-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathcode_leak.py
More file actions
26 lines (23 loc) · 958 Bytes
/
Copy pathcode_leak.py
File metadata and controls
26 lines (23 loc) · 958 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import re
import os
import sys
exp10it_module_path = os.path.expanduser("~") + "/exp10it"
sys.path.insert(0, exp10it_module_path)
from exp10it import get_request
from exp10it import get_http_domain_from_url
target=sys.argv[1]
print("checking code leak vul for "+target)
current_dir = os.path.split(os.path.realpath(__file__))[0]
return_string = ""
leak_list = [".hg", ".git", ".svn", ".ds_store", ".bzr",
"WEB-INF/database.propertiesl", "WEB-INF/web.xml"]
for each in leak_list:
http_domain = get_http_domain_from_url(target)
leaked_url = http_domain + "/" + each
a = get_request(leaked_url)
if not re.search(r"页面不存在", a['content'], re.I) and a['code'] == 200:
return_string += "%s exists!\n" % leaked_url
if return_string != "":
return_string += "visit http://www.hacksec.cn/Penetration-test/474.html to exploit it"
with open("%s/result.txt" % current_dir, "a+") as f:
f.write(return_string)