├── HeartK.py
├── README.md
├── config.py
├── export_report.py
├── get_data.py
├── image
└── README
│ ├── 1737378564084.png
│ ├── 1737378610051.png
│ ├── 1737379288373.png
│ ├── 1739632646313.png
│ ├── 1739632689415.png
│ └── 1739632731222.png
├── js
└── background.js
├── requirements.txt
└── web_scan.py
/HeartK.py:
--------------------------------------------------------------------------------
1 | # -*- coding: UTF-8 -*-
2 | # @Project :HeartK
3 | # @File :HeartK.py
4 | # Author :0xsdeo
5 | # Date :2025/1/17 14:48
6 | import os
7 | import json
8 | import config
9 | import execjs
10 | import chardet
11 | import urllib3
12 | import requests
13 | import argparse
14 | import web_scan
15 | import get_data
16 | from export_report import export
17 |
18 | urllib3.disable_warnings()
19 |
20 |
21 | def web_js_scan(scan_list, code_list):
22 | with open("js/background.js", "r", encoding="utf-8") as background:
23 | background_js = execjs.compile(background.read())
24 | for i in scan_list:
25 | try:
26 | re = requests.get(i, headers=config.headers, verify=False, timeout=config.wait_time)
27 | info = background_js.call("get_info", re.text)
28 | js_info_list.append(info)
29 | if arg.d:
30 | print_data_count(i, info)
31 | except Exception as e:
32 | if 'HTTPSConnectionPool' in str(e) or 'HTTPConnectionPool' in str(e):
33 | print(f"26行{i}请求失败")
34 | else:
35 | print(f"35行异常,异常信息:{e}")
36 | for i in code_list:
37 | try:
38 | info = background_js.call("get_info", i)
39 | js_info_list.append(info)
40 | # if arg.d:
41 | # print_data_count(i, info)
42 | except Exception as e:
43 | print(f"43行异常,异常信息:{e}")
44 |
45 |
46 | def print_data_count(js, data):
47 | print(f'{js}共搜索到:' +
48 | (str(len(data['sfz'])) + '个sfz\t' if data['sfz'] is not None else "0个sfz\t") +
49 | (str(len(data['mobile'])) + '个mobile\t' if data['mobile'] is not None else "0个mobile\t") +
50 | (str(len(data['mail'])) + '个mail\t' if data['mail'] is not None else "0个mail\t") +
51 | (str(len(data['ip'])) + '个ip\t' if data['ip'] is not None else "0个ip\t") +
52 | (str(len(data['ip_port'])) + '个ip_port\t' if data['ip_port'] is not None else "0个ip_port\t") +
53 | (str(len(data['domain'])) + '个domain\t' if data['domain'] is not None else "0个domain\t") +
54 | (str(len(data['path'])) + '个path\t' if data['path'] is not None else "0个path\t") +
55 | (str(len(data['incomplete_path'])) + '个incomplete_path\t' if data['incomplete_path'] is not None else "0个incomplete_path\t") +
56 | (str(len(data['url'])) + '个url\t' if data['url'] is not None else "0个url\t") +
57 | (str(len(data['jwt'])) + '个jwt\t' if data['jwt'] is not None else "0个jwt\t") +
58 | (str(len(data['algorithm'])) + '个algorithm\t' if data['algorithm'] is not None else "0个algorithm\t") +
59 | (str(len(data['secret'])) + '个secret\t' if data['secret'] is not None else "0个secret\t") +
60 | (str(len(data['static'])) + '个static\t' if data['static'] is not None else "0个static\t")
61 | )
62 |
63 |
64 | def Data_Deduplication(key, info_dict): # 数据去重与排序
65 | if info_dict[key] is not None and isinstance(info_dict[key], list):
66 | info_dict[key] = list(set(info_dict[key]))
67 | info_dict[key].sort()
68 |
69 |
70 | def Detection_encoding(path): # 获取文件编码
71 | with open(path, mode='rb') as f:
72 | return chardet.detect(f.read())['encoding']
73 |
74 |
75 | def add_data(key, value, info_dict): # 将js_info_list列表中的每个敏感信息都整合到一个字典里
76 | if value is not None and info_dict[key] is None:
77 | info_dict[key] = value
78 | elif value is not None and isinstance(info_dict[key], list):
79 | info_dict[key].extend(value)
80 |
81 |
82 | def scan(scan_list):
83 | with open("js/background.js", "r", encoding="utf-8") as background:
84 | background_js = execjs.compile(background.read())
85 | if isinstance(scan_list, list):
86 | for i in scan_list:
87 | encoding = Detection_encoding(i)
88 | if encoding is not None:
89 | try:
90 | with open(f"{i}", "r", encoding=encoding, errors='ignore') as f:
91 | info = background_js.call("get_info", f.read())
92 | js_info_list.append(info)
93 | if arg.d:
94 | print_data_count(i, info)
95 | except UnicodeDecodeError as u:
96 | print(f"{i}文件编码获取失败,异常信息:{u}")
97 | except Exception as e:
98 | print(f"98行异常,异常信息:{e}")
99 | else:
100 | print(f"{i}文件内容为空")
101 | else:
102 | encoding = Detection_encoding(scan_list)
103 | if encoding is not None:
104 | try:
105 | with open(f"{scan_list}", "r", encoding=encoding, errors='ignore') as f:
106 | info = background_js.call("get_info", f.read())
107 | js_info_list.append(info)
108 | except UnicodeDecodeError as u:
109 | print(f"{scan_list}文件编码获取失败:,{u}")
110 | except Exception as e:
111 | print(f"111行异常,异常信息:{e}")
112 | else:
113 | print(f"{scan_list}文件内容为空")
114 |
115 |
116 | def get_js(path): # 获取指定的目录下所有js和html文件
117 | file_list = os.listdir(path)
118 | if file_list:
119 | for i in file_list:
120 | if os.path.isdir(path + f'/{i}'):
121 | get_js(path + f'/{i}')
122 | else:
123 | js_list.append(path + '/' + i) if i[-3:] == ".js" or i[-5:] == '.html' else i
124 |
125 |
126 | if __name__ == "__main__":
127 | print(r""" ___ ___ _______ ________ ________ _________ ___ __
128 | |\ \|\ \ |\ ___ \ |\ __ \ |\ __ \ |\___ ___\ |\ \|\ \
129 | \ \ \\\ \ \ \ __/| \ \ \|\ \ \ \ \|\ \ \|___ \ \_| \ \ \/ /|_
130 | \ \ __ \ \ \ \_|/__ \ \ __ \ \ \ _ _\ \ \ \ \ \ ___ \
131 | \ \ \ \ \ \ \ \_|\ \ \ \ \ \ \ \ \ \\ \| \ \ \ \ \ \\ \ \
132 | \ \__\ \__\ \ \_______\ \ \__\ \__\ \ \__\\ _\ \ \__\ \ \__\\ \__\
133 | \|__|\|__| \|_______| \|__|\|__| \|__|\|__| \|__| \|__| \|__|""")
134 |
135 | arg = argparse.ArgumentParser(description="FindSomething本地移植版--HeartK")
136 | arg.add_argument("path", help="指定要扫描的目录、js/html文件或存储了站点列表的文本文件,必选项")
137 | arg.add_argument('-d', action="store_true", help="输出详细信息,可选项")
138 | arg.add_argument("-e", "--export", required=False, help="指定要导出报告的路径,不指定默认导出在运行工具的目录下,可选项")
139 | arg = arg.parse_args()
140 |
141 | js_list = list() # 以列表形式存储每个js和html文件路径
142 | js_info_list = list() # 以列表形式存储每个js文件中的敏感信息
143 | all_info = {
144 | 'sfz': None,
145 | 'mobile': None,
146 | 'mail': None,
147 | 'ip': None,
148 | 'ip_port': None,
149 | 'domain': None,
150 | 'path': None,
151 | 'incomplete_path': None,
152 | 'url': None,
153 | 'jwt': None,
154 | 'algorithm': None,
155 | 'secret': None,
156 | 'static': None
157 | }
158 |
159 | if os.path.isdir(arg.path):
160 | get_js(arg.path)
161 | scan(js_list)
162 | for i in js_info_list:
163 | for k, v in i.items():
164 | add_data(k, v, all_info)
165 | if all_info['domain'] is not None and isinstance(all_info['domain'], list):
166 | if all_info['url'] is not None:
167 | all_info['url'].extend(all_info['domain'])
168 | else:
169 | all_info['url'] = all_info['domain']
170 | for k in all_info.keys():
171 | Data_Deduplication(k, all_info)
172 | elif os.path.isfile(arg.path):
173 | if arg.path[-5:] == '.html' or arg.path[-3:] == '.js':
174 | scan(arg.path)
175 | for i in js_info_list:
176 | for k, v in i.items():
177 | add_data(k, v, all_info)
178 | if all_info['domain'] is not None and isinstance(all_info['domain'], list):
179 | if all_info['url'] is not None:
180 | all_info['url'].extend(all_info['domain'])
181 | else:
182 | all_info['url'] = all_info['domain']
183 | for k in all_info.keys():
184 | Data_Deduplication(k, all_info)
185 | else:
186 | website_list = get_data.generate_data(arg.path)
187 | if len(website_list) != 0:
188 | for i in website_list:
189 | web_js_list, js_code_list = web_scan.get_host_js(i)
190 | if web_js_list:
191 | web_js_scan(web_js_list, js_code_list)
192 | for j in js_info_list:
193 | for k, v in j.items():
194 | add_data(k, v, all_info)
195 | if all_info['domain'] is not None and isinstance(all_info['domain'], list):
196 | if all_info['url'] is not None:
197 | all_info['url'].extend(all_info['domain'])
198 | else:
199 | all_info['url'] = all_info['domain']
200 | for k in all_info.keys():
201 | Data_Deduplication(k, all_info)
202 | print_data_count(i, all_info)
203 | hostname = web_scan.get_hostname(i)
204 | export(json.dumps(all_info), arg.export, hostname)
205 | for k in all_info.keys():
206 | all_info[k] = None
207 | js_info_list = list()
208 | else:
209 | print(f"{arg.path}未读取到有效数据")
210 | quit()
211 | else:
212 | raise ValueError("指定的扫描路径并非有效路径")
213 |
214 | if arg.d:
215 | print(f'\033[31m此次共搜索到:' +
216 | (str(len(all_info['sfz'])) + '个sfz\t' if all_info['sfz'] is not None else "0个sfz\t") +
217 | (str(len(all_info['mobile'])) + '个mobile\t' if all_info['mobile'] is not None else "0个mobile\t") +
218 | (str(len(all_info['mail'])) + '个mail\t' if all_info['mail'] is not None else "0个mail\t") +
219 | (str(len(all_info['ip'])) + '个ip\t' if all_info['ip'] is not None else "0个ip\t") +
220 | (str(len(all_info['ip_port'])) + '个ip_port\t' if all_info['ip_port'] is not None else "0个ip_port\t") +
221 | (str(len(all_info['domain'])) + '个domain\t' if all_info['domain'] is not None else "0个domain\t") +
222 | (str(len(all_info['path'])) + '个path\t' if all_info['path'] is not None else "0个path\t") +
223 | (str(len(all_info['incomplete_path'])) + '个incomplete_path\t' if all_info['incomplete_path'] is not None else "0个incomplete_path\t") +
224 | (str(len(all_info['url'])) + '个url\t' if all_info['url'] is not None else "0个url\t") +
225 | (str(len(all_info['jwt'])) + '个jwt\t' if all_info['jwt'] is not None else "0个jwt\t") +
226 | (str(len(all_info['algorithm'])) + '个algorithm\t' if all_info['algorithm'] is not None else "0个algorithm\t") +
227 | (str(len(all_info['secret'])) + '个secret\t' if all_info['secret'] is not None else "0个secret\t") +
228 | (str(len(all_info['static'])) + '个static\t' if all_info['static'] is not None else "0个static\t")
229 | )
230 | print("\033[0m", end="")
231 |
232 | export(json.dumps(all_info), arg.export)
233 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | HeartK
2 |
3 | 
4 |
5 | ## 项目介绍
6 |
7 | 本项目基于残笑大佬的FindSomething插件进行的本地移植版,可对指定的目录下的所有html、js文件或单个html、js文件进行扫描并获取敏感信息,也可对指定的站点列表进行批量扫描。
8 |
9 | ## 必看说明
10 |
11 | 1. 本项目基于node.js环境,如无node.js环境请自行安装,官网:`https://nodejs.org/zh-cn/download/`
12 | 2. 工具扫描完毕后会将敏感信息导出在指定的目录或运行工具的目录下的`report.html`中。
13 | 3. 使用前请在工具根目录执行`pip install -r requirements.txt`安装依赖文件。
14 | 4. 如果没有指定导出报告的路径,批量扫描网站后的报告会自动保存到工具目录下的`web_reports`文件夹下。
15 | 5. 在config中可修改wait_time(请求网站的超时时间,默认为5秒,5秒未响应自动跳过)和请求头headers。
16 | 6. 进行批量扫描前将要扫描的站点导入到一个文本文件中,该文本文件需具有以下格式:
17 | > 1. 每个站点需独占一行。
18 | > 2. 每个站点必须有协议头,也就是形如`http://xxx.xxx.com`的格式。
19 |
20 | ## 快速上手
21 |
22 | 使用时必须指定要扫描的目录、js/html文件或存储了站点列表的文本文件:
23 | ```shell
24 | HeartK.py scan_path
25 | ```
26 |
27 | 输出详细信息指定-d,可选项:
28 | ```shell
29 | HeartK.py scan_path -d
30 | ```
31 |
32 | 指定要导出报告的路径,不指定默认导出在运行工具的目录下,可选项:
33 | ```shell
34 | HeartK.py scan_path -e export_path
35 | ```
36 | 或
37 | ```shell
38 | HeartK.py scan_path --export export_path
39 | ```
40 |
41 | ## 注意事项
42 |
43 | 1. **如要指定导出报告的路径,只写目录即可,不要指定文件名。**
44 | 2. 本项目导出的报告中移除了残笑大佬的配置项:
45 | 
46 | 3. **网站请求失败或js请求失败可能是由于触发了风控机制导致的。**
47 |
48 | ## 本地扫描效果图
49 |
50 | 
51 | 
52 |
53 | ## 批量扫描网站效果图
54 |
55 | 
56 | 
57 | 
58 |
59 | ## 鸣谢
60 |
61 | 本项目离不开残笑大佬的帮助与支持,在此鸣谢。
62 |
63 | ## Contact
64 |
65 | 如有bug或其他问题可提交issues,或者关注公众号Spade sec联系我。
66 |
67 | ## 更新历史
68 |
69 | - v1.1.1
70 |
71 | > 修复了输出的报告文件命名不规范的问题,现扫描同个ip的不同端口的url时,导出的报告文件名会将端口号加在文件名的最后。
72 |
73 | 感谢`XingHuoLiaoYuanBaby`师傅提出问题。
74 |
75 | - v1.1.0
76 |
77 | > 新增网站批量扫描功能,支持从指定站点列表中请求并扫描获取敏感信息。
78 |
79 | - v1.0.1
80 |
81 | > 当遇到无法解码的字节时,忽略掉这些无法解码的字节,以防止文件读不完整。
--------------------------------------------------------------------------------
/config.py:
--------------------------------------------------------------------------------
1 | # -*- coding: UTF-8 -*-
2 | # @Project :HeartK
3 | # @File :config.py
4 | # Author :0xsdeo
5 | # Date :2025/2/15 17:14
6 |
7 | wait_time = 5 # 等待时间,单位为秒
8 |
9 | # 请求头
10 | headers = {
11 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
12 | 'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
13 | 'Cache-Control': 'no-cache',
14 | 'Connection': 'keep-alive',
15 | 'Pragma': 'no-cache',
16 | 'Upgrade-Insecure-Requests': '1',
17 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36',
18 | }
19 |
--------------------------------------------------------------------------------
/export_report.py:
--------------------------------------------------------------------------------
1 | # -*- coding: UTF-8 -*-
2 | # @Project :HeartK
3 | # @File :export_report.py
4 | # Author :0xsdeo
5 | # Date :2025/1/20 11:15
6 | import os
7 |
8 |
9 | def export(data, export_path, host=""):
10 | popup_js = r"""
11 | // @Date : 2020-09-12 16:26:48
12 | // @Author : residuallaugh
13 |
14 | var key = ["ip","ip_port","domain","path","incomplete_path","url","static","sfz","mobile","mail","jwt","algorithm","secret"]
15 |
16 | let messages = {
17 | "popupCopy": "复制",
18 | "popupCopyurl": "复制URL",
19 | "popupTipClickBeforeCopy": "请点击原页面后再复制:)"
20 | };
21 |
22 | function getMessage(key) {
23 | return messages[key] || "";
24 | }
25 |
26 | function init_copy() {
27 | var elements = document.getElementsByClassName("copy");
28 | if(elements){
29 | for (var i=0, len=elements.length|0; i= 0; i--) {
50 | // if(path_list[i][0] == '.'){
51 | // copytext += url.origin+'/'+path_list[i]+'\n';
52 | // }else{
53 | // copytext += url.origin+path_list[i]+'\n';
54 | // }
55 | // }
56 | // inp.value = copytext.slice(0, -1);
57 | // inp.select();
58 | // document.execCommand('copy',false);
59 | // })]).then(res=> inp.remove())
60 | // return ;
61 | // }
62 | inp.value = copytext;
63 | inp.select();
64 | document.execCommand('copy',false);
65 | inp.remove();
66 | }
67 | }
68 | }
69 | };
70 |
71 | function show_info(result_data) {
72 | for (var k in key){
73 | if (result_data[key[k]]){
74 | // console.log(result_data[key[k]])
75 | let container = document.getElementById(key[k]);
76 | while((ele = container.firstChild)){
77 | ele.remove();
78 | }
79 | container.style.whiteSpace = "pre";
80 | for (var i in result_data[key[k]]){
81 | let tips = document.createElement("div");
82 | tips.setAttribute("class", "tips")
83 | let link = document.createElement("a");
84 | // let source = result_data['source'][result_data[key[k]][i]];
85 | // if (source) {
86 | // //虽然无法避免被xss,但插件默认提供了正确的CSP,这意味着我们即使不特殊处理,javascript也不会被执行。
87 | // // source = 'javascript:console.log`1`'
88 | // link.setAttribute("href", source);
89 | // link.setAttribute("title", source);
90 | // }
91 | link.appendChild(tips);
92 | let span = document.createElement("span");
93 | span.textContent = result_data[key[k]][i]+'\n';
94 | container.appendChild(link);
95 | container.appendChild(span);
96 | }
97 | }
98 | }
99 | }
100 |
101 | init_copy();
102 |
103 | show_info(""" + data + ')'
104 |
105 | report_html = r"""
109 |
110 |
111 |
112 |
113 |
114 |
115 |
118 |
119 |
120 |
121 |
122 |
🈚️
123 |
124 |
🈚️
125 |
域名
126 |
🈚️
127 |
128 |
🈚️
129 |
130 |
🈚️
131 |
132 |
🈚️
133 |
134 |
🈚️
135 |
136 |
🈚️
137 |
138 |
🈚️
139 |
140 |
141 |
142 |
🈚️
143 |
144 |
🈚️
145 |
146 |
🈚️
147 |
148 |
🈚️
149 |
150 |