def gener():
f = open('output.log', 'a', encoding='utf-8')
webinfo = Sqldb(dbname).query('select domain,ipaddr,title,server,apps,waf,os from webinfo')
for i in webinfo:
domain, ipaddr, title, server, apps, waf, os = i
print('\n' + '*' * 40 + ' ' + domain + ' ' + '*' * 40)
f.write('\n' + '*' * 40 + ' ' + domain + ' ' + '*' * 40 + '\n')
print('{}|{}|{}|{}|{}'.format(domain, ipaddr, title, server, waf))
f.write('{}|{}|{}|{}|{}'.format(domain, ipaddr, title, server, waf) + '\n')
print('指纹:' + str(apps))
f.write('指纹:' + str(apps) + '\n')
print('操作系统:' + str(os))
f.write('操作系统:' + str(os) + '\n')
ports = Sqldb(dbname).query(f"select ipaddr,service,port from ports where ipaddr = '{domain}'")
for port in ports:
domain, server, port = port
print(domain, server, port)
f.write('{}\t{}\t{}'.format(domain, server, port) + '\n')
urls = Sqldb(dbname).query(f"select title,url,contype,rsp_len,rsp_code from urls where domain = '{domain}'")
for url in urls:
title, url, contype, rsp_len, rsp_code = url
print('{}\t{}\t{}\t{}t{}'.format(title, url, contype, rsp_len, rsp_code))
f.write('{}\t{}\t{}\t{}t{}'.format(title, url, contype, rsp_len, rsp_code) + '\n')
vulns = Sqldb(dbname).query(f"select vuln from vuln where domain = '{ipaddr}'")
for vuln in vulns:
print(vuln[0])
f.write(vuln[0] + '\n')
class ActiveCheck():
def __init__(self, hosts):
self.hosts = hosts
self.out = []
def check_db(self, hosts):
self.out = Sqldb('result').query_db(hosts)
def check(self, url):
loc = parse.urlparse(url)
if getattr(loc, 'netloc'):
host = loc.netloc
else:
host = loc.path
try:
if not re.search(r'\d+\.\d+\.\d+\.\d+', host):
dns.resolver.query(host, 'A')
if PING:
try:
if platform.system() == 'Windows':
subprocess.check_output(
['ping', '-n', '2', '-w', '1', host])
else:
subprocess.check_output(['ping', '-c 2', '-W 1', host])
self.out.append(url)
except subprocess.CalledProcessError:
console('PING', host, "is not alive\n")
return False
except Exception as e:
logging.exception(e)
else:
self.out.append(url)
except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN):
console('DnsCheck', host, "No A record\n")
except Exception as e:
logging.exception(e)
return False
def disable(self):
# 求生欲名单
# 禁止扫描所有gov.cn与edu.cn结尾的域名,遵守法律!!!
for i in self.out:
if re.search(r'gov\.cn|edu\.cn$', i):
console('Disable', i, "Do not scan this domain\n")
sys.exit(1)
def pool(self):
with concurrent.futures.ThreadPoolExecutor(max_workers=20) as executor:
executor.map(self.check, self.hosts)
if CHECK_DB:
self.check_db(list(set(self.out)))
self.disable()
return self.out
def run(self):
scripts = []
try:
for _ in glob.glob('script/*.py'):
script_name = os.path.basename(_).replace('.py', '')
vuln = importlib.import_module('script.%s' % script_name)
scripts.append(vuln)
# 随机打乱脚本加载顺序
random.shuffle(scripts)
with concurrent.futures.ThreadPoolExecutor(
max_workers=20) as executor:
vulns = {
executor.submit(self.vuln, script): script
for script in scripts
}
for future in concurrent.futures.as_completed(vulns,
timeout=3):
future.result()
self.out = list(filter(None, self.out))
for i in self.out:
console('Vuln', self.ip, i + '\n')
Sqldb(self.dbname).get_vuln(self.ip, self.out)
except (EOFError, concurrent.futures._base.TimeoutError):
pass
except Exception as e:
logging.exception(e)
def gen_ports():
tableData = []
sql = 'select time,ipaddr,service,port,banner from ports'
try:
res = Sqldb(dbname).query(sql)
for i in res:
time, ipaddr, service, port, banner = i
ports = {
"time": time,
"ip": ipaddr,
"port": port,
"service": service,
"banner": banner
}
tableData.append(ports)
column = [
{
"field": "time",
"title": "TIME",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "ip",
"title": "IP",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "port",
"title": "PORT",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "service",
"title": "SERVICE",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "banner",
"title": "Banner",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
]
data = {"name": "Ports", "tableData": tableData, "columns": column}
return data
except TypeError:
pass
except Exception as e:
logging.exception(e)
class ActiveCheck():
def __init__(self, hosts):
self.hosts = hosts
self.out = []
def check_db(self, hosts):
self.out = Sqldb('result').query_db(hosts)
def check(self, url):
loc = parse.urlparse(url)
if getattr(loc, 'netloc'):
host = loc.netloc
else:
host = loc.path
try:
if not re.search(r'\d+\.\d+\.\d+\.\d+', host):
dns.resolver.query(host, 'A')
if PING:
try:
if platform.system() == 'Windows':
subprocess.check_output(
['ping', '-n', '2', '-w', '1', host])
else:
subprocess.check_output(['ping', '-c 2', '-W 1', host])
self.out.append(url)
except Exception as e:
sys.stdout.write(bcolors.OKGREEN +
"{} is not alive\n".format(host) +
bcolors.ENDC)
return False
else:
self.out.append(url)
except Exception as e:
return False
def pool(self):
sys.stdout.write(bcolors.RED + "Start Ping ...\n\n" + bcolors.ENDC)
with concurrent.futures.ThreadPoolExecutor(max_workers=20) as executor:
executor.map(self.check, self.hosts)
if CHECK_DB:
self.check_db(list(set(self.out)))
return self.out
def gen_urls():
tableData = []
sql = 'select time,domain,url,contype,rsp_code from urls' #命令
try:
res = Sqldb(dbname).query(sql) #命令执行
if res:
for i in res:
time, domain, url, contype, rsp_code = i
urls = {
"time": time,
"domain": domain,
"url": url,
"contype": contype,
"rsp_code": rsp_code
}
tableData.append(urls) #添加
column = [{
"field": "time",
"title": "TIME",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "domain",
"title": "Domain",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "url",
"title": "URL",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "contype",
"title": "ConType",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "rsp_code",
"title": "rsp_code",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}]
data = {"name": "URLS", "tableData": tableData, "columns": column}
return data #信息返回
except TypeError:
pass
except Exception as e:
pass
def pool(self):
result = self.parse_html(self.host)
with concurrent.futures.ThreadPoolExecutor(max_workers=30) as executor:
executor.map(self.parse_html, result)
jslink = JsLeaks().pool(self.js)
self.result.extend(jslink)
self.links = dedup_link(self.links)
self.links = list(map(lambda x: 'Dynamic: ' + x, self.links))
self.result.extend(self.links)
self.result = list(set(self.result))
for i in self.result:
console('Crawl', self.host, i + '\n')
Sqldb('result').get_crawl(self.domain, self.result)
def query():
print(Bcolors.RED + '网站数量:' + Bcolors.ENDC)
sql = 'select count(*) from webinfo'
_ = Sqldb(dbname).query(sql)
print(_[0][0])
sql = 'select service,count(service) as num from ports group by service order by num DESC'
service = Sqldb(dbname).query(sql)
print(Bcolors.RED + '服务统计:' + Bcolors.ENDC)
for i in service:
print(i[0], i[1])
print(Bcolors.RED + 'Webinfo:' + Bcolors.ENDC)
sql = 'select apps from webinfo where apps is not null'
webinfo = Sqldb(dbname).query(sql)
result = []
for i in webinfo:
result.extend(i[0].split(' , '))
out = get_top(result)
for j in out:
cms,count = j.split('|')
print(cms,count)
print(Bcolors.RED + '端口统计:' + Bcolors.ENDC)
sql = 'select port,count(port) as num from ports group by port order by num DESC limit 0,20'
ports = Sqldb(dbname).query(sql)
for i in ports:
print(i[0], i[1])
print(Bcolors.RED + 'C段统计:' + Bcolors.ENDC)
cidrs = []
sql = 'select ipaddr from webinfo order by ipaddr'
cidr = Sqldb(dbname).query(sql)
for i in cidr:
cidrs.append(i[0])
get_cidr(cidrs)
print(Bcolors.RED + '可疑URL:' + Bcolors.ENDC)
sql = "select domain,title,url,contype,rsp_len,rsp_code from urls where contype!='html' and contype !='vnd.microsoft.icon' and contype !='plain'"
urls = Sqldb(dbname).query(sql)
for i in urls:
domain, title, url, contype, rsp_len, rsp_code = i
if rsp_code == '200' and contype != 'None':
print(domain, title, url, contype, rsp_len, rsp_code)
print(Bcolors.RED + 'WAF:' + Bcolors.ENDC)
sql = 'select waf,count(waf) as num from webinfo where waf is not NULL group by waf order by num DESC'
waf = Sqldb(dbname).query(sql)
for i in waf:
print(i[0], i[1])
print(Bcolors.RED + '地区分布:' + Bcolors.ENDC)
sql = 'select address,count(address) as num from webinfo where address is not NULL group by address order by num DESC limit 0,20'
country = Sqldb(dbname).query(sql)
for i in country:
print(i[0], i[1])
def gen_ports():
tableData = []
sql = 'select time,ipaddr,service,port from ports' #命令
try:
res = Sqldb(dbname).query(sql) #命令执行
for i in res:
time, ipaddr, service, port = i
ports = {
"time": time,
"ip": ipaddr,
"port": port,
"service": service,
} #端口信息
tableData.append(ports) #信息添加到列表
column = [
{
"field": "time",
"title": "TIME",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "ip",
"title": "IP",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "port",
"title": "PORT",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "service",
"title": "SERVICE",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
]
data = {"name": "Ports", "tableData": tableData, "columns": column}
return data #返回信息
except TypeError:
pass
except Exception as e:
pass
def gen_crawl():
tableData = []
sql = 'select time, domain, type,leaks from crawl'
try:
res = Sqldb(dbname).query(sql)
for i in res:
time, domain, type, leaks = i
vuln = {
"time": time,
"domain": domain,
"type": type,
"leaks": leaks
}
tableData.append(vuln)
column = [
{
"field": "time",
"title": "TIME",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "domain",
"title": "DOMAIN",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "type",
"title": "TYPE",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "leaks",
"title": "Leaks",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
]
data = {"name": "Crawl", "tableData": tableData, "columns": column}
return data
except TypeError:
pass
except Exception as e:
logging.exception(e)
def get_port(ipaddr): #获得Ip端口
try:
sql = "select port from ports where ipaddr='{}'".format(ipaddr) #命令
getport = Sqldb(dbname).query(sql) #命令执行
if getport:
result = []
for i in getport: #遍历端口
result.append(i[0])
result = list(map(int, result)) #强制转换
result = sorted(result)
result = list(map(str, result))
ports = ' , '.join(result)
return ports #元组
except Exception as e:
pass
def get_port(ipaddr):
try:
sql = "select port from ports where ipaddr='{}'".format(ipaddr)
getport = Sqldb(dbname).query(sql)
if getport:
result = []
for i in getport:
result.append(i[0])
result = list(map(int, result))
result = sorted(result)
result = list(map(str, result))
ports = ' , '.join(result)
return ports
except Exception as e:
logging.exception(e)
def run(self):
scripts = []
try:
for _ in glob.glob('script/*.py'):
script_name = os.path.basename(_).replace('.py', '')
vuln = importlib.import_module('script.%s' % script_name)
scripts.append(vuln)
with concurrent.futures.ThreadPoolExecutor(
max_workers=20) as executor:
executor.map(self.vuln, scripts)
self.out = list(filter(None, self.out))
for i in self.out:
console('Vuln', self.ip, i + '\n')
brute_result = Crack().pool(self.ip, self.ports)
if brute_result:
self.out.extend(brute_result)
Sqldb('result').get_vuln(self.ip, self.out)
except Exception as e:
logging.exception(e)
def gen_vuln():
tableData = []
sql = 'select time, domain, vuln from vuln'
try:
res = Sqldb(dbname).query(sql)
for i in res:
time, ip, vuln = i
vuln = {"time": time, "ip": ip, "vuln": vuln}
tableData.append(vuln)
column = [
{
"field": "time",
"title": "TIME",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "ip",
"title": "IP",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "vuln",
"title": "VULN",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
]
data = {"name": "Vuln", "tableData": tableData, "columns": column}
return data
except TypeError:
pass
except Exception as e:
logging.exception(e)
def pool(self):
result = self.parse_html(self.host)
try:
with concurrent.futures.ThreadPoolExecutor(
max_workers=30) as executor:
futures = [executor.submit(self.parse_html, i) for i in result]
for future in concurrent.futures.as_completed(futures,
timeout=3):
future.result()
except (EOFError, concurrent.futures._base.TimeoutError):
pass
except Exception as e:
logging.exception(e)
jslink = JsLeaks().pool(self.js)
self.result.extend(jslink)
self.result = list(set(self.result))
for i in self.result:
console('Crawl', self.host, i + '\n')
Sqldb(self.dbname).get_crawl(self.domain, self.result)
def check_db(self, hosts):
self.out = Sqldb('result').query_db(hosts)
def gen_webinfo():
tableData = []
sql = 'select time,domain,waf,title,apps,server,address,ipaddr,os,pdns,reverseip from webinfo'
try:
res = Sqldb(dbname).query(sql)
for i in res:
time, domain, waf, title, apps, server, address, ipaddr, os, pdns, reverseip = i
ports = get_port(domain)
webinfo = {
"time": time,
"domain": domain,
"waf": waf,
"title": title,
"apps": apps,
"server": server,
"address": address,
"ipaddr": ipaddr,
"ports": ports,
"os": os,
"reverseip": reverseip
}
tableData.append(webinfo)
column = [
{
"field": "time",
"title": "TIME",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "domain",
"title": "domain",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "waf",
"title": "waf",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "title",
"title": "title",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "apps",
"title": "apps",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "server",
"title": "server",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "address",
"title": "address",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "ipaddr",
"title": "ipaddr",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "ports",
"title": "ports",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "os",
"title": "os",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
# {"field": "pdns", "title": "pdns", "width": 100, "tilteAlign": "center", "columnAlign": "center"},
{
"field": "reverseip",
"title": "reverseip",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
]
data = {"name": "webinfo", "tableData": tableData, "columns": column}
return data
except TypeError:
pass
except Exception as e:
logging.exception(e)
def subdomain_save(data):
Sqldb('result').get_subdomain(data) #保存到数据库
def save(self, ipaddr, result):
Sqldb(self.dbname).get_ports(ipaddr, result) #将信息保存到数据库中
def gen_urls():
tableData = []
sql = 'select time,domain,title,url,contype,rsp_len,rsp_code from urls'
try:
res = Sqldb(dbname).query(sql)
for i in res:
time, domain, title, url, contype, rsp_len, rsp_code = i
urls = {
"time": time,
"domain": domain,
"title": title,
"url": url,
"contype": contype,
"rsp_len": rsp_len,
"rsp_code": rsp_code
}
tableData.append(urls)
column = [{
"field": "time",
"title": "TIME",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "domain",
"title": "domain",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "title",
"title": "title",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "url",
"title": "url",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "contype",
"title": "contype",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "rsp_len",
"title": "rsp_len",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}, {
"field": "rsp_code",
"title": "rsp_code",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
}]
data = {"name": "URLS", "tableData": tableData, "columns": column}
return data
except Exception as e:
print(e)
def save(self, result):
Sqldb('result').get_vuln(self.ip, result)
def web_save(webinfo, dbname):
Sqldb(dbname).get_webinfo(webinfo) #保存到数据库
class ActiveCheck():
def __init__(self, hosts):
self.hosts = hosts
self.out = []
def check_db(self, hosts):
self.out = Sqldb('result').query_db(hosts)
def check(self, url):
loc = parse.urlparse(url)
if getattr(loc, 'netloc'):
host = loc.netloc
else:
host = loc.path
try:
if not re.search(r'\d+\.\d+\.\d+\.\d+', host):
# 验证DNS存活并且DNS不能是一些特殊IP(DNSIP、内网IP)
resolver = dns.resolver.Resolver()
resolver.nameservers = ['223.5.5.5', '1.1.1.1', '8.8.8.8']
a = resolver.query(host, 'A')
for i in a.response.answer:
for j in i.items:
if hasattr(j, 'address'):
if re.search(
r'1\.1\.1\.1|8\.8\.8\.8|127\.0\.0\.1|114\.114\.114\.114',
j.address):
return False
if PING:
try:
# Windows调用ping判断存活 Linux调用nmap来判断主机存活
# nmap判断存活会先进行ping然后连接80端口,这样不会漏掉
if platform.system() == 'Windows':
subprocess.check_output(
['ping', '-n', '2', '-w', '1', host])
else:
nm = nmap.PortScanner()
result = nm.scan(hosts=host, arguments='-sP -n')
for k, v in result.get('scan').items():
if not v.get('status').get('state') == 'up':
console('PING', host, "is not alive\n")
return False
self.out.append(url)
except subprocess.CalledProcessError:
console('PING', host, "is not alive\n")
return False
except Exception as e:
logging.exception(e)
else:
self.out.append(url)
except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN,
dns.resolver.NoNameservers):
console('DnsCheck', host, "No A record\n")
except dns.exception.Timeout:
console('DnsCheck', host, "Timeout\n")
except Exception as e:
logging.exception(e)
return False
def disable(self):
# 禁止扫描所有敏感域名,遵守法律!!!
for i in self.out:
if re.search(
r'\.org\.cn|\.com\.cn|\.cn|gov\.cn|edu\.cn|\.mil|\.aero|\.int|\.go\.\w+$|\.ac\.\w+$',
i):
console('Disable', i, "Do not scan this domain\n\n")
sys.exit(1)
def pool(self):
try:
with concurrent.futures.ThreadPoolExecutor(
max_workers=20) as executor:
result = {
executor.submit(self.check, i): i
for i in self.hosts
}
for future in concurrent.futures.as_completed(result,
timeout=3):
future.result()
except (EOFError, concurrent.futures._base.TimeoutError):
pass
except Exception as e:
logging.exception(e)
if CHECK_DB:
self.check_db(list(set(self.out)))
self.disable()
return self.out
def save(self, urls):
Sqldb(self.dbname).get_urls(urls)
class ActiveCheck:
def __init__(self, hosts):
self.hosts = hosts
self.out = []
def check_db(self, hosts):
self.out = Sqldb('result').query_db(hosts)
def check(self, url):
loc = parse.urlparse(url)
if getattr(loc, 'netloc'):
host = loc.netloc
else:
host = loc.path
# 验证国家
if VERIFY_COUNTRY:
if verify_country(host):
console('Disable', host, "Disable Country\n")
return False
if re.search(r'\d+\.\d+\.\d+\.\d+', host):
if not WhiteIP().checkip(host):
console('Disable', host, "China IP\n")
return False
if re.search(
r'\.org\.cn|\.com\.cn|\.cn|gov\.cn|edu\.cn|\.mil|\.aero|\.int|\.go\.\w+$|\.ac\.\w+$',
host):
console('Disable', host, "Do not scan this domain\n")
return False
try:
# 判断是IP还是域名,域名的话需要检测域名解析
if not re.search(r'\d+\.\d+\.\d+\.\d+', host):
# 验证DNS存活并且DNS解析不能是一些特殊IP(DNSIP、内网IP)
console('Dnscheck', host, 'query dns a records\n')
resolver = dns.resolver.Resolver()
resolver.nameservers = ['1.1.1.1', '8.8.8.8']
a = resolver.query(host, 'A')
for i in a.response.answer:
for j in i.items:
if hasattr(j, 'address'):
# if re.search(r'\d+\.\d+\.\d+\.\d+', j.address):
# if not WhiteIP().checkip(j.address):
# console('Disable', j.address, "China IP\n")
# return False
if re.search(
r'1\.1\.1\.1|8\.8\.8\.8|127\.0\.0\.1|114\.114\.114\.114|0\.0\.0\.0',
j.address):
return False
if PING:
try:
# Windows调用ping判断存活 Linux调用nmap来判断主机存活
# nmap判断存活会先进行ping然后连接80端口,这样不会漏掉
if platform.system() == 'Windows':
console('PING', host, 'Ping scan\n')
subprocess.check_output(
['ping', '-n', '2', '-w', '1', host])
self.out.append(url)
else:
console('PING', host, 'Nmap Ping scan\n')
nm = nmap.PortScanner()
result = nm.scan(hosts=host, arguments='-sP -n')
for k, v in result.get('scan').items():
if not v.get('status').get('state') == 'up':
console('PING', host, "is not alive\n")
return False
else:
self.out.append(url)
except (AttributeError, subprocess.CalledProcessError,
xml.etree.ElementTree.ParseError,
nmap.nmap.PortScannerError):
console('PING', host, "is not alive\n")
return False
except Exception as e:
logging.exception(e)
return False
else:
self.out.append(url)
except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN,
dns.resolver.NoNameservers):
console('DnsCheck', host, "No A record\n")
except dns.exception.Timeout:
console('DnsCheck', host, "Timeout\n")
except Exception as e:
logging.exception(e)
return False
def pool(self):
try:
with concurrent.futures.ThreadPoolExecutor(
max_workers=20) as executor:
result = {
executor.submit(self.check, i): i
for i in self.hosts
}
for future in concurrent.futures.as_completed(result,
timeout=3):
future.result()
except (EOFError, concurrent.futures._base.TimeoutError):
pass
except Exception as e:
logging.exception(e)
if CHECK_DB:
self.check_db(list(set(self.out)))
return self.out
def handle(self): # 进行调度
try:
dbname = 'result'
banner()
print('-' * 43)
usage()
print('-' * 43)
while True:
show = input(Bcolors.RED + '[JR]>> ' + Bcolors.ENDC) # 红色
if show in ['1', 'Information_Scan']:
target = input(Bcolors.RED +
'[JR/Information_Scan/Set_Target]>>' +
Bcolors.ENDC)
lives = add(target)
for i in lives:
start(i, dbname)
elif show in ['2', 'POC_Scan']:
poc_use()
while True:
command, keywords = input(Bcolors.RED +
'[JR/POC_Scan/]>>' +
Bcolors.ENDC).split()
if command == 'search' and keywords:
search(keywords)
elif command == "show" and keywords == 'poc':
show_poc()
elif command == 'use' and keywords:
target = input(Bcolors.RED +
'[JR/POC_Scan/Set_Target]>>' +
Bcolors.ENDC)
lives = add(target)
for live in lives:
for i in use(keywords, live):
Sqldb(dbname).get_vuln(i, keywords)
elif command == 'back' and keywords == 'menu':
break
else:
print(Bcolors.WARNING + '[-] 提示: 输入错误...' +
Bcolors.ENDC)
elif show in ['3', 'AWVS_Check']:
awvs_check = awvs()
awvs_check.usage()
while True:
command = input(Bcolors.RED + '[JR/AWVS_Check/]>>' +
Bcolors.ENDC)
if command == 'scan':
awvs_check.scan()
elif command == "stop":
awvs_check.stop()
elif command == 'delete':
awvs_check.delete()
elif command == 'view':
awvs_check.view()
elif command == 'back':
break
else:
print(Bcolors.WARNING + '[-] 提示: 输入错误...' +
Bcolors.ENDC)
elif show in ['4', 'H5_Create']:
gener()
elif show in ['5', 'Help']:
usage()
elif show in ['6', 'exit']:
break
elif show == '':
pass
else:
print(Bcolors.WARNING + '[-] 提示: 输入错误...' + Bcolors.ENDC)
except KeyboardInterrupt as e:
print(e)
def save(self, ipaddr, result):
Sqldb('result').get_ports(ipaddr, result)
def web_save(webinfo):
Sqldb('result').get_webinfo(webinfo)
def gen_subdomain():
tableData = []
sql = 'select time,domain,waf,title,apps,server,address,ipaddr,os from subdomain'
try:
res = Sqldb(dbname).query(sql)
for i in res:
time, domain, waf, title, apps, server, address, ipaddr, os = i
webinfo = {
"time": time,
"domain": domain,
"waf": waf,
"title": title,
"apps": apps,
"server": server,
"address": address,
"ipaddr": ipaddr,
"os": os,
}
tableData.append(webinfo) # 网站信息添加到列表
column = [
{
"field": "time",
"title": "TIME",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "domain",
"title": "domain",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "waf",
"title": "waf",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "title",
"title": "title",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "apps",
"title": "apps",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "server",
"title": "server",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "address",
"title": "address",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "ipaddr",
"title": "ipaddr",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
{
"field": "os",
"title": "os",
"width": 100,
"tilteAlign": "center",
"columnAlign": "center"
},
]
data = {
"name": "Subdomain",
"tableData": tableData,
"columns": column
} # 字典格式写进网站
return data
except TypeError:
pass
except Exception as e:
pass
