コード例 #1
0
ファイル: common.py プロジェクト: chifanqu/LalalaScan
def checkAllow3XXDir(dirUrl):
    '''
    @description: 检查该目录是否都会重定向 3XX
    @param {dirUrl: 输入的dirUrl,没有index.html之类的文件名}
    @return: boolean
    '''
    randomCollect = string.ascii_letters + string.digits
    randomStr1 = ''.join(random.sample(randomCollect, random.randint(20, 30)))
    randomUrl1 = "%s%s.html" % (dirUrl, randomStr1)
    randomStr2 = ''.join(random.sample(randomCollect, random.randint(20, 30)))
    randomUrl2 = "%s%s.html" % (dirUrl, randomStr2)
    # 判断是否均为3XX
    try:
        response1 = requests.get(randomUrl1, allow_redirects=False, timeout=3)
        response2 = requests.get(randomUrl2, allow_redirects=False, timeout=3)
        if  response1.status_code == response2.status_code and \
            300 < response1.status_code and response1.status_code < 400:
            location1 = None if not "Location" in response1.headers else response1.headers[
                'Location']
            location2 = None if not "Location" in response2.headers else response2.headers[
                'Location']
            # 特殊处理下[;]/[#]/[?]的问题...
            if not location1 or not location2: return None
            location1 = location1.split(";")[0].split("#")[0].split("?")[0]
            location2 = location2.split(";")[0].split("#")[0].split("?")[0]
            # 两次随机的页面,重定向到同一个,后续不管了
            if location1 and location1 == location2:
                return False
    except Exception as e:
        print('[x] error:{}'.format(e))
        tracebackLogger()
        return None
    return True
コード例 #2
0
ファイル: common.py プロジェクト: chifanqu/LalalaScan
def getSubDirList(url):
    '''
    @description: 返回url的所有子路径   http://127.0.0.1/aaa/bbb/ccc/ddd.php -> aaa bbb ccc
    @param {url:输入的url}
    @return: 返回包含输入所有路径的list
    '''
    subDirList = []
    # 先判断是否有协议
    if not re.match(r'^https?://.+', url):
        url = 'http://%s' % url
    try:
        # 尝试解析url
        parsedUrl = urllib.parse.urlparse(url)
        # 检测域名情况
        if parsedUrl.netloc == '': return subDirList
        # 检测域名和路径,多重路径均加入 list 中
        if parsedUrl.path != '':
            pathList = parsedUrl.path.split('/')
            # 全是路径
            if url.endswith('/'):
                subDirList.extend(pathList)
            # 最后一个是文件
            else:
                subDirList.extend(pathList[:-1])
    except Exception as e:
        print('[x] error:{}'.format(e))
        tracebackLogger()
        # 识别失败,有多少返回多少吧
        pass
    resultList = []
    for subDir in subDirList:
        if subDir == "": resultList.append(subDir)
    return resultList
コード例 #3
0
 def _get_option(section, option):
     try:
         cf = ConfigParser()
         cf.read(paths.CONFIG_PATH)
         return cf.get(section=section, option=option)
     except:
         tracebackLogger()
         return ''
コード例 #4
0
ファイル: common.py プロジェクト: chifanqu/LalalaScan
def loadSingleDict(path):
    '''
    @description: 添加单个字典文件
    @param {path:字典文件路径}
    @return:
    '''
    try:
        # 加载文件
        with open(path) as single_file:
            return single_file.read().splitlines()
    except Exception as e:
        tracebackLogger()
        return []
コード例 #5
0
ファイル: common.py プロジェクト: chifanqu/LalalaScan
def loadMultDict(path):
    '''
    @description: 添加多个字典文件
    @param {path:字典文件路径}
    @return: list:文件夹下字典文件每行的内容
    '''
    tmpList = []
    try:
        for filename in os.listdir(path):
            tmpList.extend(loadSingleDict(os.path.join(path, filename)))
        return tmpList
    except Exception as e:
        tracebackLogger()
        return []
コード例 #6
0
ファイル: scanThread.py プロジェクト: chifanqu/LalalaScan
    def worker(self):
        '''
        @description: 封包发包穷举器
        @param {type}
        @return:
        '''
        currentTaskURL = scan.taskQueue.get()
        # 最新在执行的任务
        scan.nowTask = currentTaskURL
        scan.taskCount += 1
        # 自定义 headers
        headers = {}
        if conf.request_headers:
            for header in conf.request_headers.split(','):
                k, v = header.split('=')
                headers[k] = v
        # 自定义 User-Agent
        if conf.request_header_ua:
            headers['User-Agent'] = conf.request_header_ua
        # 自定义cookie
        if conf.request_header_cookie:
            headers['Cookie'] = conf.request_header_cookie

        # 延迟请求
        if conf.request_delay:
            random_sleep_second = random.randint(0, abs(conf.request_delay))
            time.sleep(random_sleep_second)
        # 发包
        try:
            response = requests.request(conf.request_method,
                                        currentTaskURL,
                                        headers=headers,
                                        timeout=conf.request_timeout,
                                        verify=False,
                                        allow_redirects=conf.redirection_302,
                                        proxies=conf.proxy_server)
            # 进入结果处理流程
            self.responseHandler(currentTaskURL, response)
        except requests.exceptions.Timeout as e:
            # TODO:超时处理
            pass
        except Exception as e:
            print('[x] error:{}'.format(e))
            tracebackLogger()
        finally:
            # 更新进度
            pass
コード例 #7
0
ファイル: common.py プロジェクト: chifanqu/LalalaScan
def getTargetList(url):
    '''
    @description: 返回url的所有路径
    @param {url:输入的url}
    @return: 返回包含输入所有路径的list
    '''
    urlList = []
    # 先判断是否有协议
    if not re.match(r'^https?://.+', url):
        url = 'http://%s' % url
    try:
        # 尝试解析url
        parsedUrl = urllib.parse.urlparse(url)
        # 检测域名情况
        if parsedUrl.netloc == '': return urlList
        # 检测域名和路径,多重路径均加入 list 中
        if parsedUrl.path != '':
            pathList = parsedUrl.path.split('/')
            # 判断后缀为路径 / 文件
            if pathList[-1] == '' or '.' in pathList[-1]:
                pathList = pathList[:-1]
            # 倒序遍历路径,添加进 list 中
            for i in range(1, len(pathList))[::-1]:
                targetPath = '/'.join(pathList[1:i + 1])
                target = "%s://%s/%s/" % (parsedUrl.scheme, parsedUrl.netloc,
                                          targetPath)
                urlList.append(target)
        # netloc 加入 list 中
        target = "%s://%s/" % (parsedUrl.scheme, parsedUrl.netloc)
        urlList.append(target)
    except Exception as e:
        print('[x] error:{}'.format(e))
        tracebackLogger()
        # 识别失败,有多少返回多少吧
        pass
    return urlList
コード例 #8
0
ファイル: common.py プロジェクト: chifanqu/LalalaScan
def check404Page(url):
    '''
    @description: 检查404页面,收集信息
    @param {url:输入的url}
    @return: 返回:{"isChecked":True, "checkList":["status":200, "crc32":"xxx"]} or 
                  {"isChecked":True, "checkList":["status":404, "crc32":""]}
    '''
    checkResult = {
        "isChecked": False,
        "checkList": [{
            "status": 404,
            "crc32": ""
        }]
    }
    try:
        # 随机页面
        randomCollect = string.ascii_letters + string.digits
        randomStr = ''.join(
            random.sample(randomCollect, random.randint(20, 30)))
        randomUrl = "%s%s.html" % (url, randomStr)
        response = requests.get(randomUrl, timeout=3)
        # 检测 status code
        # 如果是 404 ,直接返回就行
        if response.status_code == 404:
            checkResult[
                'isChecked'] = True  # {"isChecked":True, "status":404, "crc32":""}
        # 200的话,检查404页面的crc~
        elif response.status_code == 200:
            randomStr_1 = ''.join(
                random.sample(randomCollect, random.randint(20, 30)))
            randomUrl_1 = "%s%s.html" % (url, randomStr)
            response_1 = requests.get(randomUrl_1, timeout=3)
            # 替换掉可能出现的随机字符串...
            path = urllib.parse.urlparse(randomUrl).path
            path_1 = urllib.parse.urlparse(randomUrl).path
            compText = response.text
            compText_1 = response_1.text
            compText = response.text.replace(path, '').replace(randomStr, '')
            compText_1 = response_1.text.replace(path_1,
                                                 '').replace(randomStr_1, '')
            if crc32(compText) == crc32(compText_1):
                crc32Str = crc32(compText)
                checkResult['isChecked'] = True
                checkResult['checkList'].append({
                    "status": 200,
                    "crc32": crc32Str
                })
            # TODO:检查title的指定字符串?
            else:
                pass
        # 不然就搞不定了,后续再研究是否有其他特征~
        else:
            pass

        # 检查目录的404问题,有些网站 xxx.html 和 xxx/ 返回不一样的404...
        randomUrl = "%s%s/" % (url, randomStr)
        response = requests.get(randomUrl, timeout=3)
        # 检测 status code
        # 如果是 404 ,直接返回就行
        if response.status_code == 404:
            checkResult['isChecked'] = True
        # 200的话,检查404页面的crc~
        elif response.status_code == 200:
            randomStr_1 = ''.join(
                random.sample(randomCollect, random.randint(20, 30)))
            randomUrl_1 = "%s%s/" % (url, randomStr)
            response_1 = requests.get(randomUrl_1, timeout=3)
            # 替换掉可能出现的随机字符串...
            path = urllib.parse.urlparse(randomUrl).path
            path_1 = urllib.parse.urlparse(randomUrl).path
            compText = response.text
            compText_1 = response_1.text
            compText = response.text.replace(path, '').replace(randomStr, '')
            compText_1 = response_1.text.replace(path_1,
                                                 '').replace(randomStr_1, '')
            if crc32(compText) == crc32(compText_1):
                crc32Str = crc32(compText)
                checkResult['isChecked'] = True
                checkResult['checkList'].append({
                    "status": 200,
                    "crc32": crc32Str
                })
    except Exception as e:
        tracebackLogger()

    return checkResult