def main(self): """ OneForAll main process :return: subdomain results :rtype: list """ self.old_table = self.domain + '_old_result' self.new_table = self.domain + '_now_result' self.origin_table = self.domain + '_origin_result' self.resolve_table = self.domain + '_resolve_result' collect = Collect(self.domain, export=False) collect.run() if self.brute: # Due to there will be a large number of dns resolution requests, # may cause other network tasks to be error brute = Brute(self.domain, word=True, export=False) brute.check_env = False brute.quite = True brute.run() # Database processing self.deal_db() # Mark the new discovered subdomain self.data = self.mark() # Export results without resolve if not self.dns: return self.export(self.domain) # Resolve subdomains self.data = resolve.run_resolve(self.domain, self.data) # Save resolve results resolve.save_data(self.resolve_table, self.data) # Export results without HTTP request if not self.req: return self.export(self.resolve_table) # HTTP request self.data = request.run_request(self.domain, self.data, self.port) # Save HTTP request result request.save_data(self.domain, self.data) # Add the final result list to the total data list self.datas.extend(self.data) # Export self.export(self.domain) # Scan subdomain takeover if self.takeover: subdomains = utils.get_subdomains(self.data) takeover = Takeover(subdomains) takeover.run() return self.data
def main(self): """ OneForAll实际运行主流程 :return: 子域结果 :rtype: list """ self.old_table = self.domain + '_old_result' self.new_table = self.domain + '_now_result' self.origin_table = self.domain + '_origin_result' self.resolve_table = self.domain + '_resolve_result' collect = Collect(self.domain, export=False) collect.run() if self.brute: # 由于爆破会有大量dns解析请求 并发爆破可能会导致其他任务中的网络请求异常 brute = Brute(self.domain, word=True, export=False) brute.check_env = False brute.run() # 有关数据库处理 self.deal_db() # 标记新发现子域 self.data = self.mark() # 不解析子域直接导出结果 if not self.dns: return self.export(self.domain) # 解析子域 self.data = resolve.run_resolve(self.domain, self.data) # 保存解析结果 resolve.save_data(self.resolve_table, self.data) # 不请求子域直接导出结果 if not self.req: return self.export(self.resolve_table) # 请求子域 self.data = request.run_request(self.domain, self.data, self.port) # 保存请求结果 request.save_data(self.domain, self.data) # 将最终结果列表添加到总的数据列表中 self.datas.extend(self.data) # 数据库导出 self.export(self.domain) # 子域接管检查 if self.takeover: subdomains = utils.get_subdomains(self.data) takeover = Takeover(subdomains) takeover.run() return self.data
def main(self): if self.brute is None: self.brute = config.enable_brute_module if self.dns is None: self.dns = config.enable_dns_resolve if self.req is None: self.req = config.enable_http_request old_table = self.domain + '_last_result' new_table = self.domain + '_now_result' collect = Collect(self.domain, export=False) collect.run() if self.brute: # 由于爆破会有大量dns解析请求 并发爆破可能会导致其他任务中的网络请求异常 brute = AIOBrute(self.domain, export=False) brute.run() db = Database() original_table = self.domain + '_original_result' db.copy_table(self.domain, original_table) db.remove_invalid(self.domain) db.deduplicate_subdomain(self.domain) old_data = [] # 非第一次收集子域的情况时数据库预处理 if db.exist_table(new_table): db.drop_table(old_table) # 如果存在上次收集结果表就先删除 db.rename_table(new_table, old_table) # 新表重命名为旧表 old_data = db.get_data(old_table).as_dict() # 不解析子域直接导出结果 if not self.dns: # 数据库导出 dbexport.export(self.domain, valid=self.valid, format=self.format, show=self.show) db.drop_table(new_table) db.rename_table(self.domain, new_table) db.close() return self.data = db.get_data(self.domain).as_dict() # 标记新发现子域 self.data = utils.mark_subdomain(old_data, self.data) # 获取事件循环 loop = asyncio.get_event_loop() asyncio.set_event_loop(loop) # 解析子域 task = resolve.bulk_resolve(self.data) self.data = loop.run_until_complete(task) # 保存解析结果 resolve_table = self.domain + '_resolve_result' db.drop_table(resolve_table) db.create_table(resolve_table) db.save_db(resolve_table, self.data, 'resolve') # 不请求子域直接导出结果 if not self.req: # 数据库导出 dbexport.export(resolve_table, valid=self.valid, format=self.format, show=self.show) db.drop_table(new_table) db.rename_table(self.domain, new_table) db.close() return # 请求子域 task = request.bulk_request(self.data, self.port) self.data = loop.run_until_complete(task) self.datas.extend(self.data) # 在关闭事件循环前加入一小段延迟让底层连接得到关闭的缓冲时间 loop.run_until_complete(asyncio.sleep(0.25)) count = utils.count_valid(self.data) logger.log('INFOR', f'经验证{self.domain}有效子域{count}个') # 保存请求结果 db.clear_table(self.domain) db.save_db(self.domain, self.data, 'request') # 数据库导出 dbexport.export(self.domain, valid=self.valid, format=self.format, show=self.show) db.drop_table(new_table) db.rename_table(self.domain, new_table) db.close() # 子域接管检查 if self.takeover: subdomains = set(map(lambda x: x.get('subdomain'), self.data)) takeover = Takeover(subdomains) takeover.run()
def main(self): if self.brute is None: self.brute = config.enable_brute_module if self.verify is None: self.verify = config.enable_verify_subdomain rename_table = self.domain + '_last' collect = Collect(self.domain, export=False) collect.run() if self.brute: # 由于爆破会有大量dns解析请求 并发爆破可能会导致其他任务中的网络请求异常 brute = AIOBrute(self.domain, export=False) brute.run() db = Database() db.copy_table(self.domain, self.domain + '_ori') db.remove_invalid(self.domain) db.deduplicate_subdomain(self.domain) # 不验证子域的情况 if not self.verify: # 数据库导出 self.valid = None dbexport.export(self.domain, valid=self.valid, format=self.format, show=self.show) db.drop_table(rename_table) db.rename_table(self.domain, rename_table) return # 开始验证子域工作 self.datas = db.get_data(self.domain).as_dict() loop = asyncio.get_event_loop() asyncio.set_event_loop(loop) # 解析域名地址 task = resolve.bulk_query_a(self.datas) self.datas = loop.run_until_complete(task) # 保存解析结果 resolve_table = self.domain + '_res' db.drop_table(resolve_table) db.create_table(resolve_table) db.save_db(resolve_table, self.datas, 'resolve') # 请求域名地址 task = request.bulk_get_request(self.datas, self.port) self.datas = loop.run_until_complete(task) # 在关闭事件循环前加入一小段延迟让底层连接得到关闭的缓冲时间 loop.run_until_complete(asyncio.sleep(0.25)) db.clear_table(self.domain) db.save_db(self.domain, self.datas) # 数据库导出 dbexport.export(self.domain, valid=self.valid, format=self.format, show=self.show) db.drop_table(rename_table) db.rename_table(self.domain, rename_table) db.close() # 子域接管检查 if self.takeover: subdomains = set(map(lambda x: x.get('subdomain'), self.datas)) takeover = Takeover(subdomains) takeover.run()
def main(self): """ OneForAll main process :return: subdomain results :rtype: list """ utils.init_table(self.domain) if not self.access_internet: logger.log('ALERT', 'Because it cannot access the Internet, ' 'OneForAll will not execute the subdomain collection module!') if self.access_internet: self.enable_wildcard = wildcard.detect_wildcard(self.domain) collect = Collect(self.domain) collect.run() srv = BruteSRV(self.domain) srv.run() if self.brute: # Due to there will be a large number of dns resolution requests, # may cause other network tasks to be error brute = Brute(self.domain, word=True, export=False) brute.enable_wildcard = self.enable_wildcard brute.in_china = self.in_china brute.quite = True brute.run() utils.deal_data(self.domain) # Export results without resolve if not self.dns: return self.export_data() self.data = utils.get_data(self.domain) # Resolve subdomains utils.clear_data(self.domain) self.data = resolve.run_resolve(self.domain, self.data) # Save resolve results resolve.save_db(self.domain, self.data) # Export results without HTTP request if not self.req: return self.export_data() if self.enable_wildcard: # deal wildcard self.data = wildcard.deal_wildcard(self.data) # HTTP request utils.clear_data(self.domain) request.run_request(self.domain, self.data, self.port) # Finder module if settings.enable_finder_module: finder = Finder() finder.run(self.domain, self.data, self.port) # altdns module if settings.enable_altdns_module: altdns = Altdns(self.domain) altdns.run(self.data, self.port) # Information enrichment module if settings.enable_enrich_module: enrich = Enrich(self.domain) enrich.run() # Export self.datas.extend(self.export_data()) # Scan subdomain takeover if self.takeover: subdomains = utils.get_subdomains(self.data) takeover = Takeover(targets=subdomains) takeover.run() return self.data