python 后门检测工具

很久没有耕耘,博客这块地荒芜了...

前段时间因为工作需要编写了一个python后门检测工具,基于web路径来检测的,针对特定的信息系统有着较好的检测精确度.为了使后期可灵活修改,将路径字典放在了文本文件中.

读者可自行更具需求更改url.txt.工具的原理是url.txt中的每一条路径程序都会单独分开或前后组合后进行请求,针对部署时人为原因导致目录层数变动可能导致的大部分情况,减少漏报.希望能帮助到有相似需求的人.

Talk is cheap. Show me the code.

# !/usr/bin/python

# 信息系统管理后门排查工具
# 2020-05-19 by skq
# version 1.0

'''
使用时需注意目标信息的格式
路径存放在url.txt, 格式型为'/0/1/2/3/javaSrcFile.jsp'开头须有'/'
目标信息存放在host.txt,格式形为'http://192.168.1.1'或者'http://192.168.1.1:17001'
该工具可能会产生误报，建议使用浏览器对result.txt中的url进行检查
'''
import requests

def path_generate(pathfile='url.txt'):

    with open(pathfile,'r') as f:
        url_list = []
        for u in f.readlines():
            url = u.strip().split('/')
            for p in range(2,len(url)):
                url_list.append('/' + '/'.join(url[1:p]) + '/' + str(url[-1]))
            for p in range(2,len(url)):
                url_list.append('/' + '/'.join(url[-p:-1]) + '/' + str(url[-1]))
        path = sorted(set(url_list),key=url_list.index) 
    return path

def check(url):
    data = {"User-Agent":"Mozilla/5.0 (MDDL_Network_Security_Center_Testing. Contact us number 310 office)",}
    r = requests.get(url,headers=data,timeout=5,allow_redirects=False)
    print ('[+] checking {}... [code {}]'.format(url,r.status_code))
    if r.status_code == 200 :
        info = ('[!] {} ----> back door exist !\n'.format(url))
        print (info)
        with open('result.txt','a') as f:
            f.write(info)


if __name__ == '__main__':

    with open('host.txt','r') as f:
            for host in f.readlines():
                try:
                    for path in path_generate():
                        url = host.strip() + path.strip()
                        check(url)
                except Exception as e:
                    print ('[+] ERROR : {}'.format(e))
    print ('[~] all done .')

 

注意,上述代码使用py3写的,只用了一个包requests,若你运行时提示ModuleNotFoundError: No module named '***',请先安装requests包.