def __parse_domain_ip(self, line):
'''解析DOMAIN与IP
'''
host = line[0]
ip = line[1]
title = line[3]
# 只保留和解析ipv4地址
if not check_ip_or_domain(ip):
return None
data = host.replace('https://', '').replace('http://',
'').split(':')[0]
# 去除IP
if not check_ip_or_domain(data):
domain = {
'domain': data,
'A': [
ip,
]
}
if title:
domain['title'] = [
title,
]
return domain
else:
return None
def execute(self):
'''执行域名扫描
'''
domain_target = []
# 筛选出域名目标
for host in self.target:
if not check_ip_or_domain(host):
domain_target.append(host)
# 采用set去除发现的重复域名
domain_result_set = set()
domain_result_set.update(domain_target)
# sublist3r
if self.subdomain:
subdomain = Sublist3r()
domain_result_set.update(
[d['domain'] for d in subdomain.execute(domain_target)])
# 子域名爆破
if self.subdomainbrute:
subdomainbrute = SubDmainBrute()
domain_result_set.update(
[d['domain'] for d in subdomainbrute.execute(domain_target)])
# subfinder
if self.subfinder:
subfinder = Subfinder()
domain_result_set.update(
[d['domain'] for d in subfinder.execute(domain_target)])
# jsfinder
if self.jsfinder:
jsfinder = JSFinderDomain()
domain_result_set.update(
[d['domain'] for d in jsfinder.execute(domain_target)])
domain_result_list = []
for host in domain_result_set:
if not check_ip_or_domain(host):
domain_result_list.append({'domain': host})
# 获取域名的IP
ipdomain = IpDomain()
ipdomain.execute(domain_result_list)
# 去除无法解析到IP的域名
domain_result_valid_list = []
for domain_resovled in domain_result_list:
if domain_resovled['A'] or domain_resovled['CNAME']:
domain_result_valid_list.append(domain_resovled)
# whatweb
if self.whatweb:
whatweb = WhatWeb()
whatweb.execute(domain_result_valid_list)
# httpx
if self.httpx:
httpx_app = Httpx()
httpx_app.execute(domain_result_valid_list)
return domain_result_list
def __parse_ip_port(self, line):
'''解析IP与PORT
'''
ip = line[1]
# 只保留和解析ipv4地址
if not check_ip_or_domain(ip):
return None
port = int(line[2])
title = line[3]
server = line[4]
location = ' '.join([line[5], line[6], line[7]])
p = {'port': port, 'status': 'N/A'}
if title:
p['title'] = title
if server:
p['server'] = server
ip_port = {
'ip': ip,
'status': 'N/A',
'port': [
p,
]
}
# if len(location) > 2:
# ip_port['location'] = location
return ip_port
def prepare(self, options):
'''解析参数
'''
self.org_id = self.get_option('org_id', options, self.org_id)
ipdomain = IpDomain()
self.target = []
for host in options['target']:
if check_ip_or_domain(host):
ip = parse_ip(host)
if not ip:
continue
if isinstance(ip, list):
for t in ip:
self.target.append({'ip': t})
else:
self.target.append({'ip': ip})
# 获取域名IP信息
else:
iplist = ipdomain.fetch_domain_ip(host)
self.save_domain(([
iplist,
]))
# 如果没有CDN,则将ip地址加入到扫描目标地址
if len(iplist['CNAME']) == 0 and len(iplist['A']) > 0:
for ip in iplist['A']:
self.target.append({'ip': ip})
def execute(self):
'''执行域名扫描
'''
# 获取当前域名的IP
ipdomain = IpDomain()
domain_target = []
# 筛选出域名目标
for host in self.target:
if not check_ip_or_domain(host):
domain_target.append({'domain': host})
# 解析域名IP
domain_result_list = ipdomain.execute(domain_target)
# 子域名查询
if self.subdomain:
subdomain = SubDmain()
sub_domain_list = subdomain.execute(self.target)
domain_result_list.extend(ipdomain.execute(sub_domain_list))
# 获取域名的title
if self.webtitle:
webtitle = WebTitle()
webtitle.execute_domain(domain_result_list)
# whatweb
if self.whatweb:
whatweb = WhatWeb()
whatweb.execute(domain_result_list)
return domain_result_list
def prepare(self, options):
'''解析参数
'''
# 将 [url1,url2,ur3...]格式处理为ip和domain表的格式
target_list = []
for t in options['target']:
u = t.split(':')
port = u[1] if len(u) == 2 else 80
# IP地址
if check_ip_or_domain(u[0]):
for i in target_list:
if 'port' in i and 'port' in i and i['port'] == u[0]:
i['port'].append({'port': port})
break
else:
target_list.append({
'port': u[0],
'port': [{
'port': port
}]
})
else:
# 域名
for d in target_list:
if 'domain' in d and d['domain'] == t:
break
else:
target_list.append({'domain': t})
self.target = target_list
self.org_id = self.get_option('org_id', options, self.org_id)
def execute(self):
'''执行域名扫描
'''
# 获取当前域名的IP
ipdomain = IpDomain()
domains = []
for host in self.target:
if not check_ip_or_domain(host):
domains.append({'domain': host})
domain_list = ipdomain.execute_domainip(domains)
# 子域名查询
if self.subdomain:
subdomain = SubDmain()
sub_domain_list = subdomain.execute(self.target)
domain_list.extend(ipdomain.execute_domainip(sub_domain_list))
# # FOFA查询
# if self.fofasearch:
# fofa = Fofa()
# _, fofa_domain_list = fofa.execute(self.target)
# domain_list.extend(fofa_domain_list)
# 获取域名的title
if self.webtitle:
webtitle = WebTitle()
webtitle.execute_domain(domain_list)
return domain_list
def prepare(self, options):
'''解析参数
'''
self.org_id = self.get_option('org_id', options, self.org_id)
self.whatweb = self.get_option('whatweb', options, self.whatweb)
self.httpx = self.get_option('httpx', options, self.httpx)
self.iplocation = self.get_option('iplocation', options, self.iplocation)
self.bin = self.get_option('bin', options, self.bin)
# 将域名转换为IP
target_ip = []
ipdomain = IpDomain()
for t in options['target']:
host = t.strip()
if check_ip_or_domain(host):
target_ip.append(host)
else:
# 获取域名IP信息
iplist = ipdomain.fetch_domain_ip(host)
# 保存到数据库
self.save_domain([iplist, ])
# 如果没有CDN,则将ip地址加入到扫描目标地址
if len(iplist['CNAME']) == 0 and len(iplist['A']) > 0:
target_ip.extend(iplist['A'])
options['target'] = target_ip
def prepare(self, options):
'''解析参数
'''
self.org_id = self.get_option('org_id',options,self.org_id)
for host in options['target']:
if check_ip_or_domain(host):
self.target.append({'ip': host})
else:
self.target.append({'domain': host})
def execute(self, target):
'''查询Shodan
'''
ip_port = []
for t in target:
# 查询host
if check_ip_or_domain(t):
result = self.__shodan_search(t)
if result:
ip_port.append(result)
return ip_port
def prepare(self, options):
'''解析参数
'''
for t in options['target']:
if check_ip_or_domain(t):
ip_target = parse_ip(t)
if ip_target and isinstance(ip_target, (tuple, list)):
self.target.extend(ip_target)
else:
self.target.append(ip_target)
else:
self.target.append(t)
self.org_id = self.get_option('org_id', options, self.org_id)
def execute(self, target):
'''查询FOFA
'''
ip_port = []
domain_ip = []
for t in target:
# 查询FOFA
result = self.__fofa_search('{}="{}" || host="{}"'.format(
'ip' if check_ip_or_domain(t) else 'domain', t, t))
# 解析结果
for line in result:
ipp = self.__parse_ip_port(line)
if ipp:
ip_port.append(ipp)
dip = self.__parse_domain_ip(line)
if dip:
domain_ip.append(dip)
return ip_port, domain_ip
def execute(self, target):
'''查询FOFA
'''
ip_port = []
domain_ip = []
for t in target:
# 查询FOFA
if check_ip_or_domain(t):
query_str = 'ip="{0}" || host="{0}" '.format(t)
else:
query_str = 'domain="{0}" || host="{0}" || cert="{0}"'.format(t)
result = self.__fofa_search(query_str)
# 解析结果
for line in result:
ipp = self.__parse_ip_port(line)
if ipp:
ip_port.append(ipp)
dip = self.__parse_domain_ip(line)
if dip:
domain_ip.append(dip)
return ip_port, domain_ip
