def output(target): if hasattr(target, 'iscdn') and not target.iscdn and target.f_domain: threadl = jsons = [] threads = 5 # 线程数 queue = Queue.Queue() print_color('find domain in same IP for %s..' % target.ip, 2) code, content = get('dns.aizhan.com', '/index.php?r=index/pages&q=%s' % target.f_domain) match = re.search('1/(\d{1,})', content) page = int(match.group(1)) if match else 1 # 多线程翻页获取同IP域名, [ queue.put('/index.php?r=index/getress&q=%s&page=%d' % (target.f_domain, i)) for i in xrange(1, page + 1) ] threadl = [tThread(queue, jsons) for x in xrange(0, threads)] [t.start() for t in threadl] [t.join() for t in threadl] #Ping IP [queue.put(json['domain']) for json in jsons] threadl = [tPing(queue, target.ip) for x in xrange(0, threads)] [t.start() for t in threadl] [t.join() for t in threadl] print('')
def output(target): print_color('Test server exploit %s...'%target.ip, 2) paths = ['/robots.txt/.php', '/robots.txt/1.php'] if 'server' in target.header: server = target.header['server'].lower() if 'nginx' in server: target.server = 'Nginx' print_color('Test server nginx Parsing Vulnerabilities',2) domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port) code,content = get(domain, '/') match = re.search(r'src="(http.+?\.jpg)"', content) if match: paths.append('%s/.php' % match.group(1)) paths.append('%s/1.php' % match.group(1)) for p in paths: code,header = head(domain,p) if code == 200 and header['content-type'].find('text/html') > -1: print_color('the server has nginx parsing vulnerabilities',1) break elif 'apache' in server: target.server = 'Apache' elif 'iis' in server: target.server = 'IIS' print('')
def output(target): if hasattr(target,'iscdn') and not target.iscdn and target.f_domain: threadl = jsons = []; threads = 5 # 线程数 queue=Queue.Queue() print_color('find domain in same IP for %s..'%target.ip, 2) code,content = get('dns.aizhan.com','/index.php?r=index/pages&q=%s' % target.f_domain) match = re.search('1/(\d{1,})', content) page = int(match.group(1)) if match else 1 # 多线程翻页获取同IP域名, [queue.put('/index.php?r=index/getress&q=%s&page=%d' % (target.f_domain,i)) for i in xrange(1,page+1)] threadl = [tThread(queue,jsons) for x in xrange(0, threads)] [t.start() for t in threadl] [t.join() for t in threadl] #Ping IP [queue.put(json['domain']) for json in jsons] threadl = [tPing(queue,target.ip) for x in xrange(0, threads)] [t.start() for t in threadl] [t.join() for t in threadl] print('')
def output(target): if hasattr(target, 'mail'): print_color('whois same mail %s domain ...' % target.mail, 2) threadl = [] threads = 5 queue = Queue.Queue() try: code, content = get('whois.aizhan.com', '/reverse-whois/?q=%s&t=email' % target.mail) domain_list = findall(r'_blank">(.*?)</a></td>', content) if len(domain_list): [ queue.put(domain) for domain in domain_list if domain != target.n_domain ] threadl = [tPing(queue, target.ip) for x in xrange(0, threads)] [t.start() for t in threadl] [t.join() for t in threadl] except: log.exception('exception') print_color(__name__ + ' faild', 0) print('')
def output(target): if hasattr(target, "axfr") and not target.axfr and target.n_domain: threadl = [] threads = 5 queue = Queue.Queue() apis = [ { "domain": "www.baidu.com", "path": "/s?wd=site:%s&pn=0&ie=utf-8" % target.n_domain, "method": "get", "regex": '"g">(.*?)%s' % target.n_domain, }, { "domain": "i.links.cn", "path": "/subdomain/", "method": "post", "regex": "target=_blank>http://(.*)%s", "data": {"domain": target.n_domain, "b2": "1", "b3": "1", "b4": "1"}, }, { "domain": "www.alexa.com", "path": "/siteinfo/%s" % target.n_domain, "method": "get", "regex": "word-wrap'>(.*?)%s" % target.n_domain, }, ] print_color("find subdomain for %s.." % target.n_domain, 2) pix_list = [] try: for api in apis: try: if api["method"] == "get": code, content = get(api["domain"], api["path"]) pix_list += findall(api["regex"], content) elif api["method"] == "post": code, content = post(api["domain"], api["path"], api["data"]) pix_list += findall(api["regex"], content) except: print_color(api["domain"] + " Faild", 0) pix_list = {}.fromkeys(pix_list).keys() for pix in pix_list: queue.put("%s%s" % (pix, target.n_domain)) threadl = [tPing(queue, target.ip) for x in xrange(0, threads)] [t.start() for t in threadl] [t.join() for t in threadl] except: log.exception("exception") print_color(__name__ + " faild", 0) print("")
def run(self): from libs.core.network import get while not self.queue.empty(): path = self.queue.get() try: code, content = get('dns.aizhan.com', path) self.jsons += json.loads(content) except: continue
def run(self): from libs.core.network import get while not self.queue.empty(): path = self.queue.get() try: code,content = get('dns.aizhan.com',path) self.jsons += json.loads(content) except: continue
def output(target): powereds = [{'type':'ASP/ASPX','str':'ASP.NET'}, {'type':'PHP','str':'PHP/'}] scripts = [ {'type':'ASP','path':'/index.asp'}, {'type':'ASPX','path':'/index.aspx'}, {'type':'PHP','path':'/index.php'} ] searchs = [ {'type':'ASP','path':'/search?q=site:%s+inurl:asp'}, {'type':'ASPX','path':'/search?q=site:%s+inurl:aspx'}, {'type':'PHP','path':'/search?q=site:%s+inurl:php'} ] domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port) print_color('Probe website %s script...'%domain, 2) target.script = 'unknown' if 'x-powered-by' in target.header: print_color('Test Script for %s with X-Powered-By'%target.f_domain, 2) for item in powereds: if item['str'] in target.header['x-powered-by']: target.script = item['type'] break try: if target.script == 'unknown': print_color('Test script for %s with HTTP header'%target.f_domain, 2) for item in scripts: code,header = head(domain,item['path'],target.protocol) if code == 200: target.script = item['type'] break if target.script == 'unknown': print_color('Test script for %s with search engine'%target.f_domain, 2) for item in searchs: path = item['path'] % target.f_domain if target.f_domain else item['path'] % target.ip code,content = get('www.google.com.hk',path) match = search(r'resultStats">(.*?)<nobr>', content) if match: target.script = item['type'] except: log.exception('exception') print_color(__name__+' faild', 0) print_color(target.script, 1) print('')
def output(target): print_color('get location for IP %s' % target.ip, 2) try: code,content = get('ip.taobao.com', '/service/getIpInfo.php?ip=%s' % target.ip) jsons = json.loads(content) print_color('%s %s %s %s'%(jsons['data']['country'].encode('gbk'), jsons['data']['region'].encode('gbk'), jsons['data']['city'].encode('gbk'), jsons['data']['isp'].encode('gbk')), 1) except: log.exception('exception') print_color(__name__+' faild', 0) print('')
def output(target): print_color('get location for IP %s' % target.ip, 2) try: code, content = get('ip.taobao.com', '/service/getIpInfo.php?ip=%s' % target.ip) jsons = json.loads(content) print_color( '%s %s %s %s' % (jsons['data']['country'].encode('gbk'), jsons['data']['region'].encode('gbk'), jsons['data']['city'].encode('gbk'), jsons['data']['isp'].encode('gbk')), 1) except: log.exception('exception') print_color(__name__ + ' faild', 0) print('')
def output(target): if hasattr(target,'mail'): print_color('whois same mail %s domain ...' % target.mail, 2) threadl = []; threads = 5 queue = Queue.Queue() try: code,content = get('whois.aizhan.com', '/reverse-whois/?q=%s&t=email' % target.mail) domain_list = findall(r'_blank">(.*?)</a></td>', content) if len(domain_list): [queue.put(domain) for domain in domain_list if domain != target.n_domain] threadl = [tPing(queue,target.ip) for x in xrange(0, threads)] [t.start() for t in threadl] [t.join() for t in threadl] except: log.exception('exception') print_color(__name__+' faild', 0) print('')
def output(target): print_color('Test server exploit %s...' % target.ip, 2) paths = ['/robots.txt/.php', '/robots.txt/1.php'] if 'server' in target.header: server = target.header['server'].lower() if 'nginx' in server: target.server = 'Nginx' print_color('Test server nginx Parsing Vulnerabilities', 2) domain = '%s:%d' % ( target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port) code, content = get(domain, '/') match = re.search(r'src="(http.+?\.jpg)"', content) if match: paths.append('%s/.php' % match.group(1)) paths.append('%s/1.php' % match.group(1)) for p in paths: code, header = head(domain, p) if code == 200 and header['content-type'].find( 'text/html') > -1: print_color('the server has nginx parsing vulnerabilities', 1) break elif 'apache' in server: target.server = 'Apache' elif 'iis' in server: target.server = 'IIS' print('')
def output(target): powereds = [{ 'type': 'ASP/ASPX', 'str': 'ASP.NET' }, { 'type': 'PHP', 'str': 'PHP/' }] scripts = [{ 'type': 'ASP', 'path': '/index.asp' }, { 'type': 'ASPX', 'path': '/index.aspx' }, { 'type': 'PHP', 'path': '/index.php' }] searchs = [{ 'type': 'ASP', 'path': '/search?q=site:%s+inurl:asp' }, { 'type': 'ASPX', 'path': '/search?q=site:%s+inurl:aspx' }, { 'type': 'PHP', 'path': '/search?q=site:%s+inurl:php' }] domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % ( target.ip, target.port) print_color('Probe website %s script...' % domain, 2) target.script = 'unknown' if 'x-powered-by' in target.header: print_color('Test Script for %s with X-Powered-By' % target.f_domain, 2) for item in powereds: if item['str'] in target.header['x-powered-by']: target.script = item['type'] break try: if target.script == 'unknown': print_color( 'Test script for %s with HTTP header' % target.f_domain, 2) for item in scripts: code, header = head(domain, item['path'], target.protocol) if code == 200: target.script = item['type'] break if target.script == 'unknown': print_color( 'Test script for %s with search engine' % target.f_domain, 2) for item in searchs: path = item[ 'path'] % target.f_domain if target.f_domain else item[ 'path'] % target.ip code, content = get('www.google.com.hk', path) match = search(r'resultStats">(.*?)<nobr>', content) if match: target.script = item['type'] except: log.exception('exception') print_color(__name__ + ' faild', 0) print_color(target.script, 1) print('')
def output(target): if hasattr(target, 'axfr') and not target.axfr and target.n_domain: threadl = [] threads = 5 queue = Queue.Queue() apis = [{ 'domain': 'www.baidu.com', 'path': '/s?wd=site:%s&pn=0&ie=utf-8' % target.n_domain, 'method': 'get', 'regex': '"g">(.*?)%s' % target.n_domain }, { 'domain': 'i.links.cn', 'path': '/subdomain/', 'method': 'post', 'regex': 'target=_blank>http://(.*)%s', 'data': { 'domain': target.n_domain, 'b2': '1', 'b3': '1', 'b4': '1' } }, { 'domain': 'www.alexa.com', 'path': '/siteinfo/%s' % target.n_domain, 'method': 'get', 'regex': "word-wrap'>(.*?)%s" % target.n_domain }] print_color('find subdomain for %s..' % target.n_domain, 2) pix_list = [] try: for api in apis: try: if api['method'] == 'get': code, content = get(api['domain'], api['path']) pix_list += findall(api['regex'], content) elif api['method'] == 'post': code, content = post(api['domain'], api['path'], api['data']) pix_list += findall(api['regex'], content) except: print_color(api['domain'] + ' Faild', 0) pix_list = {}.fromkeys(pix_list).keys() for pix in pix_list: queue.put('%s%s' % (pix, target.n_domain)) threadl = [tPing(queue, target.ip) for x in xrange(0, threads)] [t.start() for t in threadl] [t.join() for t in threadl] except: log.exception('exception') print_color(__name__ + ' faild', 0) print('')