├── README.md
└── Vps_tracker.py


/README.md:
--------------------------------------------------------------------------------
 1 | # Vps__Tracker
 2 | 
 3 | VPS_Tracker工具是一款用Python编写的工具，专为攻防演练而设计。其主要功能是帮助用户在海量攻击IP中快速定位红队VPS。在安全测试和模拟攻击的情境下，VPS_Tracker通过扫描IP端口的方式，有效地定位黑客工具，从而精准匹配到红队的存在。通过分析攻击IP的端口信息，VPS_Tracker不仅能够检测潜在的威胁，还能够追溯攻击源头，为网络安全团队提供及时有效的反制手段。
 4 | 
 5 | #### 0x01 工具参考
 6 | 
 7 | 参考知攻善防实验室项目：https://github.com/ChinaRan0/fastbt
 8 | 
 9 | #### 0x02支持17款黑客工具的检测规则
10 | 
11 | ```
12 | 资产工具：灯塔系统、H资产收集平台、LangSrc、nem
13 | 漏洞扫描工具：AWVS、大宝剑、美杜莎红队武器库平台、Nessus、NextScan
14 | 漏洞利用平台：DNSLog平台、XSS Platform、xray反连平台
15 | C2工具：Manjusaka、Viper、Supershell
16 | 流量代理工具：NPS、Frp web面板
17 | ```
18 | 
19 | #### 0x03 工具使用说明(1.0)
20 | 
21 | 检测单个IP
22 | 
23 | ```
24 | python3 VPS_Tracker.py -t 127.0.0.1 
25 | ```
26 | 
27 | ![图片](https://github.com/GeniusZJL/Vps_tracke/assets/76109016/a44c18ef-5170-4b16-8b97-096beeb71c26)
28 | 
29 | 
30 | 成功匹配到资产信息后生成result.xlsx
31 | 
32 | ![图片](https://github.com/GeniusZJL/Vps_tracke/assets/76109016/15f06de2-2141-49fe-9b59-e3537802f15e)
33 | 
34 | 
35 | 
36 | 
37 | 
38 |  批量多个IP      
39 | 
40 | ```
41 | python3 VPS_Tracker.py -f ip.txt
42 | ```
43 | ![图片](https://github.com/GeniusZJL/Vps_tracke/assets/76109016/7b223925-854b-4af0-8123-ca9b4d028f40)
44 | 
45 | 成功匹配到资产信息后生成result.xlsx
46 | 
47 | ![图片](https://github.com/GeniusZJL/Vps_tracke/assets/76109016/c21ebaca-1ee3-4fa2-bebd-8e7a832f955e)
48 | 
49 | 
50 | 全端口扫描(目前扫描速度慢，后续优化)
51 | 
52 | ```
53 | python3 VPS_Tracker.py -t 127.0.0.1 -all 
54 | python3 VPS_Tracker.py -f url.txt -all
55 | ```
56 | ![图片](https://github.com/GeniusZJL/Vps_tracke/assets/76109016/31e265d2-f5a8-4974-a1ab-0254746367bc)
57 | 
58 | 
59 | #### 0x04 免责声明
60 | 
61 | 该开源工具是由作者按照开源许可证发布的，仅供个人学习和研究使用。作者不对您使用该工具所产生的任何后果负任何法律责任。
62 |    ![图片](https://github.com/GeniusZJL/Vps_tracke/assets/76109016/b773b02a-31b5-4462-8923-8e9c914e6bb9)
63 | 
64 | 


--------------------------------------------------------------------------------
/Vps_tracker.py:
--------------------------------------------------------------------------------
  1 | import argparse
  2 | import requests
  3 | from concurrent.futures import ThreadPoolExecutor, as_completed
  4 | from openpyxl import Workbook
  5 | import urllib3
  6 | from tqdm import tqdm
  7 | import socket
  8 | import ssl
  9 | import binascii
 10 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 11 | 
 12 | 
 13 | def scan_target(ip, port):
 14 |     #1.灯塔系统
 15 |     try:
 16 |         url = f"https://{ip}:{port}"
 17 |         res = requests.get(url, verify=False, timeout=3)
 18 |         res.encoding = "utf-8"
 19 |         if "资产灯塔系统" in res.text:
 20 |             return {"ip": ip, "port": port, "title": "灯塔资产系统"}
 21 |     except:
 22 |         pass
 23 |     #2.Viper
 24 |     try:
 25 |         res = requests.get(f"https://{ip}:{port}/#/user/login", verify=False, timeout=3)
 26 |         res.encoding = "utf-8"
 27 |         if "VIPER" in res.text:
 28 |             return {"ip": ip, "port": port, "title": "Viper"}
 29 |     except:
 30 |         pass
 31 |     #3.AWVS
 32 |     try:
 33 |         res =requests.get(f"https://{ip}:{port}/#/user/login",verify=False,timeout=3)
 34 |         res.encoding="utf-8"
 35 |         if "<title>Acunetix</title>" in res.text:
 36 |             return {"ip": ip, "port": port, "title": "AWVS漏洞扫描器"}
 37 |     except:
 38 |         pass
 39 |     #4.大宝剑
 40 |     try:
 41 |         res =requests.get(f"http://{ip}:{port}/auth/login",verify=False,timeout=3)
 42 |         res.encoding="utf-8"
 43 |         if "大宝剑-实战化攻防对抗系统" in res.text:
 44 |             return {"ip": ip, "port": port, "title": "大宝剑-实战化攻防对抗系统"}
 45 |     except:
 46 |         pass
 47 |     #5.H(资产收集)
 48 |     try:
 49 |         res =requests.get(f"http://{ip}:{port}/login",verify=False,timeout=3)
 50 |         res.encoding="utf-8"
 51 |         if "Flask Datta Able" in res.text:
 52 |             return {"ip": ip, "port": port, "title": "H资产收集平台"}
 53 |     except:
 54 |         pass
 55 |     #6.LangSrc
 56 |     try:
 57 |         url = f"http://{ip}:{port}"
 58 |         res = requests.get(url, verify=False, timeout=3)
 59 |         res.encoding = "utf-8"
 60 |         if "LangSrc" in res.text:
 61 |             return {"ip": ip, "port": port, "title": "LangSrc(资产监控平台)"}
 62 |     except:
 63 |         pass
 64 |     #7.Manjusaka
 65 |     try:
 66 |         url = f"http://{ip}:{port}/manjusaka/static/#/login?redirect=/agents"
 67 |         res = requests.get(url, verify=False, timeout=3)
 68 |         res.encoding = "utf-8"
 69 |         if "Manjusaka" in res.text:
 70 |             return {"ip": ip, "port": port, "title": "Manjusaka(牛屎花C2管理)"}
 71 |     except:
 72 |         pass
 73 |     #8.美杜莎红队武器库平台
 74 |     try:
 75 |         url = f"https://{ip}:{port}/#/user/login"
 76 |         res = requests.get(url, verify=False, timeout=3)
 77 |         res.encoding = "utf-8"
 78 |         if "Medusa doesn't work properly without JavaScript" in res.text:
 79 |             return {"ip": ip, "port": port, "title": "美杜莎红队武器库平台"}
 80 |     except:
 81 |         pass
 82 |     #9.nemo
 83 |     try:
 84 |         url = f"http://{ip}:{port}/"
 85 |         res = requests.get(url, verify=False, timeout=3)
 86 |         res.encoding = "utf-8"
 87 |         if "Nemo" in res.text:
 88 |             return {"ip": ip, "port": port, "title": "nemo(自动化信息收集)"}
 89 |     except:
 90 |         pass
 91 |     #10.Nessus
 92 |     try:
 93 |         url = f"https://{ip}:{port}/#/"
 94 |         res = requests.get(url, verify=False, timeout=3)
 95 |         res.encoding = "utf-8"
 96 |         if "Nessus" in res.text:
 97 |             return {"ip": ip, "port": port, "title": "Nessus(漏洞扫描器)"}
 98 |     except:
 99 |         pass
100 |     #11.NextScan
101 |     try:
102 |         url = f"http://{ip}:{port}/"
103 |         res = requests.get(url, verify=False, timeout=3)
104 |         res.encoding = "utf-8"
105 |         if "NextScan" in res.text:
106 |             return {"ip": ip, "port": port, "title": "NextScan(黑盒扫描)"}
107 |     except:
108 |         pass
109 |     #12.NPS
110 |     try:
111 |         url = f"http://{ip}:{port}/login/index"
112 |         res = requests.get(url, verify=False, timeout=3)
113 |         res.encoding = "utf-8"
114 |         if "nps" in res.text:
115 |             print(f"{url} ---- NPS(穿透工具)")
116 |             return {"ip": ip, "port": port, "title": "NPS(穿透工具)"}
117 |     except:
118 |         pass
119 |     #12.NPS
120 |     try:
121 |         url = f"http://{ip}:{port}/login/index"
122 |         res = requests.get(url, verify=False, timeout=3)
123 |         res.encoding = "utf-8"
124 |         if '<a href="https://ehang.io/nps"' in res.text:
125 |             print(f"{url} ---- NPS(穿透工具)")
126 |             return {"ip": ip, "port": port, "title": "NPS(穿透工具)"}
127 |     except:
128 |         pass
129 |     #13.Frp web
130 |     try:
131 |         url = f"http://{ip}:{port}/"
132 |         res = requests.get(url, verify=False, timeout=3)
133 |         res.encoding = "utf-8"
134 |         if "frp " in res.text:
135 |             return {"ip": ip, "port": port, "title": "Frp面板"}
136 |     except:
137 |         pass
138 | 
139 |     #14.DNSLOG平台
140 |     try:
141 |         url = f"http://{ip}:{port}/"
142 |         res = requests.get(url, verify=False, timeout=3)
143 |         res.encoding = "utf-8"
144 |         if "dnslog" in res.text:
145 |             return {"ip": ip, "port": port, "title": "DNSLOG平台"}
146 |     except:
147 |         pass
148 |     #15.supershell平台
149 |     try:
150 |         url = f"http://{ip}:{port}/supershell/login"
151 |         res = requests.get(url, verify=False, timeout=3)
152 |         res.encoding = "utf-8"
153 |         if "Supershell" in res.text:
154 |             return {"ip": ip, "port": port, "title": "Supershell-c2"}
155 |     except:
156 |         pass
157 |     #15.xray Cland Beta 反连平台
158 |     try:
159 |         url = f"http://{ip}:{port}/cland/"
160 |         res = requests.get(url, verify=False, timeout=3)
161 |         res.encoding = "utf-8"
162 |         if "cland" in res.text:
163 |             return {"ip": ip, "port": port, "title": "xray Cland Beta 反连平台"}
164 |     except:
165 |         pass
166 | def scan_ports(ip, ports):
167 |     results = []
168 |     with ThreadPoolExecutor(max_workers=30) as executor:
169 |         futures = [executor.submit(scan_target, ip, port) for port in ports]
170 |         for future in tqdm(as_completed(futures), total=len(ports), desc=f"疯狂加载中(o|o) ", colour='green', ncols=100):
171 |             result = future.result()
172 |             if result:
173 |                 results.append(result)
174 |     return results
175 | 
176 | 
177 | def scan_all_ports(ip):
178 |     results = []
179 |     with ThreadPoolExecutor(max_workers=2000) as executor:
180 |         futures = [executor.submit(scan_target, ip, port) for port in range(1, 65536)]
181 |         for future in tqdm(as_completed(futures), total=65535, desc="疯狂加载中(o|o) ", colour='green', ncols=100):
182 |             result = future.result()
183 |             if result:
184 |                 results.append(result)
185 |     return results
186 | 
187 | def main():
188 |     banner = """      
189 |      _    ______  _____    ______                __            
190 |     | |  / / __ \/ ___/   /_  __/________ ______/ /_____  _____
191 |     | | / / /_/ /\__ \     / / / ___/ __ `/ ___/ //_/ _ \/ ___/
192 |     | |/ / ____/___/ /    / / / /  / /_/ / /__/ ,< /  __/ /    
193 |     |___/_/    /____/    /_/ /_/   \__,_/\___/_/|_|\___/_/    
194 |                                                         Version:1.0
195 |                                                         Author: GeniusZJL
196 |                                                         公众号：Sec探索者
197 |         python3 VPS_Tracker.py -t 127.0.0.1 #检测单个IP
198 |         python3 VPS_Tracker.py -f url.txt   #批量多个IP        
199 |         python3 VPS_Tracker.py -t 127.0.0.1 -all #单个IP全端口扫描
200 |         python3 VPS_Tracker.py -f url.txt -all #多个IP全端口扫描
201 |             """
202 |     print(banner)
203 |     parser = argparse.ArgumentParser(description="vps_tracker")
204 |     parser.add_argument("-t", "--target", dest="target_ip", help="主机IP")
205 |     parser.add_argument("-f", "--file", dest="file_path", help="IP地址文件")
206 |     parser.add_argument("-all", "--all-ports", action="store_true", help="扫描所有端口")
207 |     args = parser.parse_args()
208 | 
209 |     if not (args.target_ip or args.file_path):
210 |         parser.error("At least one of -t or -f must be provided.")
211 | 
212 |     ports_to_scan = [80, 443, 8080, 22, 3389, 5003, 8888, 3443, 5000, 6000, 7000, 7500, 8081, 5005, 3200, 8001, 8834, 8082, 8083, 8084, 8085, 60000, 50050,8777]
213 | 
214 |     results = []
215 | 
216 |     if args.file_path:
217 |         with open(args.file_path, "r") as file:
218 |             target_ips = [line.strip() for line in file if line.strip()]
219 |     elif args.target_ip:
220 |         target_ips = [args.target_ip]
221 | 
222 |     for target_ip in target_ips:
223 |         print(f"疯狂扫描 {target_ip} ")
224 |         if args.all_ports:
225 |             target_results = scan_all_ports(target_ip)
226 |         else:
227 |             target_results = scan_ports(target_ip, ports_to_scan)
228 |         results.extend(target_results)
229 | 
230 |     if results:
231 |         workbook = Workbook()
232 |         sheet = workbook.active
233 |         sheet.append(["IP", "Port", "Title"])
234 |         for result in results:
235 |             sheet.append([result["ip"], result["port"], result["title"]])
236 |         workbook.save("result.xlsx")
237 |         print("成功逮到黑客(￣3￣)")
238 |     else:
239 |         print("没有逮到黑客(－O－)")
240 | 
241 | if __name__ == "__main__":
242 |     main()
243 | 


--------------------------------------------------------------------------------