示例#1
0
def output(target):
    if hasattr(target, 'iscdn') and not target.iscdn and target.f_domain:

        threadl = jsons = []
        threads = 5  # 线程数

        queue = Queue.Queue()

        print_color('find domain in same IP for %s..' % target.ip, 2)

        code, content = get('dns.aizhan.com',
                            '/index.php?r=index/pages&q=%s' % target.f_domain)
        match = re.search('1/(\d{1,})', content)

        page = int(match.group(1)) if match else 1
        # 多线程翻页获取同IP域名,
        [
            queue.put('/index.php?r=index/getress&q=%s&page=%d' %
                      (target.f_domain, i)) for i in xrange(1, page + 1)
        ]
        threadl = [tThread(queue, jsons) for x in xrange(0, threads)]
        [t.start() for t in threadl]
        [t.join() for t in threadl]

        #Ping IP
        [queue.put(json['domain']) for json in jsons]
        threadl = [tPing(queue, target.ip) for x in xrange(0, threads)]
        [t.start() for t in threadl]
        [t.join() for t in threadl]

        print('')
示例#2
0
def output(target):
    print_color('Test server exploit %s...'%target.ip, 2)

    paths = ['/robots.txt/.php', '/robots.txt/1.php']

    if 'server' in target.header:
        server = target.header['server'].lower()
        if 'nginx' in server:

            target.server = 'Nginx'

            print_color('Test server nginx Parsing Vulnerabilities',2)

            domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port)

            code,content = get(domain, '/')
            match = re.search(r'src="(http.+?\.jpg)"', content)

            if match:
                paths.append('%s/.php' % match.group(1))
                paths.append('%s/1.php' % match.group(1))
            for p in paths:
                code,header = head(domain,p)

                if code == 200 and header['content-type'].find('text/html') > -1:
                    print_color('the server has nginx parsing vulnerabilities',1)
                    break

        elif 'apache' in server:
            target.server = 'Apache'
        elif 'iis' in server:
            target.server = 'IIS'

    print('')
示例#3
0
def output(target):
    if hasattr(target,'iscdn') and not target.iscdn and target.f_domain:

        threadl = jsons = []; threads = 5   # 线程数

        queue=Queue.Queue()

        print_color('find domain in same IP for %s..'%target.ip, 2)

        code,content = get('dns.aizhan.com','/index.php?r=index/pages&q=%s' % target.f_domain)
        match = re.search('1/(\d{1,})', content)

        page = int(match.group(1)) if match else 1
        # 多线程翻页获取同IP域名,
        [queue.put('/index.php?r=index/getress&q=%s&page=%d' % (target.f_domain,i)) for i in xrange(1,page+1)]
        threadl = [tThread(queue,jsons) for x in xrange(0, threads)]
        [t.start() for t in threadl]
        [t.join() for t in threadl]

        #Ping IP
        [queue.put(json['domain']) for json in jsons]
        threadl = [tPing(queue,target.ip) for x in xrange(0, threads)]
        [t.start() for t in threadl]
        [t.join() for t in threadl]
       
        print('')
示例#4
0
def output(target):
    if hasattr(target, 'mail'):
        print_color('whois same mail %s domain ...' % target.mail, 2)

        threadl = []
        threads = 5

        queue = Queue.Queue()
        try:
            code, content = get('whois.aizhan.com',
                                '/reverse-whois/?q=%s&t=email' % target.mail)
            domain_list = findall(r'_blank">(.*?)</a></td>', content)
            if len(domain_list):
                [
                    queue.put(domain) for domain in domain_list
                    if domain != target.n_domain
                ]
                threadl = [tPing(queue, target.ip) for x in xrange(0, threads)]
                [t.start() for t in threadl]
                [t.join() for t in threadl]
        except:
            log.exception('exception')
            print_color(__name__ + ' faild', 0)

        print('')
示例#5
0
def output(target):
    if hasattr(target, "axfr") and not target.axfr and target.n_domain:

        threadl = []
        threads = 5

        queue = Queue.Queue()

        apis = [
            {
                "domain": "www.baidu.com",
                "path": "/s?wd=site:%s&pn=0&ie=utf-8" % target.n_domain,
                "method": "get",
                "regex": '"g">(.*?)%s' % target.n_domain,
            },
            {
                "domain": "i.links.cn",
                "path": "/subdomain/",
                "method": "post",
                "regex": "target=_blank>http://(.*)%s",
                "data": {"domain": target.n_domain, "b2": "1", "b3": "1", "b4": "1"},
            },
            {
                "domain": "www.alexa.com",
                "path": "/siteinfo/%s" % target.n_domain,
                "method": "get",
                "regex": "word-wrap'>(.*?)%s" % target.n_domain,
            },
        ]

        print_color("find subdomain for %s.." % target.n_domain, 2)

        pix_list = []

        try:
            for api in apis:
                try:
                    if api["method"] == "get":
                        code, content = get(api["domain"], api["path"])
                        pix_list += findall(api["regex"], content)
                    elif api["method"] == "post":
                        code, content = post(api["domain"], api["path"], api["data"])
                        pix_list += findall(api["regex"], content)
                except:
                    print_color(api["domain"] + " Faild", 0)

            pix_list = {}.fromkeys(pix_list).keys()

            for pix in pix_list:
                queue.put("%s%s" % (pix, target.n_domain))

            threadl = [tPing(queue, target.ip) for x in xrange(0, threads)]
            [t.start() for t in threadl]
            [t.join() for t in threadl]
        except:
            log.exception("exception")
            print_color(__name__ + " faild", 0)

        print("")
示例#6
0
 def run(self):
     from libs.core.network import get
     while not self.queue.empty():
         path = self.queue.get()
         try:
             code, content = get('dns.aizhan.com', path)
             self.jsons += json.loads(content)
         except:
             continue
示例#7
0
 def run(self):
     from libs.core.network import get
     while not self.queue.empty():
         path = self.queue.get()
         try:
             code,content = get('dns.aizhan.com',path)
             self.jsons += json.loads(content)
         except:
             continue
示例#8
0
def output(target):
    powereds = [{'type':'ASP/ASPX','str':'ASP.NET'}, {'type':'PHP','str':'PHP/'}]

    scripts = [
                {'type':'ASP','path':'/index.asp'}, 
                {'type':'ASPX','path':'/index.aspx'},
                {'type':'PHP','path':'/index.php'}
            ]

    searchs = [
                {'type':'ASP','path':'/search?q=site:%s+inurl:asp'},
                {'type':'ASPX','path':'/search?q=site:%s+inurl:aspx'},
                {'type':'PHP','path':'/search?q=site:%s+inurl:php'}
            ]

    domain = '%s:%d' % (target.f_domain, target.port) if target.f_domain else '%s:%d' % (target.ip, target.port)
    print_color('Probe website %s script...'%domain, 2)
    target.script = 'unknown'

    if 'x-powered-by' in target.header:
        print_color('Test Script for %s with X-Powered-By'%target.f_domain, 2)
        for item in powereds:
            if item['str'] in target.header['x-powered-by']:
                target.script = item['type']
                break

    try:
        if target.script == 'unknown':
            print_color('Test script for %s with HTTP header'%target.f_domain, 2)
            for item in scripts:
                code,header = head(domain,item['path'],target.protocol)
                if code == 200:
                    target.script = item['type']
                    break


        if target.script == 'unknown':
            print_color('Test script for %s with search engine'%target.f_domain, 2)
            for item in searchs:
                path = item['path'] % target.f_domain if target.f_domain else item['path'] % target.ip
                code,content = get('www.google.com.hk',path)
                match = search(r'resultStats">(.*?)<nobr>', content)
                if match:
                    target.script = item['type']
    except:
        log.exception('exception')
        print_color(__name__+' faild', 0)
    
    print_color(target.script, 1)
    print('')
示例#9
0
def output(target):
    print_color('get location for IP %s' % target.ip, 2)
    try:
        code,content = get('ip.taobao.com', '/service/getIpInfo.php?ip=%s' % target.ip)
        jsons = json.loads(content)
        print_color('%s %s %s %s'%(jsons['data']['country'].encode('gbk'),
            jsons['data']['region'].encode('gbk'),
            jsons['data']['city'].encode('gbk'),
            jsons['data']['isp'].encode('gbk')), 1)
    except:
        log.exception('exception')
        print_color(__name__+' faild', 0)

    print('')
示例#10
0
def output(target):
    print_color('get location for IP %s' % target.ip, 2)
    try:
        code, content = get('ip.taobao.com',
                            '/service/getIpInfo.php?ip=%s' % target.ip)
        jsons = json.loads(content)
        print_color(
            '%s %s %s %s' % (jsons['data']['country'].encode('gbk'),
                             jsons['data']['region'].encode('gbk'),
                             jsons['data']['city'].encode('gbk'),
                             jsons['data']['isp'].encode('gbk')), 1)
    except:
        log.exception('exception')
        print_color(__name__ + ' faild', 0)

    print('')
示例#11
0
def output(target):
    if hasattr(target,'mail'):
        print_color('whois same mail %s domain ...' % target.mail, 2)

        threadl = []; threads = 5

        queue = Queue.Queue()
        try:
            code,content = get('whois.aizhan.com',
                               '/reverse-whois/?q=%s&t=email' % target.mail)
            domain_list = findall(r'_blank">(.*?)</a></td>', content)
            if len(domain_list):
                [queue.put(domain) for domain in domain_list if domain != target.n_domain]
                threadl = [tPing(queue,target.ip) for x in xrange(0, threads)]
                [t.start() for t in threadl]
                [t.join() for t in threadl]
        except:
            log.exception('exception')
            print_color(__name__+' faild', 0)

        print('')
示例#12
0
def output(target):
    print_color('Test server exploit %s...' % target.ip, 2)

    paths = ['/robots.txt/.php', '/robots.txt/1.php']

    if 'server' in target.header:
        server = target.header['server'].lower()
        if 'nginx' in server:

            target.server = 'Nginx'

            print_color('Test server nginx Parsing Vulnerabilities', 2)

            domain = '%s:%d' % (
                target.f_domain,
                target.port) if target.f_domain else '%s:%d' % (target.ip,
                                                                target.port)

            code, content = get(domain, '/')
            match = re.search(r'src="(http.+?\.jpg)"', content)

            if match:
                paths.append('%s/.php' % match.group(1))
                paths.append('%s/1.php' % match.group(1))
            for p in paths:
                code, header = head(domain, p)

                if code == 200 and header['content-type'].find(
                        'text/html') > -1:
                    print_color('the server has nginx parsing vulnerabilities',
                                1)
                    break

        elif 'apache' in server:
            target.server = 'Apache'
        elif 'iis' in server:
            target.server = 'IIS'

    print('')
示例#13
0
def output(target):
    powereds = [{
        'type': 'ASP/ASPX',
        'str': 'ASP.NET'
    }, {
        'type': 'PHP',
        'str': 'PHP/'
    }]

    scripts = [{
        'type': 'ASP',
        'path': '/index.asp'
    }, {
        'type': 'ASPX',
        'path': '/index.aspx'
    }, {
        'type': 'PHP',
        'path': '/index.php'
    }]

    searchs = [{
        'type': 'ASP',
        'path': '/search?q=site:%s+inurl:asp'
    }, {
        'type': 'ASPX',
        'path': '/search?q=site:%s+inurl:aspx'
    }, {
        'type': 'PHP',
        'path': '/search?q=site:%s+inurl:php'
    }]

    domain = '%s:%d' % (target.f_domain,
                        target.port) if target.f_domain else '%s:%d' % (
                            target.ip, target.port)
    print_color('Probe website %s script...' % domain, 2)
    target.script = 'unknown'

    if 'x-powered-by' in target.header:
        print_color('Test Script for %s with X-Powered-By' % target.f_domain,
                    2)
        for item in powereds:
            if item['str'] in target.header['x-powered-by']:
                target.script = item['type']
                break

    try:
        if target.script == 'unknown':
            print_color(
                'Test script for %s with HTTP header' % target.f_domain, 2)
            for item in scripts:
                code, header = head(domain, item['path'], target.protocol)
                if code == 200:
                    target.script = item['type']
                    break

        if target.script == 'unknown':
            print_color(
                'Test script for %s with search engine' % target.f_domain, 2)
            for item in searchs:
                path = item[
                    'path'] % target.f_domain if target.f_domain else item[
                        'path'] % target.ip
                code, content = get('www.google.com.hk', path)
                match = search(r'resultStats">(.*?)<nobr>', content)
                if match:
                    target.script = item['type']
    except:
        log.exception('exception')
        print_color(__name__ + ' faild', 0)

    print_color(target.script, 1)
    print('')
示例#14
0
def output(target):
    if hasattr(target, 'axfr') and not target.axfr and target.n_domain:

        threadl = []
        threads = 5

        queue = Queue.Queue()

        apis = [{
            'domain': 'www.baidu.com',
            'path': '/s?wd=site:%s&pn=0&ie=utf-8' % target.n_domain,
            'method': 'get',
            'regex': '"g">(.*?)%s' % target.n_domain
        }, {
            'domain': 'i.links.cn',
            'path': '/subdomain/',
            'method': 'post',
            'regex': 'target=_blank>http://(.*)%s',
            'data': {
                'domain': target.n_domain,
                'b2': '1',
                'b3': '1',
                'b4': '1'
            }
        }, {
            'domain': 'www.alexa.com',
            'path': '/siteinfo/%s' % target.n_domain,
            'method': 'get',
            'regex': "word-wrap'>(.*?)%s" % target.n_domain
        }]

        print_color('find subdomain for %s..' % target.n_domain, 2)

        pix_list = []

        try:
            for api in apis:
                try:
                    if api['method'] == 'get':
                        code, content = get(api['domain'], api['path'])
                        pix_list += findall(api['regex'], content)
                    elif api['method'] == 'post':
                        code, content = post(api['domain'], api['path'],
                                             api['data'])
                        pix_list += findall(api['regex'], content)
                except:
                    print_color(api['domain'] + ' Faild', 0)

            pix_list = {}.fromkeys(pix_list).keys()

            for pix in pix_list:
                queue.put('%s%s' % (pix, target.n_domain))

            threadl = [tPing(queue, target.ip) for x in xrange(0, threads)]
            [t.start() for t in threadl]
            [t.join() for t in threadl]
        except:
            log.exception('exception')
            print_color(__name__ + ' faild', 0)

        print('')