def execution(self):
try:
if not self.file is None:
self.initislis_file()
if not self.subdomains_queue is None:
self.initialis_subdomain()
if not self.target is None:
self.initis()
while not self.target_url.empty():
target = self.target_url.get()
strike_pre = assault_pre()
strike_pre.payload_provide()
while not target.empty():
original = target.get()
# print(self.target_url.qsize())
# url = regex.URL_PATH.sub("=", original)
"""and self.filter_(url,self.requests_seen)"""
# print("f*****g" + original)
if self.domain in original:
url, data = chambering(original,strike = False)
received_ = requester(url,data,GET = True)
print(f"{blue_green}[+][{time}] Vulnerability scanning is being performed on {original}{end}")
if not received_ is None:
self.url_extrator(received_.text)
else:
pass
if "=" in original:
url, data = chambering(original, strike=False)
received = requester(url, data, GET=True)
for vul_type, category in strike_pre.get_payload_category().items():
for count in range(category[1].qsize()):
payload = category[0]()
url, data = chambering(original,strike = True,payload=payload,type = vul_type)
if vul_type in ["SQLi","file_inclusion","command_injection","ssrf"]:
Poisoned = requester(url,data,GET = True)
code = Poisoned.status_code
if not Poisoned is None and code < 500 and code != 404:
if error_check(Poisoned):
if receive_check(received.text,Poisoned.text,vul_type,payload):
message = vul_message(vul_type,original,payload)
self.logger.critical(message)
else:
pass
else:
pass
except Exception:
pass
def execution(self): # 执行攻击
try:
if not self.file is None: # 加载目标
self.initislis_file()
if not self.subdomains_queue is None:
self.initialis_subdomain()
if not self.target is None:
self.initis()
while not self.target_url.empty():
target = self.target_url.get() #
# strike_pre = assault_pre()
# strike_pre.payload_provide()
while not target.empty():
original = target.get()
# url = regex.URL_PATH.sub("=", original)
"""and self.filter_(url,self.requests_seen)"""
if self.domain in original: # 目标属于传入的域名 baidu.com/a/b/text?a=2&b=21 属于 baidu.com
url, data = chambering(original,strike = False)
received_ = requester(url,data,GET = True,cookie = self.cookie,proxy = self.proxy)
if not received_ is None and received_.status_code == 403: # 如果代理被ban则切换代理
if not self.proxy_queue is None and not self.proxy_queue.empty():
self.proxy = get_proxy(self.proxy_queue)
print(f"{blue_green}[+][{time}] Vulnerability scanning is being performed on {original}{end}")
if not received_ is None:
self.url_extrator(received_.text) # 从这个域名中继续提取URL加入到目标中
else:
pass
if "=" in original: # 如果有参数
url, data = chambering(original, strike=False)
strike_pre = assault_pre() # 实例化payload预处理类
strike_pre.payload_provide() # 加载payload
received = requester(url, data, GET=True,cookie = self.cookie,proxy = self.proxy)
for vul_type, category in strike_pre.get_payload_category().items():
for count in range(category[1].qsize()): # category[1] 为payload队列
payload = category[0]() # category[0] 为遍历攻击队列的方法
url, data = chambering(original,strike = True,payload=payload,type = vul_type)
if vul_type in ["SQLi","XSS","file_inclusion","command_injection","ssrf"]:
Poisoned = requester(url,data,GET = True,cookie = self.cookie,proxy = self.proxy)
if not Poisoned is None and Poisoned.status_code < 400: # 如果攻击有响应
if error_check(Poisoned.text): # 如果页面存在
if attack_check(received.text,Poisoned.text,vul_type,payload): # 如果页面不同
message = vul_message(vul_type,original,payload) # 输出攻击完成
self.logger.critical(message)
else:
pass
else:
pass
except Exception:
pass