├── README.md ├── crack_encrypt.js ├── multibyte_trans_tool.py └── social_account_takover.py /README.md: -------------------------------------------------------------------------------- 1 | # hacker_tools 2 | this is my tools project ,welcome to start ... 3 | -------------------------------------------------------------------------------- /crack_encrypt.js: -------------------------------------------------------------------------------- 1 | // ==UserScript== 2 | // @name 一键Hook加密算法 3 | // @namespace By:亮亮 4 | // @version 1.2 5 | // @description 一键Hook Crypto RSA 几个基本的方法 AES DES 3DES Hmac SHA 6 | // @author liangliang 7 | // @match https://*/* 8 | // @match http://*/* 9 | // @icon data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== 10 | // @grant none 11 | // ==/UserScript== 12 | 13 | (function() { 14 | 'use strict'; 15 | console.log("亮亮网页Hook脚本初始化成功"); 16 | //过dubugger 17 | var constructorEx = constructor; 18 | Function.prototype.constructor = function(s) { 19 | if (s == "debugger") { 20 | return null; 21 | } 22 | return constructorEx(s); 23 | } 24 | 25 | window.SHook = true 26 | window.IsDebugger = false 27 | function hex2b64(h) { 28 | var b64map = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 29 | var i; 30 | var c; 31 | var ret = ""; 32 | for (i = 0; i + 3 <= h.length; i += 3) { 33 | c = parseInt(h.substring(i, i + 3), 16); 34 | ret += b64map.charAt(c >> 6) + b64map.charAt(c & 63); 35 | } 36 | if (i + 1 == h.length) { 37 | c = parseInt(h.substring(i, i + 1), 16); 38 | ret += b64map.charAt(c << 2); 39 | } else if (i + 2 == h.length) { 40 | c = parseInt(h.substring(i, i + 2), 16); 41 | ret += b64map.charAt(c >> 2) + b64map.charAt((c & 3) << 4); 42 | } 43 | while ((ret.length & 3) > 0) 44 | ret += "="; 45 | return ret; 46 | } 47 | if (window.CryptoJS != undefined) { 48 | var Crypto = window.CryptoJS 49 | //AES加解密 50 | if (Crypto.AES != undefined) { 51 | var AESencrypt = Crypto.AES.encrypt 52 | var AESdecrypt = Crypto.AES.decrypt 53 | window.CryptoJS.AES.encrypt = function() { 54 | var Data = arguments[0] 55 | if (Data == "" || window.SHook == false) { 56 | return AESencrypt(arguments[0], arguments[1], arguments[2]) 57 | } 58 | console.log('检测到AES加密:'); 59 | var AESKey = arguments[1] 60 | var AESIv = arguments[2]["iv"] 61 | console.log("EnData:" + CryptoJS.enc.Utf8.stringify(Data)) 62 | console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey)) 63 | console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv)) 64 | if (IsDebugger == true) { 65 | debugger ; 66 | } 67 | console.log("AES加密结果:" + AESencrypt(arguments[0], arguments[1], arguments[2])) 68 | return AESencrypt(arguments[0], arguments[1], arguments[2]) 69 | } 70 | window.CryptoJS.AES.decrypt = function() { 71 | var Data = arguments[0] 72 | if (Data == "" || window.SHook == false) { 73 | return AESdecrypt(arguments[0], arguments[1], arguments[2]) 74 | } 75 | console.log('检测到AES解密:'); 76 | var AESKey = arguments[1] 77 | var AESIv = arguments[2]["iv"] 78 | console.log("DeData:" + Data) 79 | console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey)) 80 | console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv)) 81 | if (IsDebugger == true) { 82 | debugger ; 83 | } 84 | console.log("AES解密结果:" + AESdecrypt(arguments[0], arguments[1], arguments[2])) 85 | return AESdecrypt(arguments[0], arguments[1], arguments[2]) 86 | } 87 | } 88 | //DES加解密 89 | if (Crypto.DES != undefined) { 90 | var DESencrypt = Crypto.DES.encrypt 91 | var DESdecrypt = Crypto.DES.decrypt 92 | window.CryptoJS.DES.encrypt = function() { 93 | var Data = arguments[0] 94 | if (Data == "" || window.SHook == false) { 95 | return DESencrypt(arguments[0], arguments[1], arguments[2]) 96 | } 97 | console.log('检测到DES加密:'); 98 | var AESKey = arguments[1] 99 | var AESIv = arguments[2]["iv"] 100 | console.log("EnData:" + CryptoJS.enc.Utf8.stringify(Data)) 101 | console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey)) 102 | console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv)) 103 | if (IsDebugger == true) { 104 | debugger ; 105 | } 106 | console.log("DES加密结果:" + AESencrypt(arguments[0], arguments[1], arguments[2])) 107 | return AESencrypt(arguments[0], arguments[1], arguments[2]) 108 | } 109 | window.CryptoJS.DES.decrypt = function() { 110 | var Data = arguments[0] 111 | if (Data == "" || window.SHook == false) { 112 | return AESdecrypt(arguments[0], arguments[1], arguments[2]) 113 | } 114 | console.log('检测到DES解密:'); 115 | var AESKey = arguments[1] 116 | var AESIv = arguments[2]["iv"] 117 | console.log("DeData:" + Data) 118 | console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey)) 119 | console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv)) 120 | if (IsDebugger == true) { 121 | debugger ; 122 | } 123 | console.log("DES解密结果:" + DESdecrypt(arguments[0], arguments[1], arguments[2])) 124 | return DESdecrypt(arguments[0], arguments[1], arguments[2]) 125 | } 126 | } 127 | //3DES加解密 128 | if (Crypto.TripleDES != undefined) { 129 | var TripleDESencrypt = Crypto.TripleDES.encrypt 130 | var TripleDESdecrypt = Crypto.TripleDES.decrypt 131 | window.CryptoJS.TripleDES.encrypt = function() { 132 | var Data = arguments[0] 133 | if (Data == "" || window.SHook == false) { 134 | return TripleDESencrypt(arguments[0], arguments[1], arguments[2]) 135 | } 136 | console.log('检测到TripleDES加密:'); 137 | var AESKey = arguments[1] 138 | var AESIv = arguments[2]["iv"] 139 | console.log("EnData:" + CryptoJS.enc.Utf8.stringify(Data)) 140 | console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey)) 141 | console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv)) 142 | if (IsDebugger == true) { 143 | debugger ; 144 | } 145 | console.log("TripleDES加密结果:" + AESencrypt(arguments[0], arguments[1], arguments[2])) 146 | return AESencrypt(arguments[0], arguments[1], arguments[2]) 147 | } 148 | window.CryptoJS.TripleDES.decrypt = function() { 149 | var Data = arguments[0] 150 | if (Data == "" || window.SHook == false) { 151 | return AESdecrypt(arguments[0], arguments[1], arguments[2]) 152 | } 153 | console.log('检测到TripleDES解密:'); 154 | var AESKey = arguments[1] 155 | var AESIv = arguments[2]["iv"] 156 | console.log("DeData:" + Data) 157 | console.log("AES Key:" + CryptoJS.enc.Utf8.stringify(AESKey)) 158 | console.log("AES Iv:" + CryptoJS.enc.Utf8.stringify(AESIv)) 159 | if (IsDebugger == true) { 160 | debugger ; 161 | } 162 | console.log("TripleDES解密结果:" + TripleDESdecrypt(arguments[0], arguments[1], arguments[2])) 163 | return TripleDESdecrypt(arguments[0], arguments[1], arguments[2]) 164 | } 165 | } 166 | //Hmac 167 | var HMAC_MD5encrypt = Crypto.HmacMD5 168 | var HMAC_SHA1encrypt = Crypto.HmacSHA1 169 | var HMAC_SHA256encrypt = Crypto.HmacSHA256 170 | var HMAC_SHA384encrypt = Crypto.HmacSHA384 171 | var HMAC_SHA512encrypt = Crypto.HmacSHA512 172 | 173 | if (Crypto.HmacMD5 != undefined) { 174 | window.CryptoJS.HmacMD5 = function() { 175 | var Data = arguments[0]; 176 | if (Data == "" || window.SHook == false) { 177 | return HMAC_MD5encrypt(arguments[0], arguments[1]); 178 | } 179 | ;console.log("检测到HmacMD5加密:"); 180 | var HmacKey = arguments[1]; 181 | console.log("EnData:" + Data); 182 | console.log("HmacKey:" + HmacKey); 183 | if (IsDebugger == true) { 184 | debugger ; 185 | } 186 | console.log("HmacMD5加密:" + HMAC_MD5encrypt(arguments[0], arguments[1])) 187 | return HMAC_MD5encrypt(arguments[0], arguments[1]); 188 | } 189 | } 190 | if (Crypto.HmacSHA1 != undefined) { 191 | window.CryptoJS.HmacSHA1 = function() { 192 | var Data = arguments[0]; 193 | if (Data == "" || window.SHook == false) { 194 | return HMAC_SHA1encrypt(arguments[0], arguments[1]); 195 | } 196 | ;console.log("检测到HmacSHA1加密:"); 197 | var HmacKey = arguments[1]; 198 | console.log("EnData:" + Data); 199 | console.log("HmacKey:" + HmacKey); 200 | if (IsDebugger == true) { 201 | debugger ; 202 | } 203 | console.log("HmacSHA1加密:" + HMAC_SHA1encrypt(arguments[0], arguments[1])) 204 | return HMAC_SHA1encrypt(arguments[0], arguments[1]); 205 | } 206 | } 207 | if (Crypto.HmacSHA256 != undefined) { 208 | window.CryptoJS.HmacSHA256 = function() { 209 | var Data = arguments[0]; 210 | if (Data == "" || window.SHook == false) { 211 | return HMAC_SHA256encrypt(arguments[0], arguments[1]); 212 | } 213 | ;console.log("检测到HmacSHA256加密:"); 214 | var HmacKey = arguments[1]; 215 | console.log("EnData:" + Data); 216 | console.log("HmacKey:" + HmacKey); 217 | if (IsDebugger == true) { 218 | debugger ; 219 | } 220 | console.log("HmacSHA256加密:" + HMAC_SHA256encrypt(arguments[0], arguments[1])) 221 | return HMAC_SHA256encrypt(arguments[0], arguments[1]); 222 | } 223 | } 224 | if (Crypto.HmacSHA384 != undefined) { 225 | window.CryptoJS.HmacSHA384 = function() { 226 | var Data = arguments[0]; 227 | if (Data == "" || window.SHook == false) { 228 | return HMAC_SHA384encrypt(arguments[0], arguments[1]); 229 | } 230 | ;console.log("检测到HmacSHA384加密:"); 231 | var HmacKey = arguments[1]; 232 | console.log("EnData:" + Data); 233 | console.log("HmacKey:" + HmacKey); 234 | if (IsDebugger == true) { 235 | debugger ; 236 | } 237 | console.log("HmacSHA384加密:" + HMAC_SHA384encrypt(arguments[0], arguments[1])) 238 | return HMAC_SHA384encrypt(arguments[0], arguments[1]); 239 | } 240 | } 241 | if (Crypto.HmacSHA512 != undefined) { 242 | window.CryptoJS.HmacSHA512 = function() { 243 | var Data = arguments[0]; 244 | if (Data == "" || window.SHook == false) { 245 | return HMAC_SHA512encrypt(arguments[0], arguments[1]); 246 | } 247 | ;console.log("检测到HmacSHA512加密:"); 248 | var HmacKey = arguments[1]; 249 | console.log("EnData:" + Data); 250 | console.log("HmacKey:" + HmacKey); 251 | if (IsDebugger == true) { 252 | debugger ; 253 | } 254 | console.log("HmacSHA512加密:" + HMAC_SHA512encrypt(arguments[0], arguments[1])) 255 | return HMAC_SHA512encrypt(arguments[0], arguments[1]); 256 | } 257 | } 258 | //Rabbit加解密 259 | if (Crypto.TripleDES != undefined) { 260 | var Rabbitencrypt = Crypto.Rabbit.encrypt 261 | var Rabbitdecrypt = Crypto.Rabbit.decrypt 262 | window.CryptoJS.Rabbit.encrypt = function() { 263 | var Data = arguments[0] 264 | if (Data == "" || window.SHook == false) { 265 | return Rabbitencrypt(arguments[0], arguments[1]) 266 | } 267 | console.log('检测到Rabbit加密:'); 268 | console.log("EnData:" + Data) 269 | console.log("Key:" + arguments[1]) 270 | if (IsDebugger == true) { 271 | debugger ; 272 | } 273 | console.log("Rabbit加密:" + Rabbitencrypt(arguments[0], arguments[1])) 274 | return Rabbitencrypt(arguments[0], arguments[1]) 275 | } 276 | window.CryptoJS.Rabbit.decrypt = function() { 277 | var Data = arguments[0] 278 | if (Data == "" || window.SHook == false) { 279 | return Rabbitdecrypt(arguments[0], arguments[1]) 280 | } 281 | console.log('检测到Rabbit解密:'); 282 | console.log("DeData:" + Data) 283 | console.log("Key:" + arguments[1]) 284 | if (IsDebugger == true) { 285 | debugger ; 286 | } 287 | console.log("Rabbit解密:" + Rabbitdecrypt(arguments[0], arguments[1])) 288 | return Rabbitdecrypt(arguments[0], arguments[1]) 289 | } 290 | } 291 | //PBKDF2加解密 292 | if (Crypto.PBKDF2 != undefined) { 293 | var PBKDF2encrypt = Crypto.PBKDF2 294 | window.CryptoJS.PBKDF2 = function() { 295 | var Data = arguments[0] 296 | if (Data == "" || window.SHook == false) { 297 | return PBKDF2encrypt(arguments[0], arguments[1], arguments[2]) 298 | } 299 | console.log('检测到PBKDF2加密:'); 300 | console.log("EnData:" + Data) 301 | console.log("Salt:" + arguments[1]) 302 | console.log("KeySize:" + arguments[2]['keySize']) 303 | console.log("iterations:" + arguments[2]['iterations']) 304 | if (IsDebugger == true) { 305 | debugger ; 306 | } 307 | console.log("PBKDF2加密:" + PBKDF2encrypt(arguments[0], arguments[1], arguments[2])) 308 | return PBKDF2encrypt(arguments[0], arguments[1], arguments[2]) 309 | } 310 | } 311 | //PBKDF2加解密 312 | if (Crypto.EvpKDF != undefined) { 313 | var EvpKDFencrypt = Crypto.EvpKDF 314 | window.CryptoJS.EvpKDF = function() { 315 | var Data = arguments[0] 316 | if (Data == "" || window.SHook == false) { 317 | return EvpKDFencrypt(arguments[0], arguments[1], arguments[2]) 318 | } 319 | console.log('检测到EvpKDF加密:'); 320 | console.log("EnData:" + Data) 321 | console.log("Salt:" + arguments[1]) 322 | console.log("KeySize:" + arguments[2]['keySize']) 323 | console.log("iterations:" + arguments[2]['iterations']) 324 | if (IsDebugger == true) { 325 | debugger ; 326 | } 327 | console.log("EvpKDF加密:" + EvpKDFencrypt(arguments[0], arguments[1], arguments[2])) 328 | return EvpKDFencrypt(arguments[0], arguments[1], arguments[2]) 329 | } 330 | } 331 | //Md5加密 332 | if (Crypto.MD5 != undefined) { 333 | var MD5encrypt = Crypto.MD5 334 | window.CryptoJS.MD5 = function() { 335 | var Data = arguments[0] 336 | if (Data == "" || window.SHook == false) { 337 | return MD5encrypt(arguments[0]) 338 | } 339 | console.log('检测到MD5加密:'); 340 | console.log("EnData:" + Data) 341 | if (IsDebugger == true) { 342 | debugger ; 343 | } 344 | console.log("MD5加密:" + MD5encrypt(arguments[0])) 345 | return MD5encrypt(arguments[0]) 346 | } 347 | } 348 | //SHA1加密 349 | if (Crypto.SHA1 != undefined) { 350 | var SHA1encrypt = Crypto.SHA1 351 | window.CryptoJS.SHA1 = function() { 352 | var Data = arguments[0] 353 | if (Data == "" || window.SHook == false) { 354 | return SHA1encrypt(arguments[0]) 355 | } 356 | console.log('检测到SHA1加密:'); 357 | console.log("EnData:" + Data) 358 | if (IsDebugger == true) { 359 | debugger ; 360 | } 361 | console.log("SHA1加密:" + SHA1encrypt(arguments[0])) 362 | return SHA1encrypt(arguments[0]) 363 | } 364 | } 365 | //SHA3加密 366 | if (Crypto.SHA3 != undefined) { 367 | var SHA3encrypt = Crypto.SHA3 368 | window.CryptoJS.SHA3 = function() { 369 | var Data = arguments[0] 370 | if (Data == "" || window.SHook == false) { 371 | return SHA3encrypt(arguments[0]) 372 | } 373 | console.log('检测到SHA3加密:'); 374 | console.log("EnData:" + Data) 375 | if (IsDebugger == true) { 376 | debugger ; 377 | } 378 | console.log("SHA3加密:" + SHA3encrypt(arguments[0])) 379 | return SHA3encrypt(arguments[0]) 380 | } 381 | } 382 | //SHA224加密 383 | if (Crypto.SHA224 != undefined) { 384 | var SHA224encrypt = Crypto.SHA224 385 | window.CryptoJS.SHA224 = function() { 386 | var Data = arguments[0] 387 | if (Data == "" || window.SHook == false) { 388 | return SHA224encrypt(arguments[0]) 389 | } 390 | console.log('检测到SHA224加密:'); 391 | console.log("EnData:" + Data) 392 | if (IsDebugger == true) { 393 | debugger ; 394 | } 395 | console.log("SHA224加密:" + SHA224encrypt(arguments[0])) 396 | return SHA224encrypt(arguments[0]) 397 | } 398 | } 399 | //SHA256加密 400 | if (Crypto.SHA256 != undefined) { 401 | var SHA256encrypt = Crypto.SHA256 402 | window.CryptoJS.SHA256 = function() { 403 | var Data = arguments[0] 404 | if (Data == "" || window.SHook == false) { 405 | return SHA256encrypt(arguments[0]) 406 | } 407 | console.log('检测到SHA256加密:'); 408 | console.log("EnData:" + Data) 409 | if (IsDebugger == true) { 410 | debugger ; 411 | } 412 | console.log("SHA256加密:" + SHA256encrypt(arguments[0])) 413 | return SHA256encrypt(arguments[0]) 414 | } 415 | } 416 | //SHA384加密 417 | if (Crypto.SHA384 != undefined) { 418 | var SHA384encrypt = Crypto.SHA384 419 | window.CryptoJS.SHA384 = function() { 420 | var Data = arguments[0] 421 | if (Data == "" || window.SHook == false) { 422 | return SHA384encrypt(arguments[0]) 423 | } 424 | console.log('检测到SHA384加密:'); 425 | console.log("EnData:" + Data) 426 | if (IsDebugger == true) { 427 | debugger ; 428 | } 429 | console.log("SHA384加密:" + SHA384encrypt(arguments[0])) 430 | return SHA384encrypt(arguments[0]) 431 | } 432 | } 433 | //SHA512加密 434 | if (Crypto.SHA512 != undefined) { 435 | var SHA512encrypt = Crypto.SHA512 436 | window.CryptoJS.SHA512 = function() { 437 | var Data = arguments[0] 438 | if (Data == "" || window.SHook == false) { 439 | return SHA512encrypt(arguments[0]) 440 | } 441 | console.log('检测到SHA512加密:'); 442 | console.log("EnData:" + Data) 443 | if (IsDebugger == true) { 444 | debugger ; 445 | } 446 | console.log("SHA512加密:" + SHA512encrypt(arguments[0])) 447 | return SHA512encrypt(arguments[0]) 448 | } 449 | } 450 | //RIPEMD160加密 451 | if (Crypto.RIPEMD160encrypt != undefined) { 452 | var RIPEMD160encrypt = Crypto.RIPEMD160 453 | window.CryptoJS.RIPEMD160 = function() { 454 | var Data = arguments[0] 455 | if (Data == "" || window.SHook == false) { 456 | return RIPEMD160encrypt(arguments[0]) 457 | } 458 | console.log('检测到RIPEMD160加密:'); 459 | console.log("EnData:" + Data) 460 | if (IsDebugger == true) { 461 | debugger ; 462 | } 463 | console.log("RIPEMD160加密:" + RIPEMD160encrypt(arguments[0])) 464 | return RIPEMD160encrypt(arguments[0]) 465 | } 466 | } 467 | } 468 | //RSA 加解密 469 | if (window.biToHex != undefined) { 470 | var ToHex = window.biToHex 471 | if (window.encryptedString != undefined) { 472 | var RsaEncrypt = window.encryptedString 473 | window.encryptedString = function() { 474 | var KeyPair = arguments[0]; 475 | var Data = arguments[1] 476 | if (Data == "" || window.SHook == false) { 477 | return RsaEncrypt(KeyPair, Data) 478 | } 479 | console.log('检测到RSA加密:'); 480 | var PublicKey = ToHex(KeyPair.e).substr(2) 481 | //取右边6位就是公钥了 482 | var Modulus = "00" + ToHex(KeyPair.m); 483 | //前面补俩个0 484 | console.log("EnData:" + Data); 485 | console.log("PublicKey:" + PublicKey); 486 | console.log("Modulus:" + Modulus); 487 | if (IsDebugger == true) { 488 | debugger ; 489 | } 490 | console.log("RSA加密:" + RsaEncrypt(KeyPair, Data)) 491 | return RsaEncrypt(KeyPair, Data) 492 | } 493 | } 494 | if (window.decryptedString != undefined) { 495 | var RsaDecrypt = window.decryptedString 496 | window.decryptedString = function() { 497 | var KeyPair = arguments[0]; 498 | var Data = arguments[1] 499 | if (Data == "" || window.SHook == false) { 500 | return RsaEncrypt(KeyPair, Data) 501 | } 502 | console.log('检测到RSA加密:'); 503 | var PublicKey = ToHex(KeyPair.e).substr(2) 504 | //取右边6位就是公钥了 505 | var Modulus = "00" + ToHex(KeyPair.m); 506 | //前面补俩个0 507 | console.log("EnData:" + Data); 508 | console.log("PublicKey:" + PublicKey); 509 | console.log("Modulus:" + Modulus); 510 | if (IsDebugger == true) { 511 | debugger ; 512 | } 513 | console.log("RSA加密:" + RsaDecrypt(KeyPair, Data)) 514 | return RsaDecrypt(KeyPair, Data) 515 | } 516 | } 517 | } 518 | if (window.JSEncrypt != undefined) { 519 | var RSA = window.JSEncrypt.prototype 520 | if (RSA.encrypt != undefined) { 521 | var RSA_encrypt = RSA.encrypt 522 | window.JSEncrypt.prototype.encrypt = function() { 523 | var Data = arguments[0] 524 | if (Data == "" || window.SHook == false) { 525 | return hex2b64(RSA.key.encrypt(Data)) 526 | } 527 | console.log('检测到RSA加密:'); 528 | console.log('EnData:' + Data); 529 | if (IsDebugger == true) { 530 | debugger ; 531 | } 532 | console.log("RSA加密:" + hex2b64(RSA.key.encrypt(Data))) 533 | return hex2b64(RSA.key.encrypt(Data)) 534 | } 535 | } 536 | if (RSA.decrypt != undefined) { 537 | var RSA_decrypt = RSA.decrypt 538 | window.JSEncrypt.prototype.decrypt = function() { 539 | var Data = arguments[0] 540 | if (Data == "" || window.SHook == false) { 541 | return hex2b64(RSA.key.decrypt(Data)) 542 | } 543 | console.log('检测到RSA解密:'); 544 | console.log('DeData:' + Data); 545 | if (IsDebugger == true) { 546 | debugger ; 547 | } 548 | console.log("RSA解密:" + hex2b64(RSA.key.decrypt(Data))) 549 | return hex2b64(RSA.key.decrypt(Data)) 550 | } 551 | } 552 | if (RSA.setPublicKey != undefined) { 553 | var RSA_setPublicKey = RSA.setPublicKey 554 | window.JSEncrypt.prototype.setPublicKey = function() { 555 | var Data = arguments[0] 556 | if (Data == "" || window.SHook == false) { 557 | return RSA.setKey(Data) 558 | return 559 | } 560 | console.log('检测到RSA设置公钥:'); 561 | console.log('PublicKey:' + Data); 562 | if (IsDebugger == true) { 563 | debugger ; 564 | } 565 | return RSA.setKey(Data) 566 | } 567 | } 568 | if (RSA.setPrivateKey != undefined) { 569 | var RSA_setPrivateKey = RSA.setPrivateKey 570 | window.JSEncrypt.prototype.setPrivateKey = function() { 571 | var Data = arguments[0] 572 | if (Data == "" || window.SHook == false) { 573 | return RSA.setKey(Data) 574 | } 575 | console.log('检测到RSA设置私钥:'); 576 | console.log('PrivateKey:' + Data); 577 | if (IsDebugger == true) { 578 | debugger ; 579 | } 580 | return RSA.setKey(Data) 581 | } 582 | } 583 | 584 | } 585 | } 586 | )(); 587 | -------------------------------------------------------------------------------- /multibyte_trans_tool.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | ''' 3 | @author : Captain0X 4 | @time : 2022/11/21 16:54 5 | ''' 6 | from string import punctuation 7 | 8 | def trans_multi_encoding(char_str): 9 | multi_char="" 10 | for char in char_str: 11 | if char in punctuation: 12 | multi_char+=bytes('\\u56' +'%02x' % ord(char),encoding="utf-8").decode('raw_unicode_escape') 13 | else: 14 | multi_char+=char 15 | print('-------------------------------\noutput:\n',multi_char) 16 | banner=""" 17 | input: 18 | <% =7 * 7 %> 19 | 20 | output: 21 | 嘼嘥 嘽7 嘪 7 嘥嘾 22 | you can copy this result to burp ,burp will trans to code auto~ 23 | tools_code_by_Captain0X 24 | 25 | """ 26 | print(banner) 27 | while True: 28 | code=input("please input your code(input 0 exit):") 29 | if code=='0': 30 | exit() 31 | trans_multi_encoding(code) 32 | -------------------------------------------------------------------------------- /social_account_takover.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | ''' 3 | @author : Captain0X 4 | @time : 2023/1/5 12:54 5 | #脚本逻辑参考:https://github.com/utkusen/socialhunter/blob/main/main.go 6 | 谷歌關鍵詞:intext:twitter.com site:hellosign.com 7 | fofa:body="tiktok.com/@" && domain="dropbox.com" 8 | ''' 9 | import re 10 | import threading 11 | import time 12 | from urllib.parse import urlparse 13 | import requests 14 | import warnings 15 | warnings.filterwarnings('ignore') 16 | 17 | 18 | unique_link = [] 19 | 20 | 21 | def output_msg(*args, color="green"): 22 | msg = "".join([f"{_}"for _ in args]) 23 | if color == "red": 24 | template = f'\033[1;31m[{time.strftime("%Y-%m-%d %H:%M:%S")}]{msg}\033[0m' 25 | else: 26 | template = f'\033[1;32m[{time.strftime("%Y-%m-%d %H:%M:%S")}]{msg}\033[0m' 27 | print(template) 28 | 29 | 30 | def get_thd_num(thd_keyword): 31 | '''根据线程名关键词获取线程数''' 32 | thd_pool = [] 33 | for td in threading.enumerate(): 34 | cur_api = td.getName() 35 | if cur_api.startswith(thd_keyword): 36 | thd_pool.append(cur_api) 37 | output_msg( 38 | f"[{time.strftime('%Y-%m-%d %H:%M:%S')}] current thd is {thd_pool} thd_num is {len(thd_pool)}") 39 | return thd_pool 40 | 41 | 42 | def send_req(idx, url, headers=None, use_replit=True): 43 | # File operations (such as logging) can block the 44 | # event loop: run them in a thread pool. 45 | try: 46 | output_msg("正在爬取:", url) 47 | if not headers: 48 | headers = { 49 | 'user-agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0'} 50 | headers = {'sec-ch-ua': '"Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108"', 51 | 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"Windows"', 'sec-fetch-dest': 'document', 52 | 'sec-fetch-mode': 'navigate', 'sec-fetch-site': 'none', 'sec-fetch-user': '?1', 53 | 'upgrade-insecure-requests': '1', 54 | 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36'} 55 | 56 | resp = requests.get(url, headers=headers, timeout=80, verify=False, 57 | # 设置小飞机代理 58 | # proxies={"http": "http:127.0.0.1:10809", 59 | # "https": "https://127.0.0.1:10809"}, 60 | ) 61 | print(resp.content) 62 | output_msg("爬取完成:", url) 63 | return resp 64 | except: 65 | return {} 66 | 67 | 68 | def get_all_links(url, task_que): 69 | # https://x.redditinc.com/ 樣本 70 | # https://kb.acronis.com/ 71 | if url == "finish": 72 | task_que.put(("finish", "finish", url)) 73 | denyList = ["js", "jpg", "jpeg", "png", "gif", "bmp", "svg", "mp4", "webm", "mp3", "csv", "ogg", "wav", "flac", 74 | "aac", "wma", "wmv", "avi", "mpg", "mpeg", "mov", "mkv", "zip", "rar", "7z", "tar", "iso", "doc", 75 | "docx", "xls", "xlsx", "ppt", "pptx", "pdf", "txt", "rtf", "odt", "ods", "odp", "odg", "odf", "odb", 76 | "odc", "odm", "avi", "mpg", "mpeg", "mov", "mkv", "zip", "rar", "7z", "tar", "iso", "doc", "docx", 77 | "xls", "xlsx", "ppt", "pptx", "pdf", "txt", "rtf", "odt", "ods", "odp", "odg", "odf", "odb", "odc", 78 | "odm", "mp4", "webm", "mp3", "ogg", "wav", "flac", "aac", "wma", "wmv", "avi", "mpg", "mpeg", "mov", 79 | "mkv", "zip", "rar", "7z", "tar", "iso", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "pdf", "txt", 80 | "rtf", "odt", "ods", "odp", "odg", "odf", "odb", "odc", "odm", "mp4", "webm", "mp3", "ogg", "wav", 81 | "flac", "aac", "wma", "wmv", "avi", "mpg", "mpeg", "mov", "mkv", "zip", "rar", "7z", "tar", "iso", 82 | "doc", "docx", "xls", "xlsx", "ppt", "pptx", "pdf", "txt", "rtf", "odt"] 83 | if url.split(".")[-1] in denyList: 84 | return 85 | if url in unique_link: 86 | return 87 | # gov白嫖党封杀 88 | if urlparse(url).netloc.endswith(".gov"): 89 | return 90 | unique_link.append(url) 91 | res_body = send_req(url, url) 92 | if not hasattr(res_body, "text"): 93 | return 94 | 95 | html = res_body.text 96 | print(html) 97 | links = re.findall("""["']https?:\/\/.*?['"]""", html) 98 | for link in links: 99 | link = re.sub("""['\"]""", "", link) 100 | # output_msg(link) 101 | link_host = urlparse(link).netloc 102 | if len(link) > 60 or re.findall("intent/tweet", link) or re.findall("twitter.com/share", link) or re.findall( 103 | "twitter.com/privacy", link) or re.findall("facebook.com/home", link) or re.findall( 104 | "instagram.com/p/", link) or re.findall('sharer/sharer.php', link): 105 | continue 106 | if link in unique_link: 107 | continue 108 | unique_link.append(link) 109 | task_que.put((link, link_host, url)) 110 | # check_account_takover(link, link_host, url) 111 | 112 | # output_msg(html) 113 | 114 | 115 | def check_twitter_user(username): 116 | '''推特用户需要从浏览器中复制推特的cookie''' 117 | api = f"https://api.twitter.com/graphql/hVhfo_TquFTmgL7gYwf91Q/UserByScreenName?variables=%7B%22screen_name%22%3A%22{username}%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D" 118 | headers = {'accept': '*/*', 'accept-encoding': 'gzip, deflate, br', 119 | 'accept-language': 'en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7', 120 | 'authorization': 'Bearer AAAAAAAAAAAI8xjhLTvJu4FA33AGWWjCpTnA', 121 | 'cache-control': 'no-cache', 'content-type': 'application/json', 122 | 'cookie': '_ga=GA1.2.2022108602.1578133858; remember_checked_on=1; guest_id_marketing=v1%3A160989111254248434; guest_id_ads=v1%3A160989111254248434; lang=zh-cn; _gid=GA1.2.299034402.1674529197; dnt=1; personalization_id="v1_5zROruDVi6R+V+sIn7hqYg=="; guest_id=v1%3A167498337570740111; _twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCL7TyvyFAToMY3NyZl9p%250AZCIlMGU1NzFjM2FmNzdkOTkzNDQ0OTNmOTcxNGVlZWI5ZGM6B2lkIiViOGIy%250AN2JhNTAzMWI0YjAyNDUzMWY1NjEzNTc0OTJmNg%253D%253D--abab13309670d6d2374a5691ab92ab34a4ea3f80; external_referer=padhuUp37zguL6FRibh2KjyphEsSyaM2|0|8e8t2xd8A2w%3D; gt=1619682955533910017; kdt=aEK47Gn43bCYyD0dzdOXULNncX1w2UFhIzcRxoII; auth_token=3a7b0164522ad967f2f5d5bf091b4039b3cf8831; twid=u%3D4246192519; att=1-QC2B6vF61vpCO6PF8Uxzjt9bdj799hm7NWXtQB6W; ct0=22bcca6d856183cd65916c6f4b77afb5f221a203a30218ffbc86b1d37046707e12c054bada8c8224ffe9c0e949bfeef8e13a429f37e854c927110e65d8dfc66b1b107dd156306bbc94cc6a6ce7441750', 123 | 'origin': 'https://twitter.com', 'pragma': 'no-cache', 'referer': 'https://twitter.com/', 124 | 'sec-ch-ua': '"Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"', 125 | 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"Windows"', 'sec-fetch-dest': 'empty', 126 | 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'same-site', 127 | 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36', 128 | 'x-csrf-token': '22bc03a30218ffbc86b1d37046707e12c054bada8c8224ffe9c0e949bfeef8e13a429f37e854c927110e65d8dfc66b1b107dd156306bbc94cc6a6ce7441750', 129 | 'x-twitter-active-user': 'yes', 'x-twitter-auth-type': 'OAuth2Session', 130 | 'x-twitter-client-language': 'zh-cn'} 131 | resp = send_req("twitter", api, headers, use_replit=False) 132 | if hasattr(resp, "status_code"): 133 | if re.findall(username, str(resp.content), re.IGNORECASE): 134 | return False 135 | else: 136 | return True 137 | return "except" 138 | 139 | 140 | def check_account_takover(task_que, scan_result_path): 141 | while True: 142 | link, link_host, url = task_que.get() 143 | if link == "finish": 144 | break 145 | if re.findall("facebook\.com", link_host): 146 | # facebook存在反爬的情况,建议降低速度 147 | time.sleep(3) 148 | # https://www.facebook.com/reddit 149 | # Facebook 150 | resp = send_req(url, link) 151 | if hasattr(resp, "status_code"): 152 | if re.findall(b'>Facebook', resp.content): 153 | output_msg(link) 154 | with open(scan_result_path, 155 | 'a', encoding="utf-8") as f: 156 | f.write('人工确认 source url->' + url + 157 | '\ntarget:' + str(link) + '\n') 158 | # 由於不確定,和反爬虫,乾脆人工檢查算了 159 | elif re.findall("tiktok\.com", link_host): 160 | # "https://www.tiktok.com/@jack11111111111111111111111111" 161 | # 返回404狀態碼基本就是 162 | if "@" in link: 163 | resp = send_req(url, link) 164 | if hasattr(resp, "status_code"): 165 | if resp.status_code == 404: 166 | output_msg("发现漏洞", link) 167 | with open(scan_result_path, 168 | 'a', encoding="utf-8") as f: 169 | f.write('发现漏洞 source url->' + url + 170 | '\ntarget:' + str(link) + '\n') 171 | # output_msg(link) 172 | elif re.findall("instagram.com", link_host): 173 | # https://www.instagram.com/reddit/ 174 | # output_msg(link) 175 | pass 176 | # with open(scan_result_path, 177 | # 'a', encoding="utf-8") as f: 178 | # f.write('人工确认 source url->' + url + '\ntarget:' + str(link) + '\n') 179 | elif re.findall("twitter\.com", link_host): 180 | # https://twitter.com/dropbox 181 | # output_msg(""link) 182 | time.sleep(3) 183 | try: 184 | username = urlparse(link).path.split('/')[1] 185 | result = check_twitter_user(username) 186 | if isinstance(result, str): 187 | with open(scan_result_path, 188 | 'a', encoding="utf-8") as f: 189 | f.write('人工确认 source url->' + url + 190 | '\ntarget:' + str(link) + '\n') 191 | elif result: 192 | output_msg("发现漏洞", link) 193 | with open(scan_result_path, 194 | 'a', encoding="utf-8") as f: 195 | f.write('发现漏洞 source url->' + url + 196 | '\ntarget:' + str(link) + '\n') 197 | # Something went wrong, but don’t fret 198 | except IndexError: 199 | pass 200 | 201 | elif re.findall("youtube\.com", link_host): 202 | if "user/" in link: 203 | resp = send_req(url, link) 204 | if hasattr(resp, "status_code"): 205 | if resp.status_code == 404: 206 | output_msg("发现漏洞:", link) 207 | with open(scan_result_path, 208 | 'a', encoding="utf-8") as f: 209 | f.write('发现漏洞 source url->' + url + 210 | '\ntarget:' + str(link) + '\n') 211 | # https://www.youtube.com/user/dropbox 212 | elif re.findall("reddit\.com", link_host): 213 | # https://www.reddit.com/r/acronis/ 214 | pass 215 | elif re.findall("linkedin\.com", link_host): 216 | # https://www.linkedin.com/company/acronis 217 | with open(scan_result_path, 218 | 'a', encoding="utf-8") as f: 219 | f.write('人工确认 source url->' + url + 220 | '\ntarget:' + str(link) + '\n') 221 | elif re.findall("community\.spiceworks\.com", link_host): 222 | # https://community.spiceworks.com/pages/acronis 223 | resp = send_req(url, link) 224 | if hasattr(resp, "status_code"): 225 | if resp.status_code == 404: 226 | output_msg("发现漏洞:", link) 227 | with open(scan_result_path, 228 | 'a', encoding="utf-8") as f: 229 | f.write('发现漏洞 source url->' + url + 230 | '\ntarget:' + str(link) + '\n') 231 | elif re.findall("pinterest\.com", link_host): 232 | # https://www.pinterest.com/wholefoods/ 233 | # "httpStatus":404} 234 | resp = send_req(url, link) 235 | if hasattr(resp, "text"): 236 | if re.findall('"httpStatus":404}', resp.text): 237 | output_msg("发现漏洞:", link) 238 | with open(scan_result_path, 239 | 'a', encoding="utf-8") as f: 240 | f.write('发现漏洞 source url->' + url + 241 | '\ntarget:' + str(link) + '\n') 242 | elif re.findall("twitch\.tv", link_host): 243 | # https://www.twitch.tv/aws 244 | with open(scan_result_path, 245 | 'a', encoding="utf-8") as f: 246 | f.write('人工确认 source url->' + url + 247 | '\ntarget:' + str(link) + '\n') 248 | elif re.findall("medium\.com", link_host): 249 | # https://medium.com/bybit 250 | resp = send_req(url, link) 251 | if hasattr(resp, "text"): 252 | if re.findall('"httpStatus":404}', resp.text): 253 | output_msg("发现漏洞:", link) 254 | with open(scan_result_path, 255 | 'a', encoding="utf-8") as f: 256 | f.write('发现漏洞 source url->' + url + 257 | '\ntarget:' + str(link) + '\n') 258 | elif re.findall("patreon\.com", link_host): 259 | # https://www.patreon.com/startentrepreneureonline 260 | resp = send_req(url, link) 261 | if hasattr(resp, "status_code"): 262 | if resp.status_code == 404: 263 | output_msg("发现漏洞", link) 264 | with open(scan_result_path, 265 | 'a', encoding="utf-8") as f: 266 | f.write('发现漏洞 source url->' + url + 267 | '\ntarget:' + str(link) + '\n') 268 | 269 | elif re.findall("vk\.com", link_host): 270 | # https://vk.com/startentrepreneureonline111111111 271 | resp = send_req(url, link) 272 | if hasattr(resp, "status_code"): 273 | if resp.status_code == 404: 274 | output_msg("发现漏洞", link) 275 | with open(scan_result_path, 276 | 'a', encoding="utf-8") as f: 277 | f.write('发现漏洞 source url->' + url + 278 | '\ntarget:' + str(link) + '\n') 279 | 280 | 281 | if __name__ == '__main__': 282 | banner = '''使用方法: 283 | 1.在当前新建target.txt,把url放进去,一行一个url 284 | 2.配置scan_result_path结果保存文件路径 285 | 3.修改默认线程数,一般为5线程 286 | 3.运行完毕后查看结果文件,大多数需要手工去确认是否存在漏洞,工具只是辅助 287 | by Captain0X 288 | ''' 289 | print(banner) 290 | from queue import Queue 291 | task_que = Queue() 292 | # 扫描结果保存文件路径 293 | scan_result_path = "./social_account_takover/h1_hunter_result.txt" 294 | 295 | cd = threading.Thread(target=check_account_takover, 296 | args=(task_que, scan_result_path)) 297 | cd.start() 298 | # 任务文件路径 299 | task_path = "target.txt" 300 | 301 | # 默认线程数 302 | thd_num = 5 303 | with open(task_path, "r", encoding="utf-8")as f: 304 | urls = f.readlines() 305 | for idx, uri in enumerate(urls): 306 | url = uri.strip() 307 | 308 | if not url.startswith("http"): 309 | target = "https://" + url 310 | else: 311 | target = url 312 | parse_url = urlparse(target) 313 | netloc = parse_url.netloc 314 | if netloc: 315 | pid = threading.Thread( 316 | target=get_all_links, args=(target, task_que)) 317 | thd_name = "hunter:" + target 318 | pid.setName(thd_name) 319 | pid.start() 320 | while True: 321 | thd_pool = get_thd_num("hunter") 322 | if len(thd_pool) < thd_num: 323 | break 324 | time.sleep(0.3) 325 | 326 | while True: 327 | thd_pool = get_thd_num("hunter") 328 | if len(thd_pool) < 1: 329 | task_que.put(("finish", "", "")) 330 | break 331 | time.sleep(0.3) 332 | output_msg("扫描完成!") 333 | --------------------------------------------------------------------------------