def query_db(self, hosts): result = [] error = False for i in hosts: try: domain = parse_host(i) cursor = self.conn.cursor() sql = "select 1 from webinfo where domain = '{}' limit 1".format(domain) cursor.execute(sql) values = cursor.fetchall() if not values: result.append(i) else: console('CheckDB', i, 'In the db file\n') # sys.stdout.write(Bcolors.OKGREEN + "{} In the db file\n".format(i) + Bcolors.ENDC) except sqlite3.OperationalError: return hosts except Exception as e: error = True logging.exception(e) self.commit() self.close() if error: return hosts else: return result
def __init__(self, url, host, ports, apps): host = parse_host(host) self.url = url self.ip = host self.apps = apps self.ports = ports self.out = []
def verify_https(url): # 验证域名是http或者https的 # 如果域名是302跳转 则获取跳转后的地址 req = Requests() # noinspection PyBroadException if '://' in url: try: r = req.get(url) return url except Exception as e: pass host = parse_host(url) url2 = parse.urlparse(url) if url2.netloc: url = url2.netloc elif url2.path: url = url2.path # noinspection PyBroadException try: r = req.get('https://' + url) getattr(r, 'status_code') console('Verify', host, 'https://' + url + '\n') return 'https://' + url except AttributeError: # noinspection PyBroadException try: req.get('http://' + url) console('Verify', host, 'http://' + url + '\n') return 'http://' + url except Exception: pass except Exception as e: logging.exception(e)
def get_list(ip, ports): result = [] if ('http:80' in ports and 'http:443' in ports) or ('http:80' in ports and 'https:443' in ports): ports.remove('http:80') for i in ports: server, port = i.split(':') server = server.lower() ip = parse_host(ip) if (server == 'http') and not (server == 'http' and port == '443'): url = server + '://' + ip + ':' + port if ':80' in url: url = re.sub(r':80$', '', url) result.append(url) if server == 'http' and port == '443': url = server + 's://' + ip + ':' + port url = re.sub(r':443', '', url) result.append(url) if server == 'https': url = server + '://' + ip + ':' + port url = re.sub(r':443$|:80$', '', url) result.append(url) return list(set(result))
def web_info(url): host = parse_host(url) ipaddr = parse_ip(host) url = url.strip('/') address = geoip(ipaddr) wafresult = checkwaf(url) req = Requests() # noinspection PyBroadException try: r = req.get(url) coding = chardet.detect(r.content).get('encoding') r.encoding = coding webinfo = WebPage(r.url, r.text, r.headers).info() except Exception as e: logging.exception(e) webinfo = {} if webinfo: console('Webinfo', host, 'title: {}\n'.format(webinfo.get('title'))) console('Webinfo', host, 'Fingerprint: {}\n'.format(webinfo.get('apps'))) console('Webinfo', host, 'Server: {}\n'.format(webinfo.get('server'))) console('Webinfo', host, 'WAF: {}\n'.format(wafresult)) else: webinfo = {} wafresult = 'None' if iscdn(host): osname = osdetect(host) else: osname = None data = { host: { 'WAF': wafresult, 'Ipaddr': ipaddr, 'Address': address, 'Webinfo': webinfo, 'OS': osname, } } return data, webinfo.get('apps'), webinfo.get('title')
def checkwaf(url): try: req = Requests() r = req.get(url) result = verify(r.headers, r.text[:10000]) if result == 'NoWAF': for i in payload: r = req.get(url + i) result = verify(r.headers, r.text[:10000]) if result != 'NoWAF': return result except UnboundLocalError: pass except Exception as e: logging.exception(e) host = parse_host(url) if not iscdn(host): return 'CDN IP' return 'NoWAF'
def web_info(url): host = parse_host(url) ipaddr = parse_ip(host) url = url.strip('/') address = geoip(ipaddr) wafresult = checkwaf(url) req = Requests() try: r = req.get(url) coding = chardet.detect(r.content).get('encoding') r.encoding = coding webinfo = WebPage(r.url, r.text, r.headers).info() except Exception as e: webinfo = {} if webinfo: console('Webinfo', host, 'Title: {}\n'.format(webinfo.get('title'))) console('Webinfo', host, 'Fingerprint: {}\n'.format(webinfo.get('apps'))) console('Webinfo', host, 'Server: {}\n'.format(webinfo.get('server'))) console('Webinfo', host, 'WAF: {}\n'.format(wafresult)) else: webinfo = {} wafresult = 'None' if iscdn(host): osname = osdetect(host) else: osname = None pdns = virustotal(host) reverseip = reverse_domain(host) webinfo.update({"pdns": pdns}) webinfo.update({"reverseip": reverseip}) data = { host: { 'WAF': wafresult, 'Ipaddr': ipaddr, 'Address': address, 'Webinfo': webinfo, 'OS': osname, } } return data, webinfo.get('apps')
def checkwaf(url): result = 'NoWAF' host = parse_host(url) if not iscdn(host): return 'CDN IP' try: req = Requests() r = req.get(url) result = verify(r.headers, r.text) if result == 'NoWAF': for i in payload: r = req.get(url + i) result = verify(r.headers, r.text) if result != 'NoWAF': return result else: return result except (UnboundLocalError, AttributeError): pass except Exception as e: logging.exception(e)
def start(url): host = parse_host(url) ipaddr = parse_ip(host) url = url.strip('/') sys.stdout.write(bcolors.RED + '-' * 100 + '\n' + bcolors.ENDC) sys.stdout.write(bcolors.RED + 'Host: ' + host + '\n' + bcolors.ENDC) sys.stdout.write(bcolors.RED + '-' * 100 + '\n' + bcolors.ENDC) address = geoip(ipaddr) try: # 判断主域名是否开放 req = Requests() r = req.get(url) except Exception as e: pass if 'r' in locals().keys(): wafresult = checkwaf(host) try: coding = chardet.detect(r.content).get('encoding') r.encoding = coding webinfo = (WebPage(r.url, r.text, r.headers).info()) except Exception as e: webinfo = {} if webinfo: sys.stdout.write(bcolors.RED + "Webinfo:\n" + bcolors.ENDC) sys.stdout.write(bcolors.OKGREEN + '[+] Title: {}\n'.format(webinfo.get('title')) + bcolors.ENDC) sys.stdout.write( bcolors.OKGREEN + '[+] Fingerprint: {}\n'.format(webinfo.get('apps')) + bcolors.ENDC) sys.stdout.write(bcolors.OKGREEN + '[+] Server: {}\n'.format(webinfo.get('server')) + bcolors.ENDC) sys.stdout.write(bcolors.OKGREEN + '[+] WAF: {}\n'.format(wafresult) + bcolors.ENDC) else: webinfo = {} wafresult = 'None' pdns = virustotal(host) reverseip = reverse_domain(host) webinfo.update({"pdns": pdns}) webinfo.update({"reverseip": reverseip}) if iscdn(host): open_port = ScanPort(url).pool() else: open_port = ['CDN:0'] osname = osdetect(host) data = { host: { 'WAF': wafresult, 'Ipaddr': ipaddr, 'Address': address, 'Webinfo': webinfo, 'OS': osname, } } web_save(data) Vuln(host, open_port, webinfo.get('apps')).run() if 'r' in locals().keys() and not SCANDIR: dirscan = DirScan('result') dirscan.pool(url)