bkfish/CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner bkfish/CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner

  • Stars
    star
    287
  • Rank 144,232 (Top 3 %)
  • Language
    Python
  • Created over 4 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
bkfish/CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner
github

bkfish

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cnvd-2020-10487 / cve-2020-1938, scanner tool

python2多线程扫描Tomcat-Ajp协议文件读取漏洞

刷src分狗的福利 poc来源于https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi/poc作者不是本人!!!!

操作

1、将需要扫描的域名/ip放于 ip.txt

ip.txt中不需要加协议,比如

127.0.0.1
www.baidu.com
www.google.com

2、python threading-find-port-8009.py

将会生成8009.txt,作用为扫描ip.txt中域名/ip找出开放8009端口

3、python threading-CNVD-2020-10487-Tomcat-Ajp-lfi.py

从8009.txt中筛选出符合漏洞的url,放置于vul.txt中 最后vul.txt中存在的域名即为含有漏洞的域名 亲测补天公益src有上百站点,教育src大概三百站点包含此漏洞

4、测试

拿 CNVD-2020-10487-Tomcat-Ajp-lfi.py测试即可 python CNVD-2020-10487-Tomcat-Ajp-lfi.py target.com

本项目仅供学习,严禁用于非法操作

ps1:两个脚本的最后一行均为线程数-默认是20,可自行修改
位于threading-find-port-8009.py 67行

threading-CNVD-2020-10487-Tomcat-Ajp-lfi.py 341行

thread_num=20

ps2:src域名收集文件夹中为本人收集的教育src和补天src的一些域名,可直接测试

More Repositories

1

Src-Toolset

Emergency toolset and some self used scripts
Python
112
star
2

Apache-Log4j-Learning

Apache-Log4j漏洞复现笔记
Java
104
star
3

2020-Interview-experience

计算机方向-2021届同学们的2020春季实习面经-持续更新
65
star
4

Awesome_shiro

CVE-2016-4437-Shiro反序列化爆破模块和key,命令执行,反弹shell的脚本
Python
54
star
5

yaml-payload-for-Win

用于windows反弹shell的yaml-payload
Java
44
star
6

BookCorner

NUAA-BookCorner共享图书
31
star
7

html2markdown_Spider

Solve CTF offline disconnection problem - based on python3's small crawler, support keyword search and local map bed establishment, currently support Jianshu and xianzhi
Python
22
star
8

2018-NUAA-Data-Structrue-Experiments-design

NUAA 2018 数据结构八次上机实验和课程设计
C++
19
star
9

Crypto-Tools

Crypto tools online powered by Django 2.1
Python
13
star
10

fuzzdb-and-tools

Some fuzzy DB - some commonly used Trojans - some small tools for uploading files
PHP
13
star
11

Sql-Injection

Some Tools ,Writeup or Labs About Sql-Injection
PHP
10
star
12

Nuaa_MSC_Backend

Powered by springboot+mybatis+swagger
Java
8
star
13

Django2.1-Blog

Python
7
star
14

Little-Dinosaur

Jupyter Notebook
6
star
15

dingdingbot

上班摸鱼写了脚本
PLpgSQL
6
star
16

DesignPatternCourseDesign

NUAA-2019-DesignPatternCourseDesign
TSQL
5
star
17

httpscan-python3

httpscan python3 version/多线程 / 支持单B段扫描
Python
5
star
18

Postgresql

Study_Postgres_For_GuessDB_DEV
5
star
19

e-mobile_rce

e-mobile_rce exp
Python
5
star
20

Some-Scanner

一些简单的扫描器,基于python3
Python
5
star
21

2020-NUAACTF-SZCup

2020年南航CTF神舟杯-题偏易
Python
4
star
22

2019-Asuri-Recruitment-Src-and-wp

asuri战队2019年招新赛的题目和writeup
PHP
4
star
23

Nuaa_MSC_ForeEnd_Alpha

Powered By Vue-Admin-Template
Vue
4
star
24

literature

千秋万古,为留待骚人,狂歌痛饮,来访雁邱处
3
star
25

Django2.1-Mysql5.7-Tutorial

Just a demo use python3.7+django2.1+mysql
Python
3
star
26

Script-DES-Crypto

python3和c实现des,md5等算法
Python
3
star
27

LeetCode

C++
2
star
28

Binary

Easy-Binary-Study-OrzGodCao
C
2
star
29

Computer-Networking-Programming-Exercises

Homework Of 《Computer Networking A Top-Down Approach》
Python
2
star
30

8086_Train_Game

考验记忆力的小游戏,Springboot的简单培训
TSQL
2
star
31

Spring-Boot2-Demo

Just Easy demo 大佬绕道
Java
2
star
32

some_pytools

Python
2
star
33

Vue-Study-Note

Just Simple Vue‘s demo
JavaScript
2
star
34

shuyu-ysoserial

改了一下yso源码,便于自己用
Java
2
star
35

kitty_awd

some tools
PHP
1
star
36

Springboot-Shiro-PictureWebsite

Just a Shiro demo with Authorization and Authentication Functions
Java
1
star
37

bkfish

听说github可以改主页了
1
star
38

Framework-Tutorial

一些框架文档收集~人老了总是记不住
1
star
39

Unique_Hackday_Nice_fastStyle

A backend for Unique_Hackday 2019_6_7
Python
1
star
40

bkfish.github.io

HTML
1
star
41

PHP-Study

PHP
1
star