├── Dockerfile ├── FuYao.py ├── LICENSE ├── README.md ├── config.yaml ├── core ├── Vulnerability.py ├── __pycache__ │ ├── Vulnerability.cpython-39.pyc │ ├── domain.cpython-39.pyc │ └── rprint.cpython-39.pyc ├── domain.py ├── plus │ ├── linux │ │ ├── httpx │ │ ├── ksubdomain │ │ ├── nuclei │ │ └── subfinder │ └── mac │ │ ├── httpx │ │ ├── ksubdomain │ │ ├── nuclei │ │ └── subfinder └── rprint.py ├── domain.txt ├── img ├── WechatIMG408.jpeg └── WechatIMG455.jpeg └── requirements.txt /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.9 2 | 3 | RUN apt-get update -y && apt-get install vim git libpcap-dev libnids-dev libnet1-dev -y && mkdir /usr/lib64 4 | RUN cd /usr/lib64 && ln -s /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 libpcap.so.0.8 5 | RUN git clone https://github.91chi.fun//https://github.com/ExpLangcn/FuYao.git 6 | RUN pip3 install pyyaml rich && pip3 install -r /FuYao/requirements.txt 7 | RUN mkdir /FuYao/logs /FuYao/result && mkdir /FuYao/logs/subfinder /FuYao/logs/ksubdomain /FuYao/logs/httpx 8 | RUN /FuYao/core/plus/linux/subfinder -h 9 | 10 | CMD ["/bin/bash"] -------------------------------------------------------------------------------- /FuYao.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | curPath = os.path.abspath(os.path.dirname(__file__)) 4 | rootPath = os.path.split(curPath)[0] 5 | sys.path.append(rootPath) 6 | import datetime as d 7 | import core.domain as domain 8 | import core.Vulnerability as vul 9 | 10 | date = str(d.datetime.now().strftime("%Y-%m-%d-%H-%M-%S")) 11 | 12 | domain.subfinder(date) 13 | domain.ksubdomain(date) 14 | domain.httpx(date) 15 | vul.vulscan(date) -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 myz 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | **停止更新(归档处理),请关注后续项目** 2 | 3 | **[点击关注 Twitter](https://twitter.com/ExpLang_Cn) 以便快速了解我的动态.** 4 | 5 | ---- 6 | 7 | # FuYao - 扶摇直上九万里 - 转Go 不再维护Python项目 8 | 9 | ## **[WanLi](https://github.com/ExpLangcn/WanLi)** |[许可证](许可证)| **[问题解决](https://github.com/ExpLangcn/FuYao/wiki/help)**|**[FuYao - Go](https://github.com/ExpLangcn/FuYao-Go)** 10 | 11 | **自动化进行资产探测及漏洞扫描|适用黑客进行赏金活动、SRC活动、大规模攻击使用** 12 | 13 | ## 法律免责声明 14 | 本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。 在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。 如果发现上述禁止行为,我们将保留追究您法律责任的权利。 15 | 16 | 如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任. 您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。 17 | 18 | # 更新日志 19 | 20 | * V1.3 21 | - 修复编码问题(应该是修复了...还是报错的话看一下终端编码是不是有问题) 22 | - 修复Ksu不运行问题(原因是会跳过泛解析问题,现在可以在config文件内判断是否跳过) 23 | - 修复httpx结果为空问题 24 | - 优化子域名枚举速度 25 | - 优化漏洞扫描速度 26 | * V1.2 27 | - 新增Docker一键部署 感谢群成员 [@l0ners](https://github.com/l0ners) 支持! 28 | * V1.1 29 | - 修复报错logs问题 30 | * V1.0 31 | - 脚本发布 32 | 33 | # docker使用教程 34 | 35 | `domain.txt` 存放目标一级域名(主域名) 36 | 37 | ``` 38 | docker pull explang/fuyaov:v1.3 39 | docker run -d -it --name fuyao explang/fuyao:v1.3 40 | docker exec -it -w /FuYao fuyao bash 41 | ``` 42 | 43 | 在domain.txt文件中添加主域名后执行下方命令即可开始自动化扫描(主域名 = xxx.com 这种的!www.xxx.com 属于二级域名!) 44 | 45 | ``` 46 | vim domain.txt 47 | python3 FuYao.py 48 | ``` 49 | 50 | # 源代码使用教程 51 | 52 | `domain.txt` 存放目标一级域名(主域名) 53 | 54 | `config.yaml` 配置扫描器 55 | 56 | ``` 57 | git clone https://github.com/ExpLangcn/FuYao.git 58 | cd FuYao & pip3 install -r requirements.txt & mkdir logs result logs/subfinder logs/ksubdomain logs/httpx 59 | vim config.yaml 60 | ``` 61 | 62 | 在domain.txt文件中添加主域名后执行下方命令即可开始自动化扫描(主域名 = xxx.com 这种的!www.xxx.com 属于二级域名!) 63 | 64 | ``` 65 | vim domain.txt 66 | python3 FuYao.py 67 | ``` 68 | 69 | **注:目前工具仅限支持Mac系统及Linux系统,建议使用Linux系统!扫描速度与网络有关,建议VPS最少5MB宽带。** 70 | 71 | #### 😄 I’m ExpLang [**Twitter**](https://twitter.com/ExpLang_Cn) 欢迎关注fo~ 72 | 73 | 74 | # Info 75 | 76 | * **[ksubdomain](https://github.com/knownsec/ksubdomain)** 77 | * **[subfinder](https://github.com/projectdiscovery/subfinder)** 78 | * **[httpx](https://github.com/projectdiscovery/httpx)** 79 | * **[nuclei](https://github.com/projectdiscovery/nuclei)** 80 | -------------------------------------------------------------------------------- /config.yaml: -------------------------------------------------------------------------------- 1 | system : 2 # 1 = mac, 2 = linux 根据自己的系统选择对应的编号 2 | level : 2 # 域名等级,level > 2 的话 ksubdomain 会很慢,建议不要更改 3 | wild : True # True 跳过泛解析域名 False 不跳过 注意 不跳过会产生脏域名! 4 | pocupdate : True # True 自动更新漏洞库 False 手动判断 -------------------------------------------------------------------------------- /core/Vulnerability.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import time 4 | import yaml 5 | from rich.console import Console 6 | curPath = os.path.abspath(os.path.dirname(__file__)) 7 | rootPath = os.path.split(curPath)[0] 8 | sys.path.append(rootPath) 9 | import core.rprint as rprint 10 | 11 | console = Console() 12 | 13 | with open('./config.yaml','r', encoding='utf-8') as f: 14 | config = yaml.load(f, Loader=yaml.CLoader) 15 | 16 | def vulscan(date): 17 | rprint.info(date, '正在调用Nuclei进行资产漏洞探测任务!') 18 | time.sleep(1) 19 | target = 'result/domain.txt' 20 | if config['system'] == 1: 21 | if config['pocupdate'] == True: 22 | update = 'y' 23 | elif config['pocupdate'] == False: 24 | update = console.input("[[bold green]" + date + "[/bold green]] [bold red]FuYao[/bold red] [[bold red]error[/bold red]] [bold yellow]是否进行漏洞库更新?Y or N:[/bold yellow]") 25 | 26 | if update == 'Y' or update =='y': 27 | rprint.info(date, '正在更新Nuclei漏洞库!') 28 | os.system("./core/plus/mac/nuclei -silent -ut -ud 'core/pocdata'") 29 | rprint.info(date, '正在使用Nuclei漏扫节点进行漏洞扫描!') 30 | os.system("./core/plus/mac/nuclei -l %s -t ./core/pocdata/ -s low,medium,high,critical -rate-limit 500 -bulk-size 250 -concurrency 250 -silent -stats -si 10 -retries 2 -me result/%s/"%(target, date + "_pocscan")) 31 | elif update == 'N' or update =='n': 32 | rprint.info(date, '正在使用Nuclei漏扫节点进行漏洞扫描!') 33 | os.system("./core/plus/mac/nuclei -l %s -t ./core/pocdata/ -s low,medium,high,critical -rate-limit 500 -bulk-size 250 -concurrency 250 -silent -stats -si 10 -retries 2 -me result/%s/"%(target, date + "_pocscan")) 34 | if config['system'] == 2: 35 | if config['pocupdate'] == True: 36 | update = 'y' 37 | elif config['pocupdate'] == False: 38 | update = console.input("[[bold green]" + date + "[/bold green]] [bold red]FuYao[/bold red] [[bold red]error[/bold red]] [bold yellow]是否进行漏洞库更新?Y or N:[/bold yellow]") 39 | 40 | if update == 'Y' or update =='y': 41 | rprint.info(date, '正在更新Nuclei漏洞库!') 42 | os.system("./core/plus/linux/nuclei -silent -ut -ud 'core/pocdata'") 43 | rprint.info(date, '正在使用Nuclei漏扫节点进行漏洞扫描!') 44 | os.system("./core/plus/linux/nuclei -l %s -t ./core/pocdata/ -s low,medium,high,critical -rate-limit 500 -bulk-size 250 -concurrency 250 -silent -stats -si 10 -retries 2 -me result/%s/"%(target, date + "_pocscan")) 45 | elif update == 'N' or update =='n': 46 | rprint.info(date, '正在使用Nuclei漏扫节点进行漏洞扫描!') 47 | os.system("./core/plus/linux/nuclei -l %s -t ./core/pocdata/ -s low,medium,high,critical -rate-limit 500 -bulk-size 250 -concurrency 250 -silent -stats -si 10 -retries 2 -me result/%s/"%(target, date + "_pocscan")) -------------------------------------------------------------------------------- /core/__pycache__/Vulnerability.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/__pycache__/Vulnerability.cpython-39.pyc -------------------------------------------------------------------------------- /core/__pycache__/domain.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/__pycache__/domain.cpython-39.pyc -------------------------------------------------------------------------------- /core/__pycache__/rprint.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/__pycache__/rprint.cpython-39.pyc -------------------------------------------------------------------------------- /core/domain.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import csv 4 | import yaml 5 | import time 6 | from rich.console import Console 7 | from rich.table import Column, Table 8 | curPath = os.path.abspath(os.path.dirname(__file__)) 9 | rootPath = os.path.split(curPath)[0] 10 | sys.path.append(rootPath) 11 | import core.rprint as rprint 12 | 13 | lst = [] 14 | result = [] 15 | domain = open('logs/domain.txt', 'w') 16 | 17 | console = Console() 18 | 19 | with open('./config.yaml','r', encoding='utf-8') as f: 20 | config = yaml.load(f, Loader=yaml.CLoader) 21 | 22 | def subfinder(date): 23 | rprint.info(date, '正在调用subfinder进行子域名探测任务!') 24 | time.sleep(1) 25 | if config['system'] == 1: 26 | os.system('./core/plus/mac/subfinder -list domain.txt -t 100 -all -o ./logs/subfinder/%s -silent'%(date + '_subfinder.txt')) 27 | rprint.success(date, '已完成subfinder子域名探测任务!') 28 | time.sleep(1) 29 | if config['system'] == 2: 30 | os.system('./core/plus/linux/subfinder -list domain.txt -t 100 -all -o ./logs/subfinder/%s -silent'%(date + '_subfinder.txt')) 31 | rprint.success(date, '已完成subfinder子域名探测任务!') 32 | time.sleep(1) 33 | 34 | def ksubdomain(date): 35 | rprint.info(date, '正在调用ksubdomain进行子域名探测任务!') 36 | time.sleep(1) 37 | if config['wild'] == True: 38 | if config['system'] == 1: 39 | a = os.system('./core/plus/mac/ksubdomain enum --band 1G -dl domain.txt --skip-wild --silent --only-domain --level %s --retry 1 --output logs/ksubdomain/%s'%(config['level'], date + '_ksubdomain.txt')) 40 | rprint.success(date, '已完成ksubdomain子域名探测任务!') 41 | time.sleep(1) 42 | if config['system'] == 2: 43 | os.system('./core/plus/linux/ksubdomain enum --band 1G -dl domain.txt --skip-wild --silent --only-domain --level %s --retry 1 --output logs/ksubdomain/%s'%(config['level'], date + '_ksubdomain.txt')) 44 | rprint.success(date, '已完成ksubdomain子域名探测任务!') 45 | time.sleep(1) 46 | elif config['wild'] == False: 47 | if config['system'] == 1: 48 | a = os.system('./core/plus/mac/ksubdomain enum --band 1G -dl domain.txt --silent --only-domain --level %s --retry 1 --output logs/ksubdomain/%s'%(config['level'], date + '_ksubdomain.txt')) 49 | rprint.success(date, '已完成ksubdomain子域名探测任务!') 50 | time.sleep(1) 51 | if config['system'] == 2: 52 | os.system('./core/plus/linux/ksubdomain enum --band 1G -dl domain.txt --silent --only-domain --level %s --retry 1 --output logs/ksubdomain/%s'%(config['level'], date + '_ksubdomain.txt')) 53 | rprint.success(date, '已完成ksubdomain子域名探测任务!') 54 | time.sleep(1) 55 | def merge(date): 56 | rprint.info(date, '正在进行域名合并任务!') 57 | time.sleep(1) 58 | exists = os.path.exists('logs/ksubdomain/%s_ksubdomain.txt'%(date)) 59 | if exists == True: 60 | with open('logs/ksubdomain/%s_ksubdomain.txt'%(date), 'r') as f: 61 | for line in f: 62 | lst.append(line.strip('\n')) 63 | f.close() 64 | else: 65 | rprint.error(date, 'ksubdomain结果为空!') 66 | 67 | exists = os.path.exists('logs/subfinder/%s_subfinder.txt'%(date)) 68 | if exists == True: 69 | with open('logs/subfinder/%s_subfinder.txt'%(date), 'r') as f: 70 | for line in f: 71 | lst.append(line.strip('\n')) 72 | f.close() 73 | else: 74 | rprint.error(date, 'subfinder结果为空!') 75 | if len(lst) > 0: 76 | for item in lst: 77 | if not item in result: 78 | result.append(item.strip('\n')) 79 | for line in result: 80 | print(line) 81 | domain.write(line+'\n') 82 | domain.close() 83 | rprint.success (date, '已完成域名合并任务!') 84 | 85 | def httpx(date): 86 | merge(date) 87 | rprint.info(date, '正在调用Httpx进行子域名验证任务!') 88 | if config['system'] == 1: 89 | os.system('./core/plus/mac/httpx -l logs/domain.txt -cdn -ec -content-length -title -tech-detect -status-code -match-code 200,301,302,304,403 -threads 500 -silent -csv -o logs/httpx/%s.csv'%(date + '_domain')) 90 | table = Table(show_header=True) 91 | table.add_column("ID", style="dim") 92 | table.add_column("IP") 93 | table.add_column('CDN') 94 | table.add_column("Url") 95 | table.add_column("Port") 96 | table.add_column("Title") 97 | table.add_column("Code") 98 | table.add_column("Length") 99 | table.add_column("Technologies") 100 | csv_reader = csv.reader(open("logs/httpx/%s_domain.csv".encode('latin-1').decode('utf-8')%(date))) 101 | ii = 0 102 | Output = open('result/domain.txt',mode='w', encoding="utf-8") 103 | for line in csv_reader: 104 | Url = line[10] 105 | if 'http' in Url: 106 | ID = ii 107 | IP = line[19] 108 | Port = line[4] 109 | Url = line[10] 110 | Title = line[13] 111 | Length = line[20] 112 | Code = line[22] 113 | CDN = line[29] 114 | Technologies = line[31] 115 | Output.write('%s\n'%(Url)) 116 | table.add_row( 117 | str(ii), 118 | str(IP), 119 | str(CDN), 120 | str(Url), 121 | str(Port), 122 | str(Title), 123 | str(Code), 124 | str(Length), 125 | str(Technologies.strip('[').strip(']')) 126 | ) 127 | ii += 1 128 | Output.close() 129 | console.print(table) 130 | rprint.success(date, '已完成httpx域名验证任务!') 131 | if config['system'] == 2: 132 | os.system('./core/plus/linux/httpx -l logs/domain.txt -cdn -ec -content-length -title -tech-detect -status-code -match-code 200,301,302,304,403 -threads 500 -silent -csv -o logs/httpx/%s.csv'%(date + '_domain')) 133 | table = Table(show_header=True) 134 | table.add_column("ID", style="dim") 135 | table.add_column("IP") 136 | table.add_column('CDN') 137 | table.add_column("Url") 138 | table.add_column("Port") 139 | table.add_column("Title") 140 | table.add_column("Code") 141 | table.add_column("Length") 142 | table.add_column("Technologies") 143 | csv_reader = csv.reader(open("logs/httpx/%s_domain.csv".encode('latin-1').decode('utf-8')%(date))) 144 | ii = 0 145 | Output = open('result/domain.txt',mode='w', encoding="utf-8") 146 | for line in csv_reader: 147 | Url = line[10] 148 | if 'http' in Url: 149 | ID = ii 150 | IP = line[19] 151 | Port = line[4] 152 | Url = line[10] 153 | Title = line[13] 154 | Length = line[20] 155 | Code = line[22] 156 | CDN = line[29] 157 | Technologies = line[31] 158 | Output.write('%s\n'%(Url)) 159 | table.add_row( 160 | str(ii), 161 | str(IP), 162 | str(CDN), 163 | str(Url), 164 | str(Port), 165 | str(Title), 166 | str(Code), 167 | str(Length), 168 | str(Technologies.strip('[').strip(']')) 169 | ) 170 | ii += 1 171 | else: 172 | continue 173 | Output.close() 174 | console.print(table) 175 | rprint.success(date, '已完成httpx域名验证任务!') -------------------------------------------------------------------------------- /core/plus/linux/httpx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/plus/linux/httpx -------------------------------------------------------------------------------- /core/plus/linux/ksubdomain: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/plus/linux/ksubdomain -------------------------------------------------------------------------------- /core/plus/linux/nuclei: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/plus/linux/nuclei -------------------------------------------------------------------------------- /core/plus/linux/subfinder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/plus/linux/subfinder -------------------------------------------------------------------------------- /core/plus/mac/httpx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/plus/mac/httpx -------------------------------------------------------------------------------- /core/plus/mac/ksubdomain: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/plus/mac/ksubdomain -------------------------------------------------------------------------------- /core/plus/mac/nuclei: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/plus/mac/nuclei -------------------------------------------------------------------------------- /core/plus/mac/subfinder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/core/plus/mac/subfinder -------------------------------------------------------------------------------- /core/rprint.py: -------------------------------------------------------------------------------- 1 | from rich import print as rprint 2 | 3 | def error(date, body): 4 | rprint("[[bold green]" + date + "[/bold green]] [bold red]FuYao[/bold red] [[bold red]error[/bold red]] > [bold yellow]" + body + "[/bold yellow]") 5 | 6 | def success(date, body): 7 | rprint("[[bold green]" + date + "[/bold green]] [bold red]FuYao[/bold red] [[bold green]success[/bold green]] > " + body) 8 | 9 | def info(date, body): 10 | rprint("[[bold green]" + date + "[/bold green]] [bold red]FuYao[/bold red] [[bold blue]info[/bold blue]] > " + body) -------------------------------------------------------------------------------- /domain.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/domain.txt -------------------------------------------------------------------------------- /img/WechatIMG408.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/img/WechatIMG408.jpeg -------------------------------------------------------------------------------- /img/WechatIMG455.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExpLangcn/FuYao/87d71a6d808ca570fb96dd6cf28e3f28ae3d74e7/img/WechatIMG455.jpeg -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | PyYAML==6.0 2 | rich==12.0.0 3 | --------------------------------------------------------------------------------