MoveIT-WebShellCheck
This Python script checks specific URLs (http|https://<host>/human2.aspx) on a list of hosts and prints out a result depending on the HTTP response code it receives. It prints "compromised" if it receives a 404 status code, "exploit not present" if it receives a 302 status code, and reports an unexpected status code for all other codes.
The list of hosts can be provided as a file (with one host per line) or a single host can be provided directly. The script can optionally write the output to a specified file as well as print it to the console.
Note: this will generate false positives but the human2.aspx shell responds with a 404 when it's there, but equally if you try to hit it usually it should 302 you
Requirements
- Python 3
- requests library installed in Python
Shodan query for MOVEit instances www.shodan.io/search?query=http.favicon.hash%3A989289239
Usage
There are two ways to provide input to the script:
- python MoveITCheck.py -f hosts.txt -o output.txt (-f or --file: Specify a file containing a list of hosts (one per line)
- python MoveITCheck.py -s example.com -o output.txt (-s or --single: Specify a single host)
github : https://github.com/ZephrFish/MoveIT-WebShellCheck
Последнее редактирование:
