zookeeper未授權訪問掃描腳本

本文轉載自查看原文 2018-06-16 10:37 1267

# coding=utf-8
import socket


def get_plugin_info():
    plugin_info = {
        "name": "Zookeeper未授權訪問",
        "info": "Zookeeper Unauthorized access",
        "level": "中危",
        "type": "未授權訪問",
        "author": "c4bbage@qq.com",
        "url": "https://hackerone.com/reports/154369",
        "keyword": "server:Zookeeper",
        "source": 1
    }
    return plugin_info


def check(ip, port, timeout):
    try:
        socket.setdefaulttimeout(timeout)
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect((ip, int(port)))
        flag = "envi"
        # envi
        # dump
        # reqs
        # ruok
        # stat
        s.send(flag)
        data = s.recv(1024)
        s.close()
        if 'Environment' in data:
            return u"Zookeeper Unauthorized access"
    except:
        pass


def main():
    ip = "1.1.1.1"
    print check(ip, 2181, 2)

if __name__ == '__main__':
    main()

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 ZooKeeper 未授權訪問漏洞 ZooKeeper 未授權訪問漏洞 Zookeeper未授權訪問測試 ZooKeeper未授權訪問加固方法漏洞復現 - ZooKeeper未授權訪問漏洞 zookeeper未授權訪問滲透測試及修復方法 ZooKeeper未授權漏洞 Hadoop 未授權訪問 Elasticsearch 未授權訪問 Hadoop 未授權訪問【原理掃描】及Apache Hadoop YARN 資源管理器 REST API未授權訪問漏洞【原理掃描】修復記錄