97 行
3.0 KiB
Python
97 行
3.0 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Misconfiguration Lab Tool
|
|
|
|
LAB ONLY | AUTHORIZED TARGETS ONLY
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import argparse
|
|
import sys
|
|
from pathlib import Path
|
|
from typing import Any, Dict, List
|
|
from urllib.parse import urljoin
|
|
|
|
import requests
|
|
|
|
SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts"
|
|
if str(SCRIPTS_DIR) not in sys.path:
|
|
sys.path.insert(0, str(SCRIPTS_DIR))
|
|
|
|
from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence # noqa: E402
|
|
|
|
|
|
DEFAULT_PATHS = [
|
|
"/.env",
|
|
"/server-status",
|
|
"/actuator/health",
|
|
"/swagger-ui.html",
|
|
"/phpinfo.php",
|
|
"/admin/",
|
|
"/debug",
|
|
]
|
|
|
|
|
|
def probe(target: str, timeout: float, headers: Dict[str, str]) -> List[Dict[str, Any]]:
|
|
results = []
|
|
for path in DEFAULT_PATHS:
|
|
url = urljoin(target if target.endswith("/") else target + "/", path.lstrip("/"))
|
|
try:
|
|
response = requests.get(url, timeout=timeout, headers=headers, verify=False)
|
|
results.append(
|
|
{
|
|
"path": path,
|
|
"url": url,
|
|
"status_code": response.status_code,
|
|
"server": response.headers.get("Server"),
|
|
"content_type": response.headers.get("Content-Type"),
|
|
"body_excerpt": response.text[:300],
|
|
}
|
|
)
|
|
except Exception as exc:
|
|
results.append({"path": path, "url": url, "error": str(exc)})
|
|
return results
|
|
|
|
|
|
def main() -> int:
|
|
parser = argparse.ArgumentParser(description="Misconfiguration Lab Tool")
|
|
parser.add_argument("--target", required=True, help="目标 URL")
|
|
parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间")
|
|
add_common_args(parser)
|
|
args = parser.parse_args()
|
|
ensure_authorized(args, parser)
|
|
|
|
headers = parse_headers(args.header)
|
|
results = probe(args.target, args.timeout, headers)
|
|
evidence_refs = []
|
|
ref = write_evidence(args, "misconfig-lab.json", {"results": results})
|
|
if ref:
|
|
evidence_refs.append(ref)
|
|
suspicious = [item for item in results if item.get("status_code") in {200, 401, 403}]
|
|
report = make_report(
|
|
tool="misconfig-lab",
|
|
mode="misconfiguration-surface-check",
|
|
target=args.target,
|
|
status="verified" if suspicious else "needs-review",
|
|
severity="medium" if suspicious else "info",
|
|
payload_or_probe={"results": results, "suspicious": suspicious},
|
|
request_summary={"timeout": args.timeout, "paths": DEFAULT_PATHS},
|
|
evidence_refs=evidence_refs,
|
|
destructive_risk="low",
|
|
args=args,
|
|
)
|
|
text_lines = [
|
|
"=" * 60,
|
|
"Misconfiguration Lab Tool",
|
|
"=" * 60,
|
|
f"Target: {args.target}",
|
|
f"Paths Checked: {len(DEFAULT_PATHS)}",
|
|
f"Suspicious Responses: {len(suspicious)}",
|
|
]
|
|
return emit_report(args, report, text_lines)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|