def init_spider(self):
for k, v in self.hash_pycode_Lists.iteritems():
pluginObj = self._load_module(v)
pluginObj.task_push = self.task_push
pluginObj.curl = miniCurl.Curl()
pluginObj.security_note = self._security_note
pluginObj.security_info = self._security_info
pluginObj.security_warning = self._security_warning
pluginObj.security_hole = self._security_hole
pluginObj.security_set = self._security_set
pluginObj.debug = self._debug
pluginObj.util = until
pluginObj._G = self._TargetScanAnge
pluginObj.hackhttp = hackhttp.hackhttp()
pluginObj.ThreadPool = w8_threadpool
try:
pluginObj_tuple = pluginObj.assign("spider_file", "")
if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组
pluginObj_tuple = pluginObj.assign("spider_end", "")
if not isinstance(pluginObj_tuple, tuple):
continue
bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1]
if bool_value:
pconf = {}
pconf["pluginObj"] = pluginObj
pconf["service"] = "spider_file"
w9_hash_pycode.setdefault(k, pconf)
except Exception as err_info:
raise ToolkitMissingPrivileges("load spider plugins error! " +
err_info)
def load_modules(self,service,url):
# 内部载入所有模块,并且判断服务名是否正确
for k, v in self.hash_pycode_Lists.iteritems():
pluginObj = self._load_module(v)
pluginObj.task_push = self.task_push
pluginObj.curl = miniCurl.Curl()
pluginObj.security_note = self._security_note
pluginObj.security_info = self._security_info
pluginObj.security_warning = self._security_warning
pluginObj.security_hole = self._security_hole
pluginObj.debug = self._debug
pluginObj.util = until
pluginObj._G = self._TargetScanAnge
pluginObj.hackhttp = hackhttp.hackhttp()
pluginObj.ThreadPool = ThreadPool
try:
pluginObj_tuple = pluginObj.assign(service, url)
if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组
continue
bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1]
if bool_value:
threadConf = dict()
threadConf["filename"] = k
threadConf["service"] = service
threadConf["agrs"] = agrs
threadConf["pluginObj"] = pluginObj
self.task_queue.put(threadConf)
time.sleep(0.01)
self._print(
"[***] load plugin %s for service '%s'" % (threadConf["filename"], threadConf["service"]))
except Exception as err_info:
self._print("[!!!] load error:", service, k, err_info)
def createIssueForBlog(errMSG):
"""
Automatically create a blog comment with unhandled exception information
"""
hh = hackhttp.hackhttp()
postData = "gid=213&pid=0&qqnum=&comname=w9scan+BugReporter&commail=buger%40hacking8.com&comurl=&private=on&comment=%5B%E7%A7%81%E5%AF%86%E8%AF%84%E8%AE%BA%5D%E6%8A%A5%E5%91%8Abug:" + errMSG
code, head, body, redirect, log = hh.http('https://blog.hacking8.com/index.php?action=addcom', post=postData)
def createIssueForBlog(errMSG):
"""
Automatically create a blog comment with unhandled exception information
"""
hh = hackhttp.hackhttp()
postData = "gid=213&pid=0&qqnum=&comname=w9scan+BugReporter&commail=buger%40hacking8.com&comurl=&private=on&comment=%5B%E7%A7%81%E5%AF%86%E8%AF%84%E8%AE%BA%5D%E6%8A%A5%E5%91%8Abug:" + errMSG
code, head, body, redirect, log = hh.http(
'https://blog.hacking8.com/index.php?action=addcom', post=postData)
def load_modules(self, service, url):
# 内部载入所有模块,并且判断服务名是否正确
for k, v in self.hash_pycode_Lists.iteritems():
try:
pluginObj = self._load_module(v)
for each in ESSENTIAL_MODULE_METHODS:
if not hasattr(pluginObj, each):
errorMsg = "Can't find essential method:'{}' in current script,Please modify your {}.".format(
each, k)
logger.error(errorMsg)
continue
pluginObj.task_push = self.task_push
pluginObj.curl = miniCurl.Curl()
pluginObj.security_note = self._security_note
pluginObj.security_info = self._security_info
pluginObj.security_warning = self._security_warning
pluginObj.security_hole = self._security_hole
pluginObj.security_set = self._security_set
pluginObj.debug = self._debug
pluginObj.util = until
pluginObj._G = self._TargetScanAnge
pluginObj.ThreadPool = Ajatar_threadpool
if Ajconfig.TimeOut is None:
Ajconfig.TimeOut = 10
if Ajconfig.Cookie is None:
Ajconfig.Cookie = ""
socket.setdefaulttimeout(Ajconfig.TimeOut)
conpool = hackhttp.httpconpool(20, timeout=Ajconfig.TimeOut)
pluginObj.hackhttp = hackhttp.hackhttp(
conpool=conpool,
cookie_str=Ajconfig.Cookie,
user_agent=Ajconfig.UserAgent,
headers=Ajconfig.headers)
pluginObj_tuple = pluginObj.assign(service, url)
if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组
continue
bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1]
if bool_value:
threadConf = dict()
threadConf["filename"] = k
threadConf["service"] = service
threadConf["agrs"] = agrs
threadConf["pluginObj"] = pluginObj
self._print(
"load plugin %s for service '%s'" %
(threadConf["filename"], threadConf["service"]))
self.th.push(threadConf)
except Exception as err_info:
logger.error("load plugin error:%s service:%s filename:%s" %
(err_info, service, k))
def load_modules(self, service, url):
# 内部载入所有模块,并且判断服务名是否正确
for k, v in self.hash_pycode_Lists.iteritems():
try:
pluginObj = self._load_module(v)
pluginObj.task_push = self.task_push
pluginObj.curl = miniCurl.Curl()
pluginObj.security_note = self._security_note
pluginObj.security_info = self._security_info
pluginObj.security_warning = self._security_warning
pluginObj.security_hole = self._security_hole
pluginObj.security_set = self._security_set
pluginObj.debug = self._debug
pluginObj.util = until
pluginObj._G = self._TargetScanAnge
pluginObj.ThreadPool = w8_threadpool
if w9config.TimeOut is None:
w9config.TimeOut = 10
if w9config.Cookie is None:
w9config.Cookie = ""
socket.setdefaulttimeout(w9config.TimeOut)
conpool = hackhttp.httpconpool(20, timeout=w9config.TimeOut)
pluginObj.hackhttp = hackhttp.hackhttp(
conpool=conpool,
cookie_str=w9config.Cookie,
user_agent=w9config.UserAgent,
headers=w9config.headers)
pluginObj_tuple = pluginObj.assign(service, url)
if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组
continue
bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1]
if bool_value:
threadConf = dict()
threadConf["filename"] = k
threadConf["service"] = service
threadConf["agrs"] = agrs
threadConf["pluginObj"] = pluginObj
self._print(
"load plugin %s for service '%s'" %
(threadConf["filename"], threadConf["service"]))
self.th.push(threadConf)
except Exception as err_info:
logger.error("load plugin error:%s service:%s filename:%s" %
(err_info, service, k))
def init_spider(self):
#items() 迭代器 k exp文件 v 代码
for k, v in self.hash_pycode_Lists.iteritems():
pluginObj = self._load_module(v) #动态加载代码
for each in ESSENTIAL_MODULE_METHODS: #bugcsan插件的两个主要函数
if not hasattr(pluginObj, each):
errorMsg = "Can't find essential method:'{}' in current script,Please modify your {}.".format(
each, k)
logger.error(errorMsg)
continue
pluginObj.task_push = self.task_push
pluginObj.curl = miniCurl.Curl() #bugscan 旧版http
#Bugscan 漏洞等级
pluginObj.security_note = self._security_note
pluginObj.security_info = self._security_info
pluginObj.security_warning = self._security_warning
pluginObj.security_hole = self._security_hole
pluginObj.security_set = self._security_set
pluginObj.debug = self._debug
pluginObj.util = until
pluginObj._G = self._TargetScanAnge #目标信息
pluginObj.hackhttp = hackhttp.hackhttp() #bugscan http
pluginObj.ThreadPool = Ajatar_threadpool #线程池
try:
#判断是否为爬虫插件 xss那些..
pluginObj_tuple = pluginObj.assign("spider_file", "") #
if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组
pluginObj_tuple = pluginObj.assign("spider_end", "")
if not isinstance(pluginObj_tuple, tuple):
continue
bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1]
if bool_value: #爬虫插件返回True
pconf = {}
pconf["pluginObj"] = pluginObj #保存爬虫插件对象
pconf["service"] = "spider_file"
Ajatar_hash_pycode.setdefault(k, pconf) #保存文件名,对象
except Exception as err_info:
raise ToolkitMissingPrivileges("load spider plugins error! " +
err_info)
def init_spider(self):
for k, v in self.hash_pycode_Lists.iteritems():
pluginObj = self._load_module(v)
for each in ESSENTIAL_MODULE_METHODS:
if not hasattr(pluginObj, each):
errorMsg = "Can't find essential method:'{}' in current script,Please modify your {}.".format(
each, k)
logger.error(errorMsg)
continue
pluginObj.task_push = self.task_push
pluginObj.curl = miniCurl.Curl()
pluginObj.security_note = self._security_note
pluginObj.security_info = self._security_info
pluginObj.security_warning = self._security_warning
pluginObj.security_hole = self._security_hole
pluginObj.security_set = self._security_set
pluginObj.debug = self._debug
pluginObj.util = until
pluginObj._G = self._TargetScanAnge
pluginObj.hackhttp = hackhttp.hackhttp()
pluginObj.ThreadPool = w8_threadpool
try:
pluginObj_tuple = pluginObj.assign("spider_file", "")
if not isinstance(pluginObj_tuple, tuple): # 判断是否是元组
pluginObj_tuple = pluginObj.assign("spider_end", "")
if not isinstance(pluginObj_tuple, tuple):
continue
bool_value, agrs = pluginObj_tuple[0], pluginObj_tuple[1]
if bool_value:
pconf = {}
pconf["pluginObj"] = pluginObj
pconf["service"] = "spider_file"
w9_hash_pycode.setdefault(k, pconf)
except Exception as err_info:
raise ToolkitMissingPrivileges("load spider plugins error! " +
err_info)
# coding:utf-8
# 爬虫模块,如何调用相关爬虫模块?
# 爬到的文件丢给任务'spider_file' 爬虫完丢给任务`spider_end`
import urlparse
import re
from thirdparty import hackhttp
from lib.core.data import w9_hash_pycode
from lib.utils import until
req = hackhttp.hackhttp()
class UrlManager(object):
def __init__(self):
self.new_urls = set()
self.old_urls = set()
def add_new_url(self, url):
if url not in self.new_urls and url not in self.old_urls:
self.new_urls.add(url)
def add_new_urls(self, urls):
if urls is None or len(urls) == 0:
return
for url in urls:
self.add_new_url(url)
def has_new_url(self):
return len(self.new_urls) != 0
def get_new_url(self):
from thirdparty import hackhttp
import codecs
import re
except Exception,e:
pass
reload(sys)
sys.setdefaultencoding('utf8')
headers = {
'content-type': 'charset=utf-8',
'Accept-Encoding':'gzip, deflate',
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
}
hh = hackhttp.hackhttp(hackhttp.httpconpool(500))
mutex = Lock()
def put_file_contents(filename,contents):
with open(filename,"ab+") as fin:
fin.write(contents+'\n')
def get_file_content(filename):
try:
result = []
f = open(filename, "r")
for line in f.readlines():
result.append(line.strip())
f.close()
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# package for test
from thirdparty import miniCurl
from thirdparty import ThreadPool
from thirdparty import hackhttp
from lib.utils import until
def security_hole(msg,k = ''):
print k,msg
def security_info(msg,k = ''):
print k,msg
def security_note(msg,k = ''):
print k,msg
ThreadPool = ThreadPool.w8_threadpool
curl = miniCurl.Curl()
hackhttp = hackhttp.hackhttp()
util = until
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# package for test
from thirdparty import miniCurl
from thirdparty import ThreadPool
from thirdparty import hackhttp
from lib.utils import until
def security_hole(msg,k):
print k,msg
def security_info(msg,k):
print k,msg
def security_note(msg,k):
print k,msg
ThreadPool = ThreadPool.w8_threadpool
curl = miniCurl.Curl()
hackhttp = hackhttp.hackhttp()
util = until
from thirdparty import hackhttp
hh = hackhttp.hackhttp()
url = "http://www.adfun.cn/"
code, head, html, redirect_url, log = hh.http(
url) #code, head, html, redirect_url, log = hh.http(url)
print code, head, html, redirect_url, log
# coding:utf-8
# 爬虫模块,如何调用相关爬虫模块?
# 爬到的文件丢给任务'spider_file' 爬虫完丢给任务`spider_end`
import urlparse
import re
from thirdparty import hackhttp
from lib.core.data import w9_hash_pycode
from lib.utils import until
req = hackhttp.hackhttp()
class UrlManager(object):
def __init__(self):
self.new_urls = set()
self.old_urls = set()
def add_new_url(self, url):
if url not in self.new_urls and url not in self.old_urls:
self.new_urls.add(url)
def add_new_urls(self, urls):
if urls is None or len(urls) == 0:
return
for url in urls:
self.add_new_url(url)
def has_new_url(self):
return len(self.new_urls) != 0
def get_new_url(self):
