def main(self): print_(""" 1.awvs. 0.返回菜单. """) ipt1 = input_('选项>') if ipt1 is '1': print_(""" ___ __ ____ / \ \ / /_ __/ ___| / _ \ \ /\ / /\ \ / /\___ \ / ___ \ V V / \ V / ___) | /_/ \_\_/\_/ \_/ |____/ AWVS 配置: [0] 全扫描 [1] 高风险漏洞 [2] 跨站点脚本漏洞 [3] SQL注入漏洞 [4] 脆弱的密码 [5] 仅爬行' [x]返回菜单. """) ipt2 = input_('配置>') if ipt2 is 'x': self.main() self._add_task(rule=ipt2) r = Run() r.main() if ipt1 == '0': r = Run() r.main()
def Run_DirBrute(self): print_(""" ########### web目录扫描. ########### 1.查看帮助. 2.输入url. 0.返回菜单. """) helps1 = dirbrute_helps ipt1 = input_('>') if ipt1 is '1': print_(helps1) self.Run_DirBrute() if ipt1 is '2': dictnames = self.Get_Filename('{}DirBrute/dics/'.format(self.root)) ipt2 = input_('Url>') print_('选择字典...') for dictname in dictnames: print_(dictname) ipt3 = input_('DictPath>') self.commands__( cmd='python2 {}DirBrute/dirbrute.py {} -e php -t 10 -d {}'. format(self.root, ipt2, '"' + ipt3 + '"')) self.Run_DirBrute() if ipt1 is '0': self.main()
def TideFinger(self, **kwargs): helps = TideFinger_helps print_(""" ########### TideFinger ########### [1].单个识别. [2].批量识别. [h].帮助. [0].返回菜单. """) for args in kwargs: if args == 'url': url = kwargs['url'] ipt1 = input_('>') if ipt1 is '1': ipt2 = input_('URL>') self.commands__( cmd='python2 {}TideFinger/TideFinger.py -u "{}"'.format( self.root, ipt2)) self.TideFinger() if ipt1 is '2': pass if ipt1 is 'h': self.commands__( cmd='python2 {}TideFinger/TideFinger.py'.format(self.root)) if ipt1 is '0': self.main()
def _git(): path = z1 filename = y1 if a1: ipt1 = input_('username>') ipt2 = input_('email>') yhxx(ipt1, ipt2) elif b1: add(path, filename) elif c1: ipt1 = input_('提交内容>') if not ipt1: ipt1 = 'up' tj(path, ipt1) elif d1: ts(path) elif e1: tb(path) elif f1: delete_1(path, filename) elif g1: status(path) elif h1: ipt1 = input_('Url>') clong(path, ipt1) elif i1: ipt1 = input_('Url>') add_dm(path, ipt1)
def POC_T(self, **kwargs): for args in kwargs: if 'sqli' == args: ke1 = kwargs['sqli'] self.Install_POC_T() helps = poc_t_helps print_(""" ###### POC_T ###### [1].批量POC验证. [2].单个POC验证. [h].帮助. [0].返回菜单. """) f1, f2, f3 = get_POC_T_script() ipt1 = input_('>') if ipt1 is '1': if not ke1: ipt3 = input_('指纹名称>') else: ipt3 = ke1 f1, f2, f3 = get_POC_T_script() for sf1 in f1: with open('{}lib/script_name.txt'.format(self.root), 'a+') as w: w.write(sf1 + '\n') search_r = _grep(keyword=ipt3, path='{}lib/script_name.txt'.format(self.root)) print('') print('') red('----------------------------') print('') for s1 in search_r: line_number, line_content = s1 print(line_content) green('----------------------------') ipt4 = input_('选择脚本>') ipt5 = input_('ZSearch_keyword>') ipt6 = input_('页数>') self.commands__( cmd= 'python2 {}POC-T/POC-T.py -s {} -aZ "{}" --limit {} -luz {} -lup {}' .format(self.root, ipt4, ipt5, ipt6, username_z, password_z)) self.main() if ipt1 is '2': pass if ipt1 is 'h': print_(helps) if ipt1 is '0': self.main()
def Run_subdns(self): content = """ ######### 子域名爆破 ######### 1.查看帮助. 2.输入Domain. 3.自定义字典. 4.查看结果. 0.返回菜单. """ helps1 = subdns_helps c1 = self.Install_subdns() helps2 = "例子:Domain>baidu.com" if c1: print_(content) c2 = input_('>') if not c2: self.Run_subdns() if c2 is '1': print_(helps1) self.Run_subdns() if c2 is '2': print_(helps2) ipt1 = input_('Domain>') c3 = self.commands__(cmd=[ 'python3 {}subdns/subdns.py -u {} -d mini_names.txt'. format(self.root, ipt1) ]) self.Run_subdns() if c2 is '3': print_('字典存放路径:$HOME/.Tools/Tools_list/dict') print_('如果存放好了字典,请输入字典名字...') print_(helps2) ipt1 = input_('Domain>') ipt2 = input_('Dict>') c3 = self.commands__(cmd=[ 'python3 {}subdns/subdns.py -u {} -d {}'.format( self.root, ipt1, ipt2) ]) self.Run_subdns() if c2 is '4': print_(""" 1.查看结果. 0.返回菜单. """) ipt1 = input_('>') if ipt1 == '1': self.sElect_Files_(num=1) if c2 is '0': self.main()
def Run_xcdn(self): print_(""" 1.输入Domain. 0.返回菜单. """) ipt1 = input_('>') if not ipt1: self.Run_xcdn() if ipt1 is '1': ipt2 = input_('Domain>') c1 = self.commands__( cmd='sudo python3 {}xcdn/xcdn.py {}'.format(self.root, ipt2)) self.Run_xcdn() if ipt1 is '0': self.main()
def note(): print_(""" 笔记: 1.dict: """) ipt1 = input_('>') if ipt1 is '1': print_(""" 1.dict1.md """) ipt2 = input_('>') if ipt2 is '1': d = dict1() d.content()
def Run_dirmap(self): content = """ ########### web目录扫描 ########### 1.查看帮助. 2.输入URL. 3.尝试批量扫描,请输入文件名. 4.自定义命令. 5.查看结果. 0.返回菜单. """ helps1 = dirmap_helps c1 = self.Install_dirmap() if c1: print_(content) ipt1 = input_('>') if ipt1 is '1': print_(helps1) # c2 = self.commands__(cmd='python3 {}dirmap/dirmap.py --help'.format(self.root)) self.Run_dirmap() if ipt1 is '2': print_('例子:Url>https://www.baidu.com/') ipt2 = input_('Url>') c2 = self.commands__( cmd='python3 {}dirmap/dirmap.py -iU {} -t 30 -lcf --debug'. format(self.root, ipt2)) self.Run_dirmap() if ipt1 is '3': print_('例子: Filename> DiscoverTarget/URL.txt') ipt2 = input_('Filename> ') c2 = self.commands__( cmd='python3 {}dirmap/dirmap.py -iF {} -t 30 -lcf --debug'. format(self.root, ipt2)) self.Run_dirmap() if ipt1 is '4': print_('输入选项...') print_('例子1: > --help') print_('例子2: > --iN xxx') ipt2 = input_('> ') c2 = self.commands__( cmd='python3 {}dirmap/dirmap.py {}'.format( self.root, ipt2)) self.Run_dirmap() if ipt1 is '5': pass if ipt1 is '0': self.main()
def main(self): print_(""" 1.DNS接口查询. 0.Exit. """) ipt1 = input_('选项>') if ipt1 is '1': print_(""" ____ _ _ ___ | _ \| \ | |___ / _ \ _ _ ___ _ __ _ _ | | | | \| / __| | | | | | | |/ _ \ '__| | | | | |_| | |\ \__ \ | |_| | |_| | __/ | | |_| | |____/|_| \_|___/ \__\_\\\\__,_|\___|_| \__, | |___/ 1.批量查询 2.单个查询 0.返回菜单. """) ipt2 = input_('>') if ipt2 is '0': self.main() if ipt2 is '1': ipt3 = input_('处理URL获取Domain name.[y/n]') filenames = get_filename(path='{}lib/batch'.format(root)) for filename in filenames: print_(filename) ipt4 = input_('Filename>') lines = read_text_(ipt4) for line in lines: if ipt3 == 'y': domain = get_domain(line) self.DNS_Query_Interface(domain) if ipt3 == 'n': domain = line self.DNS_Query_Interface(domain) if ipt2 is '2': ipt3 = input_('Domain>') self.DNS_Query_Interface(ipt3) if ipt1 is '0': selenium_.browser_.quit() exit(0)
def whatweb(self): print_(""" ######### whatweb ######### 1.批量域名扫描(domain). 2.常规扫描. 3.详细回显扫描. 4.快速本地扫描(扫描内网主机). 5.查看结果. 0.返回菜单. """) ipt1 = input_('>') if ipt1 != '0': ipt2 = input_('Save name>') path = f'{self.root}lib/batch/whatweb/results' save_name = f'{ipt2}.xml' if ipt1 == '1': paths = get_filename(f'{self.root}lib/batch/whatweb') i = 1 for p1 in paths: print_(f'{i}. {p1}') i += 1 ipt2 = input_('Path编号>') i = 1 for p2 in paths: if ipt2 == str(i): path = p2 break i += 1 self.commands__( f'cd {path} && whatweb -i {path} --log-xml={save_name}') self.whatweb() if ipt1 == '2': ipt2 = input_('Domain>') self.commands__( f'cd {path} && whatweb {ipt2} --log-xml={save_name}') self.whatweb() if ipt1 == '3': ipt2 = input_('Domain>') self.commands__( f'cd {path} && whatweb -v {ipt2} --log-xml={save_name}') self.whatweb() if ipt1 == '4': ipt2 = input_('IP>') ipt3 = input_('前缀>') self.commands__( f'cd {path} && whatweb --no-errors -t 255 {ipt2}{ipt3} --log-xml={save_name}' ) self.whatweb() if ipt1 == '5': pass if ipt1 == '0': self.main()
def Run_DiscoverTarget(self): content = """ ####### URL采集 ####### 1.查看帮助. 2.输入关键字. 3.自定义命令. 4.查看结果. 0.返回菜单. """ helps1 = discovertarget_helps c1 = self.Install_DiscoverTarget() if c1: print_(content) ipt1 = input_('>') if ipt1 is '1': print_(helps1) # c2 = self.commands__(cmd=['python2 {}DiscoverTarget/DiscoverTarget.py --help'.format(self.root)]) self.Run_DiscoverTarget() if ipt1 is '2': keywords = input_('>') c2 = self.commands__(cmd=[ 'sudo python2 {}DiscoverTarget/DiscoverTarget.py -B {}'. format(self.root, keywords) ]) self.Run_DiscoverTarget() if ipt1 is '3': print_('例子1:> -B hello word') print_('例子2:> -Z app:"Apache-Tomcat"') c3 = input_('> ') c4 = self.commands__( cmd='sudo python2 {}DiscoverTarget/DiscoverTarget.py {}'. format(self.root, c3)) self.Run_DiscoverTarget() if ipt1 is '4': self.sElect_Files__() self.Run_DiscoverTarget() if ipt1 is '0': self.main()
def Run_fsociety(self): print_(""" 1.Run Fsociety 0.返回菜单. """) c1 = self.Install_fsociety() if c1: ipt1 = input_('>') if ipt1 is '1': self.commands__(cmd='fsociety') self.Run_fsociety() if ipt1 is '0': self.main()
def nmap_script_exploit(self): print_(""" 1.cve_script_search. 2.cve_script_exploit. 0.返回菜单. """) ipt1 = input_('>') if ipt1 == '1': if system_platform == 'kali': filenames = get_filename_(path='/usr/share/nmap/scripts') if system_platform == 'deepin': filenames = get_filename_(path='/usr/share/nmap/scripts') i = 1 for filename in filenames: d1 = grep('cve', filename) if d1: print(f'{i}. {d1}') i += 1 self.nmap_script_exploit() if ipt1 == '2': print_(""" 1.http-vuln-cve2017-5638.nse 2.http-vuln-cve2015-1635.nse 3.其他cve脚本使用. 0.返回菜单. """) if system_platform == 'kali': path = '/usr/share/nmap/scripts' if system_platform == 'deepin': path = '/usr/share/nmap/scripts' ipt1 = input_('>') if ipt1 == '1': print_('port -> 80') ipt2 = input_('port>') ipt3 = input_('target(domain)>') self.commands__( f'cd {path} && sudo nmap -p {ipt2} --script http-vuln-cve2017-5638 {ipt3}' ) self.nmap_script_exploit() if ipt1 == '2': ipt2 = input_('target(domain)>') self.commands__( f'cd {path} && sudo nmap -p 80 --script http-vuln-cve2015-1635.nse {ipt2}' ) self.nmap_script_exploit() if ipt1 == '3': print_('编号 -> http-vuln-cve2017-5638') ipt2 = input_('编号>') s1 = f'官方使用教程:https://nmap.org/nsedoc/scripts/{ipt2}.html' print_(s1) self.nmap_script_exploit() if ipt1 == '0': self.nmap_script_exploit() if ipt1 == '0': self.main()
def Run_xwaf(self): print_(""" 1.查看帮助. 2.输入url. 3.输入url,post参数. 4.选择headerfile,输入参数,设置攻击向量level大小. 0.返回菜单. """) helps1 = """ 1.python3 xwaf.py -u "http://www.baidu.com/1.php?id=1" 2.python3 xwaf.py -u "http://www.baidu.com/1.php" --data="postdata" -p xxx 3.python3 xwaf.py -r /tmp/headerfile -p xxx --level 5 """ ipt1 = input_('>') if not ipt1: self.Run_xwaf() if ipt1 is '1': print_(helps1) self.Run_xwaf() if ipt1 is '2': ipt2 = input_('Url>') self.commands__( cmd='sudo python3 {}bypass_waf/xwaf.py -u "{}"'.format( self.root, ipt2)) self.Run_xwaf() if ipt1 is '3': ipt2 = input_('Url>') ipt3 = input_('Data>') ipt4 = input_('Post parameter>') self.commands__( cmd='sudo python3 {}bypass_waf/xwaf.py -u "{}" --data="{}" -p {}' .format(self.root, ipt2, ipt3, ipt4)) self.Run_xwaf() if ipt1 is '4': ipt2 = input_('1>') ipt3 = input_('2>') ipt4 = input_('3>') self.commands__( cmd='sudo python3 {}bypass_waf/xwaf.py -r {} -p {} --level {}'. format(self.root, ipt2, ipt3, ipt4)) self.Run_xwaf() if ipt1 is '0': self.main()
def ip_or_domain_result_handle(): from main import Run r1 = Run() main = r1.main print_(""" ######## 处理结果 ######## 1.查看结果. 2.结果提交到nmap扫描. 0.返回菜单. """) ipt1 = input_('>') if ipt1 is '0': main() if ipt1 is '1': filenames = get_filename(path=f'{root}lib/fping') if not filenames: red('[Error] fping 没有结果.') return False i = 1 for filename in filenames: print_(str(i) + '. ' + filename) i += 1 ipt1 = input_('>') i = 1 for filename in filenames: if str(i) == ipt1: ipt1 = str(filename.replace(' ', '').replace('\n', '')) break i += 1 with open(f'{ipt1}', 'r') as r: for line in r.readlines(): if re.findall(f'({regular(1)})(\.+)*', line): ip = str(line.strip().replace(' ', '').replace('\n', '')) if ip: data = _red(ip) print(data) if ipt1 is '2': filenames = get_filename(path=f'{root}lib/fping') if not filenames: red('[Error] fping 没有结果.') return False i = 1 for filename in filenames: print_(str(i) + '. ' + filename) i += 1 ipt1 = input_('>') i = 1 for filename in filenames: if str(i) == ipt1: ipt1 = str(filename.replace(' ', '').replace('\n', '')) break i += 1 with open(f'{ipt1}', 'r') as r: for line in r.readlines(): if re.findall(f'({regular(1)})(\.+)*', line): ip = str(line.strip().replace(' ', '').replace('\n', '')) if ip: thread1 = Thread(target=port_scan, args=(ip, ip)) thread1.start()
def _add_task(self, rule): print_(""" 1.批量任务添加 2.删除所有任务 3.删除指定任务 4.跳过 0.Exit. """) if self.option_: ipt1 = input_('>') if ipt1 is '1': domains = [] ipt2 = input_('处理URL获取Domain name.[y/n]') if ipt2 is 'y': i1 = True if ipt2 is 'n': i1 = False filename = get_filename('{}lib/batch/awvs'.format(root)) i = 1 for f in filename: print_(f'{i}. {f}') i += 1 ipt3 = input_('Path编号>') i = 1 for f in filename: if ipt3 == str(i): ipt3 = f break i += 1 if ipt3: datas = read_text_(ipt3) if i1: for data in datas: d = get_domain(data) domains.append(d) datas = domains if ipt1 is '2': self.delete_() return False if ipt1 is '3': self.delete() return False if ipt1 is '4': self.option_ = False eXit = False if not ipt1 is '0' else True try: def r(): if eXit: return False i = 1 for target1 in datas: if i <= 5: if self.option: info(('Add scann target -> ', target1)) self.add_task(target=target1, rule=rule) else: i = 0 time.sleep(600) i += 1 thread1 = threading.Thread(target=r) thread1.start() except Exception as e: # red(traceback.format_exc()) pass
def main(self): content1 = """ {} [1].信息收集. [2].Web程序. [3].黑盒测试工具包. [4].Linux 工具. [5].漏洞验证(POC). [6].漏洞测试(FUZZ). [7].note. [8].内网攻击工具. [9].内网扫描. [10].漏洞分析. [11].字典构造. [12].Exploits. [i].INIT. [c].Clear. [n].记录线索. [0].退出. """.format(logo) print_(content1) ipt1 = input_('>') if not ipt1: self.main() if ipt1 is '1': content2 = """ ######## 信息收集 ######## 1.子域名爆破. 2.URL采集. 3.Web目录扫描. 4.尝试找出cdn背后的真实ip. 5.九世信息收集工具. 6.指纹识别. 7.ABC段扫描. 0.返回菜单. """ print_(content2) ipt2 = input_('>') if not ipt2: self.main() if ipt2 is '1': self.Run_subdns() if ipt2 is '2': self.Run_DiscoverTarget() if ipt2 is '3': print_(""" ####### 选择工具 ####### 1.dirmap. 2.DirBrute. 0.返回菜单. """) ipt3 = input_('>') if not ipt3: self.main() if ipt3 is '1': self.Run_dirmap() if ipt3 is '2': self.Run_DirBrute() if ipt3 is '0': self.main() if ipt2 is '4': if system_platform == 'kali': self.Run_xcdn() else: red('[Error] xcdn run for kali.') self.main() if ipt2 is '5': ipt1 = input_('URL>') ipt2 = input_('Domain>') c1 = jiushixxsj(url=ipt1, domain=ipt2) if c1: print_('九世信息收集工具配置完成...') else: print_('九世信息收集工具配置失败...') self.commands__( cmd='cd "{}信息收集工具" && python3 ./main.py'.format(self.root)) if ipt2 is '6': print_(""" 1.TideFinger. 2.whatweb. 0.返回菜单. """) ipt1 = input_('>') if ipt1 == '1': self.TideFinger() self.main() if ipt1 == '2': self.whatweb() self.main() if ipt1 == '0': self.main() if ipt2 is '7': print_(""" [A].A段扫描. [B].B段扫描. [C].C段扫描. [r].查看结果. """) ipt2 = input_('>') if ipt2 is 'r': if ip_or_domain_result_handle(): time.sleep(3) self.main() else: time.sleep(3) self.main() content1 = """ A段 前缀 8. B段 前缀 16. C段 前缀 24. """ a1 = grep(f'{ipt2}', content1) print(a1) ipt3 = input_('IP>') ipt4 = input_('前缀>') # self.commands__(f'fping -a -g "{ipt3}/{ipt4}" > {self.root}lib/fping_result.txt') self.commands__( f'fping -a -g "{ipt3}/{ipt4}" > {self.root}lib/fping_result.txt' ) datas = _grep(f'({regular(1)})(\.+)*', f'{self.root}lib/fping_result.txt', regex=1, highlight=0) for data in datas: line_number, line_content = data if 'ICMP Host Unreachable from' not in line_content: print(line_content.replace('\n', '').strip()) s1 = line_content.replace('\n', '').strip() with open(f'{self.root}lib/fping/{ipt3}_{ipt4}.txt', 'a+') as w: w.write(s1 + '\n') self.commands__(f'rm -rf {self.root}lib/{ipt3}_{ipt4}.txt') self.commands__(f'rm -rf {self.root}lib/fping_result.txt') time.sleep(3) self.main() if ipt2 is '0': self.main() if ipt1 is '2': print_(""" ######## web程序 ######## 1.xwaf waf自动化绕过工具. 0.返回菜单. """) ipt2 = input_('>') if ipt2 is '1': if system_platform == 'kali': self.Run_xwaf() self.main() else: red('[Error] xwaf run for kali.') self.main() if ipt2 is '0': self.main() if ipt1 is '3': print_(""" 1.Fsociety. 0.返回菜单. """) ipt2 = input_('>') if not ipt2: self.main() if ipt2 is '1': if system_platform == 'kali': self.Run_fsociety() else: red('[Error] fsociety run for kali.') self.main() if ipt2 is '0': self.main() if ipt1 is '4': print_(""" ########## linux 工具 ########## [1].输出艺术字. [2].获取工具的绝对路径. [3].History. [4].源配置. [5].配置x11 vnc server. [6].配置sftp. [0].返回菜单. """) ipt2 = input_('>') if ipt2 is '1': ipt3 = input_('内容>') self.commands__(cmd='figlet {}'.format(ipt3)) self.commands__(cmd='toilet {}'.format(ipt3)) self.main() if ipt2 is '2': ipt3 = input_('Tool name>') c1 = self.commands_(cmd='whereis {}'.format(ipt3)) c2 = self.commands_(cmd='which {}'.format(ipt3)) data1 = grep(ipt3, c1) data2 = grep(ipt3, c2) print(data1) print(data2) if ipt2 is '3': from os import popen ipt1 = input_('Keyword>') print_('history | grep "{}"'.format(ipt1)) if ipt2 is '4': if system_platform == 'deepin': print_('1.deepin 源配置.') ipt1 = input_('>') if ipt1 is '1': c1 = self.commands__( cmd= f'sudo cp -v -r {self.root}bak/sources.list.deepin /etc/apt/sources.list' ) c2 = self.commands__(cmd='sudo apt-get update') if c1: print_('deepin 源配置完成.') else: print_('deepin 源配置失败.') self.main() if system_platform == 'kali': print_('1.kali 源配置.') ipt1 = input_('>') if ipt1 is '1': c1 = self.commands__( cmd= f'sudo cp -v -r {self.root}bak/sources.list.kali /etc/apt/sources.list' ) c2 = self.commands__(cmd='sudo apt-get update') if c1: print_('kali 源配置完成.') else: print_('kali 源配置失败.') self.main() if ipt2 is '5': self.commands__('sudo apt-get -y install x11vnc') self.commands__('x11vnc -storepasswd') self.commands__('ip address') self.commands__( 'x11vnc -auth guess -once -loop -noxdamage -repeat -rfbauth ~/.vnc/passwd -rfbport 5900 -shared' ) if ipt2 is '6': self.commands__('sudo apt-get -y install ssh') if ipt2 is '0': self.main() if ipt1 is '5': print_(""" ############ 漏洞验证(POC) ############ 1.Xss 2.Sqli 3.Csrf 4.POC-T 0.返回菜单 """) ipt2 = input_('>') if ipt2 is '1': pass if ipt2 is '2': self.POC_T(sqli='sqli') if ipt2 is '3': pass if ipt2 is '4': self.POC_T() if ipt2 is '0': self.main() if ipt1 is '6': print_(""" ############# 漏洞测试(FUZZ) ############# 1.Xss 2.Sqli 3.Csrf 0.返回菜单 """) ipt2 = input_('>') if ipt2 is '1': print_(""" #### Xss #### 1.XSStrike. 0.返回菜单. """) ipt3 = input_('>') if ipt3 is '1': self.xsstrike() self.main() if ipt3 is '0': self.main() if ipt2 is '0': self.main() if ipt1 is '7': from src._note import note note() self.main() if ipt1 is 'i': self.commands__('{}lib/INIT'.format(self.root)) self.main() if ipt1 is '8': print_(""" ############ 内网攻击工具. ############ 1.ARP欺骗. 0.返回菜单. """) ipt2 = input_('>') if ipt2 is '1': self.commands__(cmd='python2 {}src/arp.py'.format(self.root)) self.main() if ipt2 is '0': self.main() if ipt1 is '9': print_(""" ############ 内网扫描工具. ############ 1.nbtscan. 0.返回菜单. """) ipt2 = input_('>') if system_platform == 'kali': if ipt2 is '1': print_('例子:192.168.1.1/24') ipt3 = input_('输入扫描的IP段>') self.commands__(f'nbtscan -r {ipt3}') self.main() else: red('[Error] nbtscan run for kali.') if ipt2 is '0': self.main() if ipt1 == '10': print_(""" ######## 漏洞分析 ######## 1.apache-users. 2.scann.py. 3.nikto. 4.nmap. 5.lynis 6.sparta 7.unix-privesc-check 8.goLismero 9.awvs.py 0.返回菜单. """) ipt2 = input_('>') if ipt2 is '1': if system_platform == 'kali': pass else: red('[Error] apache_users run for kali.') if ipt2 is '2': self.commands__(f'python3 {self.root}scann.py') self.main() if ipt2 is '3': pass if ipt2 is '4': self.nmap_script_exploit() if ipt2 is '5': if system_platform == 'kali': pass else: red('[Error] lynis run for kali.') if ipt2 is '6': if system_platform == 'kali': pass else: red('[Error] sparta run for kali.') if ipt2 is '7': if system_platform == 'kali': pass else: red('[Error] unix-privesc-check run for kali.') if ipt2 is '8': if system_platform == 'kali': pass else: red('[Error] goLismero run for kali.') if ipt2 == '9': try: a1 = _awvs() a1.main() except: from src.awvs import awvs as _awvs a1 = _awvs() a1.main() if ipt2 is '0': self.main() if ipt1 == '11': print_(""" ######## 字典构造 ######## 1.crunch. 0.返回菜单. """) ipt2 = input_('>') if ipt2 == '1': if system_platform == 'kali': self.crunch() self.main() else: red('[Error] crunch run for kali.') if ipt2 == '0': self.main() if ipt1 == '12': print_(""" ######### Exploits ######### 1.exp_2019_7_16_baopo.py 0.返回菜单. """) ipt2 = input_('>') if ipt2 == '1': pass if ipt2 == '0': self.main() if ipt1 is 'c': self.commands__(cmd='clear') self.main() if ipt1 is 'n': thread1 = threading.Thread(target=self.commands__, args=('gedit', )) thread1.start() if ipt1 is '0': c1 = self.commands_(cmd=[ 'sudo chmod +x {}lib/pyc_clear && bash {}lib/pyc_clear'.format( self.root, self.root) ]) print_(c1) exit(0) if ipt1: self.commands__(f'{ipt1}') ipt2 = input_('返回菜单[y/n]>') if ipt2 is 'y': self.main() if \ ipt2 is 'n' or \ not ipt2 or \ ipt2[0] in 'abcdefghijklmnopqrstuvwsyz' or \ ipt2[0] in 'ABCDEFGHIJKLMNOPQRSTUVWSYZ': self.main()
def xsstrike(self): self.Install_xSStrike() help1 = xsstrike_helps print_(""" ######### XSStrike ######### [1].扫描单个目标(GET). [2].扫描单个目标(POST). [3].扫描多个目标. [4].测试URL路径组件. [5].将POST数据视为JSON. [6].爬行. [7].自定义命令. [r].查看结果. [h].帮助. [0].返回菜单. """) ipt1 = input_('>') if not ipt1: self.xsstrike() if ipt1 is '1': ipt2 = input_('URL>') c1 = self.commands__( cmd='{}XSStrike/xsstrike.py -u \"{}\"'.format(self.root, ipt2)) self.xsstrike() if ipt1 is '2': ipt2 = input_('URL>') ipt3 = input_('data>') c1 = self.commands__( cmd='{}XSStrike/xsstrike.py -u \"{}\" --data \"{}\"'.format( self.root, ipt2, ipt3)) self.xsstrike() if ipt1 is '3': ipt2 = input_('FilenamePath>') c1 = self.commands__( cmd='{}/XSStrike/xsstrike.py --seeds {}'.format( self.root, ipt2)) self.xsstrike() if ipt1 is '4': ipt2 = input_('Payload>') ipt3 = input_('Url>') c1 = self.commands__( cmd='{}/XSStrike/xsstrike.py -u "{}{}" --path'.format( self.root, ipt3, ipt2)) self.xsstrike() if ipt1 is '5': pass if ipt1 is '6': pass if ipt1 is '7': print_(help1) ipt2 = input_('>') c1 = self.commands__( cmd='{}/XSStrike/xsstrike.py {}'.format(self.root, ipt2)) self.xsstrike() if ipt1 is 'r': pass if ipt1 is 'h': print_(help1) self.xsstrike() if ipt1 is '0': self.main()
def crunch(self): print_(""" ######## crunch ######## 1.生成. 2.查看结果. 3.结果传递至爆破脚本. 0.返回菜单. """) ipt1 = input_('>') if ipt1 == '1': ipt1 = input_('最小字符长度>') ipt2 = input_('最大字符长度>') ipt3 = input_('构造内容>') ipt4 = input_('Domain>') self.commands__(f'cd {self.root}dict && mkdir login') self.commands__( f'crunch {ipt1} {ipt2} {ipt3} > {self.root}dict/login/f{ipt4}.txt' ) if ipt1 == '2': paths = get_filename(f'{self.root}dict/login') i = 1 for f1 in paths: print_(f'{i}. {f1}') i += 1 ipt1 = input_('选择编号>') i = 1 for f1 in paths: if i == int(ipt1): path = f1 break i += 1 self.commands__(f'vim {path}') if ipt1 == '3': paths = get_filename(f'{self.root}dict/login') i = 1 for f1 in paths: print_(f'{i}. {f1}') i += 1 ipt1 = input_('user字典编号>') ipt2 = input_('passwd字典编号>') i = 1 for f1 in paths: if i == int(ipt1): user_path = f1 if i == int(ipt2): passwd_path = f1 i += 1 print_(""" 1.exp_2019_7_16_baopo. 0.返回菜单. """) ipt1 = input_('>') if ipt1 == '1': exp_2019_7_16_baopo(user_path, passwd_path) self.main() if ipt1 == '0': self.main() if ipt1 == '0': self.main()