def generate_report(): """输出报告""" del Global.Information['id'] if Global.Options['output'] is None: if not os.path.exists('output'): os.makedirs('output') Global.Options['output'] = os.path.join( 'output', 'result_{:.0f}.xlsx'.format(time.time())) ext = Global.Options['output'].split('.')[-1] if ext == 'xlsx': Global.Information.to_excel(Global.Options['output'], encoding='utf-8', index=False, header=True) elif ext == 'csv': Global.Information.to_csv(Global.Options['output'], encoding='utf-8', index=False, header=True) elif ext == 'txt': Global.Information.to_csv(Global.Options['output'], encoding='utf-8', seq='\t') else: ColorPrint('Invalid save file type', 'error') ColorPrint( 'Saving results to file: {}'.format(Global.Options['output']), 'info')
def write_file(): try: output_object = importlib.import_module( 'lib.output.' + Setting.Options['output'][-3:].title() + 'Output') output_object.OutputFile(Setting.Options['output'], Setting.Information) except: ColorPrint('Invalid save file type', 'error')
def list_plugins(ctx, param, value): if not value or ctx.resilient_parsing: return # 列出插件目录下所有插件 plugins = [ os.listdir(os.path.join('plugins', 'discover', 'lowlevel')), os.listdir(os.path.join('plugins', 'discover', 'midlevel')), os.listdir(os.path.join('plugins', 'discover', 'highlevel')) ] if len(plugins) == 0: ColorPrint('No plugin list', 'error') index = 0 print('\nList all plugins:\n') for _id, level in enumerate(plugins): for plugin_name in level: if not plugin_name.endswith(".py") or plugin_name.startswith("_"): continue index += 1 plugins_obj = importlib.import_module( 'plugins.discover.{}.{}'.format( ['lowlevel', 'midlevel', 'highlevel'][_id], plugin_name[:-3])) print('\t{}:\t名称:{}\t简介:{}'.format( index, plugin_name[:-3], plugins_obj.DiscoverModule().description)) ctx.exit()
def discover_plugin_task(self, target): with self.lock: # PS:target_list = [{key:value}] ColorPrint('Start scan {}'.format(target['domain']), 'right') for filename in Global.Options['discover_plugins']: plugin_name = os.path.splitext(filename)[0] plugins_obj = importlib.import_module( 'plugins.discover.{}'.format(plugin_name)) sys.stdout.write('\r[-] Please wait a moment..') try: key, value = plugins_obj.DiscoverModule().start_up(target) except KeyError: continue if self.check_value(key, value): break if isinstance(value, list): if len(value) == 0: continue elif key is None or value is None: continue self.show_info(key, value) target[key] = value if 'subdomains' in target.keys() and Global.Options['force']: Global.Options['force'] = False self.discover_module([{ 'domain': _ } for _ in target['subdomains']]) if len(target.keys()) > 2: Global.Information.append(target)
def start_up(self): with ThreadPoolExecutor(max_workers=Setting.Options['threads']) as executor: for future in executor.map(self.thread_task, Setting.Information): char_set = ['\\', '|', '/', '-'] sys.stdout.write('\r[{}]Found subdomains address {}'.format(char_set[int(time.time()) % 4], future)) ColorPrint('Found {} subdomains address' .format(sum(['address' in _ for _ in Setting.Information])), 'right')
def show_info(key, value): """输出信息的格式""" if isinstance(value, list): if Global.Options['verbose']: for _ in value: ColorPrint('Found {} => {}'.format(key, _), 'result') else: if len(value) < 7: ColorPrint('Found {} => {}'.format(key, ', '.join(value)), 'result') else: ColorPrint( 'Found {} => {}'.format(key, ', '.join(value[:6]) + '...'), 'result') else: ColorPrint('Found {} => {}'.format(key, value), 'result')
def thread_task(self, args_list): try: search_url = 'https://www.baidu.com/s?ie=utf-8&wd=site:{}'.format( args_list[1]) domain_filter = '' for n in range(1, 5): response = requests.get(search_url + domain_filter, headers=Setting.DEFAULT_HTTP_HEADERS, timeout=Setting.Options['timeout']) search_result = re.findall( '<a.*?class="c-showurl".*?>(http://|https://)?(.*?)/.*?</a>', response.text) for domain in map(lambda x: x[1], list(set(search_result))): if args_list[1] in domain: args_list[0].append({'domain': domain}) for domain in args_list[0]: domain_filter = domain_filter + ' -site:{}'.format(domain) except: ColorPrint('Baidu search subdomains failure', 'warn') try: search_url = 'https://site.ip138.com/{}/domain.htm'.format( args_list[1]) response = requests.get(search_url, headers=Setting.DEFAULT_HTTP_HEADERS, timeout=Setting.Options['timeout']) search_result = re.findall( '<a.*target="_blank">(.*\.' + args_list[1] + ')</a>', response.text) for domain in search_result: args_list[0].append({'domain': domain}) except: ColorPrint('IP138 search subdomains failure', 'warn') try: search_url = 'https://securitytrails.com/domain/{}/dns'.format( args_list[1]) response = requests.get(search_url, headers=Setting.DEFAULT_HTTP_HEADERS, timeout=Setting.Options['timeout']) search_result = re.findall('"subdomains":(.*?),"stats"', response.text)[0] for domain in eval(search_result): args_list[0].append({'domain': domain + '.' + args_list[1]}) except: ColorPrint('Securitytrails search subdomains failure', 'warn')
def analyse_discover_data(): """将同ip域名放一起 确定网段 # 信息收集整理 确定调用哪个脚本扫描(未完成)""" Global.Information = pandas.DataFrame(Global.Information) # 检查是否搜集到信息 if len(list(Global.Information)) == 0: ColorPrint('Nothing not found', 'error') if 'network address' in list(Global.Information): Global.Information.set_index(['id', 'network address']) else: Global.Information.set_index(['id', 'domain'])
def check_environment(): # check the current environment,version ColorPrint('Check the current environment', 'info') if sys.version_info[0] < 3: ColorPrint("Must be using Python 3.X", 'error') try: # is install import packages? import click import requests import dns import prettytable except: exec_msg = traceback.format_exc() if any(_ in exec_msg for _ in ("ImportError", "ModuleNotFoundError", "Can't find file for module")): ColorPrint( "Invalid runtime environment : %s" % exec_msg.split("Error: ")[-1].strip(), 'error') raise SystemExit
def simple_task(self, arg): subdomains_list = [] try: search_url = 'https://site.ip138.com/{}/domain.htm'.format(arg) response = requests.get(search_url, headers=Setting.DEFAULT_HTTP_HEADERS, timeout=Setting.Options['timeout']) search_result = re.findall('<a.*target="_blank">(.*\.' + arg + ')</a>', response.text) for _ in search_result: subdomains_list.append(_ + '.' + arg) except: ColorPrint('IP138 search subdomains failure', 'warn') try: search_url = 'https://securitytrails.com/domain/{}/dns'.format(arg) response = requests.get(search_url, headers=Setting.DEFAULT_HTTP_HEADERS, timeout=Setting.Options['timeout']) search_result = re.findall('"subdomains":(.*?),"stats"', response.text)[0] for _ in eval(search_result): subdomains_list.append(_ + '.' + arg) except: ColorPrint('Securitytrails search subdomains failure', 'warn') return subdomains_list
def start_up(self): try: start = time.time() FindSub() # to found subdomains if len(Setting.Information) != 0: FindIP() FindPort() self.filter_data() FindCDN() FindAddr() FindTitle() FindCMS() FindSystem() TablePrint(Setting.Information) stop = time.time() self.write_file() ColorPrint('Thanks for using this tool ..End/{}s'.format(round(stop - start, 2)), 'info') else: ColorPrint('Nothing found', 'error') except: ColorPrint('Run error', 'error')
def start_up(self): # 获得起始时间 start = time.time() # 调用发现模块探测目标信息 self.discover_module(self.pre_pro()) # 漏洞扫描(未完成) # 将收集的信息写入文件 生成信息收集报告 self.generate_report() # 获得终止时间 stop = time.time() # 显示结束语 计算程序运行时间 ColorPrint( 'Thanks for using this tool ..End/{}s'.format( round(stop - start, 2)), 'info')
def pre_pro(): """参数值预处理""" if Global.Options['input']: with open(Global.Options['input'], 'r') as f: target_list = [{ 'domain': _.strip(), 'id': index } for index, _ in enumerate(f.readlines())] else: """检查输入内容是否正确""" if not re.match(r'^[\w.]*\.[\w]+$', Global.Options['target']): ColorPrint('Format is incorrect', 'error') target_list = [{'domain': Global.Options['target'], 'id': 0}] return target_list
def start_up(self): with ThreadPoolExecutor( max_workers=Setting.Options['threads']) as executor: for future in executor.map( self.thread_task, [[Setting.Information, target] for target in Setting.Options['target']]): char_set = ['\\', '|', '/', '-'] sys.stdout.write('\r[{}]Found subdomains {}'.format( char_set[int(time.time()) % 4], future)) Setting.Information = [ dict(t) for t in set([tuple(d.items()) for d in Setting.Information]) ] ColorPrint('Found {} subdomains'.format(len(Setting.Information)), 'right')
def list_plugins(ctx, param, value): """列出插件目录下所有插件""" if not value or ctx.resilient_parsing: return plugins = [ _ for _ in os.listdir(os.path.join('plugins', 'discover')) if _.endswith(".py") and not _.startswith("_") ] if len(plugins) == 0: ColorPrint('No plugin list', 'error') index = 0 print('\nList all plugins:\n') for plugin_name in plugins: index += 1 plugins_obj = importlib.import_module('plugins.discover.{}'.format( plugin_name[:-3])) print('\t{}:\t名称:{}\t简介:{}'.format( index, plugin_name[:-3], plugins_obj.DiscoverModule().description)) ctx.exit()
def check_environment(): """检查当前运行环境""" ColorPrint('Check the current environment', 'info') if sys.version_info[0] < 3: ColorPrint("Must be using Python 3.x", 'error')
def start_up(self): with Pool(Setting.Options['process']) as p: p.map(self.process_task, Setting.Information) ColorPrint( 'Found {} subdomains port'.format( sum(['port' in _ for _ in Setting.Information])), 'right')