def InitialScan(ThreadPool,InputFileName,Url,Token,Module,agentHeader,proxies): try: if InputFileName==None: try: print("\033[1;40;32m[ + ] Scanning target domain:\033[0m" + "\033[1;40;33m {}\033[0m".format(Url)) San(ThreadPool,Url,agentHeader,Token,Module,proxies) ClassCongregation.NumberOfLoopholes() # 输出扫描结果个数 #ThreadPool.NmapAppend(NmapScan,Urls)#把Nmap放到多线程中 #print("\033[1;40;32m[ + ] NmapScan component payload successfully loaded\033[0m") except KeyboardInterrupt as e: exit(0) elif InputFileName!=None: try: with open(InputFileName, encoding='utf-8') as f: for UrlLine in f:#设置头文件使用的字符类型和开头的名字 try: print("\033[1;40;32m[ + ] In batch scan, the current target is:\033[0m"+"\033[1;40;33m {}\033[0m".format(UrlLine.replace('\n', ''))) San(ThreadPool,UrlLine,agentHeader,Token,Module,proxies) ClassCongregation.NumberOfLoopholes() # 输出扫描结果个数 #ThreadPool.NmapAppend(NmapScan,Urls)#把Nmap放到多线程中 #print("\033[1;40;32m[ + ] NmapScan component payload successfully loaded\033[0m") except KeyboardInterrupt as e: exit(0) except: print("\033[1;40;31m[ ! ] Please check the file path or the file content is correct\033[0m") except: print("\033[1;40;31m[ ! ] Please enter the correct file path!\033[0m")
def InitialScan(Pool, InputFileName, Url, Module, AgentHeader, Proxies, **kwargs): try: if InputFileName == None: try: print("\033[32m[ + ] Scanning target domain:\033[0m" + "\033[33m {}\033[0m".format(Url)) San(Pool, Url, AgentHeader, Module, Proxies, **kwargs) ClassCongregation.NumberOfLoopholes().Result( ClassCongregation.WriteFile().GetFileName(Url)) # 输出扫描结果个数 #ThreadPool.NmapAppend(NmapScan,Urls)#把Nmap放到多线程中 #print("\033[32m[ + ] NmapScan component payload successfully loaded\033[0m") except Exception as e: ClassCongregation.ErrorLog().Write( "InitialScan(def)SingleTarget", e) elif InputFileName != None: try: with open(InputFileName, encoding='utf-8') as f: for UrlLine in f: #设置头文件使用的字符类型和开头的名字 try: print( "\033[32m[ + ] In batch scan, the current target is:\033[0m" + "\033[33m {}\033[0m".format( UrlLine.replace('\n', ''))) San(Pool, UrlLine.strip("\r\n"), AgentHeader, Module, Proxies, **kwargs) ClassCongregation.NumberOfLoopholes().Result( ClassCongregation.WriteFile().GetFileName( Url)) # 输出扫描结果个数 #ThreadPool.NmapAppend(NmapScan,Urls)#把Nmap放到多线程中 #print("\033[32m[ + ] NmapScan component payload successfully loaded\033[0m") except Exception as e: ClassCongregation.ErrorLog().Write( "InitialScan(def)CyclicError", e) except Exception as e: ClassCongregation.ErrorLog().Write( "InitialScan(def)ErrorReadingFile", e) print( "\033[31m[ ! ] Please check the file path or the file content is correct\033[0m" ) except Exception as e: ClassCongregation.ErrorLog().Write("InitialScan(def)functionCallError", e) print("\033[31m[ ! ] Please enter the correct file path!\033[0m")
def San(ThreadPool,Url,agentHeader,UnixTimestamp,Module): #POC模块存进多线程池,这样如果批量扫描会变快很多 ModName=["Struts2","Confluence","Nginx","Apache","PHPStudy","Cms","Oa","Jenkins","Harbor","Rails","Kibana","Citrix","Mongo","Spring","FastJson","Windows"] if Module==None: print("\033[1;40;32m[ + ] Scanning across modules:\033[0m" + "\033[1;40;35m AllMod \033[0m") Struts2.Main(ThreadPool, Url, agentHeader, UnixTimestamp)# 调用Struts2主函数 ConfluenceMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用 Confluence主函数 NginxMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)#调用Nginx主函数 ApacheMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Apache主函数 PHPStudy.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Php主函数 CmsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Cms主函数 OaMian.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用OA主函数 JenkinsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp) # 调用Jenkins主函数 Harbor.Main(ThreadPool, Url, agentHeader, UnixTimestamp)# 调用Harbor主函数 RailsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用RailsMain主函数 KibanaMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp) # 调用KibanaMain主函数 CitrixMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用CitrixMain主函数 MongoMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用MongoMain主函数 SpringMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用SpringMain主函数 FastJson.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用FastJson主函数 Windows.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Windwos主函数 elif Module != None and Module in ModName: print("\033[1;40;32m[ + ] The separate scan module is:\033[0m"+"\033[1;40;35m {} \033[0m".format(Module)) if Module == "Struts2": Struts2.Main(ThreadPool, Url, agentHeader, UnixTimestamp) # 调用Struts2主函数 if Module == "Confluence": ConfluenceMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用 Confluence主函数 if Module == "Nginx": NginxMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)#调用Nginx主函数 if Module == "Apache": ApacheMain.Main(ThreadPool, Url, agentHeader, UnixTimestamp) # 调用Apache主函数 if Module == "PHPStudy": PHPStudy.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Php主函数 if Module == "Cms": CmsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Cms主函数 if Module=="Oa": OaMian.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用OA主函数 if Module=="Jenkins": JenkinsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp) # 调用Jenkins主函数 if Module=="Harbor": Harbor.Main(ThreadPool, Url, agentHeader, UnixTimestamp)# 调用Harbor主函数 if Module=="Rails": RailsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用RailsMain主函数 if Module=="Kibana": KibanaMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp) # 调用KibanaMain主函数 if Module=="Citrix": CitrixMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用CitrixMain主函数 if Module == "Mongo": MongoMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用MongoMain主函数 if Module == "Spring": SpringMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用SpringMain主函数 if Module == "FastJson": FastJson.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用FastJson主函数 if Module=="Windows": Windows.Main(ThreadPool, Url, agentHeader, UnixTimestamp) # 调用Windwos主函数 else: print("\033[1;40;31m[ ! ] Please enter the correct scan module name\033[0m") os._exit(0) # 直接退出整个函数 ThreadPool.Start(ThreadNumber)#启动多线程 ClassCongregation.NumberOfLoopholes() # 输出扫描结果个数
) os._exit(0) #直接退出整个函数 elif Url != None and InputFileName != None: #如果既输入URL又输入URL文件夹一样退出 print( "\033[1;40;31m[ ! ] Incorrect input, please enter -h to view help\033[0m" ) os._exit(0) #直接退出整个函数 #thread_list.append(threading.Thread(target=BoomDB, args=(Url, SqlUser, SqlPasswrod,InputFileName,)))#数据库爆破功能 if SubdomainEnumerate == True and Subdomain == True: #对参数判断参数互斥 print( "\033[1;40;31m[ ! ] Incorrect input, please enter -h to view help\033[0m" ) elif SubdomainEnumerate == True: SubdomainJudge = "a" ThreadPool.SubdomainAppend(SubdomainCrawling, Url, SubdomainJudge) #发送到多线程池中 elif Subdomain == True: SubdomainJudge = "b" ThreadPool.SubdomainAppend(SubdomainCrawling, Url, SubdomainJudge) InitialScan(ThreadPool, InputFileName, Url, UnixTimestamp, Module, agentHeader) #最后启动主扫描函数,这样如果多个IP的话优化速度,里面会做url或者url文件的判断 ClassCongregation.NumberOfLoopholes() #输出扫描结果个数 # from IPy import IP # ip = IP('192.168.0.0/28')#后面批量生成C段扫描会用到 # print(ip.len())#IP个数有多少 # for x in ip: # print(x)