Nginx漏洞扫描程序 perl代码
[tag]nginx[/tag]
#!usr/bin/perl -w
use LWP;
use LWP::ConnCache;
my $browser = LWP::UserAgent->new;
$browser->timeout( 15 );
my $conncache = LWP::ConnCache->new;
$browser->conn_cache($conncache);
#先用列表吧,没有用记事本保存列表再读再扫嘿嘿
my @bbslist1;
push @bbslist1,"http://bbs.xxx.com/robots.txt";
push @bbslist1,"http://bbs.yyy.com/robots.txt" ;
push @bbslist1,'http://bbs.pctutu.com/robots.txt';
push @bbslist1,'http://bbs.yahoo.cn/robots.txt';
#Server: nginx/0.8.13
#Content-Type: text/html
print "\t\tNginx漏洞扫描程序\n\n";
foreach my $url (@bbslist1){
print "目前正在扫描:$url\n";
my $response= $browser->get( $url);
$response->is_success or say("Failed to get '$url':\n", $response->status_line);
my $servertype = $response->server;
print "$servertype\n";
if ($servertype=~/nginx/){
my $typeold=$response->content_type;
print "$typeold\n";
my $url2=$url.'/xysky.php';
my $response2 = $browser->get( $url2);
$response2->is_success or say("Failed to get '$url2':\n", $response->status_line);
my $typenew=$response2->content_type;
print "$typenew\n";
if ($typeold eq $typenew){
print "站点 $url 暂没有发现漏洞.\n\n";
}else{
print "站点 $url 存在该漏洞.\n\n";
}
}else{
print "站点不是nginx,Sorry!\n\n";
}
}
太弱智了
2011-08-22 13:18