async def check(url, cms_tuple, timeout): # MD5检测
global SESSION, NUM
if (len(SUCCESS) > 0):
return (False, tuple())
cms_name = cms_tuple[0]
cms_path = cms_tuple[1]
cms_match_pattern = cms_tuple[2]
cms_id = cms_tuple[3]
cms_hit = cms_tuple[4]
message_list = []
target_url = url + cms_path
if (VERBOSE is True):
message('#', 'target:%s' % target_url)
try:
req = SESSION.get(
target_url, headers=requests_headers(), timeout=timeout)
if (req.status_code == 200 and cms_match_pattern.lower() in req.text.lower()):
message_list.append(cms_name)
try:
CONN, CURSOR = connect()
update(CONN, CURSOR, cms_hit, cms_id) # hit++
close(CONN)
except Exception:
pass
return (True, tuple(message_list))
else:
return (False, tuple(message_list))
except Exception:
return (False, tuple(message_list))
finally:
NUM += 1
def run(url, cms_list, rule, request_dict, arg_dict, return_list=None):
global TOTAL, THREAD, VERBOSE, SILENCE, NUM, SUCCESS, RULE_NAME, REQUEST_DICT
# --------------------------------------------
SUCCESS = []
REQUEST_DICT = request_dict
THREAD = arg_dict['thread']
VERBOSE = arg_dict['verbose']
SILENCE = arg_dict['silence']
RULE_NAME = rule
unique_name = []
unique_list = []
other_list = []
new_cms_list = [list() for x in range(THREAD)]
now = time()
if (SILENCE is False):
message('#', 'Started CMS_%s' % rule.upper())
# --------------------------------------------
for each in cms_list: # 分开,不同CMS优先跑
if (each[0][0] not in unique_name):
unique_name.append(each[0][0])
unique_list.append(each)
else:
other_list.append(each)
it = 0
while(len(unique_list) > 0):
new_cms_list[it].append(unique_list.pop())
it += 1
if (it == THREAD):
it = 0
it = 0
while(len(other_list) > 0):
new_cms_list[it].append(other_list.pop())
it += 1
if (it == THREAD):
it = 0
# --------------------------------------------
try:
thread_list = []
for each_cms_list in new_cms_list:
t = Thread(target=thread_run, args=(url, each_cms_list))
t.setDaemon(True)
t.start()
thread_list.append(t)
for each_thread in thread_list:
t.join(2)
except KeyboardInterrupt:
if (VERBOSE is True and SILENCE is False):
message('!', 'Finished/Interrupt')
finally:
if (SILENCE is False):
message('#', 'Finished CMS_%s' % rule.upper())
if (VERBOSE is True and SILENCE is False):
message('#', '[%s] Total Time: %.2f' % (rule, time() - now))
# --------------------------------------------
if (return_list is not None):
return_list.extend(SUCCESS)
return SUCCESS
async def main(url, cms_list, loop): # 异步主函数
global SUCCESS, VERBOSE, SILENCE
task_list = []
for each_tuple in cms_list:
task_list.append(loop.create_task(check(url, each_tuple)))
for each_task in task_list:
try:
await asyncio.wait_for(each_task, timeout=2.0)
except asyncio.TimeoutError:
pass
for each_task in task_list: # 获取每个协程的返回
result = each_task.result()
if (result[0] is True): # 返回为真
message_tuple = result[1]
if (message_tuple[0] not in SUCCESS): # 去重
SUCCESS.append(message_tuple[0])
if (VERBOSE is True and SILENCE is False):
message('+', '%s' % (message_tuple[0]))
def run(url, cms_list):
global TOTAL, THREAD, VERBOSE, NUM, SUCCESS, SESSION
# --------------------------------------------
SUCCESS = []
SESSION = requests.Session()
TOTAL = len(cms_list)
timeout = get('timeout')
THREAD = get('thread')
VERBOSE = get('verbose')
unique_name = []
unique_list = []
other_list = []
new_cms_list = []
message('#', 'Started CMS_KEYWORD')
now = time()
for each in cms_list: # 分开,不同CMS优先跑
if (each[0][0] not in unique_name):
unique_name.append(each[0][0])
unique_list.append(each)
else:
other_list.append(each)
for x in range(THREAD):
new_cms_list.append(list())
it = 0
while(len(unique_list) > 0):
new_cms_list[it].append(unique_list.pop())
it += 1
if (it == THREAD):
it = 0
it = 0
while(len(other_list) > 0):
new_cms_list[it].append(other_list.pop())
it += 1
if (it == THREAD):
it = 0
# --------------------------------------------
try:
for each_cms_list in new_cms_list:
t = Thread(target=thread_run, args=(url, each_cms_list, timeout))
t.setDaemon(True)
t.start()
while (len(SUCCESS) == 0 and NUM < TOTAL):
print("[%s%s]%.2f%%" % ('>'*int(NUM*50//TOTAL), ' ' *
int(50-NUM*50//TOTAL), float(NUM)*100.0/TOTAL), end="\r")
sleep(0.2)
except KeyboardInterrupt:
if (VERBOSE is True):
message('!', 'Finished/Interrupt')
finally:
message('#', 'Finished CMS_KEYWORD')
if (VERBOSE is True):
message('#', '[%s] Total Time: %.2f' % (__name__, time() - now))
# --------------------------------------------
return SUCCESS
async def main(url, cms_list, loop, timeout, NUM, SUCCESS, SESSION): # 异步主函数
task_list = []
for each_tuple in cms_list:
task_list.append(loop.create_task(
check(url, each_tuple, timeout, NUM, SUCCESS, SESSION)))
for each_task in task_list:
await each_task
for each_task in task_list: # 获取每个协程的返回
result = each_task.result()
if (result[0] is True): # 返回为真
message_tuple = result[1]
if (message_tuple[0] not in SUCCESS): # 去重
SUCCESS.append(message_tuple[0])
print('')
message('+', '%s' % (message_tuple[0]))
try:
os.kill(signal.CTRL_C_EVENT, 0)
except Exception:
pass
async def main(url, cms_list, loop): # 异步主函数
global SUCCESS, ARG_DICT, HEADERS, INDEX
VERBOSE = ARG_DICT['verbose']
SILENCE = ARG_DICT['silence']
if (SILENCE is False):
message('#', 'Started FOFA_BANNER')
task_list = []
header = HEADERS
body = INDEX
title = get_title(body) # 获得标题信息
for each_tuple in cms_list:
task_list.append(
loop.create_task(check(url, each_tuple, header, body, title)))
for each_task in task_list:
await each_task
for each_task in task_list: # 获取每个任务的返回
result = each_task.result()
if (result[0] is True): # 返回为真
message_tuple = result[1]
for each in message_tuple[0]:
if (each not in SUCCESS):
SUCCESS.append(each)
if (SILENCE is False and VERBOSE is True):
message('+', '%s' % (each))
if (SILENCE is False):
message('#', 'Finished FOFA_BANNER')
async def main(url, cms_list, loop, timeout): # 异步主函数
global SUCCESS, VERBOSE
task_list = []
flag = False
for each_tuple in cms_list:
task_list.append(loop.create_task(check(url, each_tuple, timeout)))
for each_task in task_list:
await each_task
for each_task in task_list: # 获取每个协程的返回
result = each_task.result()
if (result[0] is True): # 返回为真
message_tuple = result[1]
if (message_tuple[0] not in SUCCESS): # 去重
SUCCESS.append(message_tuple[0])
if (VERBOSE is True):
print('')
message('+', '%s' % (message_tuple[0]))
try:
if (flag is False):
flag = True
os.kill(signal.CTRL_C_EVENT, 0)
except Exception:
pass
def select(sql):
global CURSOR
try:
CURSOR.execute(sql)
return CURSOR.fetchall()
except Exception:
return None
if (__name__ == '__main__'):
# --------------------------------------------
CONN, CURSOR = connect()
if (CONN is None and CURSOR is None):
message('-', ' Connect database failed')
exit(1)
# --------------------------------------------
parser = argparse.ArgumentParser(
description='Check CMS for website(s).', formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument(
'url', nargs='+', help='The website URL/ The URLs File')
parser.add_argument(
'--version', action='version', version='SoFinger Version: 0.1 Beta', help='Show version and exit')
parser.add_argument('--time', nargs='?', type=int,
default=3, const=1, help=' Timeout of requests')
parser.add_argument('--thread', nargs='?', type=int,
default=20, const=1, help=' Thread number for tasks')
parser.add_argument('--retry', nargs='?', type=int,
default=1, const=1, help='Maximum number of attempts per link')
def run(url, cms_list, timeout, thread, verbose):
global TOTAL, THREAD, VERBOSE, NUM, SUCCESS, MANAGER
# --------------------------------------------
SUCCESS = MANAGER.list([])
manager = Manager2()
SESSION = manager.session()
# SESSION = requests.Session()
SESSION.mount('http://', requests.adapters.HTTPAdapter(max_retries=3))
SESSION.mount('https://', requests.adapters.HTTPAdapter(max_retries=3))
TOTAL = len(cms_list)
THREAD = thread
VERBOSE = verbose
unique_name = []
unique_list = []
other_list = []
new_cms_list = []
message('#', 'Started CMS_MD5')
now = time()
for each in cms_list: # 分开,不同CMS优先跑
if (each[0][0] not in unique_name):
unique_name.append(each[0][0])
unique_list.append(each)
else:
other_list.append(each)
for x in range(THREAD):
new_cms_list.append(list())
it = 0
while(len(unique_list) > 0):
new_cms_list[it].append(unique_list.pop())
it += 1
if (it == THREAD):
it = 0
it = 0
while(len(other_list) > 0):
new_cms_list[it].append(other_list.pop())
it += 1
if (it == THREAD):
it = 0
# --------------------------------------------
PROGRESS = 6
POOL = multiprocessing.Pool(PROGRESS)
final_cms_list = []
for i in range(0, len(new_cms_list), PROGRESS): # 把new_cms_list分成6组
final_cms_list.append(new_cms_list[i:i+PROGRESS])
try:
for i in range(PROGRESS):
POOL.apply_async(progress_run, args=(
final_cms_list, url, timeout, NUM, SUCCESS, SESSION))
POOL.close()
while (len(SUCCESS) == 0 and NUM.value < TOTAL):
print("[%s%s]%.2f%%" % ('>'*int(NUM.value*50//TOTAL), ' ' *
int(50-NUM.value*50//TOTAL), float(NUM.value)*100.0/TOTAL), end="\r")
sleep(0.2)
except KeyboardInterrupt:
print('Finished/Interrupt')
finally:
POOL.terminate()
print('')
message('#', 'Finished CMS_MD5')
message('#', 'Total Time: %.2f' % (time() - now))
# --------------------------------------------
return SUCCESS