w-digital-scanner / w12scan-client Goto Github PK

View Code? Open in Web Editor NEW

215.0 215.0 126.0 27.66 MB

网络资产搜索发现引擎，w12scan 扫描端程序

License: MIT License

Python 99.29% Dockerfile 0.71%

w12scan-client's People

Contributors

Stargazers

Watchers

Forkers

huangyuan666 no0d1es sdlearn yqyunjie byr0nchan le31ei victor0013 aliluyala dumpload rudrasingh99 sry309 kenanat chaomass disk-kk h3llozy c0d1007 rockmelodies cann0n mymortal f4org3it m-star-coder xietalent zichen99 10o0 espandy qsdj 65993487 aaq1adqwe ares-x fengzihk fuhao1152416242 bgrstar liuchengyan scievan hysrc lw1988 haoirui hack654a bigbigx 0x3e6 crewcutbro 020monkey raystyle deeby m4yfly ziyuanmohun hackone-hole rui7157 fakegit jarzn jorson-chen 51g53gv helloexp p4sschen chenff toygang net5 test123test111 asdiop kdmin xxtaoyan qq431169079 dp4ng fakezx qq1305091744 zjacai yuexia-martin bigbrobro chennqqi damayu2013 bravery9 10f-0 lxkxc quinn-yan victorsfather foxgeek36 sdgdsffdsfff zzhacked ziqi521 9uest angrydinosaur88 pgy866 shunzi115 kenuoseclab pymmrd qbnetqb wangqdb andrewosx omiter todolin th4ck-team mrwq neichen fangego 5l1v3r1 cr1m3ra warmilk sashka3076 mashaz ctfer-stao

w12scan-client's Issues

老哥我的毕业设计和你差不都，哈哈哈哈哈

不过没你的复杂，哈哈哈哈哈。你设计的真大

Nmap线程数量可以调吗

masscan 在扫描大端口范围（0-65535）保证速度的处理方式

masscan在大端口范围，发包速率快的时候，就会导致端口漏掉。

优化并发框架

创建线程总调度模块，一个系统中线程数量是有限制的，通过线程总调度模块调用线程，控制总线程数量。
Example

a = threadingScheler(num = 100)
a.add(name='test',func=func,arg=arg)
a = a.join(name='test') # 监听test的执行过程，并返回结果

设想：所有加入的任务自动执行，通过给定接口进行阻塞与取回结果。

plugins的whatcms.py问题

https://github.com/boy-hack/w12scan-client/blob/1ed5cc90a61191933e63a779de0298be42e14a39/plugins/whatcms.py#L37
应该去掉这个括号

Traceback (most recent call last):
  File "", line 1, in 
TypeError: 'bytes' object is not callable

服务端删除节点之后，后面就不自动添加了？

改了节点名，并没有自动添加到服务端去。
追踪了node，正常执行命令，但是服务端收不到。
请问如何处理。

关于扫备份，效率慢的问题

我看engine.py里面，把扫备份的注释了，有没有考虑可以用asyncio+aiohttp
修改的engine.py

        if IS_START_PLUGINS:
            WorkList.append(crossdomain.poc)
            WorkList.append(directory_browse.poc)
            WorkList.append(gitleak.poc)
            WorkList.append(iis_parse.poc)
            WorkList.append(phpinfo.poc)
            WorkList.append(svnleak.poc)
            WorkList.append(tomcat_leak.poc)
            WorkList.append(whatcms.poc)
            WorkList.append(bakfile.poc) # 去除备份文件扫描模块，原因：太费时

        # with ThreadPoolExecutor(max_workers=len(WorkList)) as executor:
        #     for func in WorkList:
        #         executor.submit(func, target)

        #等待基础插件扫描完成，并完善信息（添加域名详细信息到collector的self.collect_domains = {}中）
        th = []
        for func in WorkList:
            if func.__module__ == 'plugins.bakfile':
                thread_loop = asyncio.new_event_loop()
                i = threading.Thread(target=func, args=(target,thread_loop))
            else:
                i = threading.Thread(target=func, args=(target,))
            i.start()
            th.append(i)
        for thi in th:
            thi.join()

修改的bakfile.py(这个脚本时t00ls一个老哥发的)

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# @Time    : 2019/1/23 5:40 PM
# @Author  : w8ay
# @File    : bakfile.py
from urllib.parse import urlparse

import requests
import asyncio
import aiohttp

from lib.data import collector


def poc(url,loop):
    #audit(url)
    url_list = []
    url_list.append(url)
    main(url_list,loop)

# 设置扫描参数
features = [b'\x50\x4b\x03\x04', b'\x52\x61\x72\x21', b'\x1f\x8b\x08\x00',
            b'\x2d\x2d\x20\x4d', b'\x2d\x2d\x20\x70\x68', b'\x2f\x2a\x0a\x20\x4e',
            b'\x2d\x2d\x20\x41\x64', b'\x2d\x2d\x20\x2d\x2d', b'\x2f\x2a\x0a\x4e\x61',b"_'\xa8\x89",
            b'PK\x03\x04\n\x00\x00\x00\x00\x00']
suffixes = ['.rar', '.zip', '.sql', '.gz', '.sql.gz', '.tar.gz', '.bak', '.sql.bak','.war','.jar']

warning_list = []

async def request(url):
    """
    流模式请求函数，只读取http response响应的前10个字节，并且返回Content-length
    :param url:
    :return:
    """
    #logger.info(url)
    async with aiohttp.ClientSession() as session:
        async with session.get(url) as resp:
            content = await resp.content.read(10)
            return content, url, resp.headers.get('Content-Length')


async def scan(target_url):
    """
    根据给定的url，探测远程服务器上是存在该文件
    文件头识别
   * rar:526172211a0700cf9073
   * zip:504b0304140000000800
   * gz：1f8b080000000000000b，也包括'.sql.gz'，取'1f8b0800' 作为keyword
   * tar.gz: 1f8b0800
   * mysqldump:                   -- MySQL dump:               2d2d204d7953514c
   * phpMyAdmin:                  -- phpMyAdmin SQL Dump:      2d2d207068704d794164
   * navicat:                     /* Navicat :                 2f2a0a204e617669636174
   * Adminer:                     -- Adminer x.x.x MySQL dump: 2d2d2041646d696e6572
   * Navicat MySQL Data Transfer: /* Navicat:                  2f2a0a4e617669636174
   * 一种未知导出方式:               -- -------:                  2d2d202d2d2d2d2d2d2d
    :param target_url:
    :return:
    """
    context, url, size = await request(target_url)
    for feature in features:
        if feature in context:
            warning_list.append(url)
            return url, size
    else:
        return False


def get_scanlist_from_url(url: str):
    """
    从url中生成敏感文件待扫描列表
    :param url:
    :return:
    """
    file_dic = ['bak.rar', 'bak.zip', 'backup.rar', 'backup.zip', 'www.zip', 'www.rar', 'web.rar', 'web.zip','wwwroot.rar',
                'wwwroot.zip', 'www.tar.gz', 'web.tar.gz','website.tar.gz','test.zip','test.tar.gz','htdocs.rar','test.rar','1.zip',
                '1.tar.gz','1.rar','1.war']
    url = url.replace('http://', '').replace('https://', '')
    host_items = url.split('.')
    for suffix in suffixes:
        file_dic.append("".join(host_items[1:]) + suffix)
        file_dic.append(host_items[1] + suffix)
        file_dic.append(host_items[-2] + suffix)
        file_dic.append("".join(host_items) + suffix)
        file_dic.append(url + suffix)
    return list(set(file_dic))


async def start(url, semaphore):
    async with semaphore:
        tasks = []
        scanlist = get_scanlist_from_url(url)
        for item in scanlist:
            target_url = url + "/" + item
            task = asyncio.Task(scan(target_url))
            tasks.append(task)
        await asyncio.wait(tasks)
        for task in tasks:
            if task.result():
                return task.result()
        return False


def main(url_list,loop):
    asyncio.set_event_loop(loop)
    semaphore = asyncio.Semaphore(5)
    tasks = []
    for url in url_list:
        task = loop.create_task(start(url, semaphore))
        tasks.append(task)
    loop.run_until_complete(asyncio.wait(tasks))
    if warning_list:
        collector.add_domain_bug(url, {"bakfile": repr(warning_list)})

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.