• Jetty-attack-test


    import httplib, urllib, ssl, string, sys, getopt
    from urlparse import urlparse
    
    '''
    Author: Gotham Digital Science
    Purpose: This tool is intended to provide a quick-and-dirty way for organizations to test whether 
             their Jetty web server versions are vulnerable to JetLeak. Currently, this script does 
             not handle sites with invalid SSL certs. This will be fixed in a future iteration.
    '''
    
    if len(sys.argv) < 3:
        print("Usage: jetleak.py [url] [port]")
        sys.exit(1)
    
    url = urlparse(sys.argv[1])
    if url.scheme == '' and url.netloc == '':
        print("Error: Invalid URL Entered.")
        sys.exit(1)
    
    port = sys.argv[2]
    
    conn = None
    
    if url.scheme == "https":
        conn = httplib.HTTPSConnection(url.netloc + ":" + port)
    elif url.scheme == "http":
        conn = httplib.HTTPConnection(url.netloc + ":" + port)
    else: 
        print("Error: Only 'http' or 'https' URL Schemes Supported")
        sys.exit(1)
        
    x = "x00"
    headers = {"Referer": x}
    conn.request("POST", "/", "", headers)
    r1 = conn.getresponse()
    
    if (r1.status == 400 and ("Illegal character 0x0 in state" in r1.reason)):
        print("
    This version of Jetty is VULNERABLE to JetLeak!")
    else:
        print("
    This version of Jetty is NOT vulnerable to JetLeak.")
  • 相关阅读:
    深入了解css的行高Line Height属性
    【C++】函数指针
    【C++】常用知识点
    将数字转化为液晶显示屏的样子
    【多媒体】PCM
    【Android】网络下载图片&SD卡文件存储
    CPU 缓存(Cache)
    【C++】typename
    【多媒体】音频格式
    【Android】图片的异步加载
  • 原文地址:https://www.cnblogs.com/crac/p/6697044.html
Copyright © 2020-2023  润新知