Host-Attack-Poc

发布于 12 天前  33 次阅读


HTTP主机头攻击之POC-T 检测代码

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# author = Mr.Tcsy 
'''
HTTP主机头攻击检测
检测应用程序中间件层面配置缺陷。
'''
import requests    

def poc(url):
    url = url+"/css"
    #proxies={'http':'127.0.0.1:8080'}
    headers = {'Host':'kcmoe.cn','User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36'}
    try:
        response = requests.get(url,headers=headers,allow_redirects=False)
        c = str(response.headers)
    except :
        return False
    if 'kcmoe' in c:
        return url
    else:
        return False

一沙一世界,一花一天堂。君掌盛无边,刹那成永恒。