def handle_fofa(query, limit, offset=0):
try:
msg = '[+] Trying to login with credentials in config file: {}.'.format(
paths.CONFIG_PATH)
colorprint.green(msg)
email = ConfigFileParser().fofa_email()
key = ConfigFileParser().fofa_key()
#print(key)
if check(email, key):
pass
else:
raise Exception(
"Automatic authorization failed") # will go to except block
except Exception as e:
logger.debug(e)
msg = '[*] Automatic authorization failed.'
colorprint.cyan(msg)
msg = '[*] Please input your FoFa Email and API Key below.'
colorprint.cyan(msg)
email = input("[*] Fofa Email: ").strip()
key = input('[*] Fofa API Key: ').strip()
if not check(email, key):
msg = '[-] Fofa API authorization failed, Please re-run it and enter a valid key.'
colorprint.red(msg)
sys.exit()
query = base64.b64encode(query.encode('utf-8')).decode('utf-8')
# count how many result to search
size = limit + offset
url = f"https://fofa.so/api/v1/search/all?email={email}&key={key}&qbase64={query}&size={size}"
try:
response = request.get(url).text
resp = json.loads(response)
if not resp["error"]:
for item in resp.get('results')[offset:]:
#print(type(item[0]))
if 'https:' not in item[0]:
try:
requests.get("http://" + item[0],
timeout=5,
verify=False)
conf.target.add("http://" + item[0])
print("http://" + item[0])
except:
pass
else:
try:
requests.get(item[0], timeout=5, verify=False)
conf.target.add(item[0])
print(item[0])
except:
pass
except Exception as e:
colorprint.red(e)
sys.exit()
def check(email, key): # verify email and key
if email and key:
auth_url = "https://fofa.so/api/v1/info/my?email={0}&key={1}".format(email, key)
try:
response = request.get(auth_url)
if response.status_code == 200:
return True
except Exception as e:
logger.debug(e)
return False
return False
def __ip_sin(self, domain):
ip = None
try:
subdomain, subject, suffix = tldextract.extract(domain)
#过滤掉非法域名
if not '*' in subdomain and len(subject) and cmp(subject, 'com') and len(suffix):
debMsg = '%s %s %s {%s}'%(subdomain, subject, suffix, domain)
logger.debug(debMsg)
ip = socket.getaddrinfo(domain,'http')[0][4][0]
except Exception,e:
errMsg = '%s {%s}'%(e, domain)
logger.error(errMsg)
def parser(self, current_level, current_url, html):
try:
#动态获取字符集
charset = chardet.detect(str(html))['encoding']
soup = BeautifulSoup(str(html).decode(charset, 'ignore'), 'html.parser')
for a in soup.find_all('a'):
try:
self.__push(current_level, current_url, a['href'])
except Exception,e:
logger.debug(str(e))
pass
except Exception,e:
logger.debug(str(e))
pass
def handle_fofa(query, limit, offset=0):
try:
msg = '[+] Trying to login with credentials in config file: {}.'.format(
paths.CONFIG_PATH)
colorprint.green(msg)
email = ConfigFileParser().fofa_email()
key = ConfigFileParser().fofa_key()
if check(email, key):
pass
else:
raise Exception(
"Automatic authorization failed") # will go to except block
except Exception as e:
logger.debug(e)
msg = '[*] Automatic authorization failed.'
colorprint.cyan(msg)
msg = '[*] Please input your FoFa Email and API Key below.'
colorprint.cyan(msg)
email = input("[*] Fofa Email: ").strip()
key = input('[*] Fofa API Key: ').strip()
if not check(email, key):
msg = '[-] Fofa API authorization failed, Please re-run it and enter a valid key.'
colorprint.red(msg)
sys.exit()
query = base64.b64encode(query.encode('utf-8')).decode('utf-8')
# count how many result to search
size = limit + offset
url = f"https://fofa.info/api/v1/search/all?email={email}&key={key}&qbase64={query}&size={size}&fields=host,ip,protocol,port"
try:
response = request.get(url).text
resp = json.loads(response)
if not resp["error"]:
for item in resp.get('results')[offset:]:
host = item[0]
protocol = item[2]
# 下面根据host,ip, protocal, port来组装,一般用host就够了,但是对于http/https还需要处理一下
if protocol == "https" or protocol == "http":
if not host.startswith("http"):
host = protocol + "://" + host
conf.target.add(host)
except Exception as e:
colorprint.red(e)
sys.exit()
def location(self, ip):
ret = {}
params = urllib.urlencode({'ip':ip,'datatype':'jsonp'})
headers = {'token':settings.token}
url = settings.ip_api + params
request = http.Request(headers, url)
request.timeout = 5
request.open()
result = eval(request.getHtml())
logger.debug(result)
if cmp(result['ret'],'ok') != -1:
#检测已知云平台
ret['cloud'] = ''
if yun_dict.has_key(result['data'][0]) and result['data'][3] in yun_dict[result['data'][0]]:
ret['cloud'] = result['data'][3]
#记录未知厂商
elif result['data'][3] not in base_operator:
logger.info(result)
ret['ip'] = result['ip']
ret['localtion'] = result['data']
return ret
else:
logger.warn(result['msg'])
class Network():
#批量获取域名ip
#ip数组的顺序和domain数组内的域名一一对应
#return {'ip': [ip,ip1,...]}
def __ip_bat(self, domain_arry):
index = 0
ip_arry = []
for domain in domain_arry:
try:
(proto, substr, domain, resources, suffix) = separate(domain)
ip = socket.getaddrinfo(domain,'http')[0][4][0]
ip_arry.append(ip)
except Exception,e:
ip_arry.append('')
errMsg = '%s {%s}'%(e, domain)
logger.error(errMsg)
index += 1
logger.debug(ip_arry)
return ip_arry
def result_handler(status, task):
pbar.update(th.tasks_num - th.tasks.qsize())
if not status or status is POC_RESULT_STATUS.FAIL:
logger.debug('not vuln: [{}] {}'.format(task['poc'].__name__,
task["target"]))
return
# try again
elif status is POC_RESULT_STATUS.RETRAY:
logger.debug('try again: [{}] {}'.format(task['poc'].__name__,
task["target"]))
change_scan_count(-1)
th.tasks.put(task)
return
# vulnerable
elif status is True or status is POC_RESULT_STATUS.SUCCESS:
logger.debug('vuln: [{}] {}'.format(task['poc'].__name__,
task["target"]))
msg = '[{}] {}'.format(task['poc'].__name__, task["target"])
if th.thread_mode: th.output_screen_lock.acquire()
colorprint.white(msg + " " * (th.console_width - len(msg)))
if th.thread_mode: th.output_screen_lock.release()
th.result.append(msg)
# If there is a lot of information, Line feed display
elif isinstance(status, list):
if th.thread_mode: th.output_screen_lock.acquire()
for _msg in status:
msg = '[{}] {}'.format(task['poc'].__name__, _msg)
colorprint.white(msg + " " * (th.console_width - len(msg)))
th.result.append(msg)
if th.thread_mode: th.output_screen_lock.release()
else:
msg = '[{}] {}'.format(task['poc'].__name__, str(status))
if th.thread_mode: th.output_screen_lock.acquire()
colorprint.white(msg + " " * (th.console_width - len(msg)))
if th.thread_mode: th.output_screen_lock.release()
th.result.append(msg)
# get found number of payload +1
change_found_count(1)
# save result to file and empty list
if th.result:
output2file(th.result)
th.result = []
def __push(self, current_level, current_url, url):
if url:
(full_url, proto, full_domain, domain, another) = self.__accept(current_url, url)
self.__createLevelKey(current_level)
if full_domain and not self.bloom.add(full_domain):
self.__host['full_domain'][current_level].append(full_domain)
self.__host['domain'].append(domain)
debMsg = '{%s} __pushed'%full_domain
logger.debug(debMsg)
#保存domain下的url链接
if full_url and not self.bloom.add(full_url):
self.__host['raw']['url'][current_level].append(full_url)
debMsg = '{%s} __pushed'%full_url
logger.debug(debMsg)
#保存非domain下的url链接
if another and not self.bloom.add(another):
self.__host['raw']['another'][current_level].append(another)
debMsg = '{%s} __pushed'%another
logger.debug(debMsg)
#将不完整url压入bloom
self.bloom.add(url)