zookeeper未授权访问扫描脚本

Posted blck

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了zookeeper未授权访问扫描脚本相关的知识,希望对你有一定的参考价值。

# coding=utf-8
import socket


def get_plugin_info():
    plugin_info = {
        "name": "Zookeeper未授权访问",
        "info": "Zookeeper Unauthorized access",
        "level": "中危",
        "type": "未授权访问",
        "author": "[email protected]",
        "url": "https://hackerone.com/reports/154369",
        "keyword": "server:Zookeeper",
        "source": 1
    }
    return plugin_info


def check(ip, port, timeout):
    try:
        socket.setdefaulttimeout(timeout)
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect((ip, int(port)))
        flag = "envi"
        # envi
        # dump
        # reqs
        # ruok
        # stat
        s.send(flag)
        data = s.recv(1024)
        s.close()
        if ‘Environment‘ in data:
            return u"Zookeeper Unauthorized access"
    except:
        pass


def main():
    ip = "1.1.1.1"
    print check(ip, 2181, 2)

if __name__ == ‘__main__‘:
    main()

  

以上是关于zookeeper未授权访问扫描脚本的主要内容,如果未能解决你的问题,请参考以下文章

zookeeper的未授权访问漏洞问题

python 批量扫描mongodb 未授权访问脚本

CDH6.3.2处理Zookeeper因未授权访问造成的漏洞

2022-10-08(Discuz漏洞FCKeditor文本编辑器漏洞ZooKeeper 未授权访问Memcahe 未授权访问)

ZooKeeper 未授权访问漏洞

如何验证zookeeper是不是有未授权访问的漏洞