-
Notifications
You must be signed in to change notification settings - Fork 1
/
hp-cve-check.py
97 lines (87 loc) · 2.94 KB
/
hp-cve-check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import requests
import json
import sys
import getopt
import urllib
import os
import subprocess
import re
import datetime
from bs4 import BeautifulSoup as bs
import lib.core.constants as c
from lib.core.requests import request,check_version
from lib.core.iocCheck import check_header,find_compromise,check_content
from lib.utils.printer import printer
from lib.utils.help import help,usage
from lib.core.module_parser import parser
# A simple python script that checks targets for signs
# of compromise for CVE, XSS on HP Printer Embedded Webserver
# Author: Tyler Butler, @tbutler0x90
def get_stats(counter):
sys.stdout.write(c.BIWhite)
print('{!} ',counter,' Targets Searched')
return
def handler(infile,outfile,verbosity,target):
if len(target) > 1:
targets = [target]
else:
with open(infile) as target_list:
fstring = target_list.readlines()
pattern = re.compile(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})')
targets = []
for line in fstring:
targets.append(pattern.search(line)[0])
counter = 1
for url in targets:
module = check_version(url,verbosity)
paths = parser(module,'paths')
tags = parser(module,'tags')
if verbosity == 2:
print('{!} -------- {INFO} Atomic IoCs For This Product Version:',len(paths[0]))
for atomic_IoC_id in paths[0]:
ioc_id = atomic_IoC_id
ioc_path = paths[0][atomic_IoC_id]
html_tag = tags[0][atomic_IoC_id]
if verbosity == 2:
print('{!} -------- {INFO} Test # ',counter)
response, url = request(infile,outfile,verbosity,url,ioc_path)
print('{!} -------- {INFO} Checking for WIOCs')
payload = find_compromise(response, verbosity,html_tag)
if payload:
printer(payload, url, outfile)
sys.stdout.write(c.BIWhite)
counter += 1
if verbosity == 2:
print('{!} Outfile File Located at :',outfile)
print(c.exit)
sys.exit(0)
# Get arguments from the user, decide which options to use
def main(argv):
infile = ''
outfile = ''
target = ''
verbosity = 1
sys.stdout.write(c.BIWhite)
if len(sys.argv) == 1:
usage()
try:
opts, args = getopt.getopt(argv,"h:I:i:O:v",["ifile=","ofile=","itarget=","iverbosity="])
except getopt.GetoptError:
usage()
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
help()
sys.exit()
elif opt in ("-I", "--ifile"):
infile = arg
elif opt in ("-i", "--itarget"):
target = arg
elif opt in ("-O", "--ofile"):
outfile = arg
elif opt in ("-v", "--iverbosity"):
verbosity = arg
print(c.art,'\n{!} Starting hp-cve-check')
handler(infile,outfile,verbosity,target)
if __name__ == "__main__":
main(sys.argv[1:])