def main(result, conf_info): #输出日志文件 logger = LogInfo('log/process.log') logger.infostring('start nmap scan service...') #导入masscan的结果 t = conf_info["t"] #调用函数提取masscan的内容 queue = Queue() for i in result: queue.put(i) threads = [] thread_count = int(t) for i in range(thread_count): threads.append(Scan(queue)) for t in threads: t.start() for t in threads: t.join() logger.infostring('finsh nmap scan ...') logger.infostring('start save result ...') #保存结果 out() logger.infostring('finsh save result ...') #返回结果方便title识别调用 return result
def main(conf_info): #输出日志文件 logger = LogInfo('log/process.log') logger.infostring('start nmap scan service...') #导入masscan的结果 t_filename = conf_info["ip_file"] t = conf_info["t"] #调用函数提取masscan的内容 tiqu(t_filename) queue = Queue() #遍历目标调用多线程开始进行nmap扫描 for key in dict: if len(dict[key]) < 50: for i in dict[key]: a = [key, i] queue.put(a) else: print("IP:" + key + "存在防火墙,跳过扫描") threads = [] thread_count = int(t) for i in range(thread_count): threads.append(Scan(queue)) for t in threads: t.start() for t in threads: t.join() logger.infostring('finsh nmap scan ...') logger.infostring('start save result ...') #保存结果 out() logger.infostring('finsh save result ...') #返回结果方便title识别调用 return result
def Title(result): logger = LogInfo('log/process.log') logger.infostring('start Title recognition ...') #清理扫描结果 f1=open("out/http_result.txt","w") f1.close() final_domains=[] urls=[] #这里偷懒了 为了更准确的识别所有端口上的web服务,就没有判断端口服务 for i in result: scan_url=i[0] scan_port=i[1] if "443" in scan_port: url="https://"+scan_url+":"+scan_port urls.append(url) else: url="http://"+scan_url+":"+scan_port urls.append(url) for i in urls: try: # print(i) r = requests.get(i,timeout=3,verify=False) #获取网站的页面编码 r_detectencode = chardet.detect(r.content) actual_encode = r_detectencode['encoding'] response = re.findall(u'<title>(.*?)</title>',r.content.decode('utf-8'),re.S) if response == []: final_domains.append(i + "\n" ) # final_domains.append(i) else: #将页面解码为utf-8,获取中文标题 res = response[0] banner = r.headers['server'] final_domains.append(i + '\t ' + banner + ' \t' + res.strip()+"\n") print (i + '\t ' + banner + ' \t' + res.strip() ) except Exception as e: # print(e) pass f1=open("out/http_result.txt","a+",encoding="utf8") for i in final_domains: f1.write(i) f1.close() logger.infostring('finsh Title recognition ...')
class Weakpass_Scan(): # 初始化扫描状态 def __init__(self): self.target_file = 'out/result.txt' self.user_file = "user.txt" self.pass_file = "pass.txt" self.infolist, self.weakpass_result = [], [] self.logger = LogInfo('log/process.log') def brute(self, host, port, server): supported = [ 'asterisk', 'cisco', 'cisco-enable', 'ftp', 'ftps', 'http-proxy', 'imap', 'imaps', 'mssql', 'mysql', 'pcanywhere', 'vnc', 'pop3', 'pop3s', 'postgres', 'rdp', 'redis', 'rexec', 'rlogin', 'rsh', 'smb', 'smtp', 'smtps', 'smtp-enum', 'snmp', 'socks5', 'ssh', 'svn', 'teamspeak', 'telnet', 'telnets', 'vmauthd', 'vnc', 'xmpp' ] server_only_pass = ['cisco', 'cisco-enable', 'redis'] if server not in supported: return # try: print(host + ":" + port + ":" + server) # arg = ['medusa', '-h', self.host, '-U', self.user_file, '-P', self.pass_file, '-M', self.server, '-t', '5','-n', self.port, '-F', '-e', 'ns'] if BURST_TOOLS == 'medusa' else ['hydra', '-L', self.user_file,'-P', self.pass_file,'-s', self.port, '-f',self.host,self.server] arg = [ 'hydra', '-L', self.user_file, '-P', self.pass_file, '-s', port, '-f', host, server ] if server not in server_only_pass else [ 'hydra', '-P', self.pass_file, '-s', port, '-f', host, server ] p = subprocess.Popen(arg, stdout=subprocess.PIPE, stderr=subprocess.PIPE, bufsize=-1) for line in iter(p.stdout.readline, b''): if '[' + server + ']' in line.decode(): if server in server_only_pass: password = line.split('password: '******'find weak pass host: %s, port: %s, server: %s, user: %s, password: %s' % (host, port, server, "", password)) value = { 'host': host, 'port': port, 'server': server, 'user': "", 'password': password } self.weakpass_result.append(value) # 解析hydra爆破成功结果 elif 'login:'******'login: '******' ')[0].strip() password = line.split('password: '******'find weak pass host: %s, port: %s, server: %s, user: %s, password: %s' % (host, port, server, user, password)) value = { 'host': host, 'port': port, 'server': server, 'user': user, 'password': password } self.weakpass_result.append(value) # for line in iter(p.stdout.readline, b''): # str='[' + server + ']' # str1=str.encode() # if str1 in line: # if server in server_only_pass: # password = line.split('password: '******'find weak pass host: %s, port: %s, server: %s, user: %s, password: %s' % ( # host, port, server, "", password)) # value = {'host': host, 'port': port, 'server': server, 'user': "", 'password': password} # self.weakpass_result.append(value) # # 解析hydra爆破成功结果 # elif 'login:'******'login: '******' ')[0].strip() # password = line.split('password: '******'find weak pass host: %s, port: %s, server: %s, user: %s, password: %s' % ( # host, port, server, user, password)) # value = {'host': host, 'port': port, 'server': server, 'user': user, 'password': password} # self.weakpass_result.append(value) # except Exception as e: # pass def readInfo(self): if os.path.exists(self.target_file): # self.logger.infostring('read scan reasult to weak pass') with open(self.target_file) as f: for line in f: if line.strip(): self.infolist.append(line.strip()) def callback(self): if not os.path.exists('out'): os.mkdir('out') f = open('out/Weakpass.txt', 'w') for weakpass in self.weakpass_result: f.write( 'host: %s, port: %s, server: %s, user: %s, password: %s\n' % (weakpass['host'], weakpass['server'], weakpass['port'], weakpass['user'], weakpass['password'])) f.close() def run(self): self.logger.infostring('start weak pass thread') self.readInfo() self.logger.infostring('start weak pass scan...') for info in self.infolist: value = re.split('[:]', info) self.brute(value[0], value[1], value[2]) self.callback() self.logger.infostring('finsh weak pass scan.')