def search_api(search, page=50):
target_list = []
try:
if 'target_zoomeye' in conf.keys():
for type in ['host', 'web']:
for z in _zoomeye_api(search, page, type):
for url in z:
target_list.append(url)
elif 'target_shodan' in conf.keys():
for z in _shodan_api(search, page):
target_list.append(z)
elif 'target_fofa' in conf.keys():
for z in _fofa_api(search, page):
target_list.append(z)
elif 'target_fofa_today_poc' in conf.keys():
for z in _fofa_api_today_poc(page):
target_list.append(z)
elif 'target_google' in conf.keys():
for z in _google_api(search, page):
target_list.append(z)
except KeyboardInterrupt:
sys.exit(logger.error("Exit by user."))
if isinstance(target_list, tuple):
return target_list
return list(set(target_list))
def load_targets(self):
if 'info' in conf.keys():
if 'key' in conf.keys() and conf['key'] != None:
_fofa()
else:
sys.exit(logger.error('请输入fofa语法! -k XXX'))
else:
sys.exit(logger.error("Can't load any targets! Please check input." ))
def http_send(url,
params=None,
cookies=None,
data=None,
other_header=None):
headers = None
timeout = 10
# 设置requests的重试次数
requests.adapters.DEFAULT_RETRIES = RETRY_COUNT
if "headers" in conf.keys() and conf.headers:
headers = conf.headers
if "timeout" in conf.keys() and conf.timeout:
timeout = conf.timeout
if other_header is not None:
headers = dict(headers, **other_header)
# 防止requests的编码
try:
if not data:
# get method
req = requests.get(url,
params=params,
cookies=cookies,
headers=headers,
timeout=timeout,
data=data,
verify=False,
allow_redirects=False,
proxies=PROXIES)
else:
# post method
data = get_params_dict(data, sep="&")
req = requests.post(url,
params=params,
cookies=cookies,
headers=headers,
timeout=timeout,
data=data,
verify=False,
allow_redirects=False,
proxies=PROXIES)
req.encoding = "utf-8"
# 只对2xx的响应码进行判断
if 400 > req.status_code > 300 or req.status_code == 404:
return None
return req
except Exception, ex:
print "Request.http_send:%s" % ex
return None
def normal(args):
name = '123'
print(conf.keys())
init_options(args)
engine = Engine(name)
engine.load_targets()
def load_parameter(self):
if 'parameter' in conf.keys() and conf['parameter'] != None:
try:
datas = conf['parameter'].split('&')
dic = {}
for _data in datas:
_key, _value = _data.split('=')
dic[_key] = _value
self.parameter = dic
logger.sysinfo("Loading parameter: %s" % (conf['parameter']))
except:
msg = 'The parameter input error, please check your input e.g. -p "userlist=user.txt", and you should make sure the module\'s function need the parameter. '
sys.exit(logger.error(msg))
def set_default_headers():
"""
设置默认的HTTP包头
:return:
"""
if not conf.headers:
conf.headers["Accept-Language"] = "zh-CN,zh;q=0.8"
if "charset" in conf.keys() and conf.charset:
conf.headers["Accept-Encoding"] = "%s;q=0.7,*;q=0.1" % conf.charset
else:
conf.headers["Accept-Encoding"] = "utf-8;q=0.7,*;q=0.1"
conf.headers["Cache-control"] = "no-cache,no-store"
conf.headers["Pragma"] = "no-cache"
conf.headers["User-Agent"] = get_ua()
def set_default_headers(): """ 设置默认的HTTP包头 :return: """ if not conf.headers: conf.headers["Accept-Language"] = "zh-CN,zh;q=0.8" if "charset" in conf.keys() and conf.charset: conf.headers["Accept-Encoding"] = "%s;q=0.7,*;q=0.1" % conf.charset else: conf.headers["Accept-Encoding"] = "utf-8;q=0.7,*;q=0.1" conf.headers["Cache-control"] = "no-cache,no-store" conf.headers["Pragma"] = "no-cache" conf.headers["User-Agent"] = get_ua()
def _init_data(self, id, module, target):
data = {
"id": id,
"flag": -1,
'module_name': module.__name__,
'func_name': self.func_name,
'target_host': None,
'target_port': None,
'url': None,
'base_url': None,
"data": [],
"res": [],
"other": {},
}
if self.parameter != None:
for _key, _val in self.parameter.items():
if _key not in data.keys():
data[_key] = _val
else:
logger.warning(
"This parameter name has already been used: %s = %s" %
(_key, _val))
logger.warning(
"And using this parameter name will cause the original value to be overwritten."
)
if target.startswith('http://') or target.startswith('https://'):
data['url'] = target
protocol, s1 = urllib.parse.splittype(target)
host, s2 = urllib.parse.splithost(s1)
host, port = urllib.parse.splitport(host)
data['target_host'] = host
data[
'target_port'] = port if port != None and port != 0 else 443 if protocol == 'https' else 80
data['base_url'] = protocol + "://" + host + ":" + str(
data['target_port']) + '/'
else:
if ":" in target:
_v = target.split(':')
host, port = _v[0], _v[1]
data['target_host'] = host
else:
port = 0
data['target_host'] = target
data['target_port'] = conf[
'target_port'] if 'target_port' in conf.keys() else int(port)
return data
def http_send(url, params=None, cookies=None, data=None, other_header=None): headers = None timeout = 10 # 设置requests的重试次数 requests.adapters.DEFAULT_RETRIES = RETRY_COUNT if "headers" in conf.keys() and conf.headers: headers = conf.headers if "timeout" in conf.keys() and conf.timeout: timeout = conf.timeout if other_header is not None: headers = dict(headers, **other_header) # 防止requests的编码 try: if not data: # get method req = requests.get(url, params=params, cookies=cookies, headers=headers, timeout=timeout, data=data, verify=False, allow_redirects=False, proxies=PROXIES) else: # post method data = get_params_dict(data, sep="&") req = requests.post(url, params=params, cookies=cookies, headers=headers, timeout=timeout, data=data, verify=False, allow_redirects=False, proxies=PROXIES) req.encoding = "utf-8" # 只对2xx的响应码进行判断 if 400 > req.status_code > 300 or req.status_code == 404: return None return req except Exception, ex: print "Request.http_send:%s" % ex return None
def _parameter_register(self, input_parameter):
if input_parameter:
self.parameter = {}
if input_parameter != None:
if 'parameter' in conf.keys():
self.parameter = conf['parameter']
try:
datas = input_parameter.split('&')
for _data in datas:
_key, _value = _data.split('=')
self.parameter[_key] = _value
except:
msg = 'The parameter input error, please check your input e.g. -p "userlist=user.txt", and you should make sure the module\'s function need the parameter. '
sys.exit(logger.error(msg))
else:
self.parameter = {}
logger.sysinfo("Set parameter: %s" % str(input_parameter))
else:
self.parameter = {}
return self.parameter
def free_conf_memory():
for k in conf.keys():
conf[k] = None
def load_targets(self):
if 'target_simple' in conf.keys():
self._load_target(conf['target_simple'])
logger.sysinfo("Loading target: %s" % (conf['target_simple']))
elif 'target_file' in conf.keys():
for _line in open(conf['target_file'], 'r'):
line = _line.strip()
if line:
self._load_target(line)
logger.sysinfo("Loading target: %s" % (conf['target_file']))
elif 'target_nmap_xml' in conf.keys():
import xml.etree.ElementTree as ET
tree = ET.parse(conf['target_nmap_xml'])
root = tree.getroot()
for host in root.findall('host'):
host_id = host.find('address').get('addr')
# infoLit = []
for port in host.iter('port'):
port_id = port.attrib.get('portid')
port_protocol = port.attrib.get('protocol')
port_state = port.find('state').attrib.get('state')
try:
port_service = port.find('service').attrib.get('name')
except:
port_service = "None"
# infoDic = {"port": port_id, "status": port_state, "server": port_service, "other": port_protocol}
# infoLit.append(infoDic)
if port_state.lower() not in ['closed', 'filtered']:
self._load_target(host_id + ":" + port_id,
port_service)
# resDic = {"host": host_id, "info": infoLit}
# resLit.append(resDic)
logger.sysinfo("Loading target: %s" % (conf['target_nmap_xml']))
elif 'target_network' in conf.keys():
self._load_target(conf['target_network'])
logger.sysinfo("Loading target: %s" % (conf['target_network']))
elif 'target_task' in conf.keys():
hashdb = HashDB(os.path.join(paths.DATA_PATH, conf['target_task']))
hashdb.connect()
for _row in hashdb.select_all():
if _row[4] != None and _row[4] != '':
self._load_target(_row[4])
else:
self._load_target(_row[2] + ":" + _row[3])
logger.sysinfo("Loading target: %s" % (conf['target_task']))
elif 'target_search_engine' in conf.keys():
logger.sysinfo("Loading target by baidu/bing/360so: %s" %
(conf['target_search_engine']))
urls = search_engine(conf['target_search_engine'])
for _url in urls:
if _url:
self._load_target(_url)
elif 'target_zoomeye' in conf.keys():
logger.sysinfo("Loading target by zoomeye: %s" %
(conf['target_zoomeye']))
urls = search_api(conf['target_zoomeye'])
for _url in urls:
if _url:
self._load_target(_url)
elif 'target_shodan' in conf.keys():
logger.sysinfo("Loading target by shadon: %s" %
(conf['target_shodan']))
urls = search_api(conf['target_shodan'])
for _url in urls:
if _url:
self._load_target(_url)
elif 'target_fofa' in conf.keys():
logger.sysinfo("Loading target by fofa: %s" %
(conf['target_fofa']))
urls = search_api(conf['target_fofa'])
for _url in urls:
if _url:
self._load_target(_url)
elif 'target_fofa_today_poc' in conf.keys():
logger.sysinfo("Loading target by fofa today poc: %s" %
(conf['target_fofa_today_poc']))
obj = search_api(conf['target_fofa_today_poc'])
for _url, _server in obj:
if _url:
self._load_target(_url, _server)
elif 'target_google' in conf.keys():
logger.sysinfo("Loading target by google: %s" %
(conf['target_google']))
urls = search_api(conf['target_google'])
for _url in urls:
if _url:
self._load_target(_url)
elif 'target_github' in conf.keys():
logger.sysinfo("Loading target by github: %s" %
(conf['target_github']))
urls = search_api(conf['target_github'])
else:
sys.exit(
logger.error("Can't load any targets! Please check input."))
if len(self.targets) == 0:
sys.exit(
logger.error("Can't load any targets! Please check input."))
