def run(host, port):
connScan(host, port)
file_operation.file_operate(host, pport, service, 'service')
# host = 'www.baidu.com'
# port = ['80','443']
# print(port)
# run(host,port)
# run('39.156.66.14',['80','443'])
def output(self):
domain1 = str(self.url)
domain1 = domain1.strip('http://').strip('https://')
file_operation.file_operate(domain1, self.url_list, self.responsecode, 'dir_search')
# print(len(self.url_list))
# print(len(self.responsecode))
# domain = 'https://www.baidu.com'
# pwd = str(os.getcwd())
# pwd = pwd + '/_dict/345.txt'
# thread_numb = 30
#
# execute = dir_scanner(domain, pwd, thread_numb)
# execute.run()
# execute.output()
def port_s(ip, port):
class receive_package(object):
def __init__(self, l_ip, d_ip, o_p_l, c_p_l, c_port=None, nameee=None):
self.port = c_port
self.open_port_list1 = o_p_l
self.close_port_list1 = c_p_l
self.local_ip1 = l_ip
self.destination_ip1 = d_ip
self.all_port = []
self.all_status = []
self.namee = nameee
def prn(self, pkt):
flags = pkt.sprintf("%TCP.flags%")
final_port = pkt.sprintf("%IP.src%:%IP.sport%")
pppport = pkt.sprintf("%IP.sport%")
if flags == 'SA':
print(pkt.sprintf("[=====]%IP.src%:%IP.sport% opend"))
self.open_port_list1.append(final_port)
else:
print(pkt.sprintf("[=====]%IP.src%:%IP.sport% closed"))
self.close_port_list1.append(final_port)
# self.port.remove(pppport)
def run(self):
tmo = len(self.destination_ip1) * (1 / 20) * len(self.port)
# print(tmo)
sniff(lfilter=lambda x: x.haslayer(TCP) and x[
IP].dst == self.local_ip1 and x[
IP].src in self.destination_ip1 and x[TCP].flags == 'SA' or
x.haslayer(TCP) and x[IP].dst == self.local_ip1 and x[
IP].src in self.destination_ip1 and x[TCP].flags == 'RA',
prn=self.prn,
timeout=tmo)
def output(self):
print(
'\n\n[+]The follow is "Port Scan" report for \'{0}\' :'.format(
self.namee))
print('\n[+]The opend port:')
if not self.open_port_list1:
print('None')
for p in self.open_port_list1:
print('--->' + str(p) + ' opend')
self.all_port.append(p)
self.all_status.append('opend')
print('[+]The closed port:')
if not self.close_port_list1:
print('None')
for p in self.close_port_list1:
print('--->' + str(p) + ' closed')
self.all_port.append(p)
self.all_status.append('closed')
# # print(self.open_port_list1)
# for i in self.open_port_list1:
# if i in self.port:
# self.port.remove(i)
# # print(port)
# for i in self.close_port_list1:
# if i in self.port:
# self.port.remove(i)
# print('[+]The filtered port:')
# if not self.port:
# print('None')
# # print(port)
# for p in self.port:
# print('--->'+str(p) + ' filtered')
# self.all_port.append(p)
# self.all_status.append('filtered')
def get_host_ip():
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(('8.8.8.8', 80))
ip = s.getsockname()[0]
finally:
s.close()
return ip
final_port = []
final_state = []
_ip = ip
# print(_ip)
# print(type(_ip))
port1 = []
try:
if len(port) == 1 and '-' in port[0]:
g = int(port[0][0:1])
c = int(port[0][2:]) + 1
for i in range(g, c):
port1.append(i)
elif port:
for i in port:
port1.append(int(i))
else:
port1 = [22, 80, 443, 445, 21, 23, 8080, 3389, 1433, 3306]
except:
pass
# print(port1)
# port1 = [22, 80, 443, 445, 21, 23, 8080, 3389, 1433, 3306]
local_ip = get_host_ip()
ipArray = []
open_port_list = []
close_port_list = []
portArray = [port1[i:i + 3] for i in range(0, len(port1), 3)]
# portArray = port1
# print(portArray)
port2 = []
for i in port1:
port2.append(str(i))
for i in _ip: # data processing
ipArray.extend([str(i) for i in netaddr.IPNetwork(i)])
# print(ipArray)
for i in ipArray: # send package
# print(i)
for j in portArray:
send(IP(dst=i) / TCP(dport=j, flags=2), verbose=False)
demo = receive_package(l_ip=local_ip,
d_ip=ipArray,
o_p_l=open_port_list,
c_p_l=close_port_list,
c_port=port2,
nameee=_ip)
demo.run()
demo.output()
final_port.extend(demo.all_port)
final_state.extend(demo.all_status)
_ip = '$' + str(_ip)
_ip = _ip.replace('/', '\\')
file_operation.file_operate(_ip, final_port, final_state, 'port')
def subdomain_scan(domainn):
domain = domainn
head = \
{
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7',
'Accept-Encoding': 'gzip, deflate, br'
}
lock = threading.Lock()
pattern = 'class="c-showurl" style="text-decoration:none;">(.*?)/ </a>'
page_judge = '<span class="pc">(.*?)<'
demo = 0
k = 0
kk = str(k)
url = "https://www.baidu.com/s?wd=site%3A{1}&pn={0}&oq=site%3A{2}&tn=monline_4_dg&ie=utf-8".format(
kk, domain, domain)
response = requests.get(url, headers=head).text
time.sleep(3)
subdomains = re.findall(page_judge, response)
# print(subdomains)
for i in subdomains:
if int(i) > int(demo):
demo = i
page_num = demo
# print(page_num)
def multiple_t(url):
global sites
response = requests.get(url, headers=head).text
# print(response)
# time.sleep(3)
subdomains = re.findall(pattern, response)
lock.acquire()
sites += (list(subdomains))
# print(sites)
lock.release()
sum_thread = []
for i in range(int(page_num)):
k = i * 10
kk = str(k)
url = "https://www.baidu.com/s?wd=site%3A{1}&pn={0}&oq=site%3A{2}&tn=monline_4_dg&ie=utf-8".format(
kk, domain, domain)
# time.sleep(3)
# print(url)
t = threading.Thread(target=multiple_t, args=(url, ))
t.start()
sum_thread.append(t)
for i in sum_thread:
i.join(10)
global sites
siteee = list(set(sites))
final_site = []
for i in siteee:
plain = re.sub(r'http://|https://', '', i)
plain = re.sub(r'com.*', 'com', plain)
final_site.append(plain)
print("The subdomain are :" + str(final_site))
ip = get_ip.getip(final_site)
file_operation.file_operate(domain, final_site, ip, 'domain')
def bruteforce(domain, position, thread_number):
domain = domain
domain_list = []
pwd = position
final_ip_list = []
final_name_list = []
thread = thread_number
lock = threading.Semaphore(thread)
thread_list = []
with open(pwd, 'r') as temporary_file:
for i in temporary_file:
i = i.strip()
i = i + '.' + domain
domain_list.append(i)
def run(i):
try:
temporary_ip_list = []
lock.acquire()
A = dns.resolver.query(i)
final_name_list.append(i)
for i in A.response.answer:
for j in i.items:
if j.rdtype == 1:
# print(j.address)
aaa = ' < ' + str(j.address) + ' > '
temporary_ip_list.append(aaa)
# print(len(temporary_ip_list))
if len(temporary_ip_list) != 1:
temporary_date = ','.join(temporary_ip_list)
# print(temporary_date)
# print(type(temporary_date))
else:
temporary_date = str(temporary_ip_list[0])
final_ip_list.append(temporary_date)
# print(final_ip_list)
# final_name_list.append(i)
# print(final_name_list)
lock.release()
except dns.resolver.NXDOMAIN:
pass
for i in domain_list:
# print(i)
t = threading.Thread(target=run, args=(i, ))
thread_list.append(t)
for i in thread_list:
try:
i.start()
except:
pass
for i in thread_list:
i.join()
for i in range(len(final_ip_list)):
print(str(final_name_list[i]) + ' <----->' + str(final_ip_list[i]))
file_operation.file_operate(domain, final_name_list, final_ip_list,
'brute')
# domain = 'baidu.com'
# pwd = str(os.getcwd())
# pwd = pwd + '/_dict/222.txt'
# thread_numb = 30
# bruteforce(domain, pwd, thread_numb)