class DomainScan(BaseScan):
namelist = getfiles(settings.DATAPATH + '/subdomain.txt')
def recv(self,domain):
try:
answers = self.resolvers.query(domain)
except:
answers = []
return answers
def baiduce(self,target):
try:
res = requests.get('http://ce.baidu.com/index/getRelatedSites?site_address=%s'%target)
res = json.loads(res.text)
for subdomain in [v.get('domain') for v in res.get('data',[])]:
for answer in self.recv(subdomain):
self.result.add((subdomain,answer.address))
except:pass
def brute(self,target):
target = target.strip()
for subdomain in self.namelist:
subdomain = subdomain.strip() + '.' + target
for answer in self.recv(subdomain):
self.result.add((subdomain,answer.address))
def scan(self):
h = self.target
h = h if 'http' in h else 'http://%s'%h
target = getdomain(h)
self.resolvers = Resolver()
self.answers = []
self.result = set()
self.baiduce(target)
self.brute(target)
self.writehost([(h,80,1,'http','',d) for d,h in self.result])
def get_auth(self,pwds=None):
'''获取项目用户名密码'''
pwds = getfiles(settings.DATAPATH + '/pass.txt')
MD = models.DictResult
auths = set()
#读取库中本项目的用户名和密码
userquery = MD.select().where((MD.projectid == self.Q.projectid)&(MD.dict_key == 'user'))
pwdquery = MD.select().where((MD.projectid == self.Q.projectid)&(MD.dict_key == 'pwd'))
for u in userquery:
for p in pwdquery:
auths.add((str(u.dict_value),str(p.dict_value)))
#for u in userquery:
# auths.add((str(u.dict_value),None))
for p in pwdquery:
auths.add((None,str(p.dict_value)))
if pwds:#本地密码
for pwd in pwds:
auths.add((None,pwd))
return auths
