def doGoogleHacking(args, out):
'''
Google Hacking功能
'''
out.init(u"Google Hacking功能", args.output)
keywords = args.keywords.decode(sys.stdin.encoding)
engineName = args.engine.lower().strip() if args.engine else "bing"
size = args.size if args.size else 20
if engineName == "baidu":
engine = Baidu()
elif engineName == "bing":
engine = Bing()
elif engineName == "google":
engine = Google()
else:
out.error(
u"不支持 '{0}' 搜索引擎,必须为 baidu/bing/google 之一".format(engineName))
return False
hostSet = set()
out.warnning(u"'{0}' 在 '{1}' 中的搜索结果如下:\n".format(keywords, engineName))
for item in engine.search(keywords, size):
if not args.unique:
out.info(out.Y("{0:>6} : ".format("title")) + item.title)
out.info(out.Y("{0:>6} : ".format("url")) + item.url + "\n")
out.writeLine(item.url)
else:
host = URL.getHost(item.url)
if host:
if host not in hostSet:
hostSet.add(host)
out.info(out.Y("{0:>6} : ".format("title")) + item.title)
out.info(
out.Y("{0:>6} : ".format("url")) + item.url + "\n")
out.writeLine(item.url)
else:
continue
def doGoogleHacking(args, out):
'''
Google Hacking功能
'''
out.init(u"Google Hacking功能", args.output)
keywords = args.keywords.decode(sys.stdin.encoding)
engineName = args.engine.lower().strip() if args.engine else "baidu"
size = args.size if args.size else 20
if engineName == "baidu":
engine = Baidu()
elif engineName == "bing":
engine = Bing()
elif engineName == "google":
engine = Google()
else:
out.error(u"不支持 '{0}' 搜索引擎,必须为 baidu/bing/google 之一".format(engineName))
return False
hostSet = set()
out.warnning(u"'{0}' 在 '{1}' 中的搜索结果如下:\n".format(keywords, engineName))
for item in engine.search(keywords,size):
if not args.unique:
out.info(out.Y("{0:>6} : ".format("title")) + item.title)
out.info(out.Y("{0:>6} : ".format("url")) + item.url + "\n")
out.writeLine(item.url)
else:
host = URL.getHost(item.url)
if host:
if host not in hostSet:
hostSet.add(host)
out.info(out.Y("{0:>6} : ".format("title")) + item.title)
out.info(out.Y("{0:>6} : ".format("url")) + item.url + "\n")
out.writeLine(item.url)
else:
continue
def doSubDomainScan(args, out):
'''
子域名爆破
'''
out.init("子域名爆破", tofile=args.output)
log = Log("subdomain")
if args.output:
outHtml = True if args.output.endswith("html") else False
else:
outHtml = False
techniques = []
if not args.technique:
techniques = ['z', 'd', 'g']
else:
if len(args.technique) <= 3:
for t in args.technique:
if t in "zdg":
techniques.append(t)
else:
techniques = []
if not techniques:
out.error(u"不支持--techniques {0}".format(args.technique))
return False
dictfile = args.dict if args.dict else None
topdomainBrute = True if args.topdomain else False
size = args.size if args.size else 200
if args.engine:
if args.engine in Query.allowEngines:
engine = args.engine
else:
out.error(u"不支持 --engine {0},支持{1}".format(
args.engine, str(Query.allowEngines)))
return False
else:
engine = 'bing'
domain = URL.getHost(args.domain)
result = set()
dnsresolver = DnsResolver(domain)
records = dnsresolver.getZoneRecords()
if "z" in techniques:
log.debug(">>>>>checking if dns zonetrans vulnerable")
for record in records:
log.debug("dns zonetrans vulnerable, got '{0}'".format(
str(record)))
result.add(record[0])
if "d" in techniques:
log.debug(">>>>>dns brutefroce")
for item in DnsBruter(domain, dictfile, topdomainBrute):
log.debug("dns bruteforce, got '{0}'".format(str(item)))
result.add(item.domain)
if "g" in techniques:
log.debug(">>>>>google hacking")
query = Query(site=domain) | -Query(site="www." + domain)
for item in query.doSearch(engine=engine, size=size):
log.debug("google hacking, got '{0}'".format(item.url))
host = URL.getHost(item.url)
result.add(host)
out.warnning(u"子域名爆破结果:")
for d in result:
out.info(d)
if not outHtml:
out.writeLine(d)
else:
out.writeLine(d, _htmlLink)
return True
def doSubDomainScan(args, out):
'''
子域名爆破
'''
out.init("子域名爆破", tofile=args.output)
log = Log("subdomain")
if args.output:
outHtml = True if args.output.endswith("html") else False
else:
outHtml = False
techniques = []
if not args.technique:
techniques = ['z','d','g']
else:
if len(args.technique) <= 3:
for t in args.technique:
if t in "zdg":
techniques.append(t)
else:
techniques = []
if not techniques:
out.error(u"不支持--techniques {0}".format(args.technique))
return False
dictfile = args.dict if args.dict else None
topdomainBrute = True if args.topdomain else False
size = args.size if args.size else 200
if args.engine:
if args.engine in Query.allowEngines:
engine = args.engine
else:
out.error(u"不支持 --engine {0},支持{1}".format(args.engine, str(Query.allowEngines)))
return False
else:
engine = 'baidu'
domain = URL.getHost(args.domain)
result = set()
dnsresolver = DnsResolver(domain)
records = dnsresolver.getZoneRecords()
if "z" in techniques:
log.debug(">>>>>checking if dns zonetrans vulnerable")
for record in records:
log.debug("dns zonetrans vulnerable, got '{0}'".format(str(record)))
result.add(record[0])
if "d" in techniques:
log.debug(">>>>>dns brutefroce")
for item in DnsBruter(domain, dictfile, topdomainBrute):
log.debug("dns bruteforce, got '{0}'".format(str(item)))
result.add(item.domain)
if "g" in techniques:
log.debug(">>>>>google hacking")
query = Query(site=domain) | -Query(site="www."+domain)
for item in query.doSearch(engine=engine, size=size):
log.debug("google hacking, got '{0}'".format(item.url))
host = URL.getHost(item.url)
result.add(host)
out.warnning(u"子域名爆破结果:")
for d in result:
out.info(d)
if not outHtml:
out.writeLine(d)
else:
out.writeLine(d, _htmlLink)
return True
