如何在连接超时的情况下停止并说连接超时?
问题描述:
我怎样才能使它停止,如果连接时间太长,它被卡在如何在连接超时的情况下停止并说连接超时?
**检查主持人:http://221.22.145.11 **
主机,其下跌:http://221.22.145.11
# coding: utf-8
# JexBoss v1.0. @autor: João Filho Matos Figueiredo ([email protected])
# Updates: https://github.com/joaomatosf/jexboss
# Free for distribution and modification, but the authorship should be preserved.
import httplib, sys, urllib, os, time
from urllib import urlencode
RED = '\x1b[91m'
RED1 = '\033[31m'
BLUE = '\033[94m'
GREEN = '\033[32m'
BOLD = '\033[1m'
NORMAL = '\033[0m'
ENDC = '\033[0m'
def getHost(url):
tokens = url.split("://")
if len(tokens) == 2: #foi fornecido protocolo
return tokens[1].split(":")[0]
else:
return tokens.split(":")[0]
def getProtocol(url):
tokens = url.split("://")
if tokens[0] == "https":
return "https"
else:
return "http"
def getPort(url):
token = url[6:].split(":")
if len(token) == 2:
return token[1]
elif getProtocol(url) == "https":
return 443
else:
return 80
def getConnection(url):
if getProtocol(url) == "https":
return httplib.HTTPSConnection(getHost(url), getPort(url))
else:
return httplib.HTTPConnection(getHost(url), getPort(url))
def getSuccessfully(url, path):
result = 404
time.sleep(5)
conn = getConnection(url)
conn.request("GET", path)
result = conn.getresponse().status
if result == 404:
conn.close()
time.sleep(7)
conn = getConnection(url)
conn.request("GET", path)
result = conn.getresponse().status
conn.close()
return result
def checkVul(url):
print (GREEN +" ** Checking Host: %s **\n" %url)
path = { "jmx-console" : "/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo",
"web-console" : "/web-console/ServerInfo.jsp",
"JMXInvokerServlet" : "/invoker/JMXInvokerServlet"}
for i in path.keys():
try:
print GREEN + " * Checking %s: \t" %i + ENDC,
conn = getConnection(url)
conn.request("HEAD", path[i])
path[i] = conn.getresponse().status
if path[i] == 200 or path[i] == 500:
print RED + "[ VULNERABLE ]" + ENDC
else: print GREEN + "[ OK ]"
conn.close()
except:
print RED + "\n * An error ocurred while contaction the host %s\n" %url + ENDC
path[i] = 505
return path
def clear():
if os.name == 'posix':
os.system('clear')
elif os.name == ('ce', 'nt', 'dos'):
os.system('cls')
def checkArgs(args):
if len(args) < 2 or args[1].count('.') < 1:
return 1,"You must provide the host name or IP address you want to test."
elif len(args[1].split('://')) == 1:
return 2, 'Changing address "%s" to "http://%s"' %(args[1], args[1])
elif args[1].count('http') == 1 and args[1].count('.') > 1:
return 0, ""
else:
return 1, 'Parâmetro inválido'
def banner():
clear()
print (RED1+"\n * --- JexBoss: Jboss verify and EXploitation Tool --- *\n"
" | |\n"
" | @author: João Filho Matos Figueiredo |\n"
" | @contact: [email protected] |\n"
" | |\n"
" | @update: https://github.com/joaomatosf/jexboss |\n"
" #______________________________________________________#\n\n")
banner()
# check python version
if sys.version_info[0] == 3:
print (RED + "\n * Not compatible with version 3 of python.\n"
" Please run it with version 2.7 or lower.\n\n"
+BLUE+" * Example:\n"
" python2.7 " + sys.argv[0]+ " https://example.com\n\n"+ENDC)
sys.exit(1)
# check Args
status, message = checkArgs(sys.argv)
if status == 0:
url = sys.argv[1]
elif status == 1:
print RED + "\n * Error: %s" %message
print BLUE + "\n Example:\n python %s https://site.com.br\n" %sys.argv[0] + ENDC
sys.exit(status)
elif status == 2:
url = ''.join(['http://',sys.argv[1]])
# check vulnerabilities
mapResult = checkVul(url)
# performs exploitation
for i in ["jmx-console", "web-console", "JMXInvokerServlet"]:
if mapResult[i] == 200 or mapResult[i] == 500:
print BLUE + ("\n\n * Do you want to try to run an automated exploitation via \""+BOLD+i+NORMAL+"\" ?\n"
" This operation will provide a simple command shell to execute commands on the server..\n"
+RED+" Continue only if you have permission!" +ENDC)
if raw_input(" yes/NO ? ").lower() == "yes":
autoExploit(url, i)
# resume results
if mapResult.values().count(200) > 0:
banner()
print RED+ " Results: potentially compromised server!" +ENDC
print (GREEN+" * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*\n\n"
" Recommendations: \n"
" - If possible, discard this server!\n\n"
" * - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*\n")
elif mapResult.values().count(505) == 0:
print (GREEN+ "\n\n * Results: \n"
" The server is not vulnerable to bugs tested ... :D\n\n" + ENDC)
# infos
print (ENDC+" * Info: review, suggestions, updates, etc: \n"
" https://github.com/joaomatosf/jexboss\n"
" [email protected]\n")
print ENDC
完整的代码是在 https://raw.githubusercontent.com/joaomatosf/jexboss/master/jexboss.py
答
使用REQUEST_TIMEOUT
status code,这种方式(采取从Python文档):
>>> res = conn.getresponse()
>>> print res.status, res.reason
408 REQUEST_TIMEOUT
就像你做检查响应状态代码,在代码:
path[i] = conn.getresponse().status
if path[i] == 408:
print 'Connection TimeOut'
else: 'Connected'
编辑:在您的getConnection(url)
功能中设置您所需的timeout
功能,这种方式:
def getConnection(url):
if getProtocol(url) == "https":
return httplib.HTTPSConnection(getHost(url), getPort(url),timeout=5)
else:
return httplib.HTTPConnection(getHost(url), getPort(url),timeout=5)
在此示例中,如果无法建立连接,该功能将尝试连接到您的url
,并且将在5秒内连接timeout
。
您是否尝试过使用'time'模块中的计时器,并为自己设置超出特定值的时间限制? –
我认为您可以在请求中添加超时(“HEAD”,路径[i]),但不确定 – The6thSense
Requests包支持HTTP请求超时,请参阅http://requests.readthedocs.org/en/latest/user/quickstart/ #timeouts。在https://docs.python.org/2/library/httplib.html中建议将请求作为“更高级别的http客户端界面”。 – 2015-07-11 13:28:40