def subnetScan(host, hostOnly=False, configFile=None):
'''
C段扫描
'''
if not URL.check(host):
return None
host = URL.getHost(host)
confFile = configFile if configFile else os.path.join(
conf['ptdpath'], "port_mapping.yaml")
portsConf = YamlConf(confFile)
httpPorts = [
str(k) for k in portsConf if portsConf[k]['protocol'] == "http"
]
httpPorts = ",".join(httpPorts)
if not hostOnly:
nmapCmd = "nmap -n -PS{ports} -p{ports} {host}/24 -oX -".format(
ports=httpPorts, host=host)
else:
nmapCmd = "nmap -n -PS{ports} -p{ports} {host} -oX -".format(
ports=httpPorts, host=host)
return nmapScan(nmapCmd)
def __init__(self, url, notFoundPattern=None, cmsEnhance=False):
self._url = url.strip()
self._notFoundPattern = notFoundPattern
self._cmsEnhance = cmsEnhance
if not URL.check(self._url):
raise PenError("Service Identify, URL format error")
self._target = URL.format(self._url)
self._fp = YamlConf(os.path.join(sys.path[0],"script","data","app_fingerprint.yaml"))
# debug>>>>>>>>>>>>>>>>>>>
name = 'Drupal'
ddddd = self._fp['Applications'][name]
#self._fp['Applications'] = {name:ddddd}
# debug>>>>>>>>>>>>>>>>>>>>>
# metaInfo 页面元信息
# url, statusCode, headers, html, title, robots
self._metaInfo = {}
self._initMetaInfo()
# result 中存储的信息
self._result = MatchsInfo(self._fp)
self._matchFuncs = {}
self._initHandleFuncs()
self._log = Log("service_identify")
def __init__(self, baseURL, notFoundPattern=None):
baseURL = URL.getURI(baseURL)
self.baseURL = baseURL.rstrip("/")
self.notFoundPattern = notFoundPattern
self.fp = YamlConf(self._fingerprintFile)
self.log = Log("cmsidentify")
def _loadJavaConsoleDict(self):
result = []
javaConsoleInfo = YamlConf(self._javaConsoleFile)
for server, consoles in javaConsoleInfo.iteritems():
for console in consoles:
if console['type'] == "http":
if console['url'] != "/":
result.append(console['url'])
return result
def __init__(self, baseURL, notFoundPattern=None):
'''
@params:
baseURL: 待识别的站点的URL
notFoundPattern: 指定notFoundPattern,有时候website只返回301或200,这时候需要该字段来识别‘404’
'''
baseURL = URL.getURI(baseURL)
self.baseURL = baseURL.rstrip("/")
self.notFoundPattern = notFoundPattern
self.fp = YamlConf(self._fingerprintFile)
self.log = Log("cmsidentify")
def __new__(cls):
configFile = os.path.join(conf['ptdpath'], "user-agents.yaml")
try:
config = YamlConf(configFile)
except PenError:
userAgents = [
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
"Mozilla/5.0 (Windows; U; Windows NT 5.2)Gecko/2008070208 Firefox/3.0.1",
"Opera/9.27 (Windows NT 5.2; U; zh-cn)",
"Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en)Opera 8.0)"
]
else:
userAgents = [x['User-Agent'] for x in config]
return userAgents
def _loadDirInfo(self):
'''
加载url_brute.yaml数据文件,处理'<ext>'占位符,返回dirInfo字典
'''
result = {}
dirInfo = YamlConf(self._dirInfoFile)
for key, value in dirInfo.iteritems():
result[key] = []
for line in value:
if "<ext>" in line:
for ext in self.exts:
result[key].append(line.replace("<ext>", ext))
else:
result[key].append(line)
return result
def __init__(self, url, notFoundPattern=None, cmsEnhance=False):
self._url = url.strip()
self._notFoundPattern = notFoundPattern
self._cmsEnhance = cmsEnhance
if not URL.check(self._url):
raise PenError("Service Identify, URL format error")
self._target = URL.format(self._url)
self._fp = YamlConf(
os.path.join(conf['ptdpath'], "app_fingerprint.yaml"))
# metaInfo 页面元信息
# url, statusCode, headers, html, title, robots
self._metaInfo = {}
self._initMetaInfo()
# result 中存储的信息
self._result = MatchsInfo(self._fp)
self._matchFuncs = {}
self._initHandleFuncs()
self._log = Log("service_identify")
