???????????????У?д???svn???й?????????????????????wwwscan????????ж???????/.svn/?????????????
#coding:utf-8
import sys
import httplib2
if len(sys.argv)<2:
print 'Usag:'+"svnscan.py"+" host"
sys.exit()
#?ж?????url?????http???
if sys.argv[1].startswith('http://'):
host=sys.argv[1]
else:
host="http://"+sys.argv[1]
#?????????????????????????status??content-length???????
status=''
contentLen=''
http=httplib2.Http()
dirconurl=host+'/nodirinthiswebanx4dm1n/'
dirresponse=http.request(dirconurl??'GET')
status=dirresponse[0].status
contentLen=dirresponse[0].get('content-length')
#????б???svn?????????????????????status??content-length???б??
f=open(r'e:svnpath.txt'??'r')
pathlist=f.readlines()
def svnscan(subpath):
for svnpath in pathlist:
svnurl=host+svnpath.strip(' ')
response=http.request(svnurl??'GET')
if response[0].status!=status and response[0].get('content-length')!=contentLen:
print "vuln:"+svnurl
if __name__=='__main__':
svnscan(host)
f.close()
????svnpath.txt????б?????????svn?汾???????·?????????????????·??????????????content-length???????????????????????content-length???б???????????????ж????????????Щ?????????404????????
??????????????????svn????????????ò????????????????????????????ж????????????????????????svn??????
?????????????????????????????????????svn??????????????????????200?????????????????