def httpHead(target): ''' HTTP 头信息泄漏 :param target:目标url :return: 服务器banner信息 ''' try: r = requests.get(target, headers=head) print("\033[1;32;1m[+]发现HTTP头泄露了服务器信息:", r.headers['Server'] + '\033[0m') vulnsum.addLow() report.whtml('HTTP Header Information Leakage', r.headers['Server']) except: pass
def options(target): ''' HTTP OPTIONS Method Detect :param target: target url :return:0 ''' try: r = requests.options(target, headers=head) print("\033[1;32;1m[+]发现服务器启用了OPTIONS方法:", r.headers['Allow'] + '\033[0m') vulnsum.addLow() report.whtml('HTTP OPTIONS method is active', r.headers['Allow']) except: pass
def robots(target): ''' robots文件泄漏敏感信息 :param target: target url :return: 0 ''' try: r = requests.get(target + "/robots.txt", headers=head) if 'admin' in r.text: print("\033[1;32;1m[+]发现目标robots.txt泄露了admin目录!\033[0m") vulnsum.addLow() report.whtml('Robots.txt File Information Leakage', re.findall(r'admin', r.text)) if 'management' in r.text: print("\033[1;32;1m[+]发现目标robots.txt泄露了manage目录!\033[0m") vulnsum.addLow() report.whtml('Robots.txt File Information Leakage', re.findall(r'management', r.text)) if 'manage' in r.text: print("\033[1;32;1m[+]发现目标robots.txt泄露了manage目录!\033[0m") vulnsum.addLow() report.whtml('Robots.txt File Information Leakage', re.findall(r'manage', r.text)) except: pass
def ipLkg(target): ''' IP地址泄漏 :param target:target url :return: IP information ''' ip = [] try: r = requests.get(target, headers=head) #url = re.findall(r'http://[a-zA-Z0-9./]*|https://[a-zA-Z0-9./]*', r.text) fip = re.findall( r'(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)', r.text) if fip != []: vulnsum.addLow() for i in range(len(fip)): print("\033[1;32;1m[+]发现源码中泄露了IP地址:", ".".join(fip[i]) + '\033[0m') ip.append(".".join(fip[i])) report.whtml('Source Leakage IP Address', ip) except: pass
def nikto(target): """ 发现Web服务器的配置错误,插件和网页漏洞,配置检查,版本扫描,目录遍历 :param target: 目标url :return: """ rst = os.popen("nikto -h " + target).read() if 'The X-XSS-Protection header is not defined' in rst: print("\033[1;32;1m[+]HTTP Header中未使用XSS保护\033[0m") vulnsum.addLow() report.whtml('X-XSS-Protection', 'The X-XSS-Protection header is not defined') if 'The X-Content-Type-Options header is not set' in rst: print("\033[1;32;1m[+]未设置x-content-type-options头\033[0m") vulnsum.addLow() report.whtml('X-Content-Type-Options', 'The X-Content-Type-Options header is not set') if 'Apache mod_negotiation is enabled' in rst: print("\033[1;32;1m[+]Apache mod_negotiation启用\033[0m") vulnsum.addLow() report.whtml('Apache mod_negotiation', 'Apache mod_negotiation is enabled') apa = re.findall(r'Apache/[\d.]* appears to be outdated', rst) if apa != []: print("\033[1;32;1m[+]Apache版本较低", apa[0] + '\033[0m') vulnsum.addLow() report.whtml('Apache version is lower', apa[0]) php = re.findall(r'PHP/[\d.a-zA-Z\-_]* appears to be outdated', rst) if php != []: print("\033[1;32;1m[+]PHP版本较低", php[0] + '\033[0m') vulnsum.addLow() report.whtml('PHP version is lower', php[0]) if 'X-Frame-Options header' in rst: print("\033[1;32;1m[+]存在点击劫持漏洞\033[0m") vulnsum.addLow() report.whtml('Click hijack', 'X-Frame-Options header is not defined') py = re.findall(r'Python/2[\d.]* appears to be outdated', rst) if py != []: print("\033[1;32;1m[+]Python版本较低", py[0] + '\033[0m') vulnsum.addLow() report.whtml('Python version is lower', py[0]) ssl = re.findall(r'mod_ssl/[\d.]* appears to be outdated', rst) if ssl != []: print("\033[1;32;1m[+]ssl版本较低", ssl[0] + '\033[0m') vulnsum.addLow() report.whtml('ssl version is lower', ssl[0]) ops = re.findall(r'OpenSSL/[\d.a-zA-Z]* appears to be outdated', rst) if ops != []: print("\033[1;32;1m[+]OpenSSL版本较低", ops[0] + '\033[0m') vulnsum.addLow() report.whtml('OpenSSL version is lower', ops[0]) phu = re.findall(r'Phusion_Passenger/[\d.]* appears to be outdated', rst) if phu != []: print("\033[1;32;1m[+]Phusion_Passenger版本较低", phu[0] + '\033[0m') vulnsum.addLow() report.whtml('Phusion Passenger version is lower', phu[0]) mono = re.findall(r'mod_mono/[\d.]* appears to be outdated', rst) if mono != []: print("\033[1;32;1m[+]mono版本较低", mono[0] + '\033[0m') vulnsum.addLow() report.whtml('mono version is lower', mono[0]) hpro = re.findall(r'proxy_html/[\d.]* appears to be outdated', rst) if hpro != []: print("\033[1;32;1m[+]HTTP Proxy版本较低", hpro[0] + '\033[0m') vulnsum.addLow() report.whtml('HTTP Proxy version is lower', hpro[0]) per = re.findall(r'mod_perl/[\d.]* appears to be outdated', rst) if per != []: print("\033[1;32;1m[+]Perl版本较低", per[0] + '\033[0m') vulnsum.addLow() report.whtml('Perl version is lower', per[0]) if 'HTTP TRACE method is active' in rst: print("\033[1;32;1m[+]启用了TRACE方法\033[0m") vulnsum.addMedium() report.whtml('HTTP TRACE method is active', re.findall(r'TRACE', rst)) if 'phpMyAdmin directory found' in rst: print("\033[1;32;1m[+]发现phpmyadmin目录\033[0m") vulnsum.addLow() report.whtml('phpMyAdmin directory found', 'curl ' + target + '/phpmyadmin') if 'phpmyadmin/Documentation.html' in rst: print("\033[1;32;1m[+]存在可访问的/phpmyadmin/Documentation.html页面\033[0m") vulnsum.addMedium() report.whtml( 'There are accessible /phpMyAdmin/Documentation.html pages', 'curl ' + target + '/phpmyadmin/Documentation.html') if 'Apache default file found' in rst: print("\033[1;32;1m[+]发现Apache默认文件/icons/README\033[0m") vulnsum.addLow() report.whtml('Apache default file found', '/icons/README') if '/Admin/: Directory indexing found' in rst: print("\033[1;32;1m[+]发现Admin路径/Admin/\033[0m") vulnsum.addLow() report.whtml('Admin Directory indexing found', '/Admin/') if '/admin/: Directory indexing found' in rst: print("\033[1;32;1m[+]发现admin路径/admin/\033[0m") vulnsum.addMedium() report.whtml('admin Directory indexing found', '/admin/')