def simple_task(self, arg):
response = Requests.get('http://' + arg['domain'])
response.encoding = response.apparent_encoding
target = arg['domain'].split('.')
result = re.findall(
'"(http://.*' + target[-2] + '.' + target[-1] + '/.*\..*)"',
response.text)[0]
response = Requests.get(result.upper())
if response.status_code == 200:
return 'Windows'
else:
return 'Linux'
def simple_task(self, arg):
if re.match(r'^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$',
arg['domain']):
return arg['domain']
result = Requests.get(
'https://host.io/api/web/{}?token=c9fbd2b09dfed4'.format(
arg['domain'])).json()
if 'error' not in result:
return result['ip']
else:
result = Requests.get(
'https://www.virustotal.com/ui/domains/{}/resolutions'.format(
arg['domain'])).json()
return result['data'][0]['attributes']['ip_address']
def simple_task(self, arg):
for script in ['php', 'asp', 'aspx', 'jsp']:
response = Requests.get('http://{}/index.{}'.format(arg['domain'], script))
if response.status_code == 404 or response.text is None:
continue
if response.status_code in [200, 301]:
return script
def securitytrails_search(arg):
search_url = 'https://api.securitytrails.com/v1/domain/{}/subdomains?apikey=qiVWdvg42nHIYqsaL3nAmtK8BpasOVaK'.format(
arg)
response = Requests.get(search_url)
result_list = list(
map(lambda x: x + '.' + arg,
response.json()['subdomains']))
return result_list
def virustotal_search(arg):
result_list = []
search_url = 'https://www.virustotal.com/ui/domains/{}/subdomains'.format(
arg)
response = Requests.get(search_url)
result_list.append(_['id'] for _ in response.json()['data']
if _['type'] == 'domain')
return result_list
def simple_task(self, arg):
ip_list = []
task_id = Requests.get(
'https://whoer.net/ping/create?pingit={}'.format(
arg['domain'])).json()['taskID']
result = Requests.get(
'https://whoer.net/zh/ping/result?task_id={}&servers=us1,fr1,ro1,hk1,it1,ca1,ch1,ru1,es1,uk1,de1,ua1,sg1,nl2,se2'
.format(task_id)).json()
for server in [
'us1', 'fr1', 'ro1', 'hk1', 'it1', 'ca1', 'ch1', 'ru1', 'es1',
'uk1', 'de1', 'ua1', 'sg1', 'nl2', 'se2'
]:
if 'ip' in eval(result[server]):
ip_list.append(eval(result[server])['ip'])
if len(list(set(ip_list))) > 1:
return 'True'
else:
return 'False'
def thread_task(self, args):
if args[1]['staticurl']:
url = 'http://{}{}'.format(args[0]['domain'], args[1]['staticurl'])
response = Requests.get(url)
if response is None:
return None
content = response.text
if response.status_code == 200 and content is not None:
if hashlib.md5(content) == args[1]['checksum']:
return args[1]['name']
if args[1]['homeurl']:
url = 'http://{}{}'.format(args[0]['domain'], args[1]['homeurl'])
response = Requests.get(url)
if response is None:
return None
content = response.text
if response.status_code == 200 and content is not None:
if re.search(args[1]['keyword'], content, re.IGNORECASE):
return args[1]['name']
def simple_task(self, arg):
if 'network address' not in arg.keys():
from plugins.discover.DisHost import DiscoverModule
arg['network address'] = DiscoverModule().start_up(arg)[1]
data = {'ip': arg['network address']}
response = Requests.post('https://www.ipip.net/ip.html', data=data)
address = re.search(
'<td>地理位置</td>[\s\S*]*<span.*>(.*?)</span>[\s\S*]*<span style="float: right">',
response.text).group(1)
return address
def simple_task(self, args):
response = Requests.get('{}://{}'.format(
'http' if args[1] else 'https', args[0]['domain']))
if response is None:
return None
response.encoding = response.apparent_encoding
if response.text is None or response.status_code == 404:
return None
elif response.status_code == 200:
if re.search('<title>.*</title>', response.text, re.I):
title = re.search('<title>(.*?)</title>', response.text,
re.I).group(1)
else:
title = 'Not found title'
else:
if args[1]:
self.simple_task([args[0], False])
title = response.status_code
return title
def threatcrowd_search(arg):
search_url = 'https://www.threatcrowd.org/searchApi/v2/domain/report/?domain={}'.format(
arg)
response = Requests.get(search_url)
return response.json()['subdomains']
def cert_search(arg):
search_url = 'https://crt.sh/?q=%25.{}'.format(arg)
response = Requests.get(search_url)
search_result = re.findall('<TD>(.*?' + arg + ')</TD>', response.text)
return search_result