def save_report_thread(q_results, file): start_time = time.time() if args.md: a_template = template['markdown'] else: a_template = template['html'] t_general = Template(a_template['general']) t_host = Template(a_template['host']) t_list_item = Template(a_template['list_item']) output_file_suffix = a_template['suffix'] all_results = [] report_name = os.path.basename(file).lower().replace('.txt', '') \ + '_' + time.strftime('%Y%m%d_%H%M%S', time.localtime()) + output_file_suffix global STOP_ME try: while not STOP_ME: if q_results.qsize() == 0: time.sleep(0.1) continue html_doc = "" while q_results.qsize() > 0: all_results.append(q_results.get()) for item in all_results: host, results = item _str = "" for key in results.keys(): for _ in results[key]: _str += t_list_item.substitute( {'status': _['status'], 'url': _['url'], 'title': _['title']} ) _str = t_host.substitute({'host': host, 'list': _str}) html_doc += _str cost_time = time.time() - start_time cost_min = int(cost_time / 60) cost_seconds = '%.2f' % (cost_time % 60) html_doc = t_general.substitute( {'cost_min': cost_min, 'cost_seconds': cost_seconds, 'content': html_doc} ) with codecs.open('report/%s' % report_name, 'w', encoding='utf-8') as outFile: outFile.write(html_doc) if all_results: print '[%s] Scan report saved to report/%s' % (get_time(), report_name) if args.browser: webbrowser.open_new_tab(os.path.abspath('report/%s' % report_name)) else: lock.acquire() print '[%s] No vulnerabilities found on sites in %s.' % (get_time(), file) lock.release() except Exception, e: print '[save_report_thread Exception] %s %s' % (type(e), str(e)) sys.exit(-1)
def save_report_thread(q_results, file): start_time = time.time() t_html = Template(TEMPLATE_html) t_host = Template(TEMPLATE_host) t_normal = Template(TEMPLATE_list_item) all_results = [] report_name = os.path.basename(file).lower().replace('.txt', '') + '_' + \ time.strftime('%Y%m%d_%H%M%S', time.localtime()) + '.html' last_qsize = 0 global STOP_ME try: while not (STOP_ME and q_results.qsize() == 0): if q_results.qsize() == last_qsize: time.sleep(1.0) continue else: last_qsize = q_results.qsize() html_doc = "" while q_results.qsize() > 0: all_results.append(q_results.get()) for item in all_results: host, results = item _str = "" for key in results.keys(): for _ in results[key]: _str += t_normal.substitute({ 'status': _['status'], 'url': _['url'], 'title': _['title'] }) _str = t_host.substitute({'host': host, 'list': _str}) html_doc += _str if all_results: cost_time = time.time() - start_time cost_min = int(cost_time / 60) cost_seconds = '%.2f' % (cost_time % 60) html_doc = t_html.substitute({ 'cost_min': cost_min, 'cost_seconds': cost_seconds, 'content': html_doc }) with open('report/%s' % report_name, 'w') as outFile: outFile.write(html_doc) if all_results: print '[%s] Scan report saved to report/%s' % (get_time(), report_name) if args.browser: webbrowser.open_new_tab( os.path.abspath('report/%s' % report_name)) else: lock.acquire() print '[%s] No vulnerabilities found on sites in %s.' % ( get_time(), file) lock.release() except IOError, e: sys.exit(-1)
def save_report_thread(q_results, file): start_time = time.time() t_html = Template(TEMPLATE_html) t_host = Template(TEMPLATE_host) t_normal = Template(TEMPLATE_list_item) all_results = [] report_name = os.path.basename(file).lower().replace('.txt', '') + '_' + \ time.strftime('%Y%m%d_%H%M%S', time.localtime()) + '.html' last_qsize = 0 global STOP_ME try: while not (STOP_ME and q_results.qsize() == 0): if q_results.qsize() == last_qsize: time.sleep(1.0) continue else: last_qsize = q_results.qsize() html_doc = "" while q_results.qsize() > 0: all_results.append(q_results.get()) for item in all_results: host, results = item _str = "" for key in results.keys(): for _ in results[key]: _str += t_normal.substitute( {'status': _['status'], 'url': _['url']} ) _str = t_host.substitute({'host': host, 'list': _str}) html_doc += _str if all_results: cost_time = time.time() - start_time cost_min = int(cost_time / 60) cost_seconds = '%.2f' % (cost_time % 60) html_doc = t_html.substitute({'cost_min': cost_min, 'cost_seconds': cost_seconds, 'content': html_doc}) with open('report/%s' % report_name, 'w') as outFile: outFile.write(html_doc) if all_results: print '[%s] Scan report saved to report/%s' % (get_time(), report_name) if args.browser: webbrowser.open_new_tab(os.path.abspath('report/%s' % report_name)) else: lock.acquire() print '[%s] No vulnerabilities found on sites in %s.' % (get_time(), file) lock.release() except IOError, e: sys.exit(-1)
def is_port_open(self): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(4.0) default_port = 443 if self.schema.lower() == 'https' else 80 host, port = self.host.split(':') if self.host.find(':') > 0 else (self.host, default_port) if s.connect_ex((host, int(port))) == 0: print '[%s] Scan %s' % (get_time(), self.host) return True else: print '[%s] Fail to connect to %s' % (get_time(), self.host) return False s.close() except Exception, e: return False
def domain_lookup(): r = Resolver() r.timeout = r.lifetime = 8.0 while True: try: host = q_hosts.get(timeout=0.1) print "[%s] host=> %s" % ("domain_lookup", host) except: break _schema, _host, _path = parse_url(host) try: m = re.search('\d+\.\d+\.\d+\.\d+', _host.split(':')[0]) if m: q_targets.put({'file': '', 'url': host}) ips_to_scan.append(m.group(0)) else: answers = r.query(_host.split(':')[0]) if answers: q_targets.put({'file': '', 'url': host}) for _ in answers: ips_to_scan.append(_.address) except Exception, e: lock.acquire() print '[%s][Warning] Invalid domain:', (get_time(), host) lock.release()
def check_404(self): try: try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5.0) default_port = 443 if self.schema.lower() == 'https' else 80 host, port = self.host.split( ':') if self.host.find(':') > 0 else (self.host, default_port) if s.connect_ex((host, int(port))) == 0: s.close() self._404_status, headers, html_doc = \ self._http_request('/bbscan_wants__your_response.php') else: self._404_status, headers, html_doc = -1, {}, '' except: self._404_status, headers, html_doc = -1, {}, '' finally: s.close() if self._404_status == -1: print '[%s] [ERROR] Fail to connect to %s' % (get_time(), self.host) self.has_404 = (self._404_status == 404) if not self.has_404: self.len_404_doc = len(html_doc) return self.has_404 except Exception, e: logging.error("[Check_404] Exception %s" % e)
def upload_movie(recv_dic,conn): # 电影是已经纯在的 直接上他 file_name = common.get_session() + recv_dic['movie_name'] file_size = recv_dic['file_size'] path = os.path.join(setttings.UPLOAD_MOVIE_PATH,file_name) movie_obj = models.Movie(name=file_name, path=path, is_free=recv_dic['is_free'], file_md5=recv_dic['file_md5'], is_delete=0, upload_time=common.get_time(), user_id=recv_dic['user_id']) # 写文键 recv_size= 0 with open(path,'wb')as f: while recv_size<file_size: data = conn.recv(1024) f.write(data) recv_size += len(data) print('下载成功') send_dic = {"flag":True,'msg':'上传成功'} movie_obj.save() common.send_msg(send_dic,conn)
def check_404(self): try: try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5.0) default_port = 443 if self.schema.lower() == 'https' else 80 host, port = self.host.split(':') if self.host.find(':') > 0 else (self.host, default_port) if s.connect_ex((host, int(port))) == 0: s.close() self._404_status, headers, html_doc = \ self._http_request('/bbscan_wants__your_response.php') else: self._404_status, headers, html_doc = -1, {}, '' except: self._404_status, headers, html_doc = -1, {}, '' finally: s.close() if self._404_status == -1: print '[%s] [ERROR] Fail to connect to %s' % (get_time(), self.host) self.has_404 = (self._404_status == 404) if not self.has_404: self.len_404_doc = len(html_doc) return self.has_404 except Exception, e: logging.error("[Check_404] Exception %s" % e)
def batch_scan(q_targets, q_results, lock, args): s = InfoDisScanner(args.timeout*60, args=args) while True: try: target = q_targets.get(timeout=0.1) except: break _url = target['url'] _file = target['file'] #lock.acquire() print '[%s] Scan %s' % (get_time(), _url if _url else os.path.basename(_file).rstrip('.log') ) #lock.release() if _url: s.init_from_url(_url) else: if os.path.getsize(_file) > 0: s.init_from_file(_file) if s.host == '': continue else: continue host, results = s.scan(threads=args.t) if results: q_results.put( (host, results) ) for key in results.keys(): for url in results[key]: print '[+] [%s] %s' % (url['status'], url['url'])
def download_movie_interface(client_back_dic, conn): movie_id = client_back_dic.get('movie_id') movie_name = client_back_dic.get('movie_name') movie_type = client_back_dic.get('movie_type') user_id = client_back_dic.get('user_id') # movie_obj = models.Movie.select(id=movie_id)[0] # movie_path = movie_obj.path movie_path = os.path.join(settings.DOWNLOAD_PATH, movie_name) movie_size = os.path.getsize(movie_path) send_dic = {'flag': True, 'msg': '准备下载', 'movie_size': movie_size} user_obj = models.User.select(id=user_id)[0] if movie_type == '免费': wait_time = 0 if not user_obj.is_vip: wait_time = 20 send_dic['wait_time'] = wait_time print(send_dic) common.send_data(send_dic, conn, movie_path) obj = models.DownloadRecord(user_id=user_id, movie_id=movie_id, download_time=common.get_time()) obj.save()
def domain_lookup(q_targets, q_hosts, lock, ips_to_scan): r = Resolver() r.timeout = r.lifetime = 8.0 while True: try: host = q_hosts.get(timeout=0.1) except: break _schema, _host, _path = parse_url(host) #print "_schema:{0}\t_host:{1}\t_path:{2}".format(_schema, _host, _path) #print _host.split(":")[0] try: m = re.search('\d+\.\d+\.\d+\.\d+', _host.split(':')[0]) if m: q_targets.put({'file': '', 'url': host}) ips_to_scan.append(m.group(0)) #print "in try->if" else: # 无论查不查的到都将这个url放在target中 q_targets.put({'file': '', 'url': host}) answers = r.query(_host.split(':')[0]) if answers: for _ in answers: ips_to_scan.append(_.address) except Exception, e: lock.acquire() print '[%s][Warning] Invalid domain: [%s]' % (get_time(), host) print str(e) lock.release()
def batch_scan(q_targets, q_results, lock, args): s = InfoDisScanner(args.timeout * 60, args=args) while True: try: target = q_targets.get(timeout=0.1) except: break _url = target['url'] _file = target['file'] #lock.acquire() print '[%s] Scan %s' % (get_time(), _url if _url else os.path.basename(_file).rstrip('.log')) #lock.release() if _url: s.init_from_url(_url) else: if os.path.getsize(_file) > 0: s.init_from_file(_file) if s.host == '': continue else: continue host, results = s.scan(threads=args.t) if results: q_results.put((host, results)) for key in results.keys(): for url in results[key]: print '[+] [%s] %s' % (url['status'], url['url'])
def register_interface(client_back_dic, conn): # 写业务逻辑 # 1.判断用户名是否存在 username = client_back_dic.get('username') # 通过用户名当作条件查询 user_obj_list = models.User.select(name=username) # 若存在,给客户端返回数据, 告诉用户,用户已存在! if user_obj_list: send_dic = {'flag': False, 'msg': '用户已存在!'} # 若不存在,保存数据到MySQL数据库中, 返回注册成功给客户端 else: password = client_back_dic.get('password') user_obj = models.User( name=username, # pwd, is_vip, is_locked, user_type, register_time pwd=common.get_md5_pwd(password), is_vip=0, # 0表示不是VIP, 1表示VIP is_locked=0, # 0表示不锁定, 1表示锁定 user_type=client_back_dic.get('user_type'), register_time=common.get_time()) user_obj.save() send_dic = {'flag': True, 'msg': '注册成功'} common.send_data(send_dic, conn)
def upload_movie_interface(client_back_dic, conn): print('炮王来交货啦!') # 确保电影名称是唯一的 随机字符串 + 电影名称 movie_name = common.get_random_code() + client_back_dic.get('movie_name') # .mp4 movie_size = client_back_dic.get('file_size') movie_path = os.path.join( settings.DOWNLOAD_PATH, movie_name ) # 1.接受上传的电影 data_recv = 0 with open(movie_path, 'wb') as f: while data_recv < movie_size: data = conn.recv(1024) f.write(data) data_recv += len(data) # 2.把电影数据保存到mysql中 movie_obj = models.Movie( name=movie_name, file_md5=client_back_dic.get('file_md5'), is_free=client_back_dic.get('is_free'), is_delete=0, path=movie_path, user_id=client_back_dic.get('user_id'), upload_time=common.get_time() ) movie_obj.save() send_dic = { 'flag': True, 'msg': f'{client_back_dic.get("movie_name")}电影上传成功!' } common.send_data(send_dic, conn)
def is_port_open(self): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5.0) default_port = 443 if self.schema.lower() == 'https' else 80 host, port = self.host.split(':') if self.host.find(':') > 0 else (self.host, default_port) if s.connect_ex((host, int(port))) == 0: print '[%s] Scan %s' % (get_time(), self.host) return True else: print '[%s] [ERROR] Fail to connect to %s' % (get_time(), self.host) return False except Exception as e: return False finally: s.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0)) s.close()
def prep_time(): if tree is None: raise Exception("parsing.set() a doc first") try: time_str = ' '.join(tree.find(id='liPrep').text.split()[1:]) return common.get_time(time_str.strip()) except AttributeError: return 0
def release_notice(recv_dic,conn): # 直接发布公告 # 哪个管理员发的记录user_id notice_obj = models.Notice(title=recv_dic['title'], content=recv_dic['content'], user_id=recv_dic['user_id'], create_time=common.get_time() ) notice_obj.save() send_dic = {'flag': True, 'msg': '发布公告成功'} common.send_msg(send_dic, conn)
def put_notice_interface(client_back_dic, conn): title = client_back_dic.get('title') content = client_back_dic.get('content') user_id = client_back_dic.get('user_id') notice_obj = models.Notice(title=title, content=content, user_id=user_id, create_time=common.get_time()) notice_obj.save() send_dic = { 'msg': '公告发布成功!' } common.send_data(send_dic, conn)
def init_final(self): self.max_depth = self._cal_depth(self.path)[1] + 3 # max depth to scan if self.args.no_check404: self._404_status = 404 self.has_404 = True else: self.check_404() # check existence of HTTP 404 if self._404_status == -1: return if not self.has_404: print '[%s] [Warning] %s has no HTTP 404.' % (get_time(), self.host) _path, _depth = self._cal_depth(self.path) self._enqueue('/') self._enqueue(_path) if not self.args.no_crawl and not self.file: self.crawl_index(_path)
def register(recv_dic, conn): user_list = models.User.select(name=recv_dic['name']) if not user_list: # 注册 user_obj = models.User(name=recv_dic['name'], password=recv_dic['password'], is_vip=0, is_locked=0, user_type=recv_dic['user_type'], register_time=common.get_time()) user_obj.save() send_dic = {'flag': True, 'msg': '注册成功'} else: send_dic = {'flag': False, 'msg': '用户名已存在'} common.send_msg(send_dic, conn)
def init_final(self): if not self.is_port_open(): return self.base_url = '%s://%s' % (self.schema, self.host) self.max_depth = self._cal_depth(self.path)[1] + 5 if self.args.no_check404: self._404_status = 404 self.has_404 = True else: self.check_404() # check existence of HTTP 404 if not self.has_404: print '[%s] [Warning] %s has no HTTP 404.' % (get_time(), self.host) _path, _depth = self._cal_depth(self.path) # self._enqueue('/') self._enqueue(_path) if not self.args.no_crawl and not self.log_file: self.crawl_index(_path)
def init_final(self): if not self.is_port_open(): return self.base_url = '%s://%s' % (self.schema, self.host) self.max_depth = self._cal_depth(self.path)[1] + 5 self.session = requests.session() if self.args.no_check404: self._404_status = 404 self.has_404 = True else: self.check_404() # check existence of HTTP 404 if not self.has_404: print '[%s] [Warning] %s has no HTTP 404.' % (get_time(), self.host) _path, _depth = self._cal_depth(self.path) self._enqueue('/') self._enqueue(_path) if not self.args.no_crawl and not self.log_file: self.crawl_index(_path)
def upload_movie(user_dic, conn): recv_size = 0 print('----->', user_dic['file_name']) file_name = common.get_time() + user_dic['file_name'] path = os.path.join(setting.BASE_MOVIE_LIST, file_name) with open(path, 'wb') as f: while recv_size < user_dic['file_size']: recv_data = conn.recv(1024) f.write(recv_data) recv_size += len(recv_data) # print('recvsize:%s filesize:%s' % (recv_size, user_dic['file_size'])) print('%s :上传成功' % file_name) movie = models.Movie(name=file_name, path=path, is_free=user_dic['is_free'], user_id=user_dic['user_id'], file_md5=user_dic['file_md5']) movie.save() back_dic = {'flag': True, 'msg': '上传成功'} return back_dic
def domain_lookup(): r = Resolver() r.timeout = r.lifetime = 8.0 while True: try: host = q_hosts.get(timeout=0.1) except: break _schema, _host, _path = parse_url(host) try: m = re.search('\d+\.\d+\.\d+\.\d+', _host.split(':')[0]) if m: q_targets.put({'file': '', 'url': host}) ips_to_scan.append(m.group(0)) else: answers = r.query(_host.split(':')[0]) if answers: q_targets.put({'file': '', 'url': host}) for _ in answers: ips_to_scan.append(_.address) except Exception, e: lock.acquire() print '[%s][Warning] Invalid domain:', (get_time(), host) lock.release()
input_files = glob.glob(args.d + '/*.txt') elif args.crawler: input_files = ['crawler'] elif args.host: input_files = ['hosts'] # several hosts on command line ips_to_scan = [] # all IPs to be scanned during current scan for file in input_files: if args.host: lines = [' '.join(args.host)] elif args.f or args.d: with open(file) as inFile: lines = inFile.readlines() try: print '[%s] Batch Web Scan start.' % get_time() q_results = multiprocessing.Manager().Queue() q_targets = multiprocessing.Manager().Queue() lock = multiprocessing.Manager().Lock() STOP_ME = False threading.Thread(target=save_report_thread, args=(q_results, file)).start() print '[%s] Report thread created, prepare target Queue...' % get_time() if args.crawler: _input_files = glob.glob(args.crawler + '/*.log') for _file in _input_files: q_targets.put({'file': _file, 'url': ''}) if args.host or args.f or args.d: q_hosts = Queue()
def _scan_worker(self): while self.url_queue.qsize() > 0: if time.time() - self.START_TIME > self.TIME_OUT: self.url_queue.queue.clear() print '[%s] [ERROR] Timed out task: %s' % (get_time(), self.host) return try: item = self.url_queue.get(timeout=0.1) except: return try: url_description, tag, code, content_type, content_type_no = item prefix = url_description['prefix'] url = url_description['full_url'] url = url.replace('{sub}', self.host.split('.')[0]) if url.find('{hostname_or_folder}') >= 0: _url = url[: url.find('{hostname_or_folder}')] folders = _url.split('/') for _folder in reversed(folders): if _folder not in ['', '.', '..']: url = url.replace('{hostname_or_folder}', _folder) break url = url.replace('{hostname_or_folder}', self.host.split(':')[0]) url = url.replace('{hostname}', self.host.split(':')[0]) if url.find('{parent}') > 0: if url.count('/') < 2: continue ret = url.split('/') ret[-2] = ret[-1].replace('{parent}', ret[-2]) url = '/' + '/'.join(ret[:-1]) except Exception, e: logging.error('[_scan_worker Exception] [1] %s' % str(e)) continue if not item or not url: break # print '[%s]' % url.strip() try: status, headers, html_doc = self._http_request(url) cur_content_type = headers.get('content-type', '') if cur_content_type.find('image/') >= 0: # exclude image type continue if len(html_doc) < 10: # data too short continue if not self.exclude_text(html_doc): # exclude text found continue valid_item = False if self.find_text(html_doc): valid_item = True else: if status != code and status in [301, 302, 400, 404, 500, 501, 502, 503, 505]: continue if cur_content_type.find('application/json') >= 0 and \ not url.endswith('.json'): # no json continue if tag: if html_doc.find(tag) >= 0: valid_item = True else: continue # tag mismatch if content_type and cur_content_type.find(content_type) < 0 \ or content_type_no and cur_content_type.find(content_type_no) >= 0: continue # type mismatch if self.has_404 or status != self._404_status: if code and status != code and status != 206: # code mismatch continue elif code != 403 and status == 403: continue else: valid_item = True if not self.has_404 and status in (200, 206) and url != '/' and not tag: _len = len(html_doc) _min = min(_len, self.len_404_doc) if _min == 0: _min = 10.0 if float(_len - self.len_404_doc) / _min > 0.3: valid_item = True if status == 206: if cur_content_type.find('text') < 0 and cur_content_type.find('html') < 0: valid_item = True if valid_item: self.lock.acquire() # print '[+] [Prefix:%s] [%s] %s' % (prefix, status, 'http://' + self.host + url) if prefix not in self.results: self.results[prefix] = [] m = re.search('<title>(.*?)</title>', html_doc) title = m.group(1) if m else '' _ = {'status': status, 'url': '%s%s' % (self.base_url, url), 'title': title} if _ not in self.results[prefix]: self.results[prefix].append(_) self.lock.release() if len(self.results) >= 10: print '[ERROR] Over 10 vulnerabilities found [%s], seems to be false positives.' % prefix self.url_queue.queue.clear() except Exception, e: logging.error('[_scan_worker.Exception][2][%s] %s' % (url, str(e))) traceback.print_exc()
def _scan_worker(self): while self.url_queue.qsize() > 0: if time.time() - self.START_TIME > self.TIME_OUT: print '[%s] [ERROR] Timed out task: %s' % (get_time(), self.host) return try: item = self.url_queue.get(timeout=0.1) except: return try: url_description, tag, code, content_type, content_type_no = item url = url_description['full_url'] url = url.replace('{sub}', self.host.split('.')[0]) prefix = url_description['prefix'] if url.find('{hostname_or_folder}') >= 0: _url = url[: url.find('{hostname_or_folder}')] if _url.count('/') == 1: url = url.replace('{hostname_or_folder}', self.host) elif _url.count('/') > 1: url = url.replace('{hostname_or_folder}', _url.split('/')[-2]) url = url.replace('{hostname}', self.host) if url.find('{parent}') > 0: if url.count('/') >= 2: ret = url.split('/') ret[-2] = ret[-1].replace('{parent}', ret[-2]) url = '/' + '/'.join(ret[:-1]) else: continue except Exception, e: logging.error('[_scan_worker Exception 1] %s' % e) continue if not item or not url: break #print '[%s]' % url.strip() try: status, headers, html_doc = self._http_request(url) if headers.get('content-type', '').find('image/') >= 0: # exclude image type continue if html_doc.strip() == '' or len(html_doc) < 10: # data too short continue if not self.exclude_text(html_doc): # exclude text found continue valid_item = False if status == 200 and self.find_text(html_doc): valid_item = True else: if status in [400, 404, 503, 502, 301, 302]: continue if headers.get('content-type', '').find('application/json') >= 0 and \ not url.endswith('.json'): # no json continue if tag: if html_doc.find(tag) >= 0: valid_item = True else: continue # tag mismatch if content_type and headers.get('content-type', '').find(content_type) < 0 or \ content_type_no and headers.get('content-type', '').find(content_type_no) >=0: continue # type mismatch if self.has_404 or status!=self._404_status: if code and status != code and status != 206: # code mismatch continue elif code!= 403 and status == 403: continue else: valid_item = True if (not self.has_404) and status in (200, 206) and item[0]['full_url'] != '/' and (not tag): _len = len(html_doc) _min = min(_len, self.len_404_doc) if _min == 0: _min = 10 if abs(_len - self.len_404_doc) / _min > 0.3: valid_item = True if status == 206: if headers.get('content-type', '').find('text') < 0 and headers.get('content-type', '').find('html') < 0: valid_item = True else: continue if valid_item: self.lock.acquire() # print '[+] [Prefix:%s] [%s] %s' % (prefix, status, 'http://' + self.host + url) if not prefix in self.results: self.results[prefix]= [] _ = {'status': status, 'url': '%s://%s%s' % (self.schema, self.host, url)} if _ not in self.results[prefix]: self.results[prefix].append(_) self.lock.release() if len(self.results) >= 10: print 'More than 10 vulnerabilities found for [%s], seems to be false positives, exit.' % prefix return except Exception, e: logging.error('[InfoDisScanner._scan_worker][2][%s] Exception %s' % (url, e)) import traceback traceback.print_exc()
input_files = glob.glob(args.d + '/*.txt') elif args.crawler: input_files = ['crawler'] elif args.host: input_files = ['hosts'] # several hosts on command line scanned_ips = [] # all scanned IPs in current scan for file in input_files: if args.host: lines = [' '.join(args.host)] elif args.f or args.d: with open(file) as inFile: lines = inFile.readlines() try: print '[%s] Batch web scan start.' % get_time() q_results = multiprocessing.Manager().Queue() q_targets = multiprocessing.Manager().Queue() lock = multiprocessing.Manager().Lock() STOP_ME = False threading.Thread(target=save_report_thread, args=(q_results, file)).start() print '[%s] Report thread created, prepare target Queue...' % get_time() if args.crawler: _input_files = glob.glob(args.crawler + '/*.log') for _file in _input_files: q_targets.put({'file': _file, 'url': ''}) if args.host or args.f or args.d: for line in lines:
def _scan_worker(self): while self.url_queue.qsize() > 0: if time.time() - self.START_TIME > self.TIME_OUT: print '[%s] [ERROR] Timed out task: %s' % (get_time(), self.host) return try: item = self.url_queue.get(timeout=0.1) except: return try: url_description, tag, code, content_type, content_type_no = item url = url_description['full_url'] url = url.replace('{sub}', self.host.split('.')[0]) prefix = url_description['prefix'] if url.find('{hostname_or_folder}') >= 0: _url = url[:url.find('{hostname_or_folder}')] if _url.count('/') == 1: url = url.replace('{hostname_or_folder}', self.host) elif _url.count('/') > 1: url = url.replace('{hostname_or_folder}', _url.split('/')[-2]) url = url.replace('{hostname}', self.host) if url.find('{parent}') > 0: if url.count('/') >= 2: ret = url.split('/') ret[-2] = ret[-1].replace('{parent}', ret[-2]) url = '/' + '/'.join(ret[:-1]) else: continue except Exception, e: logging.error('[_scan_worker Exception 1] %s' % e) continue if not item or not url: break #print '[%s]' % url.strip() try: status, headers, html_doc = self._http_request(url) if headers.get('content-type', '').find('image/') >= 0: # exclude image type continue if html_doc.strip( ) == '' or len(html_doc) < 10: # data too short continue if not self.exclude_text(html_doc): # exclude text found continue valid_item = False if status == 200 and self.find_text(html_doc): valid_item = True else: if status in [400, 404, 503, 502, 301, 302]: continue if headers.get('content-type', '').find('application/json') >= 0 and \ not url.endswith('.json'): # no json continue if tag: if html_doc.find(tag) >= 0: valid_item = True else: continue # tag mismatch if content_type and headers.get('content-type', '').find(content_type) < 0 or \ content_type_no and headers.get('content-type', '').find(content_type_no) >=0: continue # type mismatch if self.has_404 or status != self._404_status: if code and status != code and status != 206: # code mismatch continue elif code != 403 and status == 403: continue else: valid_item = True if (not self.has_404) and status in ( 200, 206) and item[0]['full_url'] != '/' and (not tag): _len = len(html_doc) _min = min(_len, self.len_404_doc) if _min == 0: _min = 10 if abs(_len - self.len_404_doc) / _min > 0.3: valid_item = True if status == 206: if headers.get('content-type', '').find('text') < 0 and headers.get( 'content-type', '').find('html') < 0: valid_item = True else: continue if valid_item: self.lock.acquire() # print '[+] [Prefix:%s] [%s] %s' % (prefix, status, 'http://' + self.host + url) if not prefix in self.results: self.results[prefix] = [] _ = { 'status': status, 'url': '%s://%s%s' % (self.schema, self.host, url), 'title': self.get_title(html_doc) } if _ not in self.results[prefix]: self.results[prefix].append(_) self.lock.release() if len(self.results) >= 10: print 'More than 10 vulnerabilities found for [%s], seems to be false positives, exit.' % prefix return except Exception, e: logging.error( '[InfoDisScanner._scan_worker][2][%s] Exception %s' % (url, e)) import traceback traceback.print_exc()
def _scan_worker(self): while self.url_queue.qsize() > 0: if time.time() - self.START_TIME > self.TIME_OUT: self.url_queue.queue.clear() print '[%s] [ERROR] Timed out task: %s' % (get_time(), self.host) return try: item = self.url_queue.get(timeout=0.1) except: return try: url_description, tag, code, content_type, content_type_no = item prefix = url_description['prefix'] url = url_description['full_url'] # print url url = url.replace('{sub}', self.host.split('.')[0]) if url.find('{hostname_or_folder}') >= 0: _url = url[:url.find('{hostname_or_folder}')] folders = _url.split('/') for _folder in reversed(folders): if _folder not in ['', '.', '..']: url = url.replace('{hostname_or_folder}', _folder) break url = url.replace('{hostname_or_folder}', self.host.split(':')[0]) url = url.replace('{hostname}', self.host.split(':')[0]) if url.find('{parent}') > 0: if url.count('/') < 2: continue ret = url.split('/') ret[-2] = ret[-1].replace('{parent}', ret[-2]) url = '/' + '/'.join(ret[:-1]) except Exception as e: logging.error('[_scan_worker Exception] [1] %s' % str(e)) continue if not item or not url: break # print '[%s]' % url.strip() try: status, headers, html_doc = self._http_request(url) cur_content_type = headers.get('content-type', '') if cur_content_type.find('image/') >= 0: # exclude image continue if ('html' in cur_content_type or 'text' in cur_content_type) and \ 0 <= len(html_doc) <= 10: # text too short continue if self.find_exclude_text(html_doc): # excluded text found continue valid_item = False if self.find_text(html_doc): valid_item = True else: if status != code and status in [ 301, 302, 400, 404, 501, 502, 503, 505 ]: continue if cur_content_type.find('application/json') >= 0 and \ not url.endswith('.json'): # no json continue if tag: if html_doc.find(tag) >= 0: valid_item = True else: continue # tag mismatch if content_type and cur_content_type.find(content_type) < 0 \ or content_type_no and cur_content_type.find(content_type_no) >= 0: continue # type mismatch if self.has_404 or status != self._404_status: if code and status != code and status != 206: # code mismatch continue elif code != 403 and status == 403: continue else: valid_item = True if not self.has_404 and status in ( 200, 206) and url != '/' and not tag: _len = len(html_doc) _min = min(_len, self.len_404_doc) if _min == 0: _min = 10.0 if float(_len - self.len_404_doc) / _min > 0.3: valid_item = True if status == 206: if cur_content_type.find( 'text') < 0 and cur_content_type.find( 'html') < 0: valid_item = True if valid_item: self.lock.acquire() # print '[+] [Prefix:%s] [%s] %s' % (prefix, status, 'http://' + self.host + url) if prefix not in self.results: self.results[prefix] = [] m = re.search('<title>(.*?)</title>', html_doc) title = m.group(1) if m else '' _ = { 'status': status, 'url': '%s%s' % (self.base_url, url), 'title': title } if _ not in self.results[prefix]: self.results[prefix].append(_) self.lock.release() if len(self.results) >= 10: print '[ERROR] Over 10 vulnerabilities found [%s], seems to be false positives.' % prefix self.url_queue.queue.clear() except Exception as e: logging.error('[_scan_worker.Exception][2][%s] %s' % (url, str(e))) traceback.print_exc()
input_files = glob.glob(args.d + '/*.txt') elif args.crawler: input_files = ['crawler'] elif args.host: input_files = ['hosts'] # several hosts on command line scanned_ips = [] # all scanned IPs in current scan for file in input_files: if args.host: lines = [' '.join(args.host)] elif args.f or args.d: with open(file) as inFile: lines = inFile.readlines() try: print '[%s] Batch web scan start.' % get_time() q_results = multiprocessing.Manager().Queue() q_targets = multiprocessing.Manager().Queue() lock = multiprocessing.Manager().Lock() STOP_ME = False threading.Thread(target=save_report_thread, args=(q_results, file)).start() print '[%s] Report thread created, prepare target Queue...' % get_time( ) if args.crawler: _input_files = glob.glob(args.crawler + '/*.log') for _file in _input_files: q_targets.put({'file': _file, 'url': ''})
def release_notice(user_dic): notice = models.Notice(user_dic['notice_name'], user_dic['notice_content'], user_dic['name'], common.get_time()) notice.save() back_dic = {'flag': True, 'msg': '发布公告成功'} return back_dic