def search_api(search, page=50): target_list = [] try: if 'target_zoomeye' in conf.keys(): for type in ['host', 'web']: for z in _zoomeye_api(search, page, type): for url in z: target_list.append(url) elif 'target_shodan' in conf.keys(): for z in _shodan_api(search, page): target_list.append(z) elif 'target_fofa' in conf.keys(): for z in _fofa_api(search, page): target_list.append(z) elif 'target_fofa_today_poc' in conf.keys(): for z in _fofa_api_today_poc(page): target_list.append(z) elif 'target_google' in conf.keys(): for z in _google_api(search, page): target_list.append(z) except KeyboardInterrupt: sys.exit(logger.error("Exit by user.")) if isinstance(target_list, tuple): return target_list return list(set(target_list))
def load_targets(self): if 'info' in conf.keys(): if 'key' in conf.keys() and conf['key'] != None: _fofa() else: sys.exit(logger.error('请输入fofa语法! -k XXX')) else: sys.exit(logger.error("Can't load any targets! Please check input." ))
def http_send(url, params=None, cookies=None, data=None, other_header=None): headers = None timeout = 10 # 设置requests的重试次数 requests.adapters.DEFAULT_RETRIES = RETRY_COUNT if "headers" in conf.keys() and conf.headers: headers = conf.headers if "timeout" in conf.keys() and conf.timeout: timeout = conf.timeout if other_header is not None: headers = dict(headers, **other_header) # 防止requests的编码 try: if not data: # get method req = requests.get(url, params=params, cookies=cookies, headers=headers, timeout=timeout, data=data, verify=False, allow_redirects=False, proxies=PROXIES) else: # post method data = get_params_dict(data, sep="&") req = requests.post(url, params=params, cookies=cookies, headers=headers, timeout=timeout, data=data, verify=False, allow_redirects=False, proxies=PROXIES) req.encoding = "utf-8" # 只对2xx的响应码进行判断 if 400 > req.status_code > 300 or req.status_code == 404: return None return req except Exception, ex: print "Request.http_send:%s" % ex return None
def normal(args): name = '123' print(conf.keys()) init_options(args) engine = Engine(name) engine.load_targets()
def load_parameter(self): if 'parameter' in conf.keys() and conf['parameter'] != None: try: datas = conf['parameter'].split('&') dic = {} for _data in datas: _key, _value = _data.split('=') dic[_key] = _value self.parameter = dic logger.sysinfo("Loading parameter: %s" % (conf['parameter'])) except: msg = 'The parameter input error, please check your input e.g. -p "userlist=user.txt", and you should make sure the module\'s function need the parameter. ' sys.exit(logger.error(msg))
def set_default_headers(): """ 设置默认的HTTP包头 :return: """ if not conf.headers: conf.headers["Accept-Language"] = "zh-CN,zh;q=0.8" if "charset" in conf.keys() and conf.charset: conf.headers["Accept-Encoding"] = "%s;q=0.7,*;q=0.1" % conf.charset else: conf.headers["Accept-Encoding"] = "utf-8;q=0.7,*;q=0.1" conf.headers["Cache-control"] = "no-cache,no-store" conf.headers["Pragma"] = "no-cache" conf.headers["User-Agent"] = get_ua()
def _init_data(self, id, module, target): data = { "id": id, "flag": -1, 'module_name': module.__name__, 'func_name': self.func_name, 'target_host': None, 'target_port': None, 'url': None, 'base_url': None, "data": [], "res": [], "other": {}, } if self.parameter != None: for _key, _val in self.parameter.items(): if _key not in data.keys(): data[_key] = _val else: logger.warning( "This parameter name has already been used: %s = %s" % (_key, _val)) logger.warning( "And using this parameter name will cause the original value to be overwritten." ) if target.startswith('http://') or target.startswith('https://'): data['url'] = target protocol, s1 = urllib.parse.splittype(target) host, s2 = urllib.parse.splithost(s1) host, port = urllib.parse.splitport(host) data['target_host'] = host data[ 'target_port'] = port if port != None and port != 0 else 443 if protocol == 'https' else 80 data['base_url'] = protocol + "://" + host + ":" + str( data['target_port']) + '/' else: if ":" in target: _v = target.split(':') host, port = _v[0], _v[1] data['target_host'] = host else: port = 0 data['target_host'] = target data['target_port'] = conf[ 'target_port'] if 'target_port' in conf.keys() else int(port) return data
def _parameter_register(self, input_parameter): if input_parameter: self.parameter = {} if input_parameter != None: if 'parameter' in conf.keys(): self.parameter = conf['parameter'] try: datas = input_parameter.split('&') for _data in datas: _key, _value = _data.split('=') self.parameter[_key] = _value except: msg = 'The parameter input error, please check your input e.g. -p "userlist=user.txt", and you should make sure the module\'s function need the parameter. ' sys.exit(logger.error(msg)) else: self.parameter = {} logger.sysinfo("Set parameter: %s" % str(input_parameter)) else: self.parameter = {} return self.parameter
def free_conf_memory(): for k in conf.keys(): conf[k] = None
def load_targets(self): if 'target_simple' in conf.keys(): self._load_target(conf['target_simple']) logger.sysinfo("Loading target: %s" % (conf['target_simple'])) elif 'target_file' in conf.keys(): for _line in open(conf['target_file'], 'r'): line = _line.strip() if line: self._load_target(line) logger.sysinfo("Loading target: %s" % (conf['target_file'])) elif 'target_nmap_xml' in conf.keys(): import xml.etree.ElementTree as ET tree = ET.parse(conf['target_nmap_xml']) root = tree.getroot() for host in root.findall('host'): host_id = host.find('address').get('addr') # infoLit = [] for port in host.iter('port'): port_id = port.attrib.get('portid') port_protocol = port.attrib.get('protocol') port_state = port.find('state').attrib.get('state') try: port_service = port.find('service').attrib.get('name') except: port_service = "None" # infoDic = {"port": port_id, "status": port_state, "server": port_service, "other": port_protocol} # infoLit.append(infoDic) if port_state.lower() not in ['closed', 'filtered']: self._load_target(host_id + ":" + port_id, port_service) # resDic = {"host": host_id, "info": infoLit} # resLit.append(resDic) logger.sysinfo("Loading target: %s" % (conf['target_nmap_xml'])) elif 'target_network' in conf.keys(): self._load_target(conf['target_network']) logger.sysinfo("Loading target: %s" % (conf['target_network'])) elif 'target_task' in conf.keys(): hashdb = HashDB(os.path.join(paths.DATA_PATH, conf['target_task'])) hashdb.connect() for _row in hashdb.select_all(): if _row[4] != None and _row[4] != '': self._load_target(_row[4]) else: self._load_target(_row[2] + ":" + _row[3]) logger.sysinfo("Loading target: %s" % (conf['target_task'])) elif 'target_search_engine' in conf.keys(): logger.sysinfo("Loading target by baidu/bing/360so: %s" % (conf['target_search_engine'])) urls = search_engine(conf['target_search_engine']) for _url in urls: if _url: self._load_target(_url) elif 'target_zoomeye' in conf.keys(): logger.sysinfo("Loading target by zoomeye: %s" % (conf['target_zoomeye'])) urls = search_api(conf['target_zoomeye']) for _url in urls: if _url: self._load_target(_url) elif 'target_shodan' in conf.keys(): logger.sysinfo("Loading target by shadon: %s" % (conf['target_shodan'])) urls = search_api(conf['target_shodan']) for _url in urls: if _url: self._load_target(_url) elif 'target_fofa' in conf.keys(): logger.sysinfo("Loading target by fofa: %s" % (conf['target_fofa'])) urls = search_api(conf['target_fofa']) for _url in urls: if _url: self._load_target(_url) elif 'target_fofa_today_poc' in conf.keys(): logger.sysinfo("Loading target by fofa today poc: %s" % (conf['target_fofa_today_poc'])) obj = search_api(conf['target_fofa_today_poc']) for _url, _server in obj: if _url: self._load_target(_url, _server) elif 'target_google' in conf.keys(): logger.sysinfo("Loading target by google: %s" % (conf['target_google'])) urls = search_api(conf['target_google']) for _url in urls: if _url: self._load_target(_url) elif 'target_github' in conf.keys(): logger.sysinfo("Loading target by github: %s" % (conf['target_github'])) urls = search_api(conf['target_github']) else: sys.exit( logger.error("Can't load any targets! Please check input.")) if len(self.targets) == 0: sys.exit( logger.error("Can't load any targets! Please check input."))