Host-Attack-Poc

根据POC-T编写的插件。

    #!/usr/bin/env python
    # -*- coding: utf-8 -*-
    # author = Mr.Tcsy
    
    """
    HTTP主机头攻击检测
    
    检测应用程序中间件层面配置缺陷。
    
    """
    import requests
    
    def poc(url):
    	url = url+"/css"
    	#proxies={'http':'127.0.0.1:8080'}
    	headers = {'Host':'kcmoe.cn','User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36'}
    	try:
    		response = requests.get(url,headers=headers,allow_redirects=False)
    		c = str(response.headers)
    	except :
    		return False
    	if 'kcmoe' in c:
    		return url
    	else:
    		return False