• 欢迎访问挑战自我博客网站,安全研究,web渗透,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站,欢迎加入挑战自我博客网站 网站主页

基于web的信息探测-Httpscan-1.5

httpscan 挑战自我 936次浏览 已收录 0个评论

代码已上传至github

https://github.com/linxi0428/httpscan

 

Httpscan Version:1.5

更新功能添加web页面测试时常见的漏洞目录等要素;添加端口扫描模块,在测试的时候先进行端口扫描,然后针对指定端口开展web漏洞目录测试;

基于web的信息探测-Httpscan-1.5

 

Httpscan Version:1.4

更新功能:测试的时候发现对https的页面测试效果非常差,修复忽略https请求的证书验证等问题;添加web页面测试时常见的漏洞目录、漏洞端口等要素;

Httpscan Version:1.3

更新功能:增加对多线程处理中的中断响应,(ctrl+c)实现柔和退出

Httpscan Version:1.2

更新功能:增加https页面的访问功能,原来的版本https页面访问从日志信息中发现一直报错

Httpscan Version:1.1

更新功能:增添日志输出功能,输出到程序目录的httpscan_log.txt文件中

Httpscan Version:1.0

申明:代码并非我原创,是网上综合改造的

功能:基于web的信息探测,支持从文件读取目标(IP或域名),支持IP地址探测,IP地址支持CIDR,文件中的目标不加http(s)://,程序会自动添加

演示

python xxx.py -f file.txt -t 20

python xxx.py 1.1.1.0/24 -t 20

To Do

有什么需求可以提交,我会着手改造!

1、https页面的访问问题,目前有些问题,其实就是证书相关的东西;(V-1.2版本已经解决)

2、增添对于访问目标后302跳转页面的输出以及日志记录功能;

3、添加对多线程处理中的中断响应(ctrl+c);(V-1.3版本已经解决)

4、添加域名解析、旁站解析、C段旁站解析;

QA

1、错误’ValueError: IP(‘1.1.1.1/24’) has invalid prefix length (24)’的解决办法

这个是由于IP地址的CIDR格式引起的,根据IPy的库规定,第一位必须是所在IP段的网络号,正确的写法如下:

1.1.1.0/24 : 1.1.1.0~1.1.1.255

1.1.1.128/25 : 1.1.1.128~1.1.1.255

1.1.1.64/26 : 1.1.1.64~1.1.1.127

1.1.1.32/27 : 1.1.1.32~1.1.1.63

1.1.1.16/28 : 1.1.1.16~1.1.1.31

#!/usr/bin/env python
#coding:utf-8
#Author: linxi0428
#Version: 1.5

import re
import os
import sys
import ssl
import time
import logging
import optparse
import requests
import signal
import socket
import nmap
import logging
import threading
import Queue


from IPy import IP
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager


#Config the default encoding
reload(sys)
sys.setdefaultencoding("utf8")

#Set the request in ssl with unverified cert and disable_warnings
ssl._create_default_https_context = ssl._create_unverified_context
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
#import requests.packages.urllib3.util.ssl_ 
#requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'ALL'

#Lock Screen Print
printLock = threading.Semaphore(1)

#Request Timeout
TimeOut = 5

#Log-Config( CRITICAL > ERROR > WARNING > INFO > DEBUG > NOTSET )
logging.basicConfig(
    level=logging.INFO,
    format="[%(asctime)s] %(levelname)s: %(message)s",
    filename = 'httpscan_log.txt',
    filemode = 'w')

#User-Agent
header = {'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 \
          (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36','Connection':'close'}

#Transport adapter" that allows us to use SSLv3
class Ssl3HttpAdapter(HTTPAdapter):
    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = PoolManager(num_pools=connections,
                                       maxsize=maxsize,
                                       block=block,
                                       ssl_version=ssl.PROTOCOL_SSLv3)

class httpscan():
    def __init__(self,cidr,threads_num,file_source,open_ports):
        self.threads_num = threads_num

        #build ip queue
        self.IPs = Queue.Queue()
        self.cidr = IP(cidr)
        self.open_ports = open_ports

        #open the path dictionary
        self.dict_lists = open('dict.txt','r')

        for dict_line in self.dict_lists.readlines():
            dict_line = dict_line.strip('\n').strip('\r')
            if file_source == None:
                for open_port in self.open_ports:
                    self.IPs.put("http://"+str(open_port)+str(dict_line))
                    self.IPs.put("https://"+str(open_port)+str(dict_line))
            else:
                self.file_source = file_source
                with open(self.file_source,"r") as file_ip:
                    for line in file_ip:
                        line = line.strip('\n').strip('\r')
                        for open_port in self.open_ports:
                            self.IPs.put("http://"+str(open_port)+str(dict_line))
                            self.IPs.put("https://"+str(open_port)+str(dict_line))
                    
    def request(self):
        with threading.Lock():
            while self.IPs.qsize() > 0:
                ip = self.IPs.get()
                #print ip
                try:
                    s = requests.Session()
                    s.mount('https:', Ssl3HttpAdapter())#Mount All Https to ssl.PROTOCOL_SSLV3
                    r = s.get(str(ip.strip()).strip('\n').strip('\r'),headers=header,timeout=TimeOut,verify=False)
                    status = r.status_code
                    title = re.search(r'(.*)', r.text) #get the title
                    if title:
                        title = title.group(1).strip().strip("\r").strip("\n")[:30]
                    else:
                        title = "None"
                    banner = ''
                    try:
                        banner += r.headers['Server'][:20] #get the server banner
                        printLock.acquire()
                        if (status != 404):
                            print "|%-33s|%-6s|%-14s|%-20s|" % (ip.strip(),status,banner,title)
                            print "+---------------------------------+------+--------------+--------------------+"
                            logging.info("|%-66s|%-6s|%-14s|%-40s|" % (ip.strip(),status,banner,title))
                            #logging.info("+---------------------------------+------+--------------+--------------------+")
                    except Exception,e:
                        printLock.acquire()
                        #print e
                        if (status != 404):
                            print "|%-33s|%-6s|%-14s|%-20s|" % (ip.strip(),status,banner,title)
                            print "+---------------------------------+------+--------------+--------------------+"
                            logging.info("|%-66s|%-6s|%-14s|%-40s|" % (ip.strip(),status,banner,title))
                            #logging.info("+---------------------------------+------+--------------+--------------------+")
                    finally:
                        printLock.release()
                except Exception,e:
                    #print e
                    pass
                finally:
                    printLock.release()
    
    def run(self):#Multi thread
        signal.signal(signal.SIGINT, quit)
        signal.signal(signal.SIGTERM, quit)
        for i in range(self.threads_num):
            t = threading.Thread(target=self.request)
            t.setDaemon(True)
            t.start()
        while True:
            if not t.isAlive():
                break

class portscan():
    def __init__(self,cidr,threads_num,ports):
        self.threads_num = threads_num
        self.ports = ports
        self.IPs = Queue.Queue()

        #ip-port lists
        self.open_ports = []

        try:
            self.cidr = IP(cidr)
        except Exception,e:
        	print e
        for ip in self.cidr:
            ip = str(ip)
            self.IPs.put(ip)

    def nmapScan(self):
        with threading.Lock():
            while self.IPs.qsize() > 0:
                item = self.IPs.get()
                self.IPs.task_done()
                try:
                    nmScan = nmap.PortScanner()
                    nmScan.scan(item,arguments = self.ports.read())
                    for tgthost in nmScan.all_hosts():
                        for tgtport in nmScan[tgthost]['tcp']:
                            tgthost = tgthost.strip()
                            tgtport = int(tgtport)
                            if nmScan[tgthost]['tcp'][tgtport]['state'] == 'open':
                            	open_list = str(tgthost) + ':' + str(tgtport)
                            	#print open_list
                                self.open_ports.append(open_list)
                except Exception, e:
                    print e

    def run(self):
        threads = [threading.Thread(target=self.nmapScan) for i in range(self.threads_num)]
        for thread in threads:
            thread.setDaemon(True)
            thread.start()
        for thread in threads:
            thread.join()

        while True:
            if not thread.isAlive():
                break
        return self.open_ports

def help():
    print "Example:"
    print "  python "+sys.argv[0]+" -f domain_list.txt  -t 50"
    print "  python "+sys.argv[0]+" -c 1.1.1.0/24 -t 50"

def print_head():
    print "+---------------------------------+------+--------------+--------------------+"
    print "|            IP                   |Status|     Server   |         Title      |"
    print "+---------------------------------+------+--------------+--------------------+"

def quit(signum, frame):#Judge Child Thread's Statue(Exit or Not)!
    print '\nYou choose to stop me!!'
    sys.exit()

if __name__ == "__main__":
    parser = optparse.OptionParser("Usage: %prog [target or file] [options] ")
    parser.add_option("-t", "--thread", dest = "threads_num",\
                      default = 50, help = "number of theads,default=50")
    parser.add_option("-f", "--file", dest = "file_source",\
                      help = "source of file,default=domain_list.txt")
    (options, args) = parser.parse_args()

    if options.file_source == None:
        if len(args) < 1:
            parser.print_help()
            help()
            sys.exit(0)
        else:
            print_head()
            ports = open('port.txt','r')
            scan_port = portscan(cidr=args[0],threads_num=3,ports=ports)
            open_ports = scan_port.run()
            s = httpscan(cidr=args[0],threads_num=options.threads_num,file_source=None,open_ports=open_ports)
            s.run()
    else:
        print_head()
        s = httpscan(cidr=None,threads_num=options.threads_num,file_source=options.file_source)
        s.run()


挑战自我博客, 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权 , 转载请注明基于web的信息探测-Httpscan-1.5
喜欢 (8)
支付宝[]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址