def execution(self): # 执行攻击
try:
if not self.file is None: # 加载目标
self.initislis_file()
if not self.subdomains_queue is None:
self.initialis_subdomain()
if not self.target is None:
self.initis()
while not self.target_url.empty():
target = self.target_url.get() #
# strike_pre = assault_pre()
# strike_pre.payload_provide()
while not target.empty():
original = target.get()
# url = regex.URL_PATH.sub("=", original)
"""and self.filter_(url,self.requests_seen)"""
if self.domain in original: # 目标属于传入的域名 baidu.com/a/b/text?a=2&b=21 属于 baidu.com
url, data = chambering(original,strike = False)
received_ = requester(url,data,GET = True,cookie = self.cookie,proxy = self.proxy)
if not received_ is None and received_.status_code == 403: # 如果代理被ban则切换代理
if not self.proxy_queue is None and not self.proxy_queue.empty():
self.proxy = get_proxy(self.proxy_queue)
print(f"{blue_green}[+][{time}] Vulnerability scanning is being performed on {original}{end}")
if not received_ is None:
self.url_extrator(received_.text) # 从这个域名中继续提取URL加入到目标中
else:
pass
if "=" in original: # 如果有参数
url, data = chambering(original, strike=False)
strike_pre = assault_pre() # 实例化payload预处理类
strike_pre.payload_provide() # 加载payload
received = requester(url, data, GET=True,cookie = self.cookie,proxy = self.proxy)
for vul_type, category in strike_pre.get_payload_category().items():
for count in range(category[1].qsize()): # category[1] 为payload队列
payload = category[0]() # category[0] 为遍历攻击队列的方法
url, data = chambering(original,strike = True,payload=payload,type = vul_type)
if vul_type in ["SQLi","XSS","file_inclusion","command_injection","ssrf"]:
Poisoned = requester(url,data,GET = True,cookie = self.cookie,proxy = self.proxy)
if not Poisoned is None and Poisoned.status_code < 400: # 如果攻击有响应
if error_check(Poisoned.text): # 如果页面存在
if attack_check(received.text,Poisoned.text,vul_type,payload): # 如果页面不同
message = vul_message(vul_type,original,payload) # 输出攻击完成
self.logger.critical(message)
else:
pass
else:
pass
except Exception:
pass
if middleware:
vulne = middleware_vulne(target,logger_type,middleware_type = middleware)
vulne.analyse()
if proxy:
proxies = Proxy(target,logger_type)
proxy_queue = proxies.executor()
if waf:
if proxy:
proxy = get_proxy(proxy_queue)
check_waf(target, logger_type, proxy = proxy)
else:
check_waf(target, logger_type)
module_attack = Attack(target,logger_type,cookie = cookies, subdomain_queue = subdomain_queue,proxy_queue = proxy_queue,file = file_)
execution = module_attack.execution
quicksliver(execution,threads)
print(f"{red}[!!][{time}] Vulnerability scan has finished !{end}")
def execution(self):
try:
if not self.file is None:
self.initislis_file()
if not self.subdomains_queue is None:
self.initialis_subdomain()
if not self.target is None:
self.initis()
while not self.target_url.empty():
target = self.target_url.get()
strike_pre = assault_pre()
strike_pre.payload_provide()
while not target.empty():
original = target.get()
# print(self.target_url.qsize())
# url = regex.URL_PATH.sub("=", original)
"""and self.filter_(url,self.requests_seen)"""
# print("f*****g" + original)
if self.domain in original:
url, data = chambering(original, strike=False)
received_ = requester(url,
data,
GET=True,
cookie=self.cookie,
proxy=self.proxy)
if received_.status_code == 403:
if not self.proxy_queue is None and not self.proxy_queue.empty(
):
self.proxy = get_proxy(self.proxy_queue)
print(
f"{blue_green}[+][{time}] Vulnerability scanning is being performed on {original}{end}"
)
if not received_ is None:
self.url_extrator(received_.text)
else:
pass
if "=" in original:
url, data = chambering(original, strike=False)
received = requester(url,
data,
GET=True,
cookie=self.cookie,
proxy=self.proxy)
for vul_type, category in strike_pre.get_payload_category(
).items():
for count in range(category[1].qsize()):
payload = category[0]()
url, data = chambering(original,
strike=True,
payload=payload,
type=vul_type)
if vul_type in [
"SQLi", "file_inclusion",
"command_injection", "ssrf"
]:
Poisoned = requester(url,
data,
GET=True,
cookie=self.cookie,
proxy=self.proxy)
code = Poisoned.status_code
if not Poisoned is None and code < 400:
if error_check(Poisoned):
if receive_check(
received.text,
Poisoned.text, vul_type,
payload):
message = vul_message(
vul_type, original,
payload)
self.logger.critical(message)
else:
pass
else:
pass
except Exception:
pass