def __init__(self, baseURL, notFoundPattern=None):
baseURL = URL.getURI(baseURL)
self.baseURL = baseURL.rstrip("/")
self.notFoundPattern = notFoundPattern
self.fp = YamlConf(self._fingerprintFile)
self.log = Log("cmsidentify")
def _loadJavaConsoleDict(self):
result = []
javaConsoleInfo = YamlConf(self._javaConsoleFile)
for server, consoles in javaConsoleInfo.iteritems():
for console in consoles:
if console['type'] == "http":
if console['url'] != "/":
result.append(console['url'])
return result
def _loadJavaConsoleDict(self):
result = []
javaConsoleInfo = YamlConf(self._javaConsoleFile)
for server, consoles in javaConsoleInfo.iteritems():
for console in consoles:
if console['type'] == "http":
if console['url'] != "/":
result.append(console['url'])
return result
def __init__(self, baseURL, notFoundPattern=None):
'''
@params:
baseURL: 待识别的站点的URL
notFoundPattern: 指定notFoundPattern,有时候website只返回301或200,这时候需要该字段来识别‘404’
'''
baseURL = URL.getURI(baseURL)
self.baseURL = baseURL.rstrip("/")
self.notFoundPattern = notFoundPattern
self.fp = YamlConf(self._fingerprintFile)
self.log = Log("cmsidentify")
def subnetScan(host, hostOnly=False, configFile=None):
'''
C段扫描
'''
if not URL.check(host):
return None
host = URL.getHost(host)
confFile = configFile if configFile else os.path.join(
conf['ptdpath'], "port_mapping.yaml")
portsConf = YamlConf(confFile)
httpPorts = [
str(k) for k in portsConf if portsConf[k]['protocol'] == "http"
]
httpPorts = ",".join(httpPorts)
if not hostOnly:
nmapCmd = "nmap -n -PS{ports} -p{ports} {host}/24 -oX -".format(
ports=httpPorts, host=host)
else:
nmapCmd = "nmap -n -PS{ports} -p{ports} {host} -oX -".format(
ports=httpPorts, host=host)
return nmapScan(nmapCmd)
def __init__(self, url, notFoundPattern=None, cmsEnhance=False):
self._url = url.strip()
self._notFoundPattern = notFoundPattern
self._cmsEnhance = cmsEnhance
if not URL.check(self._url):
raise PenError("Service Identify, URL format error")
self._target = URL.format(self._url)
self._fp = YamlConf(os.path.join(sys.path[0],"script","data","app_fingerprint.yaml"))
# debug>>>>>>>>>>>>>>>>>>>
name = 'Drupal'
ddddd = self._fp['Applications'][name]
#self._fp['Applications'] = {name:ddddd}
# debug>>>>>>>>>>>>>>>>>>>>>
# metaInfo 页面元信息
# url, statusCode, headers, html, title, robots
self._metaInfo = {}
self._initMetaInfo()
# result 中存储的信息
self._result = MatchsInfo(self._fp)
self._matchFuncs = {}
self._initHandleFuncs()
self._log = Log("service_identify")
def _loadDirInfo(self):
'''
加载url_brute.yaml数据文件,处理'<ext>'占位符,返回dirInfo字典
'''
result = {}
dirInfo = YamlConf(self._dirInfoFile)
for key, value in dirInfo.iteritems():
result[key] = []
for line in value:
if "<ext>" in line:
for ext in self.exts:
result[key].append(line.replace("<ext>", ext))
else:
result[key].append(line)
return result
def _loadDirInfo(self):
'''
加载url_brute.yaml数据文件,处理'<ext>'占位符,返回dirInfo字典
'''
result = {}
dirInfo = YamlConf(self._dirInfoFile)
for key, value in dirInfo.iteritems():
result[key] = []
for line in value:
if "<ext>" in line:
for ext in self.exts:
result[key].append(line.replace("<ext>", ext))
else:
result[key].append(line)
return result
def __init__(self, baseURL, notFoundPattern=None):
baseURL = URL.getURI(baseURL)
self.baseURL = baseURL.rstrip("/")
self.notFoundPattern = notFoundPattern
self.fp = YamlConf(self._fingerprintFile)
self.log = Log("cmsidentify")
def __init__(self, baseURL, notFoundPattern=None):
'''
@params:
baseURL: 待识别的站点的URL
notFoundPattern: 指定notFoundPattern,有时候website只返回301或200,这时候需要该字段来识别‘404’
'''
baseURL = URL.getURI(baseURL)
self.baseURL = baseURL.rstrip("/")
self.notFoundPattern = notFoundPattern
self.fp = YamlConf(self._fingerprintFile)
self.log = Log("cmsidentify")
def __new__(cls):
configFile = os.path.join(conf['ptdpath'], "user-agents.yaml")
try:
config = YamlConf(configFile)
except PenError:
userAgents = [
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
"Mozilla/5.0 (Windows; U; Windows NT 5.2)Gecko/2008070208 Firefox/3.0.1",
"Opera/9.27 (Windows NT 5.2; U; zh-cn)",
"Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en)Opera 8.0)"
]
else:
userAgents = [x['User-Agent'] for x in config]
return userAgents
def __init__(self, url, notFoundPattern=None, cmsEnhance=False):
self._url = url.strip()
self._notFoundPattern = notFoundPattern
self._cmsEnhance = cmsEnhance
if not URL.check(self._url):
raise PenError("Service Identify, URL format error")
self._target = URL.format(self._url)
self._fp = YamlConf(
os.path.join(conf['ptdpath'], "app_fingerprint.yaml"))
# metaInfo 页面元信息
# url, statusCode, headers, html, title, robots
self._metaInfo = {}
self._initMetaInfo()
# result 中存储的信息
self._result = MatchsInfo(self._fp)
self._matchFuncs = {}
self._initHandleFuncs()
self._log = Log("service_identify")
class CMSIdentify(object):
'''
CMS识别功能
'''
_fingerprintFile = os.path.join(conf['ptdpath'], "cms_fingerprint.yaml")
def __init__(self, baseURL, notFoundPattern=None):
'''
@params:
baseURL: 待识别的站点的URL
notFoundPattern: 指定notFoundPattern,有时候website只返回301或200,这时候需要该字段来识别‘404’
'''
baseURL = URL.getURI(baseURL)
self.baseURL = baseURL.rstrip("/")
self.notFoundPattern = notFoundPattern
self.fp = YamlConf(self._fingerprintFile)
self.log = Log("cmsidentify")
def _checkPath(self, path, pattern):
url = self.baseURL + path
try:
#response = http.get(url)
response = http.get(url, allow_redirects=False)
except http.ConnectionError as error:
self.log.debug(
"Checking '{0}' failed, connection failed".format(url))
return False
if response.status_code == 200:
if self.notFoundPattern:
if self.notFoundPattern in response.content:
self.log.debug(
"Checking '{0}' failed, notFoundPattern matchs.".
format(url))
return False
#if response.history:
# if self.notFoundPattern in response.history[0].content:
# self.log.debug("Checking '{0}' failed, notFoundPattern matchs.".format(url))
# return False
if not pattern:
self.log.debug(
"Checking '{0}' success, status code 200.".format(url))
return True
else:
if pattern in response.text:
self.log.debug(
"Checking '{0}' success, status code 200, match pattern {1}."
.format(url, pattern))
return True
else:
self.log.debug(
"Checking '{0}' failed, pattern not found.".format(
url))
return False
else:
self.log.debug("Checking '{0}' failed, status code {1}".format(
url, response.status_code))
return False
def _checkCMS(self, cmstype, cmsfp):
matchList = []
for line in cmsfp:
if line['need']:
if not self._checkPath(line['path'], line['pattern']):
return False
else:
if self._checkPath(line['path'], line['pattern']):
matchList.append([line['path'], line['pattern']])
return matchList if matchList else False
def identify(self):
'''
CMS识别
@returns:
(cmstype, matchs):CMS识别结果,返回元组CMS类型,详细识别信息,如果识别失败,则matchs为空
'''
for cmstype, cmsfp in self.fp.iteritems():
self.log.debug("Verify {0}".format(cmstype))
matchs = self._checkCMS(cmstype, cmsfp)
if matchs:
break
else:
matchs = []
return (cmstype, matchs)
class CMSIdentify(object):
'''
CMS识别功能
'''
_fingerprintFile = os.path.join(sys.path[0],"script","data","cms_fingerprint.yaml")
def __init__(self, baseURL, notFoundPattern=None):
'''
@params:
baseURL: 待识别的站点的URL
notFoundPattern: 指定notFoundPattern,有时候website只返回301或200,这时候需要该字段来识别‘404’
'''
baseURL = URL.getURI(baseURL)
self.baseURL = baseURL.rstrip("/")
self.notFoundPattern = notFoundPattern
self.fp = YamlConf(self._fingerprintFile)
self.log = Log("cmsidentify")
def _checkPath(self, path, pattern):
url = self.baseURL + path
try:
#response = http.get(url)
response = http.get(url, allow_redirects=False)
except http.ConnectionError as error:
self.log.debug("Checking '{0}' failed, connection failed".format(url))
return False
if response.status_code == 200:
if self.notFoundPattern:
if self.notFoundPattern in response.content:
self.log.debug("Checking '{0}' failed, notFoundPattern matchs.".format(url))
return False
#if response.history:
# if self.notFoundPattern in response.history[0].content:
# self.log.debug("Checking '{0}' failed, notFoundPattern matchs.".format(url))
# return False
if not pattern:
self.log.debug("Checking '{0}' success, status code 200.".format(url))
return True
else:
if pattern in response.text:
self.log.debug("Checking '{0}' success, status code 200, match pattern {1}.".format(url,pattern))
return True
else:
self.log.debug("Checking '{0}' failed, pattern not found.".format(url))
return False
else:
self.log.debug("Checking '{0}' failed, status code {1}".format(url, response.status_code))
return False
def _checkCMS(self, cmstype, cmsfp):
matchList = []
for line in cmsfp:
if line['need']:
if not self._checkPath(line['path'], line['pattern']):
return False
else:
if self._checkPath(line['path'], line['pattern']):
matchList.append([line['path'], line['pattern']])
return matchList if matchList else False
def identify(self):
'''
CMS识别
@returns:
(cmstype, matchs):CMS识别结果,返回元组CMS类型,详细识别信息,如果识别失败,则matchs为空
'''
for cmstype,cmsfp in self.fp.iteritems():
self.log.debug("Verify {0}".format(cmstype))
matchs = self._checkCMS(cmstype, cmsfp)
if matchs:
break
else:
matchs = []
return (cmstype,matchs)