def AngelSwordMain(self): redispool.append("runlog", "正在使用碎遮内置POC进行{}漏洞检测!\n".format(self.url)) print("正在使用碎遮内置POC进行漏洞检测!") try: selfpocscan2.AngelSwordMain(self.url) except Exception as e: print(e) pass
def GetStatus(self): redispool.append("runlog", "正在获取{}网页状态码\n".format(self.url)) print("正在获取{}网页状态码".format(self.url)) try: return str(self.rep.status_code) except Exception as e: print(e) return "None"
def CScanConsole(self): redispool.append("runlog", "正在进行{}C段信息搜集!\n".format(self.ip)) print("正在进行C段信息搜集!") try: return get_message.CScanConsole(self.ip) except Exception as e: print(e) return "Unknow"
def GetSiteStation(self): redispool.append("runlog", "正在进行{}旁站查询 :)\n".format(self.domain)) print("正在进行旁站查询 :)") try: return get_message.GetSiteStation(self.domain) except Exception as e: print(e) return "None"
def GetRecordInfo(self): redispool.append("runlog", "正在获取{}域名的公开备案信息 :-)\n".format(self.domain)) print("正在获取域名的公开备案信息 :-)") try: return get_message.GetRecordInfo(self.domain) except Exception as e: print(e) return "None"
def GetWhoisMessage(self): redispool.append("runlog", "正在获取网站{}Whois信息!\n".format(self.domain)) print("正在获取网站Whois信息!") try: return get_message.GetWhois(self.TrueDomain) except Exception as e: print(e) return "None"
def GetBindingIP(self): redispool.append("runlog", "正在获取{}域名历史解析记录 :D\n".format(self.domain)) print("正在获取域名历史解析记录 :D") try: return get_message.GetBindingIP(self.domain) except Exception as e: print(e) return "None"
def GetBindingIP(self): redispool.append("runlog", "正在获取{}IP历史解析记录!\n".format(self.ip)) print("正在获取IP历史解析记录!") try: return get_message.GetBindingIP(self.ip) except Exception as e: print(e) return "None"
def FindIpAdd(self): redispool.append("runlog", "正在查找{}IP地址\n".format(self.ip)) print("正在查找IP地址查询") try: return get_message.FindIpAdd(self.ip) except Exception as e: print(e) return "None"
def SenDir(self): redispool.append("runlog", "正在进行{}敏感目录及文件探测!\n".format(self.url)) print("正在进行敏感目录及文件探测!") try: return get_message.SenFileScan(self.domain, self.url) except Exception as e: print(e) return "None"
def GetFinger(self): redispool.append("runlog", "正在获取{}网站指纹及技术!\n".format(self.url)) print("正在获取网站指纹及技术!") try: finger = WebPage(self.url, self.rep).info() return finger except Exception as e: print(e) return "Unknow"
def GetResponseHeader(self): redispool.append("runlog", "正在获取{}网页响应头!\n".format(self.url)) print("正在获取网页响应头!") context = "" try: for key, val in self.rep.headers.items(): context += (key + ": " + val + "\r\n") return context except Exception as e: print(e) return context
def GetTitle(self): redispool.append("runlog", "正在获取{}网页标题!\n".format(self.url)) print("正在获取网页标题!") if self.rep != None: try: title = re.findall('<title>(.*?)</title>', self.rep.text)[0] return title except Exception as e: print(e) return None return None
def FindDomainAdd(self): redispool.append("runlog", "正在获取{}域名映射的真实地址!\n".format(self.domain)) print("正在获取域名映射的真实地址!") if "/" in self.domain: host = self.domain.split("/")[0] else: host = self.domain try: return get_message.FindDomainAdd(host) except Exception as e: print(e) return "None"
def PortScan(self): redispool.append("runlog", "正在对{}目标进行端口扫描!\n".format(self.url)) print("正在对目标进行端口扫描!") if "/" in self.domain: host = self.domain.split("/")[0] else: host = self.domain print(host) try: return get_message.PortScan(host) except Exception as e: print(e) return "Unknow"
def GetSubDomain(self): redispool.append("runlog", "正在使用主动与被动方式获取{}目标子域名!\n".format(self.domain)) print("正在使用主动与被动方式获取目标子域名!") try: SubDomainBurst = get_message.SubDomainBurst( self.TrueDomain, self.redispool) SubDomainOnline = get_message.GetSubDomain(self.domain) SubDomain = SubDomainBurst + SubDomainOnline return SubDomain except Exception as e: print(e) return "None"
def WebLogicScan(self): redispool.append("runlog", "正在进行{}weblogic漏洞检测!\n".format(self.url)) print("正在进行weblogic漏洞检测!") try: results = WebLogicScan.run(self.domain) with app.app_context(): for result in results: vulnerable, bugurl, bugname, bugdetail = result if vulnerable: bug = BugList(oldurl=self.domain, bugurl=bugurl, bugname=bugname, buggrade=redispool.hget( 'bugtype', bugname), payload=bugurl, bugdetail=bugdetail) redispool.pfadd(redispool.hget('bugtype', bugname), bugurl) redispool.pfadd(bugname, bugurl) db.session.add(bug) db.session.commit() except Exception as e: print(e) pass
def SZheScan(url): try: #输入入口进行过滤 url, attackurl, rep = inputfilter(url) #若过滤后无url,即url无效或响应时间过长,退出对该url的扫描 if not url: print("Not Allow This URL") return redispool.hset("targetscan", "nowscan", attackurl) with app.app_context(): # 对该url基础信息进行搜集,实例化GetBaseMessage对象 baseinfo = GetBaseMessage(url, attackurl, rep) #正则表达式判断其为IP或是域名,并且实例化相应的深度信息搜集对象 pattern = re.compile('^\d+\.\d+\.\d+\.\d+(:(\d+))?$') #判断IP是否存在端口 if pattern.findall(url) and ":" in url: infourl = url.split(":")[0] else: infourl = url if pattern.findall(url): boolcheck = True ipinfo = IPMessage(infourl) else: boolcheck = False domaininfo = DomainMessage(url) info = BaseInfo(url=url, boolcheck=boolcheck, status=baseinfo.GetStatus(), title=baseinfo.GetTitle(), date=baseinfo.GetDate(), responseheader=baseinfo.GetResponseHeader(), Server=baseinfo.GetFinger(), portserver=baseinfo.PortScan(), sendir=baseinfo.SenDir()) db.session.add(info) db.session.flush() infoid = info.id db.session.commit() baseinfo.WebLogicScan() baseinfo.AngelSwordMain() if boolcheck: redispool.pfadd("ip", infourl) ipinfo = IPInfo(baseinfoid=infoid, bindingdomain=ipinfo.GetBindingIP(), sitestation=ipinfo.GetSiteStation(), CMessage=ipinfo.CScanConsole(), ipaddr=ipinfo.FindIpAdd()) db.session.add(ipinfo) else: redispool.pfadd("domain", infourl) domaininfo = DomainInfo( baseinfoid=infoid, subdomain=domaininfo.GetSubDomain(), whois=domaininfo.GetWhoisMessage(), bindingip=domaininfo.GetBindingIP(), sitestation=domaininfo.GetSiteStation(), recordinfo=domaininfo.GetRecordInfo(), domainaddr=domaininfo.FindDomainAdd()) db.session.add(domaininfo) db.session.commit() #默认url深度爬取为 2 ,避免大站链接过多,可在设置中进行修改 redispool.append("runlog", "对{}页面进行深度爬取\n".format(attackurl)) SpiderGetUrl2(attackurl, deepth=2) redispool.append("runlog", "对该网站{}爬取到的url进行常规漏扫 :D\n".format(attackurl)) print("对该网站爬取到的url进行常规漏扫 :D") BugScanConsole(url) count = redispool.hget('targetscan', 'waitcount') if 'str' in str(type(count)): waitcount = int(count) - 1 redispool.hset("targetscan", "waitcount", str(waitcount)) else: redispool.hset("targetscan", "waitcount", "0") redispool.hdel("targetscan", "nowscan") #漏洞列表中存在该url的漏洞,证明该url是受到影响的,将redis havebugpc受影响主机加一 firstbugurl = BugList.query.order_by( BugList.id.desc()).first().oldurl if firstbugurl == url: redispool.pfadd("havebugpc", url) redispool.append("runlog", "{} scan end !\n".format(url)) print("{} scan end !".format(url)) # print(redispool.get('runlog')) except Exception as e: print(e) pass
def GetDate(self): redispool.append("runlog", "正在获取{}系统当前时间!\n".format(self.url)) print("正在获取系统当前时间!") return str(time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))