):
os.makedirs(vul_output_dir)
vul_api_content = "-------- VoAPI Vul API --------\n"
vul_api_content += "API Vul Type: " + RequestVulnerability + "\n"
vul_api_content += "Vul API Url: " + vul_filename[:vul_filename.find("VoAPI")] + "\n"
vul_api_content += "API Vul Param: " + vul_filename[vul_filename.find("VoAPI")+len("VoAPI"):] + "\n\n"
vul_filename = vul_filename.replace("/", "!")
vul_filename = re.sub(r'[<>:"/\\|?*]', '@', vul_filename)
f = open(vul_output_dir + vul_filename,"a+")
f.write(vul_api_content)
f.close()
break
socket_conn.close()
except socket.timeout:
socket_conn.close()
continue
except Exception as e:
socket_conn.close()
print(e)
continue
return
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('--verification_server_ip', help='Verification Server Ip', type=str, default="127.0.0.1", required=True)
parser.add_argument('--verification_server_port', help='Verification Server Port', type=int, default=4444, required=True)
parser.add_argument('--output', help='Output Dir Absolute Path', type=str, default="./", required=True)
args = parser.parse_args()
if args.output == "./":
output_dir = os.path.abspath('.')
else:
if not os.path.exists(args.output):
os.makedirs(args.output)
output_dir = args.output
if not output_dir.endswith("/"):
output_dir = output_dir + "/"
vul_dir = output_dir + "vul/"
if not os.path.exists(vul_dir):
os.makedirs(vul_dir)
verification_server = create_verification_server(args.verification_server_ip, args.verification_server_port)
vul_verification(verification_server, vul_dir)