def __parse_domain_ip(self, line): '''解析DOMAIN与IP ''' host = line[0] ip = line[1] title = line[3] # 只保留和解析ipv4地址 if not check_ip_or_domain(ip): return None data = host.replace('https://', '').replace('http://', '').split(':')[0] # 去除IP if not check_ip_or_domain(data): domain = { 'domain': data, 'A': [ ip, ] } if title: domain['title'] = [ title, ] return domain else: return None
def execute(self): '''执行域名扫描 ''' domain_target = [] # 筛选出域名目标 for host in self.target: if not check_ip_or_domain(host): domain_target.append(host) # 采用set去除发现的重复域名 domain_result_set = set() domain_result_set.update(domain_target) # sublist3r if self.subdomain: subdomain = Sublist3r() domain_result_set.update( [d['domain'] for d in subdomain.execute(domain_target)]) # 子域名爆破 if self.subdomainbrute: subdomainbrute = SubDmainBrute() domain_result_set.update( [d['domain'] for d in subdomainbrute.execute(domain_target)]) # subfinder if self.subfinder: subfinder = Subfinder() domain_result_set.update( [d['domain'] for d in subfinder.execute(domain_target)]) # jsfinder if self.jsfinder: jsfinder = JSFinderDomain() domain_result_set.update( [d['domain'] for d in jsfinder.execute(domain_target)]) domain_result_list = [] for host in domain_result_set: if not check_ip_or_domain(host): domain_result_list.append({'domain': host}) # 获取域名的IP ipdomain = IpDomain() ipdomain.execute(domain_result_list) # 去除无法解析到IP的域名 domain_result_valid_list = [] for domain_resovled in domain_result_list: if domain_resovled['A'] or domain_resovled['CNAME']: domain_result_valid_list.append(domain_resovled) # whatweb if self.whatweb: whatweb = WhatWeb() whatweb.execute(domain_result_valid_list) # httpx if self.httpx: httpx_app = Httpx() httpx_app.execute(domain_result_valid_list) return domain_result_list
def __parse_ip_port(self, line): '''解析IP与PORT ''' ip = line[1] # 只保留和解析ipv4地址 if not check_ip_or_domain(ip): return None port = int(line[2]) title = line[3] server = line[4] location = ' '.join([line[5], line[6], line[7]]) p = {'port': port, 'status': 'N/A'} if title: p['title'] = title if server: p['server'] = server ip_port = { 'ip': ip, 'status': 'N/A', 'port': [ p, ] } # if len(location) > 2: # ip_port['location'] = location return ip_port
def prepare(self, options): '''解析参数 ''' self.org_id = self.get_option('org_id', options, self.org_id) ipdomain = IpDomain() self.target = [] for host in options['target']: if check_ip_or_domain(host): ip = parse_ip(host) if not ip: continue if isinstance(ip, list): for t in ip: self.target.append({'ip': t}) else: self.target.append({'ip': ip}) # 获取域名IP信息 else: iplist = ipdomain.fetch_domain_ip(host) self.save_domain(([ iplist, ])) # 如果没有CDN,则将ip地址加入到扫描目标地址 if len(iplist['CNAME']) == 0 and len(iplist['A']) > 0: for ip in iplist['A']: self.target.append({'ip': ip})
def execute(self): '''执行域名扫描 ''' # 获取当前域名的IP ipdomain = IpDomain() domain_target = [] # 筛选出域名目标 for host in self.target: if not check_ip_or_domain(host): domain_target.append({'domain': host}) # 解析域名IP domain_result_list = ipdomain.execute(domain_target) # 子域名查询 if self.subdomain: subdomain = SubDmain() sub_domain_list = subdomain.execute(self.target) domain_result_list.extend(ipdomain.execute(sub_domain_list)) # 获取域名的title if self.webtitle: webtitle = WebTitle() webtitle.execute_domain(domain_result_list) # whatweb if self.whatweb: whatweb = WhatWeb() whatweb.execute(domain_result_list) return domain_result_list
def prepare(self, options): '''解析参数 ''' # 将 [url1,url2,ur3...]格式处理为ip和domain表的格式 target_list = [] for t in options['target']: u = t.split(':') port = u[1] if len(u) == 2 else 80 # IP地址 if check_ip_or_domain(u[0]): for i in target_list: if 'port' in i and 'port' in i and i['port'] == u[0]: i['port'].append({'port': port}) break else: target_list.append({ 'port': u[0], 'port': [{ 'port': port }] }) else: # 域名 for d in target_list: if 'domain' in d and d['domain'] == t: break else: target_list.append({'domain': t}) self.target = target_list self.org_id = self.get_option('org_id', options, self.org_id)
def execute(self): '''执行域名扫描 ''' # 获取当前域名的IP ipdomain = IpDomain() domains = [] for host in self.target: if not check_ip_or_domain(host): domains.append({'domain': host}) domain_list = ipdomain.execute_domainip(domains) # 子域名查询 if self.subdomain: subdomain = SubDmain() sub_domain_list = subdomain.execute(self.target) domain_list.extend(ipdomain.execute_domainip(sub_domain_list)) # # FOFA查询 # if self.fofasearch: # fofa = Fofa() # _, fofa_domain_list = fofa.execute(self.target) # domain_list.extend(fofa_domain_list) # 获取域名的title if self.webtitle: webtitle = WebTitle() webtitle.execute_domain(domain_list) return domain_list
def prepare(self, options): '''解析参数 ''' self.org_id = self.get_option('org_id', options, self.org_id) self.whatweb = self.get_option('whatweb', options, self.whatweb) self.httpx = self.get_option('httpx', options, self.httpx) self.iplocation = self.get_option('iplocation', options, self.iplocation) self.bin = self.get_option('bin', options, self.bin) # 将域名转换为IP target_ip = [] ipdomain = IpDomain() for t in options['target']: host = t.strip() if check_ip_or_domain(host): target_ip.append(host) else: # 获取域名IP信息 iplist = ipdomain.fetch_domain_ip(host) # 保存到数据库 self.save_domain([iplist, ]) # 如果没有CDN,则将ip地址加入到扫描目标地址 if len(iplist['CNAME']) == 0 and len(iplist['A']) > 0: target_ip.extend(iplist['A']) options['target'] = target_ip
def prepare(self, options): '''解析参数 ''' self.org_id = self.get_option('org_id',options,self.org_id) for host in options['target']: if check_ip_or_domain(host): self.target.append({'ip': host}) else: self.target.append({'domain': host})
def execute(self, target): '''查询Shodan ''' ip_port = [] for t in target: # 查询host if check_ip_or_domain(t): result = self.__shodan_search(t) if result: ip_port.append(result) return ip_port
def prepare(self, options): '''解析参数 ''' for t in options['target']: if check_ip_or_domain(t): ip_target = parse_ip(t) if ip_target and isinstance(ip_target, (tuple, list)): self.target.extend(ip_target) else: self.target.append(ip_target) else: self.target.append(t) self.org_id = self.get_option('org_id', options, self.org_id)
def execute(self, target): '''查询FOFA ''' ip_port = [] domain_ip = [] for t in target: # 查询FOFA result = self.__fofa_search('{}="{}" || host="{}"'.format( 'ip' if check_ip_or_domain(t) else 'domain', t, t)) # 解析结果 for line in result: ipp = self.__parse_ip_port(line) if ipp: ip_port.append(ipp) dip = self.__parse_domain_ip(line) if dip: domain_ip.append(dip) return ip_port, domain_ip
def execute(self, target): '''查询FOFA ''' ip_port = [] domain_ip = [] for t in target: # 查询FOFA if check_ip_or_domain(t): query_str = 'ip="{0}" || host="{0}" '.format(t) else: query_str = 'domain="{0}" || host="{0}" || cert="{0}"'.format(t) result = self.__fofa_search(query_str) # 解析结果 for line in result: ipp = self.__parse_ip_port(line) if ipp: ip_port.append(ipp) dip = self.__parse_domain_ip(line) if dip: domain_ip.append(dip) return ip_port, domain_ip