def httpHead(target):
'''
HTTP 头信息泄漏
:param target:目标url
:return: 服务器banner信息
'''
try:
r = requests.get(target, headers=head)
print("\033[1;32;1m[+]发现HTTP头泄露了服务器信息:",
r.headers['Server'] + '\033[0m')
vulnsum.addLow()
report.whtml('HTTP Header Information Leakage', r.headers['Server'])
except:
pass
def options(target):
'''
HTTP OPTIONS Method Detect
:param target: target url
:return:0
'''
try:
r = requests.options(target, headers=head)
print("\033[1;32;1m[+]发现服务器启用了OPTIONS方法:",
r.headers['Allow'] + '\033[0m')
vulnsum.addLow()
report.whtml('HTTP OPTIONS method is active', r.headers['Allow'])
except:
pass
def robots(target):
'''
robots文件泄漏敏感信息
:param target: target url
:return: 0
'''
try:
r = requests.get(target + "/robots.txt", headers=head)
if 'admin' in r.text:
print("\033[1;32;1m[+]发现目标robots.txt泄露了admin目录!\033[0m")
vulnsum.addLow()
report.whtml('Robots.txt File Information Leakage',
re.findall(r'admin', r.text))
if 'management' in r.text:
print("\033[1;32;1m[+]发现目标robots.txt泄露了manage目录!\033[0m")
vulnsum.addLow()
report.whtml('Robots.txt File Information Leakage',
re.findall(r'management', r.text))
if 'manage' in r.text:
print("\033[1;32;1m[+]发现目标robots.txt泄露了manage目录!\033[0m")
vulnsum.addLow()
report.whtml('Robots.txt File Information Leakage',
re.findall(r'manage', r.text))
except:
pass
def ipLkg(target):
'''
IP地址泄漏
:param target:target url
:return: IP information
'''
ip = []
try:
r = requests.get(target, headers=head)
#url = re.findall(r'http://[a-zA-Z0-9./]*|https://[a-zA-Z0-9./]*', r.text)
fip = re.findall(
r'(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)',
r.text)
if fip != []:
vulnsum.addLow()
for i in range(len(fip)):
print("\033[1;32;1m[+]发现源码中泄露了IP地址:",
".".join(fip[i]) + '\033[0m')
ip.append(".".join(fip[i]))
report.whtml('Source Leakage IP Address', ip)
except:
pass
def nikto(target):
"""
发现Web服务器的配置错误,插件和网页漏洞,配置检查,版本扫描,目录遍历
:param target: 目标url
:return:
"""
rst = os.popen("nikto -h " + target).read()
if 'The X-XSS-Protection header is not defined' in rst:
print("\033[1;32;1m[+]HTTP Header中未使用XSS保护\033[0m")
vulnsum.addLow()
report.whtml('X-XSS-Protection',
'The X-XSS-Protection header is not defined')
if 'The X-Content-Type-Options header is not set' in rst:
print("\033[1;32;1m[+]未设置x-content-type-options头\033[0m")
vulnsum.addLow()
report.whtml('X-Content-Type-Options',
'The X-Content-Type-Options header is not set')
if 'Apache mod_negotiation is enabled' in rst:
print("\033[1;32;1m[+]Apache mod_negotiation启用\033[0m")
vulnsum.addLow()
report.whtml('Apache mod_negotiation',
'Apache mod_negotiation is enabled')
apa = re.findall(r'Apache/[\d.]* appears to be outdated', rst)
if apa != []:
print("\033[1;32;1m[+]Apache版本较低", apa[0] + '\033[0m')
vulnsum.addLow()
report.whtml('Apache version is lower', apa[0])
php = re.findall(r'PHP/[\d.a-zA-Z\-_]* appears to be outdated', rst)
if php != []:
print("\033[1;32;1m[+]PHP版本较低", php[0] + '\033[0m')
vulnsum.addLow()
report.whtml('PHP version is lower', php[0])
if 'X-Frame-Options header' in rst:
print("\033[1;32;1m[+]存在点击劫持漏洞\033[0m")
vulnsum.addLow()
report.whtml('Click hijack', 'X-Frame-Options header is not defined')
py = re.findall(r'Python/2[\d.]* appears to be outdated', rst)
if py != []:
print("\033[1;32;1m[+]Python版本较低", py[0] + '\033[0m')
vulnsum.addLow()
report.whtml('Python version is lower', py[0])
ssl = re.findall(r'mod_ssl/[\d.]* appears to be outdated', rst)
if ssl != []:
print("\033[1;32;1m[+]ssl版本较低", ssl[0] + '\033[0m')
vulnsum.addLow()
report.whtml('ssl version is lower', ssl[0])
ops = re.findall(r'OpenSSL/[\d.a-zA-Z]* appears to be outdated', rst)
if ops != []:
print("\033[1;32;1m[+]OpenSSL版本较低", ops[0] + '\033[0m')
vulnsum.addLow()
report.whtml('OpenSSL version is lower', ops[0])
phu = re.findall(r'Phusion_Passenger/[\d.]* appears to be outdated', rst)
if phu != []:
print("\033[1;32;1m[+]Phusion_Passenger版本较低", phu[0] + '\033[0m')
vulnsum.addLow()
report.whtml('Phusion Passenger version is lower', phu[0])
mono = re.findall(r'mod_mono/[\d.]* appears to be outdated', rst)
if mono != []:
print("\033[1;32;1m[+]mono版本较低", mono[0] + '\033[0m')
vulnsum.addLow()
report.whtml('mono version is lower', mono[0])
hpro = re.findall(r'proxy_html/[\d.]* appears to be outdated', rst)
if hpro != []:
print("\033[1;32;1m[+]HTTP Proxy版本较低", hpro[0] + '\033[0m')
vulnsum.addLow()
report.whtml('HTTP Proxy version is lower', hpro[0])
per = re.findall(r'mod_perl/[\d.]* appears to be outdated', rst)
if per != []:
print("\033[1;32;1m[+]Perl版本较低", per[0] + '\033[0m')
vulnsum.addLow()
report.whtml('Perl version is lower', per[0])
if 'HTTP TRACE method is active' in rst:
print("\033[1;32;1m[+]启用了TRACE方法\033[0m")
vulnsum.addMedium()
report.whtml('HTTP TRACE method is active', re.findall(r'TRACE', rst))
if 'phpMyAdmin directory found' in rst:
print("\033[1;32;1m[+]发现phpmyadmin目录\033[0m")
vulnsum.addLow()
report.whtml('phpMyAdmin directory found',
'curl ' + target + '/phpmyadmin')
if 'phpmyadmin/Documentation.html' in rst:
print("\033[1;32;1m[+]存在可访问的/phpmyadmin/Documentation.html页面\033[0m")
vulnsum.addMedium()
report.whtml(
'There are accessible /phpMyAdmin/Documentation.html pages',
'curl ' + target + '/phpmyadmin/Documentation.html')
if 'Apache default file found' in rst:
print("\033[1;32;1m[+]发现Apache默认文件/icons/README\033[0m")
vulnsum.addLow()
report.whtml('Apache default file found', '/icons/README')
if '/Admin/: Directory indexing found' in rst:
print("\033[1;32;1m[+]发现Admin路径/Admin/\033[0m")
vulnsum.addLow()
report.whtml('Admin Directory indexing found', '/Admin/')
if '/admin/: Directory indexing found' in rst:
print("\033[1;32;1m[+]发现admin路径/admin/\033[0m")
vulnsum.addMedium()
report.whtml('admin Directory indexing found', '/admin/')