Example #1
0
    def format_url(self):
        for url in self.arguments.urlList:
            result = re.search(
                r'(([01]{0,1}\d{0,1}\d|2[0-4]\d|25[0-5])\.){3}([01]{0,1}\d{0,1}\d|2[0-4]\d|25[0-5])',
                url)
            if result:
                url = result.group()
                http_url = url_parse(url).get_http_url()  #
                yield http_url

            elif url.startswith('http'):
                yield url

            else:
                # 判断域名是否已经扫描过,包括含有http这类的链接
                scanned_status = False
                compile = '^[http://|https://]*' + url + '$'
                for u in self.scanned_domains:
                    if re.findall(compile, u):
                        print("{} had in scanned_domains list .".format(url))
                        scanned_status = True
                        break

                if scanned_status:
                    continue

                # 判断是否是二级域名,
                if url.count('.') >= 2:
                    is_subdomain = True
                    for suffix in [
                            ".com.cn",
                            ".edu.cn",
                            ".net.cn",
                            ".org.cn",
                            ".co.jp",
                            ".gov.cn",
                            ".co.uk",
                            "ac.cn",
                    ]:
                        if suffix in url:
                            is_subdomain = False
                            break

                    # 二级域名的话跳过,不再爆破三级域名
                    if is_subdomain:
                        yield url_parse(url).get_http_url()
                        continue

                # 域名当作url先扫描
                yield url_parse(url).get_http_url()

                # 遍历子域名并扫描
                domains_list = OneForAll(url).scan()
                domains_list = sorted(set(domains_list),
                                      key=domains_list.index)  # 去重 保持顺序
                for domains in domains_list:
                    http_url = url_parse(domains).get_http_url()  #
                    yield http_url
                    continue
Example #2
0
    def format_url(self):
        for url in self.arguments.urlList:
            result = re.search(
                r'(([01]{0,1}\d{0,1}\d|2[0-4]\d|25[0-5])\.){3}([01]{0,1}\d{0,1}\d|2[0-4]\d|25[0-5])',
                url)
            if result:
                url = result.group()
            else:
                domains_list = OneForAll(url).scan()
                for domains in domains_list:
                    http_url = url_parse(domains).get_http_url()  #
                    yield http_url

            http_url = url_parse(url).get_http_url()  #
            yield http_url
Example #3
0
    def assign_task(self):
        self.init_report()

        self.xray = xray.Xray()
        self.xray.scan()

        for http_url in self.format_url():
            print("scanning : ", http_url)

            if http_url.count(":") < 2 and http_url.count(
                    "/"
            ) < 3:  # if like http://a.com:8080 or http://xx.com/1.php ,do self.url_scan()
                ip = get_ip_from_url(http_url)
                if not ip:
                    continue

                open_ports = masscan.Masscan(ip).open_ports
                if not open_ports or len(open_ports) > 20:
                    self.url_scan(http_url)
                    continue

                http_open_ports = nmap.Nmap(
                    url_parse(http_url).get_netloc(), open_ports
                ).http_open_ports  #use domain not ip in order to report

                if http_open_ports:
                    for port in http_open_ports:
                        http_url_with_port = http_url + ":" + port
                        self.url_scan(http_url_with_port)
                else:
                    print("nmap not found http server port at : ", http_url)
            else:
                self.url_scan(http_url)
Example #4
0
    def __init__(self, target):
        super().__init__()
        self.target = target
        self.report_name = url_parse(self.target).get_report_name()
        self.username = "******"
        self.password = "******"  #Test123...

        self.base_url = "https://127.0.0.1:3443"  #awvs server ip
        self.session = requests.session()
        self.headers = {
            'User-Agent':
            'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0)',
            'Content-Type': 'application/json; charset=utf8',
            'X-Auth': "",
            'cookie': "",
        }
        self.get_api_key_and_set(
        )  # it will auto login and get X-Auth and cookie value ,then set them in self.headers
        #self.target_id = ""
        self.scan_session_id = ""
        self.scan_id = ""
        self.target_id = ""

        self.scan()
Example #5
0
 def format_url(self):
     for url in self.arguments.urlList:
         http_url = url_parse(url).get_http_url()  #
         yield http_url