Esempio n. 1
0
    def execution(self):        # 执行攻击
        try:
            if not self.file is None:       # 加载目标
                self.initislis_file()
            if not self.subdomains_queue is None:
                self.initialis_subdomain()
            if not self.target is None:
                self.initis()

            while not self.target_url.empty():
                target = self.target_url.get()      #
                # strike_pre = assault_pre()
                # strike_pre.payload_provide()

                while not target.empty():
                    original = target.get()
                    # url = regex.URL_PATH.sub("=", original)
                    """and self.filter_(url,self.requests_seen)"""

                    if self.domain in original:     # 目标属于传入的域名 baidu.com/a/b/text?a=2&b=21 属于 baidu.com
                        url, data = chambering(original,strike = False)
                        received_ = requester(url,data,GET = True,cookie = self.cookie,proxy = self.proxy)
                        if not received_ is None and received_.status_code == 403:  # 如果代理被ban则切换代理
                            if not self.proxy_queue is None and not self.proxy_queue.empty():
                                self.proxy = get_proxy(self.proxy_queue)
                        print(f"{blue_green}[+][{time}] Vulnerability scanning is being performed on {original}{end}")
                        if not received_ is None:
                            self.url_extrator(received_.text)   # 从这个域名中继续提取URL加入到目标中
                        else:
                            pass

                    if "=" in original:     # 如果有参数
                        url, data = chambering(original, strike=False)
                        strike_pre = assault_pre()      # 实例化payload预处理类
                        strike_pre.payload_provide()    # 加载payload
                        received = requester(url, data, GET=True,cookie = self.cookie,proxy = self.proxy)

                        for vul_type, category in strike_pre.get_payload_category().items():
                            for count in range(category[1].qsize()):    # category[1] 为payload队列
                                payload = category[0]()                 # category[0] 为遍历攻击队列的方法
                                url, data = chambering(original,strike = True,payload=payload,type = vul_type)

                                if vul_type in ["SQLi","XSS","file_inclusion","command_injection","ssrf"]:
                                    Poisoned = requester(url,data,GET = True,cookie = self.cookie,proxy = self.proxy)

                                    if not Poisoned is None and Poisoned.status_code < 400: # 如果攻击有响应
                                        if error_check(Poisoned.text):  # 如果页面存在
                                            if attack_check(received.text,Poisoned.text,vul_type,payload): # 如果页面不同
                                                message = vul_message(vul_type,original,payload)    # 输出攻击完成
                                                self.logger.critical(message)
                                        else:
                                            pass
                                    else:
                                        pass

        except Exception:
            pass
Esempio n. 2
0

if middleware:
    vulne = middleware_vulne(target,logger_type,middleware_type = middleware)
    vulne.analyse()


if proxy:
    proxies = Proxy(target,logger_type)
    proxy_queue = proxies.executor()



if waf:
    if proxy:
        proxy = get_proxy(proxy_queue)
        check_waf(target, logger_type, proxy = proxy)
    else:
        check_waf(target, logger_type)



module_attack = Attack(target,logger_type,cookie = cookies, subdomain_queue = subdomain_queue,proxy_queue = proxy_queue,file = file_)
execution = module_attack.execution
quicksliver(execution,threads)
print(f"{red}[!!][{time}] Vulnerability scan has finished !{end}")




Esempio n. 3
0
    def execution(self):
        try:
            if not self.file is None:
                self.initislis_file()
            if not self.subdomains_queue is None:
                self.initialis_subdomain()
            if not self.target is None:
                self.initis()

            while not self.target_url.empty():
                target = self.target_url.get()
                strike_pre = assault_pre()
                strike_pre.payload_provide()

                while not target.empty():
                    original = target.get()
                    # print(self.target_url.qsize())
                    # url = regex.URL_PATH.sub("=", original)
                    """and self.filter_(url,self.requests_seen)"""
                    # print("f*****g" + original)

                    if self.domain in original:
                        url, data = chambering(original, strike=False)
                        received_ = requester(url,
                                              data,
                                              GET=True,
                                              cookie=self.cookie,
                                              proxy=self.proxy)
                        if received_.status_code == 403:
                            if not self.proxy_queue is None and not self.proxy_queue.empty(
                            ):
                                self.proxy = get_proxy(self.proxy_queue)
                        print(
                            f"{blue_green}[+][{time}] Vulnerability scanning is being performed on {original}{end}"
                        )
                        if not received_ is None:
                            self.url_extrator(received_.text)
                        else:
                            pass

                    if "=" in original:
                        url, data = chambering(original, strike=False)
                        received = requester(url,
                                             data,
                                             GET=True,
                                             cookie=self.cookie,
                                             proxy=self.proxy)

                        for vul_type, category in strike_pre.get_payload_category(
                        ).items():
                            for count in range(category[1].qsize()):
                                payload = category[0]()
                                url, data = chambering(original,
                                                       strike=True,
                                                       payload=payload,
                                                       type=vul_type)

                                if vul_type in [
                                        "SQLi", "file_inclusion",
                                        "command_injection", "ssrf"
                                ]:
                                    Poisoned = requester(url,
                                                         data,
                                                         GET=True,
                                                         cookie=self.cookie,
                                                         proxy=self.proxy)
                                    code = Poisoned.status_code

                                    if not Poisoned is None and code < 400:
                                        if error_check(Poisoned):
                                            if receive_check(
                                                    received.text,
                                                    Poisoned.text, vul_type,
                                                    payload):
                                                message = vul_message(
                                                    vul_type, original,
                                                    payload)
                                                self.logger.critical(message)
                                        else:
                                            pass
                                    else:
                                        pass

        except Exception:
            pass