def init_spider(self): for k, v in self.hash_pycode_Lists.iteritems(): pluginObj = self._load_module(v) pluginObj.task_push = self.task_push pluginObj.curl = miniCurl.Curl() pluginObj.security_note = self._security_note pluginObj.security_info = self._security_info pluginObj.security_warning = self._security_warning pluginObj.security_hole = self._security_hole pluginObj.security_set = self._security_set pluginObj.debug = self._debug pluginObj.util = until pluginObj._G = self._TargetScanAnge pluginObj.hackhttp = hackhttp.hackhttp() pluginObj.ThreadPool = w8_threadpool try: pluginObj_tuple = pluginObj.assign("spider_file", "") if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组 pluginObj_tuple = pluginObj.assign("spider_end", "") if not isinstance(pluginObj_tuple, tuple): continue bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1] if bool_value: pconf = {} pconf["pluginObj"] = pluginObj pconf["service"] = "spider_file" w9_hash_pycode.setdefault(k, pconf) except Exception as err_info: raise ToolkitMissingPrivileges("load spider plugins error! " + err_info)
def load_modules(self,service,url): # 内部载入所有模块,并且判断服务名是否正确 for k, v in self.hash_pycode_Lists.iteritems(): pluginObj = self._load_module(v) pluginObj.task_push = self.task_push pluginObj.curl = miniCurl.Curl() pluginObj.security_note = self._security_note pluginObj.security_info = self._security_info pluginObj.security_warning = self._security_warning pluginObj.security_hole = self._security_hole pluginObj.debug = self._debug pluginObj.util = until pluginObj._G = self._TargetScanAnge pluginObj.hackhttp = hackhttp.hackhttp() pluginObj.ThreadPool = ThreadPool try: pluginObj_tuple = pluginObj.assign(service, url) if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组 continue bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1] if bool_value: threadConf = dict() threadConf["filename"] = k threadConf["service"] = service threadConf["agrs"] = agrs threadConf["pluginObj"] = pluginObj self.task_queue.put(threadConf) time.sleep(0.01) self._print( "[***] load plugin %s for service '%s'" % (threadConf["filename"], threadConf["service"])) except Exception as err_info: self._print("[!!!] load error:", service, k, err_info)
def createIssueForBlog(errMSG): """ Automatically create a blog comment with unhandled exception information """ hh = hackhttp.hackhttp() postData = "gid=213&pid=0&qqnum=&comname=w9scan+BugReporter&commail=buger%40hacking8.com&comurl=&private=on&comment=%5B%E7%A7%81%E5%AF%86%E8%AF%84%E8%AE%BA%5D%E6%8A%A5%E5%91%8Abug:" + errMSG code, head, body, redirect, log = hh.http('https://blog.hacking8.com/index.php?action=addcom', post=postData)
def createIssueForBlog(errMSG): """ Automatically create a blog comment with unhandled exception information """ hh = hackhttp.hackhttp() postData = "gid=213&pid=0&qqnum=&comname=w9scan+BugReporter&commail=buger%40hacking8.com&comurl=&private=on&comment=%5B%E7%A7%81%E5%AF%86%E8%AF%84%E8%AE%BA%5D%E6%8A%A5%E5%91%8Abug:" + errMSG code, head, body, redirect, log = hh.http( 'https://blog.hacking8.com/index.php?action=addcom', post=postData)
def load_modules(self, service, url): # 内部载入所有模块,并且判断服务名是否正确 for k, v in self.hash_pycode_Lists.iteritems(): try: pluginObj = self._load_module(v) for each in ESSENTIAL_MODULE_METHODS: if not hasattr(pluginObj, each): errorMsg = "Can't find essential method:'{}' in current script,Please modify your {}.".format( each, k) logger.error(errorMsg) continue pluginObj.task_push = self.task_push pluginObj.curl = miniCurl.Curl() pluginObj.security_note = self._security_note pluginObj.security_info = self._security_info pluginObj.security_warning = self._security_warning pluginObj.security_hole = self._security_hole pluginObj.security_set = self._security_set pluginObj.debug = self._debug pluginObj.util = until pluginObj._G = self._TargetScanAnge pluginObj.ThreadPool = Ajatar_threadpool if Ajconfig.TimeOut is None: Ajconfig.TimeOut = 10 if Ajconfig.Cookie is None: Ajconfig.Cookie = "" socket.setdefaulttimeout(Ajconfig.TimeOut) conpool = hackhttp.httpconpool(20, timeout=Ajconfig.TimeOut) pluginObj.hackhttp = hackhttp.hackhttp( conpool=conpool, cookie_str=Ajconfig.Cookie, user_agent=Ajconfig.UserAgent, headers=Ajconfig.headers) pluginObj_tuple = pluginObj.assign(service, url) if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组 continue bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1] if bool_value: threadConf = dict() threadConf["filename"] = k threadConf["service"] = service threadConf["agrs"] = agrs threadConf["pluginObj"] = pluginObj self._print( "load plugin %s for service '%s'" % (threadConf["filename"], threadConf["service"])) self.th.push(threadConf) except Exception as err_info: logger.error("load plugin error:%s service:%s filename:%s" % (err_info, service, k))
def load_modules(self, service, url): # 内部载入所有模块,并且判断服务名是否正确 for k, v in self.hash_pycode_Lists.iteritems(): try: pluginObj = self._load_module(v) pluginObj.task_push = self.task_push pluginObj.curl = miniCurl.Curl() pluginObj.security_note = self._security_note pluginObj.security_info = self._security_info pluginObj.security_warning = self._security_warning pluginObj.security_hole = self._security_hole pluginObj.security_set = self._security_set pluginObj.debug = self._debug pluginObj.util = until pluginObj._G = self._TargetScanAnge pluginObj.ThreadPool = w8_threadpool if w9config.TimeOut is None: w9config.TimeOut = 10 if w9config.Cookie is None: w9config.Cookie = "" socket.setdefaulttimeout(w9config.TimeOut) conpool = hackhttp.httpconpool(20, timeout=w9config.TimeOut) pluginObj.hackhttp = hackhttp.hackhttp( conpool=conpool, cookie_str=w9config.Cookie, user_agent=w9config.UserAgent, headers=w9config.headers) pluginObj_tuple = pluginObj.assign(service, url) if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组 continue bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1] if bool_value: threadConf = dict() threadConf["filename"] = k threadConf["service"] = service threadConf["agrs"] = agrs threadConf["pluginObj"] = pluginObj self._print( "load plugin %s for service '%s'" % (threadConf["filename"], threadConf["service"])) self.th.push(threadConf) except Exception as err_info: logger.error("load plugin error:%s service:%s filename:%s" % (err_info, service, k))
def init_spider(self): #items() 迭代器 k exp文件 v 代码 for k, v in self.hash_pycode_Lists.iteritems(): pluginObj = self._load_module(v) #动态加载代码 for each in ESSENTIAL_MODULE_METHODS: #bugcsan插件的两个主要函数 if not hasattr(pluginObj, each): errorMsg = "Can't find essential method:'{}' in current script,Please modify your {}.".format( each, k) logger.error(errorMsg) continue pluginObj.task_push = self.task_push pluginObj.curl = miniCurl.Curl() #bugscan 旧版http #Bugscan 漏洞等级 pluginObj.security_note = self._security_note pluginObj.security_info = self._security_info pluginObj.security_warning = self._security_warning pluginObj.security_hole = self._security_hole pluginObj.security_set = self._security_set pluginObj.debug = self._debug pluginObj.util = until pluginObj._G = self._TargetScanAnge #目标信息 pluginObj.hackhttp = hackhttp.hackhttp() #bugscan http pluginObj.ThreadPool = Ajatar_threadpool #线程池 try: #判断是否为爬虫插件 xss那些.. pluginObj_tuple = pluginObj.assign("spider_file", "") # if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组 pluginObj_tuple = pluginObj.assign("spider_end", "") if not isinstance(pluginObj_tuple, tuple): continue bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1] if bool_value: #爬虫插件返回True pconf = {} pconf["pluginObj"] = pluginObj #保存爬虫插件对象 pconf["service"] = "spider_file" Ajatar_hash_pycode.setdefault(k, pconf) #保存文件名,对象 except Exception as err_info: raise ToolkitMissingPrivileges("load spider plugins error! " + err_info)
def init_spider(self): for k, v in self.hash_pycode_Lists.iteritems(): pluginObj = self._load_module(v) for each in ESSENTIAL_MODULE_METHODS: if not hasattr(pluginObj, each): errorMsg = "Can't find essential method:'{}' in current script,Please modify your {}.".format( each, k) logger.error(errorMsg) continue pluginObj.task_push = self.task_push pluginObj.curl = miniCurl.Curl() pluginObj.security_note = self._security_note pluginObj.security_info = self._security_info pluginObj.security_warning = self._security_warning pluginObj.security_hole = self._security_hole pluginObj.security_set = self._security_set pluginObj.debug = self._debug pluginObj.util = until pluginObj._G = self._TargetScanAnge pluginObj.hackhttp = hackhttp.hackhttp() pluginObj.ThreadPool = w8_threadpool try: pluginObj_tuple = pluginObj.assign("spider_file", "") if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组 pluginObj_tuple = pluginObj.assign("spider_end", "") if not isinstance(pluginObj_tuple, tuple): continue bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1] if bool_value: pconf = {} pconf["pluginObj"] = pluginObj pconf["service"] = "spider_file" w9_hash_pycode.setdefault(k, pconf) except Exception as err_info: raise ToolkitMissingPrivileges("load spider plugins error! " + err_info)
# coding:utf-8 # 爬虫模块,如何调用相关爬虫模块? # 爬到的文件丢给任务'spider_file' 爬虫完丢给任务`spider_end` import urlparse import re from thirdparty import hackhttp from lib.core.data import w9_hash_pycode from lib.utils import until req = hackhttp.hackhttp() class UrlManager(object): def __init__(self): self.new_urls = set() self.old_urls = set() def add_new_url(self, url): if url not in self.new_urls and url not in self.old_urls: self.new_urls.add(url) def add_new_urls(self, urls): if urls is None or len(urls) == 0: return for url in urls: self.add_new_url(url) def has_new_url(self): return len(self.new_urls) != 0 def get_new_url(self):
from thirdparty import hackhttp import codecs import re except Exception,e: pass reload(sys) sys.setdefaultencoding('utf8') headers = { 'content-type': 'charset=utf-8', 'Accept-Encoding':'gzip, deflate', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', } hh = hackhttp.hackhttp(hackhttp.httpconpool(500)) mutex = Lock() def put_file_contents(filename,contents): with open(filename,"ab+") as fin: fin.write(contents+'\n') def get_file_content(filename): try: result = [] f = open(filename, "r") for line in f.readlines(): result.append(line.strip()) f.close()
#!/usr/bin/env python # -*- coding: utf-8 -*- # package for test from thirdparty import miniCurl from thirdparty import ThreadPool from thirdparty import hackhttp from lib.utils import until def security_hole(msg,k = ''): print k,msg def security_info(msg,k = ''): print k,msg def security_note(msg,k = ''): print k,msg ThreadPool = ThreadPool.w8_threadpool curl = miniCurl.Curl() hackhttp = hackhttp.hackhttp() util = until
#!/usr/bin/env python # -*- coding: utf-8 -*- # package for test from thirdparty import miniCurl from thirdparty import ThreadPool from thirdparty import hackhttp from lib.utils import until def security_hole(msg,k): print k,msg def security_info(msg,k): print k,msg def security_note(msg,k): print k,msg ThreadPool = ThreadPool.w8_threadpool curl = miniCurl.Curl() hackhttp = hackhttp.hackhttp() util = until
from thirdparty import hackhttp hh = hackhttp.hackhttp() url = "http://www.adfun.cn/" code, head, html, redirect_url, log = hh.http( url) #code, head, html, redirect_url, log = hh.http(url) print code, head, html, redirect_url, log