-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathexploit.py
104 lines (97 loc) · 2.63 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/usr/bin/env python
# coding:utf-8
import getopt,sys
from modules.SQLI_TEST import *
from modules.XSS_TEST import *
from modules.DOWNLOAD_TEST import *
from modules.UPLOAD_EXT_TEST import *
from modules.UPLOAD_CONTENT_TEST import *
def printSyntax():
print '''
#=====================================
#-t type : test type (eg:sqli,xss,commandi,lfi,upload_ext,upload_content,download,spider)
#-m method: test method (eg:get,post)
#-d domain : test domain (eg:http://www.xxx.com/)
#-u usecase : test usecase
#Usage:
./exploit.py -t <type> -m <method> -d <domain> [-u <usecase>]
./exploit.py -t sqli -m get -d http://www.xxoo.com -u usecase/sqli.usecase
#=====================================
'''
if __name__=='__main__':
if len(sys.argv) < 7:
printSyntax()
sys.exit(1)
else:
try:
opts,args = getopt.getopt(sys.argv[1:],"t:m:d:u:")
except:
printSyntax()
sys.exit(1)
type = None
method = None
domain = None
usecase = None
for opt,arg in opts:
if opt == '-t':
type = arg
elif opt == '-m':
method = arg
elif opt == '-d':
domain = arg
elif opt == '-u':
usecase = arg
else:
print "Unknown options!"
printSyntax()
sys.exit(1)
if method != "get" and method != "post":
print "Unknown method!"
printSyntax()
sys.exit(1)
if type == "sqli":
if usecase == None:
usecase = "usecase/sqli.usecase"
SQLI_TEST(domain,method,usecase)
elif type == "xss":
if usecase == None:
usecase = "usecase/xss.usecase"
XSS_TEST(domain,method,usecase)
elif type == "lfi":
if usecase == None:
usecase = "usecase/lfi.usecase"
LFI_TEST(domain,method,usecase)
elif type == "commandi":
if usecase == None:
usecase = "usecase/commandi.usecase"
COMMANDI_TEST(domain,method,usecase)
elif type =="download":
if usecase == None:
usecase = "usecase/download.usecase"
if method == "post":
print "download method must be GET!"
printSyntax()
sys.exit(1)
DOWNLOAD_TEST(domain,method,usecase)
elif type == "upload_ext":
if usecase == None:
usecase = "usecase/upload_ext.usecase"
if method == "get":
print "upload method must be POST!"
printSyntax()
sys.exit(1)
UPLOAD_EXT_TEST(domain,method,usecase)
elif type == "upload_content":
if usecase == None:
usecase = "usecase/upload_content"
if method == "get":
print "upload method must be POST!"
printSyntax()
sys.exit(1)
UPLOAD_CONTENT_TEST(domain,method,usecase)
elif type == "spider":
if usecase == None:
usecase = "usecase/spider.usecase"
SPIDER_TEST(domain,method,usecase)
else:
print "Unknown type!"