• 欢迎访问挑战自我博客网站,安全研究,web渗透,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站,欢迎加入挑战自我博客网站 网站主页

基于web的信息探测-Httpscan-1.4

httpscan 挑战自我 1008次浏览 已收录 0个评论

Httpscan Version:1.4

更新功能:测试的时候发现对https的页面测试效果非常差,修复忽略https请求的证书验证等问题;添加web页面测试时常见的漏洞目录、漏洞端口等要素;

Httpscan Version:1.3

更新功能:增加对多线程处理中的中断响应,(ctrl+c)实现柔和退出

Httpscan Version:1.2

更新功能:增加https页面的访问功能,原来的版本https页面访问从日志信息中发现一直报错

Httpscan Version:1.1

更新功能:增添日志输出功能,输出到程序目录的httpscan_log.txt文件中

Httpscan Version:1.0

申明:代码并非我原创,是网上综合改造的

功能:基于web的信息探测,支持从文件读取目标(IP或域名),支持IP地址探测,IP地址支持CIDR,文件中的目标不加http(s)://,程序会自动添加

演示

python xxx.py -f file.txt -t 20

python xxx.py 1.1.1.0/24 -t 20

To Do

有什么需求可以提交,我会着手改造!

1、https页面的访问问题,目前有些问题,其实就是证书相关的东西;(V-1.2版本已经解决)

2、增添对于访问目标后302跳转页面的输出以及日志记录功能;

3、添加对多线程处理中的中断响应(ctrl+c);(V-1.3版本已经解决)

4、添加域名解析、旁站解析、C段旁站解析;

QA

1、错误’ValueError: IP(‘1.1.1.1/24’) has invalid prefix length (24)’的解决办法

这个是由于IP地址的CIDR格式引起的,根据IPy的库规定,第一位必须是所在IP段的网络号,正确的写法如下:

1.1.1.0/24 : 1.1.1.0~1.1.1.255

1.1.1.128/25 : 1.1.1.128~1.1.1.255

1.1.1.64/26 : 1.1.1.64~1.1.1.127

1.1.1.32/27 : 1.1.1.32~1.1.1.63

1.1.1.16/28 : 1.1.1.16~1.1.1.31

#!/usr/bin/env python
#coding:utf-8
#Author: linxi0428
#Version: 1.4

import re
import sys
import ssl
import Queue
import logging
import threading
import optparse
import requests
import signal
from IPy import IP
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager


#Config the default encoding
reload(sys)
sys.setdefaultencoding("utf8")

#Set the request in ssl with unverified cert and disable_warnings
ssl._create_default_https_context = ssl._create_unverified_context
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
#import requests.packages.urllib3.util.ssl_ 
#requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'ALL'

#Lock Screen Print
printLock = threading.Semaphore(1)

#Request Timeout
TimeOut = 5

#Log-Config
logging.basicConfig(
    level=logging.DEBUG,
    format="[%(asctime)s] %(levelname)s: %(message)s",
    filename = 'httpscan_log.txt',
    filemode = 'w')

#User-Agent
header = {'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 \
          (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36','Connection':'close'}

#Transport adapter" that allows us to use SSLv3
class Ssl3HttpAdapter(HTTPAdapter):
    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = PoolManager(num_pools=connections,
                                       maxsize=maxsize,
                                       block=block,
                                       ssl_version=ssl.PROTOCOL_SSLv3)

#Usuale Web Ports
Usuale_Ports = [80,81,82,83,84,85,86,87,88,89,5984,7001,7002,7778,8000,8080,\
                8083,8089,8649,8888,9090,9200,9300,10000,28017,50000,50030,50070]

class scan():
    def __init__(self,cidr,threads_num,file_source):
        self.threads_num = threads_num
        self.IPs = Queue.Queue()#build ip queue
        if file_source == None:
            self.cidr = IP(cidr)
            for ip in self.cidr:
                ip = str(ip)
                for port in Usuale_Ports:
                    self.IPs.put("http://"+ip+':'+str(port))
                    self.IPs.put("https://"+ip+':'+str(port))
        else:
            self.file_source = file_source
            with open(self.file_source,"r") as file_ip:
                for line in file_ip:
                    line = line.strip('\n').strip('\r')
                    for port in Usuale_Ports:
                        self.IPs.put("http://"+line+':'+str(port))
                        self.IPs.put("https://"+line+':'+str(port))
            
    def request(self):
        with threading.Lock():
            while self.IPs.qsize() > 0:
                ip = self.IPs.get()
                #print ip
                try:
                    s = requests.Session()
                    s.mount('https:', Ssl3HttpAdapter())#Mount All Https to ssl.PROTOCOL_SSLV3
                    r = s.get(str(ip.strip()).strip('\n').strip('\r'),headers=header,timeout=TimeOut,verify=False)
                    status = r.status_code
                    title = re.search(r'(.*)', r.text) #get the title
                    if title:
                        title = title.group(1).strip().strip("\r").strip("\n")[:30]
                    else:
                        title = "None"
                    banner = ''
                    try:
                        banner += r.headers['Server'][:20] #get the server banner
                        printLock.acquire()
                        print "|%-33s|%-6s|%-14s|%-20s|" % (ip.strip(),status,banner,title)
                        print "+---------------------------------+------+--------------+--------------------+"
                    except Exception,e:
                        printLock.acquire()
                        #print e
                        print "|%-33s|%-6s|%-14s|%-20s|" % (ip.strip(),status,banner,title)
                        print "+---------------------------------+------+--------------+--------------------+"
                    finally:
                        printLock.release()
                except Exception,e:
                    #print e
                    pass
                finally:
                    printLock.release()
    
    def run(self):#Multi thread
        signal.signal(signal.SIGINT, quit)
        signal.signal(signal.SIGTERM, quit)
        for i in range(self.threads_num):
            t = threading.Thread(target=self.request)
            t.setDaemon(True)
            t.start()
        while True:
            if not t.isAlive():
                break

def help():
    print "Example:"
    print "  python "+sys.argv[0]+" -f domain_list.txt -t 50"
    print "  python "+sys.argv[0]+" 1.1.1.0/24 -t 50"

def print_head():
    print "+---------------------------------+------+--------------+--------------------+"
    print "|            IP                   |Status|     Server   |         Title      |"
    print "+---------------------------------+------+--------------+--------------------+"

def quit(signum, frame):#Judge Child Thread's Statue(Exit or Not)!
    print '\nYou choose to stop me!!'
    sys.exit()

if __name__ == "__main__":
    parser = optparse.OptionParser("Usage: %prog [target or file] [options] ")
    parser.add_option("-t", "--thread", dest = "threads_num",\
                      default = 50, help = "number of theads,default=50")
    parser.add_option("-f", "--file", dest = "file_source",\
                      help = "source of file,default=domain_list.txt")
    (options, args) = parser.parse_args()

    if options.file_source == None:
        if len(args) < 1:
            parser.print_help()
            help()
            sys.exit(0)
        else:
            print_head()
            s = scan(cidr=args[0],threads_num=options.threads_num,file_source=None)
            s.run()
    else:
        print_head()
        s = scan(cidr=None,threads_num=options.threads_num,file_source=options.file_source)
        s.run()

挑战自我博客, 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权 , 转载请注明基于web的信息探测-Httpscan-1.4
喜欢 (8)
支付宝[]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址