Ejemplo n.º 1
0
def doGoogleHacking(args, out):
    '''
    Google Hacking功能
    '''
    out.init(u"Google Hacking功能", args.output)

    keywords = args.keywords.decode(sys.stdin.encoding)
    engineName = args.engine.lower().strip() if args.engine else "bing"
    size = args.size if args.size else 20

    if engineName == "baidu":
        engine = Baidu()
    elif engineName == "bing":
        engine = Bing()
    elif engineName == "google":
        engine = Google()
    else:
        out.error(
            u"不支持 '{0}' 搜索引擎,必须为 baidu/bing/google 之一".format(engineName))
        return False

    hostSet = set()
    out.warnning(u"'{0}' 在 '{1}' 中的搜索结果如下:\n".format(keywords, engineName))
    for item in engine.search(keywords, size):
        if not args.unique:
            out.info(out.Y("{0:>6} : ".format("title")) + item.title)
            out.info(out.Y("{0:>6} : ".format("url")) + item.url + "\n")
            out.writeLine(item.url)
        else:
            host = URL.getHost(item.url)
            if host:
                if host not in hostSet:
                    hostSet.add(host)
                    out.info(out.Y("{0:>6} : ".format("title")) + item.title)
                    out.info(
                        out.Y("{0:>6} : ".format("url")) + item.url + "\n")
                    out.writeLine(item.url)
                else:
                    continue
Ejemplo n.º 2
0
def doGoogleHacking(args, out):
    '''
    Google Hacking功能
    '''
    out.init(u"Google Hacking功能", args.output)

    keywords = args.keywords.decode(sys.stdin.encoding)
    engineName = args.engine.lower().strip() if args.engine else "baidu"
    size = args.size if args.size else 20

    if engineName == "baidu":
        engine = Baidu()
    elif engineName == "bing":
        engine = Bing()
    elif engineName == "google":
        engine = Google()
    else:
        out.error(u"不支持 '{0}' 搜索引擎,必须为 baidu/bing/google 之一".format(engineName))
        return False

    hostSet = set()
    out.warnning(u"'{0}' 在 '{1}' 中的搜索结果如下:\n".format(keywords, engineName))
    for item in engine.search(keywords,size):
        if not args.unique:
            out.info(out.Y("{0:>6} : ".format("title")) + item.title)
            out.info(out.Y("{0:>6} : ".format("url")) + item.url + "\n")
            out.writeLine(item.url)
        else:
            host = URL.getHost(item.url)
            if host:
                if host not in hostSet:
                    hostSet.add(host)
                    out.info(out.Y("{0:>6} : ".format("title")) + item.title)
                    out.info(out.Y("{0:>6} : ".format("url")) + item.url + "\n")
                    out.writeLine(item.url)
                else:
                    continue
Ejemplo n.º 3
0
def doSubDomainScan(args, out):
    '''
    子域名爆破
    '''
    out.init("子域名爆破", tofile=args.output)
    log = Log("subdomain")
    if args.output:
        outHtml = True if args.output.endswith("html") else False
    else:
        outHtml = False

    techniques = []
    if not args.technique:
        techniques = ['z', 'd', 'g']
    else:
        if len(args.technique) <= 3:
            for t in args.technique:
                if t in "zdg":
                    techniques.append(t)
                else:
                    techniques = []
        if not techniques:
            out.error(u"不支持--techniques {0}".format(args.technique))
            return False

    dictfile = args.dict if args.dict else None
    topdomainBrute = True if args.topdomain else False
    size = args.size if args.size else 200
    if args.engine:
        if args.engine in Query.allowEngines:
            engine = args.engine
        else:
            out.error(u"不支持 --engine {0},支持{1}".format(
                args.engine, str(Query.allowEngines)))
            return False
    else:
        engine = 'bing'
    domain = URL.getHost(args.domain)

    result = set()

    dnsresolver = DnsResolver(domain)
    records = dnsresolver.getZoneRecords()
    if "z" in techniques:
        log.debug(">>>>>checking if dns zonetrans vulnerable")
        for record in records:
            log.debug("dns zonetrans vulnerable, got '{0}'".format(
                str(record)))
            result.add(record[0])

    if "d" in techniques:
        log.debug(">>>>>dns brutefroce")
        for item in DnsBruter(domain, dictfile, topdomainBrute):
            log.debug("dns bruteforce, got '{0}'".format(str(item)))
            result.add(item.domain)

    if "g" in techniques:
        log.debug(">>>>>google hacking")
        query = Query(site=domain) | -Query(site="www." + domain)
        for item in query.doSearch(engine=engine, size=size):
            log.debug("google hacking, got '{0}'".format(item.url))
            host = URL.getHost(item.url)
            result.add(host)

    out.warnning(u"子域名爆破结果:")
    for d in result:
        out.info(d)
        if not outHtml:
            out.writeLine(d)
        else:
            out.writeLine(d, _htmlLink)

    return True
Ejemplo n.º 4
0
def doSubDomainScan(args, out):
    '''
    子域名爆破
    '''
    out.init("子域名爆破", tofile=args.output)
    log = Log("subdomain")
    if args.output:
        outHtml = True if args.output.endswith("html") else False
    else:
        outHtml = False

    techniques = []
    if not args.technique:
        techniques = ['z','d','g']
    else:
        if len(args.technique) <= 3:
            for t in args.technique:
                if t in "zdg":
                    techniques.append(t)
                else:
                    techniques = []
        if not techniques:
            out.error(u"不支持--techniques {0}".format(args.technique))
            return False

    dictfile = args.dict if args.dict else None
    topdomainBrute = True if args.topdomain else False
    size = args.size if args.size else 200
    if args.engine:
        if args.engine in Query.allowEngines:
            engine = args.engine
        else:
            out.error(u"不支持 --engine {0},支持{1}".format(args.engine, str(Query.allowEngines)))
            return False
    else:
        engine = 'baidu'
    domain = URL.getHost(args.domain)

    result = set()

    dnsresolver = DnsResolver(domain)
    records = dnsresolver.getZoneRecords()
    if "z" in techniques:
        log.debug(">>>>>checking if dns zonetrans vulnerable")
        for record in records:
            log.debug("dns zonetrans vulnerable, got '{0}'".format(str(record)))
            result.add(record[0])

    if "d" in techniques:
        log.debug(">>>>>dns brutefroce")
        for item in DnsBruter(domain, dictfile, topdomainBrute):
            log.debug("dns bruteforce, got '{0}'".format(str(item)))
            result.add(item.domain)

    if "g" in techniques:
        log.debug(">>>>>google hacking")
        query = Query(site=domain) | -Query(site="www."+domain)
        for item in query.doSearch(engine=engine, size=size):
            log.debug("google hacking, got '{0}'".format(item.url))
            host = URL.getHost(item.url)
            result.add(host)

    out.warnning(u"子域名爆破结果:")
    for d in result:
        out.info(d)
        if not outHtml:
            out.writeLine(d)
        else:
            out.writeLine(d, _htmlLink)

    return True