def start(target): host = parse_ip(target) url = verify_https(target) if url: isopen = True else: isopen = False if isopen: data, apps = web_info(url) else: data = '' apps = {} if iscdn(host): open_port = ScanPort(url).pool() else: open_port = ['CDN:0'] Vuln(url, host, open_port, apps).run() if isopen: if CRAWL: crawl(url).pool() if SCANDIR: dirscan = DirScan('result', apps) dirscan.pool(url) if data: web_save(data)
def start(target, dbname='result'): if dbname != 'result': dbname = re.sub(r'.db', '', dbname) title = 'test' host = parse_ip(target) url = verify_https(target) if url: isopen = True else: isopen = False if isopen: data, apps, title = web_info(url) else: data = '' apps = {} if iscdn(host): open_port = ScanPort(url, dbname).pool() else: open_port = ['CDN:0'] # 调用POC Vuln(url, host, open_port, apps, dbname).run() if isopen: if CRAWL: Crawl(url, dbname).pool() if SCANDIR: dirscan = DirScan(dbname, apps, url, title) dirscan.pool() if data: web_save(data, dbname)
def web_info(url): host = parse_host(url) ipaddr = parse_ip(host) url = url.strip('/') address = geoip(ipaddr) wafresult = checkwaf(url) req = Requests() # noinspection PyBroadException try: r = req.get(url) coding = chardet.detect(r.content).get('encoding') r.encoding = coding webinfo = WebPage(r.url, r.text, r.headers).info() except Exception as e: logging.exception(e) webinfo = {} if webinfo: console('Webinfo', host, 'title: {}\n'.format(webinfo.get('title'))) console('Webinfo', host, 'Fingerprint: {}\n'.format(webinfo.get('apps'))) console('Webinfo', host, 'Server: {}\n'.format(webinfo.get('server'))) console('Webinfo', host, 'WAF: {}\n'.format(wafresult)) else: webinfo = {} wafresult = 'None' if iscdn(host): osname = osdetect(host) else: osname = None data = { host: { 'WAF': wafresult, 'Ipaddr': ipaddr, 'Address': address, 'Webinfo': webinfo, 'OS': osname, } } return data, webinfo.get('apps'), webinfo.get('title')
def web_info(url): host = parse_host(url) ipaddr = parse_ip(host) url = url.strip('/') address = geoip(ipaddr) wafresult = checkwaf(url) req = Requests() try: r = req.get(url) coding = chardet.detect(r.content).get('encoding') r.encoding = coding webinfo = WebPage(r.url, r.text, r.headers).info() except Exception as e: webinfo = {} if webinfo: console('Webinfo', host, 'Title: {}\n'.format(webinfo.get('title'))) console('Webinfo', host, 'Fingerprint: {}\n'.format(webinfo.get('apps'))) console('Webinfo', host, 'Server: {}\n'.format(webinfo.get('server'))) console('Webinfo', host, 'WAF: {}\n'.format(wafresult)) else: webinfo = {} wafresult = 'None' if iscdn(host): osname = osdetect(host) else: osname = None pdns = virustotal(host) reverseip = reverse_domain(host) webinfo.update({"pdns": pdns}) webinfo.update({"reverseip": reverseip}) data = { host: { 'WAF': wafresult, 'Ipaddr': ipaddr, 'Address': address, 'Webinfo': webinfo, 'OS': osname, } } return data, webinfo.get('apps')
def iscdn(host): result = True # noinspection PyBroadException try: if not re.search(r'\d+\.\d+\.\d+\.\d+', host): host = parse_ip(host) for cdn in cdns: if ipaddress.ip_address(host) in ipaddress.ip_network(cdn): result = False except Exception: pass # noinspection PyBroadException try: with geoip2.database.Reader('data/GeoLite2-ASN.mmdb') as reader: response = reader.asn(host) for i in ASNS: if response.autonomous_system_number == int(i): result = False except Exception: pass return result
def start(url): host = parse_host(url) ipaddr = parse_ip(host) url = url.strip('/') sys.stdout.write(bcolors.RED + '-' * 100 + '\n' + bcolors.ENDC) sys.stdout.write(bcolors.RED + 'Host: ' + host + '\n' + bcolors.ENDC) sys.stdout.write(bcolors.RED + '-' * 100 + '\n' + bcolors.ENDC) address = geoip(ipaddr) try: # 判断主域名是否开放 req = Requests() r = req.get(url) except Exception as e: pass if 'r' in locals().keys(): wafresult = checkwaf(host) try: coding = chardet.detect(r.content).get('encoding') r.encoding = coding webinfo = (WebPage(r.url, r.text, r.headers).info()) except Exception as e: webinfo = {} if webinfo: sys.stdout.write(bcolors.RED + "Webinfo:\n" + bcolors.ENDC) sys.stdout.write(bcolors.OKGREEN + '[+] Title: {}\n'.format(webinfo.get('title')) + bcolors.ENDC) sys.stdout.write( bcolors.OKGREEN + '[+] Fingerprint: {}\n'.format(webinfo.get('apps')) + bcolors.ENDC) sys.stdout.write(bcolors.OKGREEN + '[+] Server: {}\n'.format(webinfo.get('server')) + bcolors.ENDC) sys.stdout.write(bcolors.OKGREEN + '[+] WAF: {}\n'.format(wafresult) + bcolors.ENDC) else: webinfo = {} wafresult = 'None' pdns = virustotal(host) reverseip = reverse_domain(host) webinfo.update({"pdns": pdns}) webinfo.update({"reverseip": reverseip}) if iscdn(host): open_port = ScanPort(url).pool() else: open_port = ['CDN:0'] osname = osdetect(host) data = { host: { 'WAF': wafresult, 'Ipaddr': ipaddr, 'Address': address, 'Webinfo': webinfo, 'OS': osname, } } web_save(data) Vuln(host, open_port, webinfo.get('apps')).run() if 'r' in locals().keys() and not SCANDIR: dirscan = DirScan('result') dirscan.pool(url)