w-digital-scanner / w12scan-client Goto Github PK
View Code? Open in Web Editor NEW网络资产搜索发现引擎,w12scan 扫描端程序
License: MIT License
网络资产搜索发现引擎,w12scan 扫描端程序
License: MIT License
不过没你的复杂,哈哈哈哈哈。你设计的真大
Nmap线程数量可以调吗
masscan在大端口范围,发包速率快的时候,就会导致端口漏掉。
创建线程总调度模块,一个系统中线程数量是有限制的,通过线程总调度模块调用线程,控制总线程数量。
Example
a = threadingScheler(num = 100)
a.add(name='test',func=func,arg=arg)
a = a.join(name='test') # 监听test的执行过程,并返回结果
设想:所有加入的任务自动执行,通过给定接口进行阻塞与取回结果。
Traceback (most recent call last): File "", line 1, in TypeError: 'bytes' object is not callable
改了节点名,并没有自动添加到服务端去。
追踪了node,正常执行命令,但是服务端收不到。
请问如何处理。
我看engine.py里面,把扫备份的注释了,有没有考虑可以用asyncio+aiohttp
修改的engine.py
if IS_START_PLUGINS: WorkList.append(crossdomain.poc) WorkList.append(directory_browse.poc) WorkList.append(gitleak.poc) WorkList.append(iis_parse.poc) WorkList.append(phpinfo.poc) WorkList.append(svnleak.poc) WorkList.append(tomcat_leak.poc) WorkList.append(whatcms.poc) WorkList.append(bakfile.poc) # 去除备份文件扫描模块,原因:太费时 # with ThreadPoolExecutor(max_workers=len(WorkList)) as executor: # for func in WorkList: # executor.submit(func, target) #等待基础插件扫描完成,并完善信息(添加域名详细信息到collector的self.collect_domains = {}中) th = [] for func in WorkList: if func.__module__ == 'plugins.bakfile': thread_loop = asyncio.new_event_loop() i = threading.Thread(target=func, args=(target,thread_loop)) else: i = threading.Thread(target=func, args=(target,)) i.start() th.append(i) for thi in th: thi.join()
修改的bakfile.py(这个脚本时t00ls一个老哥发的)
#!/usr/bin/env python3 # -*- coding: utf-8 -*- # @Time : 2019/1/23 5:40 PM # @Author : w8ay # @File : bakfile.py from urllib.parse import urlparse import requests import asyncio import aiohttp from lib.data import collector def poc(url,loop): #audit(url) url_list = [] url_list.append(url) main(url_list,loop) # 设置扫描参数 features = [b'\x50\x4b\x03\x04', b'\x52\x61\x72\x21', b'\x1f\x8b\x08\x00', b'\x2d\x2d\x20\x4d', b'\x2d\x2d\x20\x70\x68', b'\x2f\x2a\x0a\x20\x4e', b'\x2d\x2d\x20\x41\x64', b'\x2d\x2d\x20\x2d\x2d', b'\x2f\x2a\x0a\x4e\x61',b"_'\xa8\x89", b'PK\x03\x04\n\x00\x00\x00\x00\x00'] suffixes = ['.rar', '.zip', '.sql', '.gz', '.sql.gz', '.tar.gz', '.bak', '.sql.bak','.war','.jar'] warning_list = [] async def request(url): """ 流模式请求函数,只读取http response响应的前10个字节,并且返回Content-length :param url: :return: """ #logger.info(url) async with aiohttp.ClientSession() as session: async with session.get(url) as resp: content = await resp.content.read(10) return content, url, resp.headers.get('Content-Length') async def scan(target_url): """ 根据给定的url,探测远程服务器上是存在该文件 文件头识别 * rar:526172211a0700cf9073 * zip:504b0304140000000800 * gz:1f8b080000000000000b,也包括'.sql.gz',取'1f8b0800' 作为keyword * tar.gz: 1f8b0800 * mysqldump: -- MySQL dump: 2d2d204d7953514c * phpMyAdmin: -- phpMyAdmin SQL Dump: 2d2d207068704d794164 * navicat: /* Navicat : 2f2a0a204e617669636174 * Adminer: -- Adminer x.x.x MySQL dump: 2d2d2041646d696e6572 * Navicat MySQL Data Transfer: /* Navicat: 2f2a0a4e617669636174 * 一种未知导出方式: -- -------: 2d2d202d2d2d2d2d2d2d :param target_url: :return: """ context, url, size = await request(target_url) for feature in features: if feature in context: warning_list.append(url) return url, size else: return False def get_scanlist_from_url(url: str): """ 从url中生成敏感文件待扫描列表 :param url: :return: """ file_dic = ['bak.rar', 'bak.zip', 'backup.rar', 'backup.zip', 'www.zip', 'www.rar', 'web.rar', 'web.zip','wwwroot.rar', 'wwwroot.zip', 'www.tar.gz', 'web.tar.gz','website.tar.gz','test.zip','test.tar.gz','htdocs.rar','test.rar','1.zip', '1.tar.gz','1.rar','1.war'] url = url.replace('http://', '').replace('https://', '') host_items = url.split('.') for suffix in suffixes: file_dic.append("".join(host_items[1:]) + suffix) file_dic.append(host_items[1] + suffix) file_dic.append(host_items[-2] + suffix) file_dic.append("".join(host_items) + suffix) file_dic.append(url + suffix) return list(set(file_dic)) async def start(url, semaphore): async with semaphore: tasks = [] scanlist = get_scanlist_from_url(url) for item in scanlist: target_url = url + "/" + item task = asyncio.Task(scan(target_url)) tasks.append(task) await asyncio.wait(tasks) for task in tasks: if task.result(): return task.result() return False def main(url_list,loop): asyncio.set_event_loop(loop) semaphore = asyncio.Semaphore(5) tasks = [] for url in url_list: task = loop.create_task(start(url, semaphore)) tasks.append(task) loop.run_until_complete(asyncio.wait(tasks)) if warning_list: collector.add_domain_bug(url, {"bakfile": repr(warning_list)})
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.