def GetBindingIP(self):
redispool.append("runlog", "正在获取{}IP历史解析记录!\n".format(self.ip))
print("正在获取IP历史解析记录!")
try:
return GetMessage.GetBindingIP(self.ip)
except Exception as e:
print(e)
return "None"
def SenDir(self):
redispool.append("runlog", "正在进行{}敏感目录及文件探测!\n".format(self.url))
print("正在进行敏感目录及文件探测!")
try:
return GetMessage.SenFileScan(self.domain, self.url)
except Exception as e:
print(e)
return "None"
def CScanConsole(self):
redispool.append("runlog", "正在进行{}C段信息搜集!\n".format(self.ip))
print("正在进行C段信息搜集!")
try:
return GetMessage.CScanConsole(self.ip)
except Exception as e:
print(e)
return "Unknow"
def GetStatus(self):
redispool.append("runlog", "正在获取{}网页状态码\n".format(self.url))
print("正在获取{}网页状态码".format(self.url))
try:
return str(self.rep.status_code)
except Exception as e:
print(e)
return "None"
def GetRecordInfo(self):
redispool.append("runlog", "正在获取{}域名的公开备案信息 :-)\n".format(self.domain))
print("正在获取域名的公开备案信息 :-)")
try:
return GetMessage.GetRecordInfo(self.domain)
except Exception as e:
print(e)
return "None"
def AngelSwordMain(self):
redispool.append("runlog", "正在使用碎遮内置POC进行{}漏洞检测!\n".format(self.url))
print("正在使用碎遮内置POC进行漏洞检测!")
try:
selfpocscan2.AngelSwordMain(self.url)
except Exception as e:
print(e)
pass
def FindIpAdd(self):
redispool.append("runlog", "正在查找{}IP地址\n".format(self.ip))
print("正在查找IP地址查询")
try:
return GetMessage.FindIpAdd(self.ip)
except Exception as e:
print(e)
return "None"
def GetSiteStation(self):
redispool.append("runlog", "正在进行{}旁站查询 :)\n".format(self.domain))
print("正在进行旁站查询 :)")
try:
return GetMessage.GetSiteStation(self.domain)
except Exception as e:
print(e)
return "None"
def GetBindingIP(self):
redispool.append("runlog", "正在获取{}域名历史解析记录 :D\n".format(self.domain))
print("正在获取域名历史解析记录 :D")
try:
return GetMessage.GetBindingIP(self.domain)
except Exception as e:
print(e)
return "None"
def GetWhoisMessage(self):
redispool.append("runlog", "正在获取网站{}Whois信息!\n".format(self.domain))
print("正在获取网站Whois信息!")
try:
return GetMessage.GetWhois(self.TrueDomain)
except Exception as e:
print(e)
return "None"
def GetFinger(self):
redispool.append("runlog", "正在获取{}网站指纹及技术!\n".format(self.url))
print("正在获取网站指纹及技术!")
try:
finger = WebPage(self.url, self.rep).info()
return finger
except Exception as e:
print(e)
return "Unknow"
def GetResponseHeader(self):
redispool.append("runlog", "正在获取{}网页响应头!\n".format(self.url))
print("正在获取网页响应头!")
context = ""
try:
for key, val in self.rep.headers.items():
context += (key + ": " + val + "\r\n")
return context
except Exception as e:
print(e)
return context
def GetTitle(self):
redispool.append("runlog", "正在获取{}网页标题!\n".format(self.url))
print("正在获取网页标题!")
if self.rep != None:
try:
title = re.findall('<title>(.*?)</title>', self.rep.text)[0]
return title
except Exception as e:
print(e)
return None
return None
def FindDomainAdd(self):
redispool.append("runlog", "正在获取{}域名映射的真实地址!\n".format(self.domain))
print("正在获取域名映射的真实地址!")
if "/" in self.domain:
host = self.domain.split("/")[0]
else:
host = self.domain
try:
return GetMessage.FindDomainAdd(host)
except Exception as e:
print(e)
return "None"
def PortScan(self):
redispool.append("runlog", "正在对{}目标进行端口扫描!\n".format(self.url))
print("正在对目标进行端口扫描!")
if "/" in self.domain:
host = self.domain.split("/")[0]
else:
host = self.domain
print(host)
try:
return GetMessage.PortScan(host)
except Exception as e:
print(e)
return "Unknow"
def GetSubDomain(self):
redispool.append("runlog",
"正在使用主动与被动方式获取{}目标子域名!\n".format(self.domain))
print("正在使用主动与被动方式获取目标子域名!")
try:
SubDomainBurst = GetMessage.SubDomainBurst(self.TrueDomain,
self.redispool)
SubDomainOnline = GetMessage.GetSubDomain(self.domain)
SubDomain = SubDomainBurst + SubDomainOnline
return SubDomain
except Exception as e:
print(e)
return "None"
def WebLogicScan(self):
redispool.append("runlog", "正在进行{}weblogic漏洞检测!\n".format(self.url))
print("正在进行weblogic漏洞检测!")
try:
results = WebLogicScan.run(self.domain)
with app.app_context():
for result in results:
vulnerable, bugurl, bugname, bugdetail = result
if vulnerable:
bug = BugList(oldurl=self.domain,
bugurl=bugurl,
bugname=bugname,
buggrade=redispool.hget(
'bugtype', bugname),
payload=bugurl,
bugdetail=bugdetail)
redispool.pfadd(redispool.hget('bugtype', bugname),
bugurl)
redispool.pfadd(bugname, bugurl)
db.session.add(bug)
db.session.commit()
except Exception as e:
print(e)
pass
def GetDate(self):
redispool.append("runlog", "正在获取{}系统当前时间!\n".format(self.url))
print("正在获取系统当前时间!")
return str(time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
def SZheScan(url):
try:
#输入入口进行过滤
url, attackurl, rep = inputfilter(url)
#若过滤后无url,即url无效或响应时间过长,退出对该url的扫描
if not url:
print("Not Allow This URL")
return
redispool.hset("targetscan", "nowscan", attackurl)
with app.app_context():
# 对该url基础信息进行搜集,实例化GetBaseMessage对象
baseinfo = GetBaseMessage(url, attackurl, rep)
#正则表达式判断其为IP或是域名,并且实例化相应的深度信息搜集对象
pattern = re.compile('^\d+\.\d+\.\d+\.\d+(:(\d+))?$')
#判断IP是否存在端口
if pattern.findall(url) and ":" in url:
infourl = url.split(":")[0]
else:
infourl = url
if pattern.findall(url):
boolcheck = True
ipinfo = IPMessage(infourl)
else:
boolcheck = False
domaininfo = DomainMessage(url)
info = BaseInfo(url=url,
boolcheck=boolcheck,
status=baseinfo.GetStatus(),
title=baseinfo.GetTitle(),
date=baseinfo.GetDate(),
responseheader=baseinfo.GetResponseHeader(),
Server=baseinfo.GetFinger(),
portserver=baseinfo.PortScan(),
sendir=baseinfo.SenDir())
db.session.add(info)
db.session.flush()
infoid = info.id
db.session.commit()
baseinfo.WebLogicScan()
baseinfo.AngelSwordMain()
if boolcheck:
redispool.pfadd("ip", infourl)
ipinfo = IPInfo(baseinfoid=infoid,
bindingdomain=ipinfo.GetBindingIP(),
sitestation=ipinfo.GetSiteStation(),
CMessage=ipinfo.CScanConsole(),
ipaddr=ipinfo.FindIpAdd())
db.session.add(ipinfo)
else:
redispool.pfadd("domain", infourl)
domaininfo = DomainInfo(
baseinfoid=infoid,
subdomain=domaininfo.GetSubDomain(),
whois=domaininfo.GetWhoisMessage(),
bindingip=domaininfo.GetBindingIP(),
sitestation=domaininfo.GetSiteStation(),
recordinfo=domaininfo.GetRecordInfo(),
domainaddr=domaininfo.FindDomainAdd())
db.session.add(domaininfo)
db.session.commit()
#默认url深度爬取为 2 ,避免大站链接过多,可在设置中进行修改
redispool.append("runlog", "对{}页面进行深度爬取\n".format(attackurl))
SpiderGetUrl2(attackurl, deepth=2)
redispool.append("runlog",
"对该网站{}爬取到的url进行常规漏扫 :D\n".format(attackurl))
print("对该网站爬取到的url进行常规漏扫 :D")
BugScanConsole(url)
count = redispool.hget('targetscan', 'waitcount')
if 'str' in str(type(count)):
waitcount = int(count) - 1
redispool.hset("targetscan", "waitcount", str(waitcount))
else:
redispool.hset("targetscan", "waitcount", "0")
redispool.hdel("targetscan", "nowscan")
#漏洞列表中存在该url的漏洞,证明该url是受到影响的,将redis havebugpc受影响主机加一
firstbugurl = BugList.query.order_by(
BugList.id.desc()).first().oldurl
if firstbugurl == url:
redispool.pfadd("havebugpc", url)
redispool.append("runlog", "{} scan end !\n".format(url))
print("{} scan end !".format(url))
# print(redispool.get('runlog'))
except Exception as e:
print(e)
pass
