def get_targets():
if conf.url:
segment = ipsegment(conf.url)
if segment:
for i in segment:
realman.queue.put(i)
realman.tlist.append(i)
else:
ConsoleLogger.Info(LOGGING_MESSAGE.GATHER_TYPE_URL)
realman.queue.put(conf.url)
realman.tlist.append(conf.url)
elif conf.list:
ConsoleLogger.Info(LOGGING_MESSAGE.GATHER_TYPE_LIST)
for i in open(conf.list, 'r').readlines():
realman.queue.put(i.strip('\n'))
realman.tlist.append(i.strip('\n'))
elif conf.baidu:
ConsoleLogger.Info(LOGGING_MESSAGE.GATHER_TYPE_BAIDU)
for i in baidu_search(conf.baidu, conf.limitnum):
realman.queue.put(i)
realman.tlist.append(i)
elif conf.zoomeye:
ConsoleLogger.Info(LOGGING_MESSAGE.GATHER_TYPE_ZOOMEYE)
for i in zoomeye_api(conf.zoomeye, conf.limitnum):
realman.queue.put(i)
realman.tlist.append(i)
elif conf.spider:
ConsoleLogger.Info(LOGGING_MESSAGE.GATHER_TYPE_SPIDER)
for i in urlspider(conf.spider, conf.deepth):
realman.queue.put(i)
realman.tlist.append(i)
def run(self):
ConsoleLogger.Info(
LOGGING_MESSAGE.SPIDER_SEED_URL.format(url=self.url))
test = Urlspider(self.url, self.deepth)
st = time.time()
if test.crawl_url():
while (self.deepth != 0):
ConsoleLogger.Info(
LOGGING_MESSAGE.SPIDER_DEEP_MESSAGE.format(
deepth=self.deepth))
test.uncrawl = test.uncrawl - test.crawled
url = []
for i in test.uncrawl:
if i:
url.append(i)
tasks = [asyncio.ensure_future(test.fetch(i)) for i in url]
loop = asyncio.get_event_loop()
loop.run_until_complete(asyncio.wait(tasks))
ConsoleLogger.Info(
LOGGING_MESSAGE.SPIDER_CRAWLED_NUMBER.format(
number=len(test.crawled)))
self.deepth = self.deepth - 1
end = time.time()
#test.show_crawled()
ConsoleLogger.Info(
LOGGING_MESSAGE.SPIDER_COST_TIME.format(seconds=(end - st)))
return test.crawled
else:
ConsoleLogger.Info(LOGGING_MESSAGE.SPIDER_IP_FORBIDDEN)
def load_payload():
ConsoleLogger.Warning(LOGGING_MESSAGE.LOADER_CMS_MESSAGE)
if conf.finger:
whatcms()
ConsoleLogger.Warning(LOGGING_MESSAGE.LOADER_GATHER_MESSAGE)
get_targets()
def load_module():
if conf.script:
script_name = 'script.' + conf.script
ConsoleLogger.Warning(
LOGGING_MESSAGE.LOADER_POC_MESSAGE.format(poc=conf.script))
realman.obj = importlib.import_module(script_name)
def isMatching(f_path, cms_name, sign, res, code, host, head):
ConsoleLogger.Info(LOGGING_MESSAGE.CMS_SCAN_RUNNING.format(cms=cms_name))
isMatch = False
if f_path.endswith(".gif"):
if sign:
isMatch = getMD5(res) == sign
else:
isMatch = res.startswith("GIF89a")
elif f_path.endswith(".png"):
if sign:
isMatch = getMD5(res) == sign
else:
isMatch = res.startswith("\x89PNG\x0d\x0a\x1a\x0a")
elif f_path.endswith(".jpg"):
if sign:
isMatch = getMD5(res) == sign
else:
isMatch = res.startswith("\xff\xd8\xff\xe0\x00\x10JFIF")
elif f_path.endswith(".ico"):
if sign:
isMatch = getMD5(res) == sign
else:
isMatch = res.startswith("\x00\x00\x00")
elif code == 200:
if sign and res.find(sign) != -1 or str(head).find(sign) != -1:
isMatch = True
elif sign and str(head).find(sign) != -1:
isMatch = True
if isMatch:
ConsoleLogger.Info(LOGGING_MESSAGE.CMS_SCAN_FOUND.format(url=host,cms=cms_name))
realman.timo.cms=cms_name
return True
return False
def run_by_thread(self):
import threading
from lib.core.threads import SpiderThread
ConsoleLogger.Info(
LOGGING_MESSAGE.SPIDER_SEED_URL.format(url=self.url))
test = Urlspider(self.url, self.deepth)
st = time.time()
if test.crawl_url():
while (self.deepth != 0):
ConsoleLogger.Info(
LOGGING_MESSAGE.SPIDER_DEEP_MESSAGE.format(
deepth=self.deepth))
test.uncrawl = test.uncrawl - test.crawled
uncrawled_queue = queue.Queue()
for i in test.uncrawl:
if i:
uncrawled_queue.put(i)
threads = []
threadLock = threading.Lock()
for i in range(int(conf.thread)):
thread1 = SpiderThread(uncrawled_queue, test, self.url,
threadLock)
thread1.start()
threads.append(thread1)
for t in threads:
t.join()
ConsoleLogger.Info(
LOGGING_MESSAGE.SPIDER_CRAWLED_NUMBER.format(
number=len(test.crawled)))
self.deepth = self.deepth - 1
end = time.time()
ConsoleLogger.Info(
LOGGING_MESSAGE.SPIDER_COST_TIME.format(seconds=(end - st)))
return self.crawled
else:
ConsoleLogger.Info(LOGGING_MESSAGE.SPIDER_IP_FORBIDDEN)
def scan():
if conf.mode=='eT':
ConsoleLogger.Warning(LOGGING_MESSAGE.RUNNING_MODE_ET)
ConsoleLogger.Warning(LOGGING_MESSAGE.THREAD_NUM.format(number=conf.thread))
threads=[]
threadLock = threading.Lock()
for i in range(int(conf.thread)):
thread1 = MyThread(realman,threadLock)
thread1.start()
threads.append(thread1)
for t in threads:
t.join()
elif conf.mode=='eP':
ConsoleLogger.Warning(LOGGING_MESSAGE.RUNNING_MODE_EP)
ConsoleLogger.Warning(LOGGING_MESSAGE.PROCESS_NUM.format(number=4))
manager=Manager()
list1=manager.list()
p = Pool(4)
for i in range(500):
if realman.queue.empty()==False:
item=realman.queue.get().strip("\n")
p.apply_async(processing_work,args=(list1,item))
else:
break
p.close()
p.join()
realman.exist.extend(list1)
elif conf.mode=='eC':
ConsoleLogger.Warning(LOGGING_MESSAGE.RUNNING_MODE_EC)
#定义一个新的request方法,根据参数值决定是同步还是异步请求方法
tasks=[asyncio.ensure_future(async_work(str(i))) for i in realman.tlist]
loop=asyncio.get_event_loop()
loop.run_until_complete(asyncio.wait(tasks))
loop.close()
else:
while realman.queue.empty()==False:
item=realman.queue.get()
if(realman.queue.qsize()):
break
if isinstance(item,str):
item=realman.queue.get().strip("\n")
if conf.script:
result=realman.obj.poc(item)
if result:
exist=AttribDict()
exist.url=item
exist.result=result
realman.exist.append(exist)
ConsoleLogger.Info(LOGGING_MESSAGE.END_SCAN_MESSAGE)
ConsoleLogger.Info(LOGGING_MESSAGE.OUTPUT_SCAN_MESSAGE)
output(realman,conf)
def banner():
logo = '''
// / / // ) ) || / | / /
// / / //___/ / || / | / /
// / / / __ ( || / /||/ /
// / / // ) ) ||/ / | / author: {0} version: {1}
((___/ / //____/ / | / | / update time: {2} scripts number: {3}
'''
update_time = '2019.05.23'
script_number = script_num()
author = 'LRX'
version = 'v1.0'
ConsoleLogger.Info(logo.format(author, version, update_time,
script_number))
def run(self):
while self.realman.queue.empty() == False:
lock_flag = 0 #锁状态,0为解锁,1为上锁
self.lock.acquire()
lock_flag = 1
try:
item = self.realman.queue.get()
self.lock.release()
lock_flag = 0
result = self.realman.obj.poc(item)
if result:
ConsoleLogger.Info(
LOGGING_MESSAGE.FOUND_MESSAGE.format(url=item))
self.lock.acquire()
lock_flag = 1
exist = AttribDict()
exist.url = item
exist.result = result
self.realman.exist.append(exist)
except Exception as e:
pass
finally:
if lock_flag == 1:
self.lock.release()
def whatcms():
if conf.url:
ConsoleLogger.Info(LOGGING_MESSAGE.CMS_SCAN_START.format(url=conf.url))
audit(conf.url,realman)
def run():
ConsoleLogger.Info(LOGGING_MESSAGE.START_SCAN_MESSAGE)
scan()