def create_repoter(self): main_url = DatabaseType(self.projectTag).getURLfromDB() parse_url = urlparse(main_url) host = parse_url.netloc reportType = CommandLines().cmd().report reportTypes = reportType.split(',') if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes or "html" in reportTypes: self.log.info(Utils().tellTime() + Utils().getMyWord("{report_creat}")) if "html" in reportTypes: nameHtml = "reports" + os.sep + host + "-" + self.projectTag + ".html" if os.path.exists("reports" + os.sep + "res"): pass else: Utils().copyPath("doc" + os.sep + "template" + os.sep + "html" + os.sep + "res","reports") try: CreatHtml(self.projectTag,nameHtml).CreatMe() self.log.debug("html模板正常") except Exception as e: self.log.error("[Err] %s" % e) if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes: Docx_replace(self.projectTag).mainReplace() if "doc" in reportTypes: nameDoc = "reports" + os.sep + host + "-" + self.projectTag + ".docx" Docx_replace(self.projectTag).docMove(nameDoc) if "txt" in reportTypes: nameTxt = "reports" + os.sep + host + "-" + self.projectTag + ".txt" CreatTxt(self.projectTag,nameTxt).CreatMe() if "pdf" in reportTypes: namePdf = "reports" + os.sep + host + "-" + self.projectTag + ".pdf" CreatPdf(self.projectTag,namePdf).CreatMe() Docx_replace(self.projectTag).docDel() if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes or "html" in reportTypes: time.sleep(2) #waiting self.log.info(Utils().tellTime() + Utils().getMyWord("{report_fini}"))
def getBaseurl(self, filePath): baseURL = CommandLines().cmd().baseurl if baseURL == None: self.baseUrlPaths.append("/") # 加入一个默认的 with open(filePath, "r", encoding="utf-8",errors="ignore") as js_path: baseUrlStr = js_path.read() for baseurlRegx in self.baseUrlRegxs: baseurLists = re.findall(baseurlRegx, baseUrlStr) for baseurlPath in baseurLists: if baseurlPath != '' and '/' in baseurlPath and baseurlPath != "/" and len(baseurlPath) > 3 and len( baseurlPath) < 20: for apiExt in self.apiExts.split(","): if apiExt not in baseurlPath: flag = 1 else: flag = 0 break if flag: if baseurlPath[0] == "/": baseurlPath = baseurlPath[1:] if "?" in baseurlPath: baseurlPath = baseurlPath.split("?")[0] self.baseUrlPaths.append(baseurlPath) else: self.baseUrlPaths.append(baseurlPath) else: baseURLs = baseURL.split(',') self.baseUrlPaths = baseURLs
def dealJs(self, js_paths): # 生成js绝对路径 res = urlparse(self.url) # 处理url多余部分 if res.path == "": baseUrl = res.scheme + "://" + res.netloc + "/" else: baseUrl = res.scheme + "://" + res.netloc + res.path if res.path[-1:] != "/": # 文件夹没"/",若输入的是文件也会被加上,但是影响不大 baseUrl = baseUrl + "/" if self.url[-1:] != "/": # 有文件的url tmpPath = res.path.split('/') tmpPath = tmpPath[:] # 防止解析报错 del tmpPath[-1] baseUrl = res.scheme + "://" + res.netloc + "/".join(tmpPath) + "/" for jsPath in js_paths: # 路径处理多种情况./ ../ / http if jsPath[:2] == "./": jsPath = jsPath.replace("./", "") jsRealPath = baseUrl + jsPath self.jsRealPaths.append(jsRealPath) elif jsPath[:3] == "../": dirCount = jsPath.count('../') tmpCount = 1 jsPath = jsPath.replace("../", "") new_tmpPath = tmpPath[:] # 防止解析报错 while tmpCount <= dirCount: del new_tmpPath[-1] tmpCount = tmpCount + 1 baseUrl = res.scheme + "://" + res.netloc + "/".join( new_tmpPath) + "/" jsRealPath = baseUrl + jsPath self.jsRealPaths.append(jsRealPath) elif jsPath[:1] == "/": jsRealPath = res.scheme + "://" + res.netloc + jsPath self.jsRealPaths.append(jsRealPath) elif jsPath[:4] == "http": jsRealPath = jsPath self.jsRealPaths.append(jsRealPath) elif jsPath[:2] == "//": # 自适应域名js jsRealPath = res.scheme + ":" + jsPath self.jsRealPaths.append(jsRealPath) else: #jsRealPath = res.scheme + "://" + res.netloc + "/" + jsPath jsRealPath = baseUrl + jsPath #我感觉我原来的逻辑写错了 self.jsRealPaths.append(jsRealPath) self.log.info(Utils().tellTime() + Utils().getMyWord("{pares_js_fini_1}") + str(len(self.jsRealPaths)) + Utils().getMyWord("{pares_js_fini_2}")) domain = res.netloc if ":" in domain: domain = str(domain).replace(":", "_") DownloadJs(self.jsRealPaths, self.options).downloadJs(self.projectTag, domain, 0) extJS = CommandLines().cmd().js if extJS != None: extJSs = extJS.split(',') DownloadJs(extJSs, self.options).downloadJs(self.projectTag, res.netloc, 0)
def RandomBanner(): # BannerList = [Banner1,Banner2,Banner3,Banner4] if CommandLines().cmd().silent == None: print(Banner7) print("©2021 Poc-Sir、KpLi0rn、Liucy、RachesseHS、Lupin-III") print("Project Hub: https://github.com/rtcatc/Packer-Fuzzer") print(Utils().getMyWord("{xhlj}") + "\n")
def getMyWord(self, someWord): lang = CommandLines().cmd().language if lang: localLang = lang else: localLang = locale.getdefaultlocale()[0][0:2] try: myWord = readConfig.ReadConfig().getLang(localLang,someWord)[0] except: myWord = readConfig.ReadConfig().getLang('en',someWord)[0] #默认英语 return myWord
def set_logger(self): if not self.logger.handlers: self.fh = logging.FileHandler(self.log_name, "w", encoding="utf-8") self.fh.setLevel(logging.DEBUG) self.chd = logging.StreamHandler() if CommandLines().cmd().silent != None: self.chd.setLevel( logging.ERROR ) # 设置为notset,可以打印debug、info、warning、error、critical的日志级别 else: #静默模式不显示INFO self.chd.setLevel(logging.INFO) self.formatter = logging.Formatter( "[%(levelname)s]--%(asctime)s-%(filename)s->%(funcName)s line:%(lineno)d: %(message)s\n" ) self.formatter_info = logging.Formatter() self.chd.setFormatter(self.formatter_info) self.fh.setFormatter(self.formatter) self.logger.addHandler(self.fh) self.logger.addHandler(self.chd)
def baseUrlDevelop(self): # print(", ".join(output)) 要改进压缩在一起并输入在log内 if CommandLines().cmd().baseurl == None: if len(self.baseUrlPaths) > 3: if self.options.silent != None: self.baseUrlPaths = self.baseUrlPaths[:2] else: if len(self.baseUrlPaths) > 7: self.baseUrlPaths = self.baseUrlPaths[:7] creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{base_dir_list}")) print(", ".join(self.baseUrlPaths)) creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{api_top5_list}")) output = [] for api in self.apiPaths[:5]: if "§§§" in api: api = api.split("§§§")[0] output.append(api) else: output.append(api) print(", ".join(output)) baseurls = input("[!] " + Utils().getMyWord("{new_base_dir}")) if "," in baseurls: base = baseurls.split(",") else: base = baseurls self.baseUrlPaths.clear() #直接清除重置 for baseurl in base: if baseurl not in self.baseUrlPaths: self.baseUrlPaths.append(baseurl) elif len(self.baseUrlPaths) < 3: creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{base_dir_list}")) print(", ".join(self.baseUrlPaths)) creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{api_top5_list}")) output = [] for api in self.apiPaths[:5]: if "§§§" in api: api = api.split("§§§")[0] output.append(api) else: output.append(api) print(", ".join(output))
def docxReplace(self, document): cmd = CommandLines().cmd() ipAddr = testProxy(cmd,0) end_time = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) report_time = time.strftime("%Y-%m-%d %H:%M", time.localtime()) main_url = DatabaseType(self.projectTag).getURLfromDB() parse_url = urlparse(main_url) host = parse_url.netloc projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db" connect = sqlite3.connect(os.sep.join(projectDBPath.split('/'))) cursor = connect.cursor() connect.isolation_level = None sql = "select id from js_file" cursor.execute(sql) js_all_files = cursor.fetchall() js_num = len(js_all_files) sql = "select path from js_file" cursor.execute(sql) jsfilelist = cursor.fetchall() js_paths='' for js in jsfilelist: jspath = "◆ " + js[0] + "\n" js_paths = js_paths + jspath sql ="select id from api_tree where success = 1 or success = 2" cursor.execute(sql) api_list = cursor.fetchall() api_num = len(api_list) vuln_infos = Docx_replace(self.projectTag).vuln_judge() vuln_h_num = vuln_infos[1] vuln_m_num = vuln_infos[2] vuln_l_num = vuln_infos[3] vuln_num = vuln_h_num + vuln_m_num + vuln_l_num vuln_score = vuln_infos[0] if vuln_score >= 18: sec_lv = Utils().getMyWord("{risk_h}") elif vuln_score < 18 and vuln_score >= 10: sec_lv = Utils().getMyWord("{risk_m}") elif vuln_score < 10 and vuln_score >= 5: sec_lv = Utils().getMyWord("{risk_l}") else: sec_lv = Utils().getMyWord("{risk_n}") sql = "select vaule from info where name='time'" cursor.execute(sql) time_in_info = cursor.fetchone() timeArray = time.localtime(int(time_in_info[0])) start_time = time.strftime("%Y-%m-%d %H:%M:%S", timeArray) type = CommandLines().cmd().type if type == "simple": scan_type = Utils().getMyWord("{mode_simple}") else: scan_type = Utils().getMyWord("{mode_adv}") scan_min = int(end_time.split(":")[-2]) - int(start_time.split(":")[-2]) if int(scan_min) >= 1: end_time_one = int(end_time.split(":")[-1]) + int(scan_min) * 60 scan_time = int(end_time_one) - int(start_time.split(":")[-1]) else: scan_time = int(end_time.split(":")[-1]) - int(start_time.split(":")[-1]) vuln_list = '' sql = "select id from vuln where type='unAuth'" cursor.execute(sql) num_auth = cursor.fetchall() if len(num_auth) != 0: vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_unauth_num}") + str(len(num_auth)) + Utils().getMyWord("{ge}") + "\n" sql = "select id from vuln where type='CORS'" cursor.execute(sql) num_cors = cursor.fetchall() if len(num_cors) != 0: vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_cors_num}") + str(len(num_cors)) + Utils().getMyWord("{ge}") + "\n" sql = "select id from vuln where type='INFO'" cursor.execute(sql) num_info = cursor.fetchall() if len(num_info) != 0: vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_info_num}") + str(len(num_info)) + Utils().getMyWord("{ge}") + "\n" sql = "select id from vuln where type='passWord'" cursor.execute(sql) num_passWord = cursor.fetchall() if len(num_passWord) != 0: vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_passWord_num}") + str(len(num_passWord)) + Utils().getMyWord("{ge}") + "\n" sql = "select id from vuln where type='BAC'" cursor.execute(sql) num_BAC = cursor.fetchall() if len(num_BAC) != 0: vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_BAC_num}") + str(len(num_BAC)) + Utils().getMyWord("{ge}") + "\n" sql = "select id from vuln where type='upLoad'" cursor.execute(sql) num_upload = cursor.fetchall() if len(num_upload) != 0: vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_upload_num}") + str( len(num_upload)) + Utils().getMyWord( "{ge}") + "\n" sql = "select id from vuln where type='SQL'" cursor.execute(sql) num_sql = cursor.fetchall() if len(num_sql) != 0: vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_sql_num}") + str( len(num_sql)) + Utils().getMyWord( "{ge}") + "\n" cookies = CommandLines().cmd().cookie if cookies: extra_cookies = cookies else: extra_cookies = Utils().getMyWord("{no_extra_cookies}") head = CommandLines().cmd().head if head != "Cache-Control:no-cache": extra_head = head else: extra_head = Utils().getMyWord("{no_extra_head}") try: DICT = { "{report_number}": "PF-API-" + self.projectTag, "{report_date}": "%s" % (report_time), "{target_host}": "%s" % (host), "{target_url}": "%s" % (main_url), "{js_num}": "%s" % (js_num), "{start_time}": "%s" % (start_time), "{scan_time}" :"%s" % (scan_time), "{scan_type}": "%s" % (scan_type), "{api_num}": "%s" % (api_num), "{vuln_num}": "%s" % (vuln_num), "{vuln_h_num}": "%s" % (vuln_h_num), "{vuln_m_num}": "%s" % (vuln_m_num), "{vuln_l_num}": "%s" % (vuln_l_num), "{unauth_vuln}": "%s" % ("unauth_vuln"), "{vuln_list}": "%s" % (vuln_list), "{scan_ip}": "%s" % (ipAddr), "{extra_cookies}": "%s" % (extra_cookies), "{extra_head}": "%s" % (extra_head) } self.log.debug("word—report正常替换") except Exception as e: self.log.error("[Err] %s" % e) for table in document.tables: for row in range(len(table.rows)): for col in range(len(table.columns)): for key, value in DICT.items(): if key in table.cell(row, col).text: table.cell(row, col).text = table.cell(row, col).text.replace(key, value) for para in document.paragraphs: for i in range(len(para.runs)): for key, value in DICT.items(): if key in para.runs[i].text: para.runs[i].text = para.runs[i].text.replace(key, value) for para in document.paragraphs: for i in range(len(para.runs)): if "{js_list}" in para.runs[i].text: para.runs[i].text = para.runs[i].text.replace("{js_list}", "%s" % (js_paths)) para.runs[i].font.size = Pt(10) para.runs[i].font.name = "Arial" for para in document.paragraphs: for i in range(len(para.runs)): if "{end_time}" in para.runs[i].text: para.runs[i].text = para.runs[i].text.replace("{end_time}", "%s" % (end_time)) for para in document.paragraphs: for i in range(len(para.runs)): if "{sec_lv}" in para.runs[i].text: para.runs[i].text = para.runs[i].text.replace("{sec_lv}", "%s" % (sec_lv)) para.runs[i].font.size = Pt(14) if sec_lv == Utils().getMyWord("{risk_n}"): para.runs[i].font.color.rgb = RGBColor(139,137,137) elif sec_lv == Utils().getMyWord("{risk_l}"): para.runs[i].font.color.rgb = RGBColor(46, 139,87) elif sec_lv == Utils().getMyWord("{risk_m}"): para.runs[i].font.color.rgb = RGBColor(205, 55, 0) elif sec_lv == Utils().getMyWord("{risk_h}"): para.runs[i].font.color.rgb = RGBColor(238, 0, 0) try: Creat_vuln_detail(self.projectTag).creat_detail(document) self.log.debug("正确获取vuln_detail替换内容") except Exception as e: self.log.error("[Err] %s" % e) try: Creat_api(self.projectTag).creat_api(document) self.log.debug("正确获取api替换内容") except Exception as e: self.log.error("[Err] %s" % e) try: Creat_suggest(self.projectTag).creat_suggest(document) self.log.debug("正确获取suggest替换内容") except Exception as e: self.log.error("[Err] %s" % e) return document
# !/usr/bin/env python3 # -*- encoding: utf-8 -*- from lib.Controller import Project from lib.TestProxy import testProxy from lib.common.banner import RandomBanner from lib.common.cmdline import CommandLines from lib.common.readConfig import ReadConfig class Program(): def __init__(self, options): self.options = options def check(self): url = self.options.url t = Project(url, self.options) t.parseStart() if __name__ == '__main__': cmd = CommandLines().cmd() testProxy(cmd, 1) tt = Program(cmd) tt.check()