zoukankan      html  css  js  c++  java
  • Jetty-attack-test

    import httplib, urllib, ssl, string, sys, getopt
    from urlparse import urlparse
    
    '''
    Author: Gotham Digital Science
    Purpose: This tool is intended to provide a quick-and-dirty way for organizations to test whether 
             their Jetty web server versions are vulnerable to JetLeak. Currently, this script does 
             not handle sites with invalid SSL certs. This will be fixed in a future iteration.
    '''
    
    if len(sys.argv) < 3:
        print("Usage: jetleak.py [url] [port]")
        sys.exit(1)
    
    url = urlparse(sys.argv[1])
    if url.scheme == '' and url.netloc == '':
        print("Error: Invalid URL Entered.")
        sys.exit(1)
    
    port = sys.argv[2]
    
    conn = None
    
    if url.scheme == "https":
        conn = httplib.HTTPSConnection(url.netloc + ":" + port)
    elif url.scheme == "http":
        conn = httplib.HTTPConnection(url.netloc + ":" + port)
    else: 
        print("Error: Only 'http' or 'https' URL Schemes Supported")
        sys.exit(1)
        
    x = "x00"
    headers = {"Referer": x}
    conn.request("POST", "/", "", headers)
    r1 = conn.getresponse()
    
    if (r1.status == 400 and ("Illegal character 0x0 in state" in r1.reason)):
        print("
    This version of Jetty is VULNERABLE to JetLeak!")
    else:
        print("
    This version of Jetty is NOT vulnerable to JetLeak.")
  • 相关阅读:
    lamp
    Mysql主从
    Mysql多实例部署
    Xtrabackup备份与恢复
    Mysql备份工具mysqldump
    Mysql进阶
    Mysql基础
    MySql进阶管理备份操作和Xtrabackup使用
    MySql的基础配置和操作
    java学习——基础入门(2)
  • 原文地址:https://www.cnblogs.com/crac/p/6697044.html
Copyright © 2011-2022 走看看