def scan(self):
MP = models.Project
MH = models.HostResult
MR = models.PortResult
ping = int(self.args.get('ping',0))
for target in [self.target] if ping else gethosts(self.target):
self.portscan(target)
ret = []
payloads = BaseHostPlugin.payloads() + BaseWebPlugin.payloads()
for plug in payloads:
for H in gethosts(self.target):
for P in MR.select().join(MH).where((MH.host_ip == H)&(MH.projectid == self.Q.projectid)):
if isinstance(plug,BaseHostPlugin):
host = BaseHost(str(P.host),str(P.port),service=str(P.service_name))
ret.append((plug,host))
elif str(P.service_name) == 'http':
hp = 'https' if '443' in str(P.port) else 'http'
url = '%s://%s:%s/'%(hp,str(P.host),str(P.port))
host = BaseWebSite(url)
ret.append((plug,host))
pool = CoroutinePool(len(payloads))
for plug,host in ret:
pool.spawn(self.payloadverify,plug,host)
pool.join()
def __init__(self,
url,
headers={},
threads=10,
timeout=60,
sleep=10,
proxy={},
level=False,
cert=None):
self.session = Session()
self.settings = {}
self.settings['threads'] = int(threads)
self.settings['timeout'] = int(timeout)
self.settings['sleep'] = int(sleep)
self.settings['proxy'] = proxy
self.settings['level'] = level
self.settings['headers'] = headers
self.basereq = BaseRequest(url)
self.website = BaseWebSite(url,
proxy=self.settings['proxy'],
session=self.session)
self.pag404 = self.website.pag404
self.block = [] #set()
self.ISSTART = True
self.ReqQueue = queue.Queue()
self.ResQueue = queue.Queue()
self.SubDomain = set() #子域名列表
self.Directory = {} #目录结构
self.cert = cert
self.url = url
def __init__(
self,
url,
headers = {},
threads = 10,
timeout = 60,
sleep = 10,
proxy = {},
session = None,
level = False,
isdomain= True):
if isdomain:
url = '/'.join(url.split('/')[:3])+'/'
else:
url = url
self.basereq = BaseRequest(url,session=session,proxy=proxy,headers=headers)
self.website = BaseWebSite(url)
self.pag404 = self.website.pag404
self.session = self.basereq.session
self.settings = {}
self.settings['threads'] = int(threads)
self.settings['timeout'] = int(timeout)
self.settings['sleep'] = int(sleep)
self.settings['proxy'] = proxy
self.settings['level'] = level
self.basereq.headers.update(headers)
self.settings['headers'] = self.basereq.headers
self.block = []#set()
self.ISSTART = True
self.ReqQueue = queue.Queue()
self.ResQueue = queue.Queue()
self.SubDomain = set() #子域名列表
self.Directory = {} #目录结构
def __init__(self,url,headers={},threads=10,timeout=60,sleep=2,proxy={},level=False,cert=None):
threading.Thread.__init__(self)
self.settings = {}
self.settings['threads'] = int(threads)
self.settings['timeout'] = int(timeout)
self.settings['sleep'] = int(sleep)
self.settings['proxy'] = proxy
self.settings['level'] = level
self.settings['headers'] = headers
self.session = Session()
self.block = []#set()
self.cert = cert
self.url = url
req = BaseRequest(self.url,proxy=self.settings['proxy'],session=self.session)
res = req.response()
self.basereq = req
self.basereq.url= res.url
self.website = BaseWebSite(self.basereq.url,proxy=self.settings['proxy'],session=self.session)
self.ISSTART = True
self.ReqQueue = queue.Queue()
self.ResQueue = queue.Queue()
self.Directory = {} #目录结构
self.SubDomain = set() #子域名列表
self.Page20x = set()
self.Page30x = set()
self.Page40x = set()
self.Page50x = set()
def selecthttp(self,q):
'''获取http服务的headers信息'''
h = str(q.host)
p = str(q.port)
pto = 'https' if ('443' in p or str(q.status_code) == '400') else 'http'
url = '%s://%s:%s/'%(pto, h, p)
w = BaseWebSite(url,load=False)
q.port_type = 'tcp/http/%s'%self.writewebsite(w)
q.save()
def selecthttp(self, q):
'''获取http服务的headers信息'''
h = str(q.host)
p = str(q.port)
pto = 'https' if '443' in p else 'http'
url = '%s://%s:%s/' % (pto, h, p)
self.writewebsite(BaseWebSite(url, load=False))
q.port_type = 'tcp/http'
q.save()
def scan(self):
MP = models.Project
MH = models.HostResult
MR = models.PortResult
plug_names = self.args.get('plug', '').split(',')
for plug_name in plug_names:
logging.info('Scan plug name: %s' % plug_name)
hosts = self.target
ret = []
try:
R = MP.get(MP.project_id == hosts)
for H in MH.select().where(MH.projectid == R):
ret.append(str(H.host_ip))
except MP.DoesNotExist:
for H in gethosts(self.target):
ret.append(H)
wret = []
hret = []
for H in ret:
for P in MR.select().join(MH).where(
(MH.host_ip == H) & (MH.projectid == self.Q.projectid)):
if str(P.service_name) == 'http':
hp = 'https' if '443' in str(P.port) else 'http'
url = '%s://%s:%s/' % (hp, str(P.host), str(P.port))
host = BaseWebSite(url)
wret.append(host)
else:
host = BaseHost(str(P.host),
str(P.port),
service=str(P.service_name))
hret.append(host)
ret = []
for plug in PluginsManage.get_plugins(plug_name):
if isinstance(plug, BaseHostPlugin):
for host in hret:
ret.append((plug, host))
elif isinstance(plug, BaseWebPlugin):
for host in wret:
ret.append((plug, host))
pool = CoroutinePool(10)
for plug, host in ret:
pool.spawn(self.payloadverify, plug, host)
pool.join()
