Struts2 ignores certificate errors, updated schema
This commit is contained in:
parent
576af97a82
commit
861750be5b
|
@ -7,6 +7,7 @@ import urllib2
|
|||
import httplib
|
||||
import unicodedata
|
||||
import re
|
||||
import ssl
|
||||
|
||||
import logging
|
||||
from infection_monkey.exploit.web_rce import WebRCE
|
||||
|
@ -47,7 +48,7 @@ class Struts2Exploiter(WebRCE):
|
|||
headers = {'User-Agent': 'Mozilla/5.0'}
|
||||
request = urllib2.Request(url, headers=headers)
|
||||
try:
|
||||
return urllib2.urlopen(request).geturl()
|
||||
return urllib2.urlopen(request, context=ssl._create_unverified_context()).geturl()
|
||||
except urllib2.URLError:
|
||||
LOG.error("Can't reach struts2 server")
|
||||
return False
|
||||
|
|
|
@ -250,8 +250,9 @@ SCHEMA = {
|
|||
"default": [
|
||||
],
|
||||
"description":
|
||||
"List of IPs/subnets the monkey should scan."
|
||||
" Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\""
|
||||
"List of IPs/subnets/hosts the monkey should scan."
|
||||
" Examples: \"192.168.0.1\", \"192.168.0.5-192.168.0.20\", \"192.168.0.5/24\","
|
||||
" \"printer.example\""
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue