├── README.md ├── XrayRad-WeChat-Push.py ├── XrayRad-nopush.py ├── XrayRad.py └── xrayRad-Scan.py /README.md: -------------------------------------------------------------------------------- 1 | # All in XrayScan 2 | 3 | ### Version 2.0 4 | 5 | - XrayRad-nopush: 批量通用版,直接生成报告! 6 | ```python 7 | 8 | ____ __________ .___ 9 | \ \/ /___________ ___.__. \______ \_____ __| _/ 10 | \ /\_ __ \__ \< | | | _/\__ \ / __ | 11 | / \ | | \// __ \\___ | | | \ / __ \_/ /_/ | 12 | /___/\ \|__| (____ / ____|____|____|_ /(____ /\____ | 13 | \_/ \/\/ /_____/ \/ \/ \/ 14 | 15 | Author: loecho 16 | Date: 2021/09/24 17 | 18 | -------------------------------------------------------------------------------------- 19 | sqlin SQL注入漏洞探测 20 | cmd 命令执行漏洞探测 21 | xss XSS漏洞探测 22 | xxe XXE漏洞探测 23 | base baseline 24 | path 目录穿越 25 | upload 文件上传 26 | brute 暴力破解 27 | dir 目录扫描 28 | urlred 任意uRL跳转 29 | crlf CRLF 30 | thinkphp THINKPHP系列漏洞探测 31 | shiro SHIRO系列漏洞探测 32 | fastjson FASTJSON系列漏洞探测 33 | struts STRUTS系列漏洞探测 34 | 35 | usage: 36 | 37 | <1> allType-漏洞检测 38 | python3 xrayRad.py url.txt all 39 | 40 | <2> SQL注入漏洞检测 41 | python3 xrayRad.py url.txt sqlin 42 | 43 | ``` 44 | 45 | - 同样支持单一类型和全部类型! 46 | 47 | - 爬虫修改为双爬虫(RAD + CrawleGo),宗旨是宁愿多爬,也不要漏爬! 48 | 49 | - 并发进程修改为进程池,高效并发! 50 | 51 | - 保存CrawleGo的爬取结果以及爬取路径,后续手工测试时,重点关注一下! 52 | 53 | - 临时完成,有Bug请及时反馈! 54 | 55 | 56 | ![](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img20210925035255.png) 57 | 58 | ![](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img20210925035337.png) 59 | 60 | 61 | 62 | 63 | ### Version 1.0: 64 | 65 | 66 | 67 | - XrayRad-Scan: 为高级版用户所用,利用Xray高级版,进行批量爬取及扫描! 68 | 69 | 70 | 71 | ```python2 72 | _ __ ____ __ _____ 73 | | |/ /_________ ___ __/ __ \____ _____/ / / ___/_________ _____ 74 | | // ___/ __ `/ / / / /_/ / __ `/ __ /_____\__ \/ ___/ __ `/ __ \\ 75 | / |/ / / /_/ / /_/ / _, _/ /_/ / /_/ /_____/__/ / /__/ /_/ / / / / 76 | /_/|_/_/ \__,_/\__, /_/ |_|\__,_/\__,_/ /____/\___/\__,_/_/ /_/ 77 | /____/ 78 | 79 | Version: v1.0 80 | Author: loecho 81 | Blog: https://loecho.me 82 | ``` 83 | 84 | ![image-20200915143541407](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200915143542.png) 85 | 86 | 87 | 88 | ### Usage: 89 | 90 | ![image-20200915143635451](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200915143635.png) 91 | 92 | ## 扫描效果: 93 | 94 | #### [1] 全类型漏洞批量扫描: 95 | 96 | ![image-20200915151048462](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200915151058.png) 97 | 98 | 99 | 100 | ![image-20200915145541882](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200915145606.png) 101 | 102 | 103 | 104 | #### [2] 单类型漏洞扫描: 105 | 106 | ![image-20200915150852368](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200915150852.png) 107 | 108 | ![image-20200915150903777](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200915150903.png) 109 | 110 | 111 | 112 | 113 | 114 | ## Version 1.1: 115 | 116 | 117 | 118 | - XrayRad:为社区版用户所用,利用Rad和Xray进行批量爬取 119 | - XrayRad-WechatPush-server: 为配合社区版扫描,实现的微信实时推送服务端 120 | 121 | 122 | 123 | ``` 124 | ____ __________ .___ 125 | \ \/ /___________ ___.__. \______ \_____ __| _/ 126 | \ /\_ __ \__ \< | | | _/\__ \ / __ | 127 | / \ | | \// __ \\___ | | | \ / __ \_/ /_/ | 128 | /___/\ \|__| (____ / ____|____|____|_ /(____ /\____ | 129 | \_/ \/\/ /_____/ \/ \/ \/ 130 | 131 | 132 | Usage: 133 | python3 Xray_rad.py -all 全类型扫描 134 | python3 Xray_rad.py sqlin sql注入扫描 135 | 136 | Author: Chr1sto 137 | 138 | Date: 2020/09/01 139 | 140 | ``` 141 | 142 | ## 扫描效果: 143 | 144 | #### [1] 全类型漏洞扫描 145 | 146 | ![image-20200915170512745](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200915170513.png) 147 | 148 | #### 启动XrayRad-Wechat-Push: 149 | 150 | ![](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200916174320.png) 151 | 152 | ### 推送结果: 153 | 154 | ![image-20200915173141940](https://loecho.oss-cn-beijing.aliyuncs.com/Blog-Img/20200915173141.png) 155 | 156 | 157 | 158 | 159 | 160 | ### 具体配置文件看代码就懂了,爬取结果保存为漏洞出现时间格式! 161 | 162 | ### 没啥技术含量,大佬勿喷! 163 | 164 | 165 | 166 | -------------------------------------------------------------------------------- /XrayRad-WeChat-Push.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, request 2 | import requests 3 | import datetime 4 | import logging 5 | 6 | app = Flask(__name__) 7 | 8 | # Server酱配置: 9 | 10 | key = '' 11 | 12 | def push_ftqq(content): 13 | resp = requests.post("https://sc.ftqq.com/{}.send".format(key), 14 | data={"text": "XrayRad-Push-Vlu:", "desp": content}) 15 | if resp.json()["errno"] != 0: 16 | raise ValueError("push ftqq failed, %s" % resp.text) 17 | 18 | @app.route('/webhook', methods=['POST']) 19 | def xray_webhook(): 20 | vuln = request.json 21 | if "vuln_class" not in vuln: 22 | return "ok" 23 | content = """ 24 | 25 | - url: {url} 26 | 27 | - 插件: {plugin} 28 | 29 | - 漏洞类型: {vuln_class} 30 | 31 | - 发现时间: {create_time} 32 | 33 | #### 请及时查看和处理! 34 | """.format(url=vuln["target"]["url"], plugin=vuln["plugin"], 35 | vuln_class=vuln["vuln_class"] or "Default", 36 | create_time=str(datetime.datetime.fromtimestamp(vuln["create_time"] / 1000))) 37 | try: 38 | push_ftqq(content) 39 | except Exception as e: 40 | logging.exception(e) 41 | return 'ok' 42 | 43 | 44 | if __name__ == '__main__': 45 | app.run(host='0.0.0.0') 46 | -------------------------------------------------------------------------------- /XrayRad-nopush.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import subprocess 3 | from concurrent.futures import ThreadPoolExecutor 4 | from multiprocessing import Process 5 | import simplejson 6 | 7 | 8 | 9 | 10 | ''' 11 | 程序流程: 12 | 13 | 1. URL list --> 1.rad 2.crawlgo --> 3. 爬虫子进程结束xray进程结束 14 | 15 | ''' 16 | 17 | ############################################################################################## 18 | radPath = 'lib/rad_windows_amd64.exe' # 路径自行配置 19 | crawlergoPath = 'lib/crawlergo.exe' # 路径自行配置 20 | xrayPath = 'lib/xray_windows_amd64.exe' # 路径自行配置 21 | chrome_path = 'C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' # chrome路径自行配置 22 | logpath = '' # 路径自行配置 23 | ############################################################################################### 24 | 25 | list_url = [] 26 | 27 | def getScanTarget(filename): 28 | with open(filename,"r") as target: 29 | for line in target.readlines(): 30 | target = line.strip() 31 | if "://" not in target: 32 | target = "http://{}".format(target) 33 | else: 34 | target = target 35 | list_url.append(target) 36 | print("\033[32m[+] ScanTarget Count is: " + str(len(set(list_url))) + "\033[0m") 37 | 38 | def TypeScan(plugin): 39 | xray_cmd = [xrayPath,'webscan','--plugins',plugin,'--listen','127.0.0.1:7777','--html-output','({})-__timestamp__.html'.format(plugin)] 40 | exec_xray = subprocess.Popen(xray_cmd) 41 | output, error = exec_xray.communicate() 42 | 43 | def allTypeScan(): 44 | xray_cmd = [xrayPath, 'webscan', '--listen', '127.0.0.1:7777', '--html-output', '(all)-__timestamp__.html'] 45 | exec_xray = subprocess.Popen(xray_cmd) 46 | output, error = exec_xray.communicate() 47 | 48 | 49 | 50 | 51 | def Rad(target): 52 | print("\033[32m[+] RAD-Target: " + target + "\033[0m") 53 | rad_cmd = [radPath,'-t',target,'--http-proxy','127.0.0.1:7777'] 54 | exec_rad = subprocess.Popen(rad_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 55 | output,error = exec_rad.communicate() 56 | 57 | def crawlerGo(target): 58 | print("\033[32m[+] Crawler-Go-Taeget: " + target) 59 | cmd = [crawlergoPath, "-c", chrome_path,"-t", "10","-f","smart","--fuzz-path","--push-to-proxy", "http://127.0.0.1:7777/", "--push-pool-max", "10","--output-mode", "json", target] 60 | exec_crgo = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 61 | output, error = exec_crgo.communicate() 62 | # save path: 63 | try: 64 | result = simplejson.loads(output.decode().split("--[Mission Complete]--")[1]) 65 | # crawler result: 66 | req_list = result["req_list"] 67 | sub_domain = result["sub_domain_list"] 68 | all_domain_list = result["all_domain_list"] 69 | 70 | # save crawler-result: 71 | for p in req_list: 72 | # print("[+] Find_New_Path: " + p["url"]) 73 | path2File(str(p)) 74 | for sd in sub_domain: 75 | print("[+] Find_New_SubDomain: " + str(sd)) 76 | 77 | # sub_domain Add 78 | list_url.append(sd) 79 | sub2File(str(sd)) 80 | for d in all_domain_list: 81 | print("[+] Find_New_Domain: " + str(d)) 82 | all2File(str(d)) 83 | except Exception as e: 84 | print(e) 85 | 86 | 87 | def plugin_p(type_info): 88 | 89 | alltype = { 90 | 'sqlin': 'sqldet', # 详细类型: 91 | 'cmd': 'cmd_injection', 92 | 'xss': 'xss', 93 | 'xxe': 'xxe', 94 | 'base': 'baseline', 95 | 'path': 'path_traversal', 96 | 'upload': 'upload', 97 | 'brute': 'brute_force', 98 | 'dir': 'direarch', 99 | 'phan': 'phantasm', 100 | 'urlred': 'redirect', 101 | 'crlf': 'crlf', 102 | 'thinkphp': 'thinkphp', 103 | 'shiro': 'shiro', 104 | 'fastjson': 'fastjson', 105 | 'struts': 'struts' 106 | } 107 | 108 | return alltype[type_info] 109 | 110 | def allScanRun(target): 111 | # RAD: 112 | try: 113 | Rad(target) 114 | crawlerGo(target) 115 | except Exception as a: 116 | print("[x] Crawler Error: " + str(a)) 117 | 118 | 119 | 120 | def path2File(paths): 121 | try: 122 | f = open('{}/crawl_path.txt'.format(logpath),'a') 123 | f.write(paths + '\n') 124 | finally: 125 | f.close() 126 | 127 | def sub2File(subdomains): 128 | try: 129 | f = open('{}/sub_domains.txt'.format(logpath),'a') 130 | f.write(subdomains + '\n') 131 | finally: 132 | f.close() 133 | 134 | def all2File(subdomains): 135 | try: 136 | f = open('{}/all_domains.txt'.format(logpath),'a') 137 | f.write(subdomains + '\n') 138 | finally: 139 | f.close() 140 | 141 | 142 | def banner(): 143 | print(''' 144 | ____ __________ .___ 145 | \ \/ /___________ ___.__. \______ \_____ __| _/ 146 | \ /\_ __ \__ \< | | | _/\__ \ / __ | 147 | / \ | | \// __ \\___ | | | \ / __ \_/ /_/ | 148 | /___/\ \|__| (____ / ____|____|____|_ /(____ /\____ | 149 | \_/ \/\/ /_____/ \/ \/ \/ 150 | 151 | Author: loecho 152 | Date: 2021/09/24 153 | 154 | -------------------------------------------------------------------------------------- 155 | sqlin SQL注入漏洞探测 156 | cmd 命令执行漏洞探测 157 | xss XSS漏洞探测 158 | xxe XXE漏洞探测 159 | base baseline 160 | path 目录穿越 161 | upload 文件上传 162 | brute 暴力破解 163 | dir 目录扫描 164 | urlred 任意uRL跳转 165 | crlf CRLF 166 | thinkphp THINKPHP系列漏洞探测 167 | shiro SHIRO系列漏洞探测 168 | fastjson FASTJSON系列漏洞探测 169 | struts STRUTS系列漏洞探测 170 | 171 | usage: 172 | 173 | <1> allType-漏洞检测 174 | python3 xrayRad.py url.txt all 175 | 176 | <2> SQL注入漏洞检测 177 | python3 xrayRad.py url.txt sqlin 178 | 179 | --------------------------------------------------------------------------- 180 | ''') 181 | 182 | 183 | 184 | def main(): 185 | try: 186 | banner() 187 | filename = str(sys.argv[1]) 188 | getScanTarget(filename) 189 | executor = ThreadPoolExecutor(max_workers=8) 190 | if 0 < len(sys.argv) < 4 and sys.argv[2] == 'all': 191 | 192 | # xrayScan-all 193 | x = Process(target=allTypeScan) 194 | x.start() 195 | print("\033[32m[+] All Type XrayVulScan is Runing!\033[32m") 196 | executor.map(allScanRun,list_url) 197 | 198 | 199 | elif 0 < len(sys.argv) < 4: 200 | 201 | # plugins-Scan: 202 | x = Process(target=TypeScan, args=(plugin_p(sys.argv[2]),)) 203 | x.start() 204 | print("\033[32m[+] Single Type XrayVulScan is Runing! The Type is \033[32m {} ".format(plugin_p(sys.argv[2]))) 205 | executor.map(allScanRun, list_url) 206 | 207 | else: 208 | print("[x] Miss arg !") 209 | banner() 210 | sys.exit() 211 | 212 | except Exception as e: 213 | print(e) 214 | 215 | 216 | if __name__ == '__main__': 217 | 218 | main() 219 | 220 | 221 | 222 | 223 | -------------------------------------------------------------------------------- /XrayRad.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import subprocess 3 | import time 4 | from multiprocessing import Process 5 | 6 | # 目标文件写死了,可以自己更改,推送地址自己更改!! 7 | 8 | radPath = './rad_windows_amd64.exe' 9 | xrayPath = './xray_windows_amd64.exe' 10 | 11 | 12 | def Rad(): 13 | with open("url.txt","r") as target: 14 | for line in target.readlines(): 15 | target = line.strip('\n') 16 | if "://" not in target: 17 | target = "http://{}".format(target) 18 | else: 19 | target = target 20 | rad_cmd = [radPath,'-t',target,'--http-proxy','127.0.0.1:7777'] 21 | exec_rad = subprocess.Popen(rad_cmd) 22 | out = exec_rad.communicate() 23 | 24 | 25 | 26 | def SelectTypeScan(type_info): 27 | 28 | ServerIP = 'http://192.168.111.1:5000' 29 | 30 | filename = time.strftime('%Y-%m-%d-%H.%M.%S', time.localtime(time.time())) 31 | xray_cmd = [xrayPath,'webscan','--plugins',type_info,'--listen','127.0.0.1:7777','--webhook-output','{}/webhook'.format(ServerIP),'--html-output','{}.html'.format(ServerIP,filename)] 32 | exec_xray = subprocess.Popen(xray_cmd) 33 | print (exec_xray) 34 | output, error = exec_xray.communicate() 35 | 36 | 37 | 38 | def AllTypeScan(): 39 | 40 | ServerIP = 'http://192.168.111.1:5000' 41 | 42 | filename = time.strftime('%Y-%m-%d-%H.%M.%S', time.localtime(time.time())) 43 | xray_cmd = [xrayPath,'webscan','--listen','127.0.0.1:7777','--webhook-output','{}/webhook'.format(ServerIP),'--html-output','{}.html'.format(filename)] 44 | exec_xray = subprocess.Popen(xray_cmd) 45 | print (exec_xray) 46 | output, error = exec_xray.communicate() 47 | 48 | 49 | 50 | def Type(): 51 | alltype = { 52 | 'sqlin': 'sqldet', # 详细类型: 53 | 'cmd': 'cmd_injection', 54 | 'xss': 'xss', 55 | 'xxe': 'xxe', 56 | 'base': 'baseline', 57 | 'path': 'path_traversal', 58 | 'upload': 'upload', 59 | 'brute': 'brute_force', 60 | 'dir': 'direarch', 61 | 'phan': 'phantasm', 62 | 'urlred': 'redirect', 63 | 'crlf': 'crlf', 64 | 'thinkphp': 'thinkphp', 65 | 'shiro': 'shiro', 66 | 'fastjson': 'fastjson', 67 | 'struts': 'struts' 68 | } 69 | try: 70 | i = sys.argv[1] 71 | type_info=alltype[i] 72 | #print(type_info) 73 | 74 | 75 | except Exception as e: 76 | print("[error]参数输入错误或无参数,请检查输入!") 77 | sys.exit() 78 | return type_info 79 | if __name__ == '__main__': 80 | print (''' 81 | ____ __________ .___ 82 | \ \/ /___________ ___.__. \______ \_____ __| _/ 83 | \ /\_ __ \__ \< | | | _/\__ \ / __ | 84 | / \ | | \// __ \\___ | | | \ / __ \_/ /_/ | 85 | /___/\ \|__| (____ / ____|____|____|_ /(____ /\____ | 86 | \_/ \/\/ /_____/ \/ \/ \/ 87 | 88 | 89 | 90 | Author: Chr1sto 91 | Date: 2020/09/01 92 | 93 | ''') 94 | 95 | if len(sys.argv) > 1: 96 | if sys.argv[1]=="all": 97 | x = Process(target=AllTypeScan) 98 | print('[*]xray already runing') 99 | x.start() 100 | # 启动Rad爬虫 101 | p = Process(target=Rad) 102 | print('[*]rad already runing') 103 | p.start() 104 | 105 | 106 | else: 107 | list1 = [] 108 | list1.append(Type()) 109 | type_info = tuple(list1) 110 | x = Process(target=SelectTypeScan, args=(type_info)) 111 | print('[*]xray already runing') 112 | x.start() 113 | # 启动Rad爬虫 114 | p = Process(target=Rad) 115 | print('[*]rad already runing') 116 | p.start() 117 | 118 | 119 | else: 120 | print(''' 121 | -------------------------------------------------------------------------- 122 | 123 | sqlin SQL注入漏洞探测 124 | cmd 命令执行漏洞探测 125 | xss XSS漏洞探测 126 | xxe XXE漏洞探测 127 | base 基线检查 128 | path 目录穿越 129 | upload 文件上传 130 | brute 暴力破解 131 | dir 目录扫描 132 | urlred 任意uRL跳转 133 | crlf CRLF 134 | thinkphp THINKPHP系列漏洞探测 135 | shiro SHIRO系列漏洞探测 136 | fastjson FASTJSON系列漏洞探测 137 | struts STRUTS系列漏洞探测 138 | 139 | usage: 140 | 141 | <1> allType-漏洞检测 142 | python3 xrayRad.py all 143 | 144 | <2> SQL注入漏洞检测 145 | python3 xrayRad.py sqlin 146 | 147 | 148 | 149 | --------------------------------------------------------------------------- 150 | ''') 151 | sys.exit() 152 | 153 | 154 | -------------------------------------------------------------------------------- /xrayRad-Scan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/ python 2 | # -*- coding:utf-8 -*- 3 | """ 4 | ------------------------------------------------- 5 | Author: loecho 6 | Datetime: 2020/8/31 10:15 7 | ProjectN: xrayRad.py 8 | Blog: https://loecho.me 9 | Email: loecho@foxmail.com 10 | ------------------------------------------------- 11 | """ 12 | import subprocess 13 | import sys 14 | import time 15 | from colorama import Fore, init 16 | 17 | 18 | xrayPath = './xray_windows_amd64.exe' 19 | 20 | def Alltype(url): 21 | ''' 22 | 默认扫描所有类型的漏洞 23 | ''' 24 | 25 | filename = time.strftime('%Y-%m-%d-%H.%M.%S', time.localtime(time.time())) 26 | target = url 27 | print '\033[32m[+] ScanUrl: \033[0m' + target 28 | cmd = [xrayPath, "webscan", "--browser-crawler", target, "--html-output", 29 | "{}.html".format(filename)] 30 | rsp = subprocess.Popen(cmd) 31 | output, error = rsp.communicate() 32 | 33 | 34 | def type(url, type_info): 35 | 36 | target = url 37 | 38 | print '\033[32m[+] ScanUrl: \033[0m' + target 39 | 40 | ''' 41 | 细化攻击类型,提升效率: 42 | 43 | high: sqldet, cmd_injection, thinkphp, fastjson, shiro, xxe, path_traversal, upload, brute_force, ssrf 44 | Low:dirscan, phantasm, baseline, redirect, crlf_injection, xss struts 45 | ''' 46 | 47 | # 基本探测: 48 | # High ='sqldet,cmd_injection,thinkphp,fastjson,shiro,xxe,path_traversal,upload,brute_force,ssrf' 49 | # Low ='dirscan,phantasm,baseline,redirect,crlf_injection,xss,struts' 50 | 51 | # all-探测类型: 52 | alltype = { 53 | 54 | 'sqlin': 'sqldet', # 详细类型: 55 | 'cmd': 'cmd_injection', 56 | 'xss': 'xss', 57 | 'xxe': 'xxe', 58 | 'base': 'baseline', 59 | 'path': 'path_traversal', 60 | 'upload': 'upload', 61 | 'brute': 'brute_force', 62 | 'dir': 'dirsearch', 63 | 'phan': 'phantasm', 64 | 'urlred': 'redirect', 65 | 'crlf': 'crlf', 66 | 'thinkphp': 'thinkphp', 67 | 'shiro': 'shiro', 68 | 'fastjson': 'fastjson', 69 | 'struts': 'struts' 70 | } 71 | 72 | filename = time.strftime('%Y-%m-%d-%H.%M.%S', time.localtime(time.time())) 73 | type = alltype[type_info] 74 | cmd = [xrayPath, "webscan", "--plugins", type, "--browser-crawler", target, "--html-output", 75 | "{}-{}.html".format(type_info, filename)] 76 | rsp = subprocess.Popen(cmd) 77 | output, error = rsp.communicate() 78 | 79 | 80 | # 单类型: 81 | def oneTypemain(filename, type_info): 82 | file = open(filename) 83 | for text in file.readlines(): 84 | url = text.strip('\n') 85 | if "://" not in url: 86 | url = "http://{}".format(url) 87 | type(url, type_info) 88 | else: 89 | url = url 90 | type(url, type_info) 91 | 92 | 93 | # 全类型: 94 | def typemain(filename): 95 | file = open(filename) 96 | for text in file.readlines(): 97 | url = text.strip('\n') 98 | if "://" not in url: 99 | url = "http://{}".format(url) 100 | Alltype(url) 101 | else: 102 | url = url 103 | Alltype(url) 104 | 105 | 106 | if __name__ == '__main__': 107 | 108 | try: 109 | if len(sys.argv) > 2: 110 | oneTypemain(filename=sys.argv[1], type_info=sys.argv[2]) 111 | else: 112 | typemain(filename=sys.argv[1]) 113 | 114 | 115 | except Exception as r: 116 | 117 | print Fore.LIGHTYELLOW_EX + ''' 118 | _ __ ____ __ _____ 119 | | |/ /_________ ___ __/ __ \____ _____/ / / ___/_________ _____ 120 | | // ___/ __ `/ / / / /_/ / __ `/ __ /_____\__ \/ ___/ __ `/ __ \\ 121 | / |/ / / /_/ / /_/ / _, _/ /_/ / /_/ /_____/__/ / /__/ /_/ / / / / 122 | /_/|_/_/ \__,_/\__, /_/ |_|\__,_/\__,_/ /____/\___/\__,_/_/ /_/ 123 | /____/ 124 | 125 | Version: v1.0 126 | Author: loecho 127 | Blog: https://loecho.me 128 | 129 | -------------------------------------------------------------------------- 130 | 131 | sqlin SQL注入漏洞探测 132 | cmd 命令执行漏洞探测 133 | xss XSS漏洞探测 134 | xxe XXE漏洞探测 135 | base 基线检查 136 | path 目录穿越 137 | upload 文件上传 138 | brute 暴力破解 139 | dir 目录扫描 140 | urlred 任意uRL跳转 141 | crlf CRLF 142 | thinkphp THINKPHP系列漏洞探测 143 | shiro SHIRO系列漏洞探测 144 | fastjson FASTJSON系列漏洞探测 145 | struts STRUTS系列漏洞探测 146 | 147 | 148 | usage: 149 | 150 | 151 | <1> allType-漏洞检测 152 | python2 xrayRad-Scan.py url.txt 153 | 154 | 155 | <2> SQL注入漏洞检测 156 | python2 xrayRad-Scan.py url.txt sqlin 157 | 158 | --------------------------------------------------------------------------- 159 | ''' 160 | --------------------------------------------------------------------------------