def main(conf_info):
#输出日志文件
logger = LogInfo('log/process.log')
logger.infostring('start nmap scan service...')
#导入masscan的结果
t_filename = conf_info["ip_file"]
t = conf_info["t"]
#调用函数提取masscan的内容
tiqu(t_filename)
queue = Queue()
#遍历目标调用多线程开始进行nmap扫描
for key in dict:
if len(dict[key]) < 50:
for i in dict[key]:
a = [key, i]
queue.put(a)
else:
print("IP:" + key + "存在防火墙,跳过扫描")
threads = []
thread_count = int(t)
for i in range(thread_count):
threads.append(Scan(queue))
for t in threads:
t.start()
for t in threads:
t.join()
logger.infostring('finsh nmap scan ...')
logger.infostring('start save result ...')
#保存结果
out()
logger.infostring('finsh save result ...')
#返回结果方便title识别调用
return result
def main(result, conf_info):
#输出日志文件
logger = LogInfo('log/process.log')
logger.infostring('start nmap scan service...')
#导入masscan的结果
t = conf_info["t"]
#调用函数提取masscan的内容
queue = Queue()
for i in result:
queue.put(i)
threads = []
thread_count = int(t)
for i in range(thread_count):
threads.append(Scan(queue))
for t in threads:
t.start()
for t in threads:
t.join()
logger.infostring('finsh nmap scan ...')
logger.infostring('start save result ...')
#保存结果
out()
logger.infostring('finsh save result ...')
#返回结果方便title识别调用
return result
def Title(result):
logger = LogInfo('log/process.log')
logger.infostring('start Title recognition ...')
#清理扫描结果
f1=open("out/http_result.txt","w")
f1.close()
final_domains=[]
urls=[]
#这里偷懒了 为了更准确的识别所有端口上的web服务,就没有判断端口服务
for i in result:
scan_url=i[0]
scan_port=i[1]
if "443" in scan_port:
url="https://"+scan_url+":"+scan_port
urls.append(url)
else:
url="http://"+scan_url+":"+scan_port
urls.append(url)
for i in urls:
try:
# print(i)
r = requests.get(i,timeout=3,verify=False)
#获取网站的页面编码
r_detectencode = chardet.detect(r.content)
actual_encode = r_detectencode['encoding']
response = re.findall(u'<title>(.*?)</title>',r.content.decode('utf-8'),re.S)
if response == []:
final_domains.append(i + "\n" )
# final_domains.append(i)
else:
#将页面解码为utf-8,获取中文标题
res = response[0]
banner = r.headers['server']
final_domains.append(i + '\t ' + banner + ' \t' + res.strip()+"\n")
print (i + '\t ' + banner + ' \t' + res.strip() )
except Exception as e:
# print(e)
pass
f1=open("out/http_result.txt","a+",encoding="utf8")
for i in final_domains:
f1.write(i)
f1.close()
logger.infostring('finsh Title recognition ...')
class Weakpass_Scan():
# 初始化扫描状态
def __init__(self):
self.target_file = 'out/result.txt'
self.user_file = "user.txt"
self.pass_file = "pass.txt"
self.infolist, self.weakpass_result = [], []
self.logger = LogInfo('log/process.log')
def brute(self, host, port, server):
supported = [
'asterisk', 'cisco', 'cisco-enable', 'ftp', 'ftps', 'http-proxy',
'imap', 'imaps', 'mssql', 'mysql', 'pcanywhere', 'vnc', 'pop3',
'pop3s', 'postgres', 'rdp', 'redis', 'rexec', 'rlogin', 'rsh',
'smb', 'smtp', 'smtps', 'smtp-enum', 'snmp', 'socks5', 'ssh',
'svn', 'teamspeak', 'telnet', 'telnets', 'vmauthd', 'vnc', 'xmpp'
]
server_only_pass = ['cisco', 'cisco-enable', 'redis']
if server not in supported:
return
# try:
print(host + ":" + port + ":" + server)
# arg = ['medusa', '-h', self.host, '-U', self.user_file, '-P', self.pass_file, '-M', self.server, '-t', '5','-n', self.port, '-F', '-e', 'ns'] if BURST_TOOLS == 'medusa' else ['hydra', '-L', self.user_file,'-P', self.pass_file,'-s', self.port, '-f',self.host,self.server]
arg = [
'hydra', '-L', self.user_file, '-P', self.pass_file, '-s', port,
'-f', host, server
] if server not in server_only_pass else [
'hydra', '-P', self.pass_file, '-s', port, '-f', host, server
]
p = subprocess.Popen(arg,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
bufsize=-1)
for line in iter(p.stdout.readline, b''):
if '[' + server + ']' in line.decode():
if server in server_only_pass:
password = line.split('password: '******'find weak pass host: %s, port: %s, server: %s, user: %s, password: %s'
% (host, port, server, "", password))
value = {
'host': host,
'port': port,
'server': server,
'user': "",
'password': password
}
self.weakpass_result.append(value)
# 解析hydra爆破成功结果
elif 'login:'******'login: '******' ')[0].strip()
password = line.split('password: '******'find weak pass host: %s, port: %s, server: %s, user: %s, password: %s'
% (host, port, server, user, password))
value = {
'host': host,
'port': port,
'server': server,
'user': user,
'password': password
}
self.weakpass_result.append(value)
# for line in iter(p.stdout.readline, b''):
# str='[' + server + ']'
# str1=str.encode()
# if str1 in line:
# if server in server_only_pass:
# password = line.split('password: '******'find weak pass host: %s, port: %s, server: %s, user: %s, password: %s' % (
# host, port, server, "", password))
# value = {'host': host, 'port': port, 'server': server, 'user': "", 'password': password}
# self.weakpass_result.append(value)
# # 解析hydra爆破成功结果
# elif 'login:'******'login: '******' ')[0].strip()
# password = line.split('password: '******'find weak pass host: %s, port: %s, server: %s, user: %s, password: %s' % (
# host, port, server, user, password))
# value = {'host': host, 'port': port, 'server': server, 'user': user, 'password': password}
# self.weakpass_result.append(value)
# except Exception as e:
# pass
def readInfo(self):
if os.path.exists(self.target_file):
# self.logger.infostring('read scan reasult to weak pass')
with open(self.target_file) as f:
for line in f:
if line.strip(): self.infolist.append(line.strip())
def callback(self):
if not os.path.exists('out'):
os.mkdir('out')
f = open('out/Weakpass.txt', 'w')
for weakpass in self.weakpass_result:
f.write(
'host: %s, port: %s, server: %s, user: %s, password: %s\n' %
(weakpass['host'], weakpass['server'], weakpass['port'],
weakpass['user'], weakpass['password']))
f.close()
def run(self):
self.logger.infostring('start weak pass thread')
self.readInfo()
self.logger.infostring('start weak pass scan...')
for info in self.infolist:
value = re.split('[:]', info)
self.brute(value[0], value[1], value[2])
self.callback()
self.logger.infostring('finsh weak pass scan.')
def __init__(self):
self.target_file = 'out/result.txt'
self.user_file = "user.txt"
self.pass_file = "pass.txt"
self.infolist, self.weakpass_result = [], []
self.logger = LogInfo('log/process.log')