def scan(self): MP = models.Project MH = models.HostResult MR = models.PortResult ping = int(self.args.get('ping',0)) for target in [self.target] if ping else gethosts(self.target): self.portscan(target) ret = [] payloads = BaseHostPlugin.payloads() + BaseWebPlugin.payloads() for plug in payloads: for H in gethosts(self.target): for P in MR.select().join(MH).where((MH.host_ip == H)&(MH.projectid == self.Q.projectid)): if isinstance(plug,BaseHostPlugin): host = BaseHost(str(P.host),str(P.port),service=str(P.service_name)) ret.append((plug,host)) elif str(P.service_name) == 'http': hp = 'https' if '443' in str(P.port) else 'http' url = '%s://%s:%s/'%(hp,str(P.host),str(P.port)) host = BaseWebSite(url) ret.append((plug,host)) pool = CoroutinePool(len(payloads)) for plug,host in ret: pool.spawn(self.payloadverify,plug,host) pool.join()
def __init__(self, url, headers={}, threads=10, timeout=60, sleep=10, proxy={}, level=False, cert=None): self.session = Session() self.settings = {} self.settings['threads'] = int(threads) self.settings['timeout'] = int(timeout) self.settings['sleep'] = int(sleep) self.settings['proxy'] = proxy self.settings['level'] = level self.settings['headers'] = headers self.basereq = BaseRequest(url) self.website = BaseWebSite(url, proxy=self.settings['proxy'], session=self.session) self.pag404 = self.website.pag404 self.block = [] #set() self.ISSTART = True self.ReqQueue = queue.Queue() self.ResQueue = queue.Queue() self.SubDomain = set() #子域名列表 self.Directory = {} #目录结构 self.cert = cert self.url = url
def __init__( self, url, headers = {}, threads = 10, timeout = 60, sleep = 10, proxy = {}, session = None, level = False, isdomain= True): if isdomain: url = '/'.join(url.split('/')[:3])+'/' else: url = url self.basereq = BaseRequest(url,session=session,proxy=proxy,headers=headers) self.website = BaseWebSite(url) self.pag404 = self.website.pag404 self.session = self.basereq.session self.settings = {} self.settings['threads'] = int(threads) self.settings['timeout'] = int(timeout) self.settings['sleep'] = int(sleep) self.settings['proxy'] = proxy self.settings['level'] = level self.basereq.headers.update(headers) self.settings['headers'] = self.basereq.headers self.block = []#set() self.ISSTART = True self.ReqQueue = queue.Queue() self.ResQueue = queue.Queue() self.SubDomain = set() #子域名列表 self.Directory = {} #目录结构
def __init__(self,url,headers={},threads=10,timeout=60,sleep=2,proxy={},level=False,cert=None): threading.Thread.__init__(self) self.settings = {} self.settings['threads'] = int(threads) self.settings['timeout'] = int(timeout) self.settings['sleep'] = int(sleep) self.settings['proxy'] = proxy self.settings['level'] = level self.settings['headers'] = headers self.session = Session() self.block = []#set() self.cert = cert self.url = url req = BaseRequest(self.url,proxy=self.settings['proxy'],session=self.session) res = req.response() self.basereq = req self.basereq.url= res.url self.website = BaseWebSite(self.basereq.url,proxy=self.settings['proxy'],session=self.session) self.ISSTART = True self.ReqQueue = queue.Queue() self.ResQueue = queue.Queue() self.Directory = {} #目录结构 self.SubDomain = set() #子域名列表 self.Page20x = set() self.Page30x = set() self.Page40x = set() self.Page50x = set()
def selecthttp(self,q): '''获取http服务的headers信息''' h = str(q.host) p = str(q.port) pto = 'https' if ('443' in p or str(q.status_code) == '400') else 'http' url = '%s://%s:%s/'%(pto, h, p) w = BaseWebSite(url,load=False) q.port_type = 'tcp/http/%s'%self.writewebsite(w) q.save()
def selecthttp(self, q): '''获取http服务的headers信息''' h = str(q.host) p = str(q.port) pto = 'https' if '443' in p else 'http' url = '%s://%s:%s/' % (pto, h, p) self.writewebsite(BaseWebSite(url, load=False)) q.port_type = 'tcp/http' q.save()
def scan(self): MP = models.Project MH = models.HostResult MR = models.PortResult plug_names = self.args.get('plug', '').split(',') for plug_name in plug_names: logging.info('Scan plug name: %s' % plug_name) hosts = self.target ret = [] try: R = MP.get(MP.project_id == hosts) for H in MH.select().where(MH.projectid == R): ret.append(str(H.host_ip)) except MP.DoesNotExist: for H in gethosts(self.target): ret.append(H) wret = [] hret = [] for H in ret: for P in MR.select().join(MH).where( (MH.host_ip == H) & (MH.projectid == self.Q.projectid)): if str(P.service_name) == 'http': hp = 'https' if '443' in str(P.port) else 'http' url = '%s://%s:%s/' % (hp, str(P.host), str(P.port)) host = BaseWebSite(url) wret.append(host) else: host = BaseHost(str(P.host), str(P.port), service=str(P.service_name)) hret.append(host) ret = [] for plug in PluginsManage.get_plugins(plug_name): if isinstance(plug, BaseHostPlugin): for host in hret: ret.append((plug, host)) elif isinstance(plug, BaseWebPlugin): for host in wret: ret.append((plug, host)) pool = CoroutinePool(10) for plug, host in ret: pool.spawn(self.payloadverify, plug, host) pool.join()