class DomainScan(BaseScan): namelist = getfiles(settings.DATAPATH + '/subdomain.txt') def recv(self,domain): try: answers = self.resolvers.query(domain) except: answers = [] return answers def baiduce(self,target): try: res = requests.get('http://ce.baidu.com/index/getRelatedSites?site_address=%s'%target) res = json.loads(res.text) for subdomain in [v.get('domain') for v in res.get('data',[])]: for answer in self.recv(subdomain): self.result.add((subdomain,answer.address)) except:pass def brute(self,target): target = target.strip() for subdomain in self.namelist: subdomain = subdomain.strip() + '.' + target for answer in self.recv(subdomain): self.result.add((subdomain,answer.address)) def scan(self): h = self.target h = h if 'http' in h else 'http://%s'%h target = getdomain(h) self.resolvers = Resolver() self.answers = [] self.result = set() self.baiduce(target) self.brute(target) self.writehost([(h,80,1,'http','',d) for d,h in self.result])
def get_auth(self,pwds=None): '''获取项目用户名密码''' pwds = getfiles(settings.DATAPATH + '/pass.txt') MD = models.DictResult auths = set() #读取库中本项目的用户名和密码 userquery = MD.select().where((MD.projectid == self.Q.projectid)&(MD.dict_key == 'user')) pwdquery = MD.select().where((MD.projectid == self.Q.projectid)&(MD.dict_key == 'pwd')) for u in userquery: for p in pwdquery: auths.add((str(u.dict_value),str(p.dict_value))) #for u in userquery: # auths.add((str(u.dict_value),None)) for p in pwdquery: auths.add((None,str(p.dict_value))) if pwds:#本地密码 for pwd in pwds: auths.add((None,pwd)) return auths