def query_db(self, hosts):
result = []
error = False
for i in hosts:
try:
domain = parse_host(i)
cursor = self.conn.cursor()
sql = "select 1 from webinfo where domain = '{}' limit 1".format(domain)
cursor.execute(sql)
values = cursor.fetchall()
if not values:
result.append(i)
else:
console('CheckDB', i, 'In the db file\n')
# sys.stdout.write(Bcolors.OKGREEN + "{} In the db file\n".format(i) + Bcolors.ENDC)
except sqlite3.OperationalError:
return hosts
except Exception as e:
error = True
logging.exception(e)
self.commit()
self.close()
if error:
return hosts
else:
return result
def __init__(self, url, host, ports, apps):
host = parse_host(host)
self.url = url
self.ip = host
self.apps = apps
self.ports = ports
self.out = []
def verify_https(url):
# 验证域名是http或者https的
# 如果域名是302跳转 则获取跳转后的地址
req = Requests()
# noinspection PyBroadException
if '://' in url:
try:
r = req.get(url)
return url
except Exception as e:
pass
host = parse_host(url)
url2 = parse.urlparse(url)
if url2.netloc:
url = url2.netloc
elif url2.path:
url = url2.path
# noinspection PyBroadException
try:
r = req.get('https://' + url)
getattr(r, 'status_code')
console('Verify', host, 'https://' + url + '\n')
return 'https://' + url
except AttributeError:
# noinspection PyBroadException
try:
req.get('http://' + url)
console('Verify', host, 'http://' + url + '\n')
return 'http://' + url
except Exception:
pass
except Exception as e:
logging.exception(e)
def get_list(ip, ports):
result = []
if ('http:80' in ports
and 'http:443' in ports) or ('http:80' in ports
and 'https:443' in ports):
ports.remove('http:80')
for i in ports:
server, port = i.split(':')
server = server.lower()
ip = parse_host(ip)
if (server == 'http') and not (server == 'http' and port == '443'):
url = server + '://' + ip + ':' + port
if ':80' in url:
url = re.sub(r':80$', '', url)
result.append(url)
if server == 'http' and port == '443':
url = server + 's://' + ip + ':' + port
url = re.sub(r':443', '', url)
result.append(url)
if server == 'https':
url = server + '://' + ip + ':' + port
url = re.sub(r':443$|:80$', '', url)
result.append(url)
return list(set(result))
def web_info(url):
host = parse_host(url)
ipaddr = parse_ip(host)
url = url.strip('/')
address = geoip(ipaddr)
wafresult = checkwaf(url)
req = Requests()
# noinspection PyBroadException
try:
r = req.get(url)
coding = chardet.detect(r.content).get('encoding')
r.encoding = coding
webinfo = WebPage(r.url, r.text, r.headers).info()
except Exception as e:
logging.exception(e)
webinfo = {}
if webinfo:
console('Webinfo', host, 'title: {}\n'.format(webinfo.get('title')))
console('Webinfo', host,
'Fingerprint: {}\n'.format(webinfo.get('apps')))
console('Webinfo', host, 'Server: {}\n'.format(webinfo.get('server')))
console('Webinfo', host, 'WAF: {}\n'.format(wafresult))
else:
webinfo = {}
wafresult = 'None'
if iscdn(host):
osname = osdetect(host)
else:
osname = None
data = {
host: {
'WAF': wafresult,
'Ipaddr': ipaddr,
'Address': address,
'Webinfo': webinfo,
'OS': osname,
}
}
return data, webinfo.get('apps'), webinfo.get('title')
def checkwaf(url):
try:
req = Requests()
r = req.get(url)
result = verify(r.headers, r.text[:10000])
if result == 'NoWAF':
for i in payload:
r = req.get(url + i)
result = verify(r.headers, r.text[:10000])
if result != 'NoWAF':
return result
except UnboundLocalError:
pass
except Exception as e:
logging.exception(e)
host = parse_host(url)
if not iscdn(host):
return 'CDN IP'
return 'NoWAF'
def web_info(url):
host = parse_host(url)
ipaddr = parse_ip(host)
url = url.strip('/')
address = geoip(ipaddr)
wafresult = checkwaf(url)
req = Requests()
try:
r = req.get(url)
coding = chardet.detect(r.content).get('encoding')
r.encoding = coding
webinfo = WebPage(r.url, r.text, r.headers).info()
except Exception as e:
webinfo = {}
if webinfo:
console('Webinfo', host, 'Title: {}\n'.format(webinfo.get('title')))
console('Webinfo', host, 'Fingerprint: {}\n'.format(webinfo.get('apps')))
console('Webinfo', host, 'Server: {}\n'.format(webinfo.get('server')))
console('Webinfo', host, 'WAF: {}\n'.format(wafresult))
else:
webinfo = {}
wafresult = 'None'
if iscdn(host):
osname = osdetect(host)
else:
osname = None
pdns = virustotal(host)
reverseip = reverse_domain(host)
webinfo.update({"pdns": pdns})
webinfo.update({"reverseip": reverseip})
data = {
host: {
'WAF': wafresult,
'Ipaddr': ipaddr,
'Address': address,
'Webinfo': webinfo,
'OS': osname,
}
}
return data, webinfo.get('apps')
def checkwaf(url):
result = 'NoWAF'
host = parse_host(url)
if not iscdn(host):
return 'CDN IP'
try:
req = Requests()
r = req.get(url)
result = verify(r.headers, r.text)
if result == 'NoWAF':
for i in payload:
r = req.get(url + i)
result = verify(r.headers, r.text)
if result != 'NoWAF':
return result
else:
return result
except (UnboundLocalError, AttributeError):
pass
except Exception as e:
logging.exception(e)
def start(url):
host = parse_host(url)
ipaddr = parse_ip(host)
url = url.strip('/')
sys.stdout.write(bcolors.RED + '-' * 100 + '\n' + bcolors.ENDC)
sys.stdout.write(bcolors.RED + 'Host: ' + host + '\n' + bcolors.ENDC)
sys.stdout.write(bcolors.RED + '-' * 100 + '\n' + bcolors.ENDC)
address = geoip(ipaddr)
try:
# 判断主域名是否开放
req = Requests()
r = req.get(url)
except Exception as e:
pass
if 'r' in locals().keys():
wafresult = checkwaf(host)
try:
coding = chardet.detect(r.content).get('encoding')
r.encoding = coding
webinfo = (WebPage(r.url, r.text, r.headers).info())
except Exception as e:
webinfo = {}
if webinfo:
sys.stdout.write(bcolors.RED + "Webinfo:\n" + bcolors.ENDC)
sys.stdout.write(bcolors.OKGREEN +
'[+] Title: {}\n'.format(webinfo.get('title')) +
bcolors.ENDC)
sys.stdout.write(
bcolors.OKGREEN +
'[+] Fingerprint: {}\n'.format(webinfo.get('apps')) +
bcolors.ENDC)
sys.stdout.write(bcolors.OKGREEN +
'[+] Server: {}\n'.format(webinfo.get('server')) +
bcolors.ENDC)
sys.stdout.write(bcolors.OKGREEN +
'[+] WAF: {}\n'.format(wafresult) + bcolors.ENDC)
else:
webinfo = {}
wafresult = 'None'
pdns = virustotal(host)
reverseip = reverse_domain(host)
webinfo.update({"pdns": pdns})
webinfo.update({"reverseip": reverseip})
if iscdn(host):
open_port = ScanPort(url).pool()
else:
open_port = ['CDN:0']
osname = osdetect(host)
data = {
host: {
'WAF': wafresult,
'Ipaddr': ipaddr,
'Address': address,
'Webinfo': webinfo,
'OS': osname,
}
}
web_save(data)
Vuln(host, open_port, webinfo.get('apps')).run()
if 'r' in locals().keys() and not SCANDIR:
dirscan = DirScan('result')
dirscan.pool(url)