zoukankan      html  css  js  c++  java
  • Jetty-attack-test

    import httplib, urllib, ssl, string, sys, getopt
    from urlparse import urlparse
    
    '''
    Author: Gotham Digital Science
    Purpose: This tool is intended to provide a quick-and-dirty way for organizations to test whether 
             their Jetty web server versions are vulnerable to JetLeak. Currently, this script does 
             not handle sites with invalid SSL certs. This will be fixed in a future iteration.
    '''
    
    if len(sys.argv) < 3:
        print("Usage: jetleak.py [url] [port]")
        sys.exit(1)
    
    url = urlparse(sys.argv[1])
    if url.scheme == '' and url.netloc == '':
        print("Error: Invalid URL Entered.")
        sys.exit(1)
    
    port = sys.argv[2]
    
    conn = None
    
    if url.scheme == "https":
        conn = httplib.HTTPSConnection(url.netloc + ":" + port)
    elif url.scheme == "http":
        conn = httplib.HTTPConnection(url.netloc + ":" + port)
    else: 
        print("Error: Only 'http' or 'https' URL Schemes Supported")
        sys.exit(1)
        
    x = "x00"
    headers = {"Referer": x}
    conn.request("POST", "/", "", headers)
    r1 = conn.getresponse()
    
    if (r1.status == 400 and ("Illegal character 0x0 in state" in r1.reason)):
        print("
    This version of Jetty is VULNERABLE to JetLeak!")
    else:
        print("
    This version of Jetty is NOT vulnerable to JetLeak.")
  • 相关阅读:
    周志华 机器学习
    王亮 中国科学院自动化研究所
    殷明 合肥工业大学
    批处理命令行 for循环
    CalFrechetDist
    等高线简化线方法对比(多尺度评价方法)
    周成虎
    MFC 使用控制台打印程序信息
    C++ 获得本地磁盘盘符的容量信息
    VS2012+CUDA6.0配置方法
  • 原文地址:https://www.cnblogs.com/crac/p/6697044.html
Copyright © 2011-2022 走看看