Beispiel #1
0
def login(email, password):
    """
    登陆到ZoomEye
    :param email: 账户email
    :param password: 账户password
    :return: None
    """
    data = {'username': email, 'password': password}
    # dumps 将 python 对象转换成 json 字符串
    data_encoded = json.dumps(data)
    try:
        # print('---------------------')
        r = requests.post(url='https://api.zoomeye.org/user/login',
                          data=data_encoded)
        # loads() 将 json 字符串转换成 python 对象
        # print('---------------------')
        r_decoded = json.loads(r.text)
        # print('---------------------')
        info('username : {}\tpasswd : {}'.format(email, password))

        # 获取到账户的access_token
        global access_token
        access_token = r_decoded['access_token']
        write_conf(path.config, 'zoomeye', 'access_token',
                   access_token)  # 写入access_token
        print('#######################################')
    except Exception:
        error(
            'username or password is wrong, please check config file or input')
    pass
Beispiel #2
0
def fofa_api():  # TODO 付费获取结果的功能实现
    """
    Get query result from Fofa
    :param query: query string
    :param limit: query amount
    :param offset: start page
    :return: query result
    """
    global email, key

    # load query, limit, offset from cmd_opts
    query = cmd_opts.query
    limit = cmd_opts.limit
    offset = cmd_opts.offset

    # 从配置文件中读取email和key
    try:
        email = read_conf(path.config, 'fofa', 'email')
        key = read_conf(path.config, 'fofa', 'key')
        print('{} - {}'.format(email, key))
        if check(email, key):
            pass
        else:
            raise  # will go to except block
    # 读取手工输入的email和key
    except:
        warning('Automatic authorization failed.')
        email = input("Fofa Email: ").strip()
        key = input("Fofa Key: ").strip()

        if not check(email, key):
            error(
                'Fofa API authorization failed, Please re-run it and enter a valid key.'
            )

    exit()

    query = base64.b64encode(query)

    request = "https://fofa.so/api/v1/search/all?email={0}&key={1}&qbase64={2}".format(
        email, key, query)
    global result
    try:
        response = requests.get(request, timeout=3)
        resp = response.readlines()[0]
        resp = json.loads(resp)
        if resp["error"] is None:
            for item in resp.get('results'):
                result.append(item[0])
            if resp.get('size') >= 100:
                info("{0} items found! just 100 returned....".format(
                    resp.get('size')))
    except:
        sys.exit()
    finally:
        return result
Beispiel #3
0
def check_dir_existence():
    """
        Check basic info so that this program can run normally
        运行程序的时候进行一些检测,其实如果项目是正常git clone的话,这些检测是可以省略的
    """
    if not os.path.exists(path.api):
        warning('You may not able to use api like [zoomeye|shodan|censys|fofa]')
    if not os.path.exists(path.resources):
        warning('You may not able to use resources files like weak_pass_dict files for brute-force')
    if not os.path.exists(path.scripts):
        error('The scripts directory is missing, no script is available. System exit!')
Beispiel #4
0
def read_file(file):
    """
    read target urls in file
    从文件中读取目标地址
    :return: targets
    """
    targets = []
    if os.path.exists(file):
        with open(file, 'r') as fr:
            for line in fr:
                targets.append(line.strip())
    else:
        error('file is not exist')
    return targets
Beispiel #5
0
def check_script_existence(script_name):
    """
    Check Script
    检查攻击scripts目录下是否存在该脚本脚本
    :return: None
    """

    # 构建脚本的完整路径
    script_path = path.scripts
    script = os.path.join(script_path, script_name)

    # 检查文件是否存在
    if not os.path.exists(script):
        error('script is not exist, please re-check it!')
    pass
Beispiel #6
0
def update():
    """
    Update this program
    更新脚本: 直接使用git pull origin master
    :return: None
    """
    info('update program \r\n...')

    try:
        # 使用git 命令更新脚本
        os.system('git pull origin master')
        info('succeed ... ')
    except:
        error('something wrong with "git pull origin master", please try to re-download this repo for update')
    exit()
Beispiel #7
0
def run():
    """
        Program runs in a very rude mode to handle exceptions, because it is a batch tool.
        程序运行, 目前使用简单粗暴的方式处理异常
    """
    try:
        # 先获取项目的根目录
        # os.path.realpath(__file__) : 获取本文件main.py的绝对路径
        # os.path.dirname : 获取父目录,相当于文件夹跳转,这里需要跳转两次
        path.root_path = os.path.dirname(
            os.path.dirname(os.path.realpath(__file__)))

        # 输出程序运行目录
        print(path)

        # 此处判断ROOT_PATH路径编码是否正常,应该问题不大,python3编码处理的比较好
        try:
            os.path.isdir(path.root_path)
        except UnicodeEncodeError:  # 路径出现问题就退出
            error('Your system does not properly handle non-ASCII paths.')

        # 完成程序的一些初始化工作: 初始化一些参数, 加载脚本的一些信息
        initialize()

        # 清除屏幕缓存,方便打印输出显示
        clear_screen()

        # 加载banner()
        banner()

        # 命令行参数解析
        cmd_opts.update(cmd_opt_parser().__dict__)

        # 设置相关参数
        set_cmd_opts(cmd_opts)

        # 加载脚本
        if cmd_opts.script != '':
            load_module(cmd_opts.script)

        # 参数全部填充完毕,开始检测 : engine.start()
        start()
    except KeyboardInterrupt:
        error('system quit!')
    except Exception:
        logging.exception('something bad')
    pass
Beispiel #8
0
def get_resource_info():
    """
    获取跟ZoomEye资源相关信息: 用户类型和用户所剩的查询额度
    :return: None
    """
    global access_token
    headers = {
        'Authorization': 'JWT ' + access_token,
    }
    try:
        url = 'https://api.zoomeye.org/resources-info'
        r = requests.get(url=url, headers=headers)
        info('url : {}'.format(url))
        r_decoded = json.loads(r.text)
        info('plan : {} | resources available : {}'.format(
            r_decoded['plan'], r_decoded['resources']['search']))
    except Exception as e:
        error(str(e.message))
    pass
Beispiel #9
0
def check_args(args):
    """
    Check whether args are set properly
    有些参数要出现, 必须是以一些其它参数的出现为前提:
    如要出现--offset、--query、--limit必须以 --zoomeye、--shodan、--censys的出现为前提的
    而出现--zoomeye、--shodan、--censys, 则必须要出现--query
    :return: None
    """
    """
        如果参数中出现query或offset或limit
        而zoomeye、shodan、censys一个都没有出现的话,那么输入的参数就有问题
    """

    if args.query and (not args.ZoomEye and not args.Shodan and not args.Censys
                       and not args.Fofa):
        error('--query goes with [zoomeye|shodan|censys]\t' 'system exit')

    if args.offset and (not args.ZoomEye and not args.Shodan
                        and not args.Censys and not args.Fofa):
        error('--offset goes with [zoomeye|shodan|censys]\t' 'system exit')
    """
    if args.limit and (not args.ZoomEye and not args.Shodan and not args.Censys):
        error('--limit goes with [zoomeye|shodan|censys]\t'
              'system exit')
    """
    """
        反之,如果出现zoomeye或shodan或censys, 则必须要有query参数, --offset和--limit有默认参数值
        --offset    默认从第一页开始
        --limit     默认取20条数据
    """
    if (args.ZoomEye or args.Shodan or args.Censys) and not args.query:
        error(
            'using api [zoomeye|shodan|censys], you must provide query string')

    # TODO:待补充完整更多内容

    pass