def InitialScan(ThreadPool,InputFileName,Url,Token,Module,agentHeader,proxies):
try:
if InputFileName==None:
try:
print("\033[1;40;32m[ + ] Scanning target domain:\033[0m" + "\033[1;40;33m {}\033[0m".format(Url))
San(ThreadPool,Url,agentHeader,Token,Module,proxies)
ClassCongregation.NumberOfLoopholes() # 输出扫描结果个数
#ThreadPool.NmapAppend(NmapScan,Urls)#把Nmap放到多线程中
#print("\033[1;40;32m[ + ] NmapScan component payload successfully loaded\033[0m")
except KeyboardInterrupt as e:
exit(0)
elif InputFileName!=None:
try:
with open(InputFileName, encoding='utf-8') as f:
for UrlLine in f:#设置头文件使用的字符类型和开头的名字
try:
print("\033[1;40;32m[ + ] In batch scan, the current target is:\033[0m"+"\033[1;40;33m {}\033[0m".format(UrlLine.replace('\n', '')))
San(ThreadPool,UrlLine,agentHeader,Token,Module,proxies)
ClassCongregation.NumberOfLoopholes() # 输出扫描结果个数
#ThreadPool.NmapAppend(NmapScan,Urls)#把Nmap放到多线程中
#print("\033[1;40;32m[ + ] NmapScan component payload successfully loaded\033[0m")
except KeyboardInterrupt as e:
exit(0)
except:
print("\033[1;40;31m[ ! ] Please check the file path or the file content is correct\033[0m")
except:
print("\033[1;40;31m[ ! ] Please enter the correct file path!\033[0m")
def InitialScan(Pool, InputFileName, Url, Module, AgentHeader, Proxies,
**kwargs):
try:
if InputFileName == None:
try:
print("\033[32m[ + ] Scanning target domain:\033[0m" +
"\033[33m {}\033[0m".format(Url))
San(Pool, Url, AgentHeader, Module, Proxies, **kwargs)
ClassCongregation.NumberOfLoopholes().Result(
ClassCongregation.WriteFile().GetFileName(Url)) # 输出扫描结果个数
#ThreadPool.NmapAppend(NmapScan,Urls)#把Nmap放到多线程中
#print("\033[32m[ + ] NmapScan component payload successfully loaded\033[0m")
except Exception as e:
ClassCongregation.ErrorLog().Write(
"InitialScan(def)SingleTarget", e)
elif InputFileName != None:
try:
with open(InputFileName, encoding='utf-8') as f:
for UrlLine in f: #设置头文件使用的字符类型和开头的名字
try:
print(
"\033[32m[ + ] In batch scan, the current target is:\033[0m"
+ "\033[33m {}\033[0m".format(
UrlLine.replace('\n', '')))
San(Pool, UrlLine.strip("\r\n"), AgentHeader,
Module, Proxies, **kwargs)
ClassCongregation.NumberOfLoopholes().Result(
ClassCongregation.WriteFile().GetFileName(
Url)) # 输出扫描结果个数
#ThreadPool.NmapAppend(NmapScan,Urls)#把Nmap放到多线程中
#print("\033[32m[ + ] NmapScan component payload successfully loaded\033[0m")
except Exception as e:
ClassCongregation.ErrorLog().Write(
"InitialScan(def)CyclicError", e)
except Exception as e:
ClassCongregation.ErrorLog().Write(
"InitialScan(def)ErrorReadingFile", e)
print(
"\033[31m[ ! ] Please check the file path or the file content is correct\033[0m"
)
except Exception as e:
ClassCongregation.ErrorLog().Write("InitialScan(def)functionCallError",
e)
print("\033[31m[ ! ] Please enter the correct file path!\033[0m")
def San(ThreadPool,Url,agentHeader,UnixTimestamp,Module):
#POC模块存进多线程池,这样如果批量扫描会变快很多
ModName=["Struts2","Confluence","Nginx","Apache","PHPStudy","Cms","Oa","Jenkins","Harbor","Rails","Kibana","Citrix","Mongo","Spring","FastJson","Windows"]
if Module==None:
print("\033[1;40;32m[ + ] Scanning across modules:\033[0m" + "\033[1;40;35m AllMod \033[0m")
Struts2.Main(ThreadPool, Url, agentHeader, UnixTimestamp)# 调用Struts2主函数
ConfluenceMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用 Confluence主函数
NginxMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)#调用Nginx主函数
ApacheMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Apache主函数
PHPStudy.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Php主函数
CmsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Cms主函数
OaMian.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用OA主函数
JenkinsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp) # 调用Jenkins主函数
Harbor.Main(ThreadPool, Url, agentHeader, UnixTimestamp)# 调用Harbor主函数
RailsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用RailsMain主函数
KibanaMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp) # 调用KibanaMain主函数
CitrixMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用CitrixMain主函数
MongoMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用MongoMain主函数
SpringMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用SpringMain主函数
FastJson.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用FastJson主函数
Windows.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Windwos主函数
elif Module != None and Module in ModName:
print("\033[1;40;32m[ + ] The separate scan module is:\033[0m"+"\033[1;40;35m {} \033[0m".format(Module))
if Module == "Struts2":
Struts2.Main(ThreadPool, Url, agentHeader, UnixTimestamp) # 调用Struts2主函数
if Module == "Confluence":
ConfluenceMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用 Confluence主函数
if Module == "Nginx":
NginxMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)#调用Nginx主函数
if Module == "Apache":
ApacheMain.Main(ThreadPool, Url, agentHeader, UnixTimestamp) # 调用Apache主函数
if Module == "PHPStudy":
PHPStudy.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Php主函数
if Module == "Cms":
CmsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用Cms主函数
if Module=="Oa":
OaMian.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用OA主函数
if Module=="Jenkins":
JenkinsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp) # 调用Jenkins主函数
if Module=="Harbor":
Harbor.Main(ThreadPool, Url, agentHeader, UnixTimestamp)# 调用Harbor主函数
if Module=="Rails":
RailsMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用RailsMain主函数
if Module=="Kibana":
KibanaMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp) # 调用KibanaMain主函数
if Module=="Citrix":
CitrixMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用CitrixMain主函数
if Module == "Mongo":
MongoMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用MongoMain主函数
if Module == "Spring":
SpringMain.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用SpringMain主函数
if Module == "FastJson":
FastJson.Main(ThreadPool,Url,agentHeader,UnixTimestamp)# 调用FastJson主函数
if Module=="Windows":
Windows.Main(ThreadPool, Url, agentHeader, UnixTimestamp) # 调用Windwos主函数
else:
print("\033[1;40;31m[ ! ] Please enter the correct scan module name\033[0m")
os._exit(0) # 直接退出整个函数
ThreadPool.Start(ThreadNumber)#启动多线程
ClassCongregation.NumberOfLoopholes() # 输出扫描结果个数
)
os._exit(0) #直接退出整个函数
elif Url != None and InputFileName != None: #如果既输入URL又输入URL文件夹一样退出
print(
"\033[1;40;31m[ ! ] Incorrect input, please enter -h to view help\033[0m"
)
os._exit(0) #直接退出整个函数
#thread_list.append(threading.Thread(target=BoomDB, args=(Url, SqlUser, SqlPasswrod,InputFileName,)))#数据库爆破功能
if SubdomainEnumerate == True and Subdomain == True: #对参数判断参数互斥
print(
"\033[1;40;31m[ ! ] Incorrect input, please enter -h to view help\033[0m"
)
elif SubdomainEnumerate == True:
SubdomainJudge = "a"
ThreadPool.SubdomainAppend(SubdomainCrawling, Url,
SubdomainJudge) #发送到多线程池中
elif Subdomain == True:
SubdomainJudge = "b"
ThreadPool.SubdomainAppend(SubdomainCrawling, Url, SubdomainJudge)
InitialScan(ThreadPool, InputFileName, Url, UnixTimestamp, Module,
agentHeader) #最后启动主扫描函数,这样如果多个IP的话优化速度,里面会做url或者url文件的判断
ClassCongregation.NumberOfLoopholes() #输出扫描结果个数
# from IPy import IP
# ip = IP('192.168.0.0/28')#后面批量生成C段扫描会用到
# print(ip.len())#IP个数有多少
# for x in ip:
# print(x)
