def generate_report():
"""输出报告"""
del Global.Information['id']
if Global.Options['output'] is None:
if not os.path.exists('output'):
os.makedirs('output')
Global.Options['output'] = os.path.join(
'output', 'result_{:.0f}.xlsx'.format(time.time()))
ext = Global.Options['output'].split('.')[-1]
if ext == 'xlsx':
Global.Information.to_excel(Global.Options['output'],
encoding='utf-8',
index=False,
header=True)
elif ext == 'csv':
Global.Information.to_csv(Global.Options['output'],
encoding='utf-8',
index=False,
header=True)
elif ext == 'txt':
Global.Information.to_csv(Global.Options['output'],
encoding='utf-8',
seq='\t')
else:
ColorPrint('Invalid save file type', 'error')
ColorPrint(
'Saving results to file: {}'.format(Global.Options['output']),
'info')
def write_file():
try:
output_object = importlib.import_module(
'lib.output.' + Setting.Options['output'][-3:].title() + 'Output')
output_object.OutputFile(Setting.Options['output'], Setting.Information)
except:
ColorPrint('Invalid save file type', 'error')
def list_plugins(ctx, param, value):
if not value or ctx.resilient_parsing:
return
# 列出插件目录下所有插件
plugins = [
os.listdir(os.path.join('plugins', 'discover', 'lowlevel')),
os.listdir(os.path.join('plugins', 'discover', 'midlevel')),
os.listdir(os.path.join('plugins', 'discover', 'highlevel'))
]
if len(plugins) == 0:
ColorPrint('No plugin list', 'error')
index = 0
print('\nList all plugins:\n')
for _id, level in enumerate(plugins):
for plugin_name in level:
if not plugin_name.endswith(".py") or plugin_name.startswith("_"):
continue
index += 1
plugins_obj = importlib.import_module(
'plugins.discover.{}.{}'.format(
['lowlevel', 'midlevel',
'highlevel'][_id], plugin_name[:-3]))
print('\t{}:\t名称:{}\t简介:{}'.format(
index, plugin_name[:-3],
plugins_obj.DiscoverModule().description))
ctx.exit()
def discover_plugin_task(self, target):
with self.lock:
# PS:target_list = [{key:value}]
ColorPrint('Start scan {}'.format(target['domain']), 'right')
for filename in Global.Options['discover_plugins']:
plugin_name = os.path.splitext(filename)[0]
plugins_obj = importlib.import_module(
'plugins.discover.{}'.format(plugin_name))
sys.stdout.write('\r[-] Please wait a moment..')
try:
key, value = plugins_obj.DiscoverModule().start_up(target)
except KeyError:
continue
if self.check_value(key, value):
break
if isinstance(value, list):
if len(value) == 0:
continue
elif key is None or value is None:
continue
self.show_info(key, value)
target[key] = value
if 'subdomains' in target.keys() and Global.Options['force']:
Global.Options['force'] = False
self.discover_module([{
'domain': _
} for _ in target['subdomains']])
if len(target.keys()) > 2:
Global.Information.append(target)
def start_up(self):
with ThreadPoolExecutor(max_workers=Setting.Options['threads']) as executor:
for future in executor.map(self.thread_task, Setting.Information):
char_set = ['\\', '|', '/', '-']
sys.stdout.write('\r[{}]Found subdomains address {}'.format(char_set[int(time.time()) % 4], future))
ColorPrint('Found {} subdomains address'
.format(sum(['address' in _ for _ in Setting.Information])), 'right')
def show_info(key, value):
"""输出信息的格式"""
if isinstance(value, list):
if Global.Options['verbose']:
for _ in value:
ColorPrint('Found {} => {}'.format(key, _), 'result')
else:
if len(value) < 7:
ColorPrint('Found {} => {}'.format(key, ', '.join(value)),
'result')
else:
ColorPrint(
'Found {} => {}'.format(key,
', '.join(value[:6]) + '...'),
'result')
else:
ColorPrint('Found {} => {}'.format(key, value), 'result')
def thread_task(self, args_list):
try:
search_url = 'https://www.baidu.com/s?ie=utf-8&wd=site:{}'.format(
args_list[1])
domain_filter = ''
for n in range(1, 5):
response = requests.get(search_url + domain_filter,
headers=Setting.DEFAULT_HTTP_HEADERS,
timeout=Setting.Options['timeout'])
search_result = re.findall(
'<a.*?class="c-showurl".*?>(http://|https://)?(.*?)/.*?</a>',
response.text)
for domain in map(lambda x: x[1], list(set(search_result))):
if args_list[1] in domain:
args_list[0].append({'domain': domain})
for domain in args_list[0]:
domain_filter = domain_filter + ' -site:{}'.format(domain)
except:
ColorPrint('Baidu search subdomains failure', 'warn')
try:
search_url = 'https://site.ip138.com/{}/domain.htm'.format(
args_list[1])
response = requests.get(search_url,
headers=Setting.DEFAULT_HTTP_HEADERS,
timeout=Setting.Options['timeout'])
search_result = re.findall(
'<a.*target="_blank">(.*\.' + args_list[1] + ')</a>',
response.text)
for domain in search_result:
args_list[0].append({'domain': domain})
except:
ColorPrint('IP138 search subdomains failure', 'warn')
try:
search_url = 'https://securitytrails.com/domain/{}/dns'.format(
args_list[1])
response = requests.get(search_url,
headers=Setting.DEFAULT_HTTP_HEADERS,
timeout=Setting.Options['timeout'])
search_result = re.findall('"subdomains":(.*?),"stats"',
response.text)[0]
for domain in eval(search_result):
args_list[0].append({'domain': domain + '.' + args_list[1]})
except:
ColorPrint('Securitytrails search subdomains failure', 'warn')
def analyse_discover_data():
"""将同ip域名放一起 确定网段 # 信息收集整理 确定调用哪个脚本扫描(未完成)"""
Global.Information = pandas.DataFrame(Global.Information)
# 检查是否搜集到信息
if len(list(Global.Information)) == 0:
ColorPrint('Nothing not found', 'error')
if 'network address' in list(Global.Information):
Global.Information.set_index(['id', 'network address'])
else:
Global.Information.set_index(['id', 'domain'])
def check_environment():
# check the current environment,version
ColorPrint('Check the current environment', 'info')
if sys.version_info[0] < 3:
ColorPrint("Must be using Python 3.X", 'error')
try:
# is install import packages?
import click
import requests
import dns
import prettytable
except:
exec_msg = traceback.format_exc()
if any(_ in exec_msg for _ in ("ImportError", "ModuleNotFoundError",
"Can't find file for module")):
ColorPrint(
"Invalid runtime environment : %s" %
exec_msg.split("Error: ")[-1].strip(), 'error')
raise SystemExit
def simple_task(self, arg):
subdomains_list = []
try:
search_url = 'https://site.ip138.com/{}/domain.htm'.format(arg)
response = requests.get(search_url, headers=Setting.DEFAULT_HTTP_HEADERS,
timeout=Setting.Options['timeout'])
search_result = re.findall('<a.*target="_blank">(.*\.' + arg + ')</a>', response.text)
for _ in search_result:
subdomains_list.append(_ + '.' + arg)
except:
ColorPrint('IP138 search subdomains failure', 'warn')
try:
search_url = 'https://securitytrails.com/domain/{}/dns'.format(arg)
response = requests.get(search_url, headers=Setting.DEFAULT_HTTP_HEADERS,
timeout=Setting.Options['timeout'])
search_result = re.findall('"subdomains":(.*?),"stats"', response.text)[0]
for _ in eval(search_result):
subdomains_list.append(_ + '.' + arg)
except:
ColorPrint('Securitytrails search subdomains failure', 'warn')
return subdomains_list
def start_up(self):
try:
start = time.time()
FindSub() # to found subdomains
if len(Setting.Information) != 0:
FindIP()
FindPort()
self.filter_data()
FindCDN()
FindAddr()
FindTitle()
FindCMS()
FindSystem()
TablePrint(Setting.Information)
stop = time.time()
self.write_file()
ColorPrint('Thanks for using this tool ..End/{}s'.format(round(stop - start, 2)), 'info')
else:
ColorPrint('Nothing found', 'error')
except:
ColorPrint('Run error', 'error')
def start_up(self):
# 获得起始时间
start = time.time()
# 调用发现模块探测目标信息
self.discover_module(self.pre_pro())
# 漏洞扫描(未完成)
# 将收集的信息写入文件 生成信息收集报告
self.generate_report()
# 获得终止时间
stop = time.time()
# 显示结束语 计算程序运行时间
ColorPrint(
'Thanks for using this tool ..End/{}s'.format(
round(stop - start, 2)), 'info')
def pre_pro():
"""参数值预处理"""
if Global.Options['input']:
with open(Global.Options['input'], 'r') as f:
target_list = [{
'domain': _.strip(),
'id': index
} for index, _ in enumerate(f.readlines())]
else:
"""检查输入内容是否正确"""
if not re.match(r'^[\w.]*\.[\w]+$', Global.Options['target']):
ColorPrint('Format is incorrect', 'error')
target_list = [{'domain': Global.Options['target'], 'id': 0}]
return target_list
def start_up(self):
with ThreadPoolExecutor(
max_workers=Setting.Options['threads']) as executor:
for future in executor.map(
self.thread_task,
[[Setting.Information, target]
for target in Setting.Options['target']]):
char_set = ['\\', '|', '/', '-']
sys.stdout.write('\r[{}]Found subdomains {}'.format(
char_set[int(time.time()) % 4], future))
Setting.Information = [
dict(t)
for t in set([tuple(d.items()) for d in Setting.Information])
]
ColorPrint('Found {} subdomains'.format(len(Setting.Information)),
'right')
def list_plugins(ctx, param, value):
"""列出插件目录下所有插件"""
if not value or ctx.resilient_parsing:
return
plugins = [
_ for _ in os.listdir(os.path.join('plugins', 'discover'))
if _.endswith(".py") and not _.startswith("_")
]
if len(plugins) == 0:
ColorPrint('No plugin list', 'error')
index = 0
print('\nList all plugins:\n')
for plugin_name in plugins:
index += 1
plugins_obj = importlib.import_module('plugins.discover.{}'.format(
plugin_name[:-3]))
print('\t{}:\t名称:{}\t简介:{}'.format(
index, plugin_name[:-3],
plugins_obj.DiscoverModule().description))
ctx.exit()
def check_environment():
"""检查当前运行环境"""
ColorPrint('Check the current environment', 'info')
if sys.version_info[0] < 3:
ColorPrint("Must be using Python 3.x", 'error')
def start_up(self):
with Pool(Setting.Options['process']) as p:
p.map(self.process_task, Setting.Information)
ColorPrint(
'Found {} subdomains port'.format(
sum(['port' in _ for _ in Setting.Information])), 'right')
