Skip to content

Commit

Permalink
PUSH
Browse files Browse the repository at this point in the history
  • Loading branch information
@al0ne
al0ne committed Jun 14, 2019
1 parent 5a40539 commit 9f0bca3
Show file tree
Hide file tree
Showing 19 changed files with 176 additions and 300 deletions.
13 changes: 5 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,21 @@ requests
tqdm
pyfiglet
fake-useragent
beautifulsoup4
pycrypto
paramiko
beautifulsoup4
geoip2
tldextract
pymysql
pymssql
tldextract
python-nmap
geoip2
tldextract
lxml
pymongo
psycopg2
virustotal_python
apt install libpq-dev nmap
wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
解压后将里面的GeoLite2-City.mmdb放到vxscan/db/GeoLite2-City.mmdb
pip3 install -r requirements.txt
wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gz
解压后将里面的GeoLite2-ASN.mmdb放到vxscan/db/GeoLite2-ASN.mmdb
pip3 install -r requirements.txt

Features
--------
Expand Down
33 changes: 17 additions & 16 deletions Vxscan.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
import logging
from urllib import parse
from lib.settings import *
from lib.random_header import HEADERS
from lib.random_header import get_ua
from lib.common import start, bcolors
from lib.save_html import save_html
from lib.active import ActiveCheck
Expand All @@ -50,11 +50,11 @@ def read_file(file, word, ext):
class Cartesian(object):
def __init__(self):
self._data_list = []

# 添加生成笛卡尔积的数据列表
def add_data(self, data=[]):
self._data_list.append(data)

# 计算笛卡尔积
def build(self):
urls = []
Expand All @@ -74,7 +74,7 @@ def __init__(self, word, ext):
self.wordlist = word
self.ext = ext
self.waf = []

def get_urls(self, domain):
if self.ext is None:
self.ext = 'jsp,php,asp,html'
Expand Down Expand Up @@ -171,7 +171,7 @@ def get_urls(self, domain):
path.extend(index.build())
path.extend(wordlist)
return set(path)

def check404(self, url, text):
url = parse.urlparse(url)
result = 0
Expand All @@ -185,7 +185,7 @@ def check404(self, url, text):
host,
timeout=TIMEOUT,
verify=False,
headers=HEADERS,
headers=get_ua(),
allow_redirects=False)
self.notstr = r.text[:10000]
self.notlen = len(r.text)
Expand All @@ -198,7 +198,7 @@ def check404(self, url, text):
result = difflib.SequenceMatcher(None, self.notstr,
text).quick_ratio()
return result

def save(self, out):
outjson = []
with open('report/result.json', 'w') as f:
Expand Down Expand Up @@ -228,7 +228,7 @@ def save(self, out):
outjson.append(i)
json.dump(outjson, f, ensure_ascii=False, indent=4)
save_html(outjson, html_name)

def get_proto(self, ports):
result = []
try:
Expand All @@ -243,10 +243,11 @@ def get_proto(self, ports):
except:
pass
return result

def scan(self, host):
try:
session = requests.Session()
HEADERS = get_ua()
HEADERS.update(COOKIE)
session.headers.update(HEADERS)
r = session.get(
Expand All @@ -262,8 +263,8 @@ def scan(self, host):
# 判断逻辑:1.排除无效状态吗 2.排除无效内容类型 3.判断302跳转
# 4. 判断302跳转不能等于首页 5. 判断内容长度不等于404页面长度
if (r.status_code not in BLOCK_CODE) and (
r.headers['Content-Type'] not in BLOCK_CONTYPE) and (
goto != self.goto) and (parse.urlparse(
r.headers['Content-Type'] not in BLOCK_CONTYPE) and (
goto != self.goto) and (parse.urlparse(
r.url).netloc not in parse.urlparse(goto).netloc) and (self.notlen != len(r.text)):
text = r.text[:10000]
title = re.search('(?<=<title>).*(?=</title>)', text)
Expand Down Expand Up @@ -296,18 +297,18 @@ def scan(self, host):
except Exception as e:
logging.exception(e)
return 'OK'

def run(self, task):
global THREADS
print(bcolors.RED + '\nURLS:' + bcolors.ENDC)
with concurrent.futures.ThreadPoolExecutor(
max_workers=THREADS) as executor:
max_workers=THREADS) as executor:
futures = [executor.submit(self.scan, i) for i in task]
for future in tqdm.tqdm(
concurrent.futures.as_completed(futures),
total=len(futures)):
concurrent.futures.as_completed(futures),
total=len(futures)):
future.result()

# 创建启动任务
def pool(self, hosts):
task = []
Expand Down
Binary file added db/GeoLite2-ASN.mmdb
View file
Binary file not shown.
94 changes: 19 additions & 75 deletions lib/common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,72 +8,22 @@
import geoip2.database
import socket
import traceback
import ipaddress
import json
import tldextract
from virustotal_python import Virustotal
from lib.osdetect import osdetect
from urllib import parse
from lib.wappalyzer import WebPage
from lib.random_header import HEADERS
from lib.random_header import get_ua
from lib.scan_port import ScanPort
from lib.vuln import Vuln
from lib.jsparse import JsParse
from lib.sql_injection import sql_check
from lib.settings import TIMEOUT, virustotal_api
from lib.iscdn import iscdn
from lib.settings import TIMEOUT, virustotal_api, POC

payload = " AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(XSS)</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')"

# 通过VT查询pdns,然后排除国内外常见的cdn段,如果出现极有可能是真实ip
cdns = ['173.245.48.0/20', '103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '141.101.64.0/18',
'108.162.192.0/18',
'190.93.240.0/20', '188.114.96.0/20', '197.234.240.0/22', '198.41.128.0/17', '162.158.0.0/15',
'104.16.0.0/12',
'172.64.0.0/13', '131.0.72.0/22', '13.124.199.0/24', '144.220.0.0/16', '34.226.14.0/24', '52.124.128.0/17',
'54.230.0.0/16', '54.239.128.0/18', '52.82.128.0/19', '99.84.0.0/16', '52.15.127.128/26', '35.158.136.0/24',
'52.57.254.0/24', '18.216.170.128/25', '13.54.63.128/26', '13.59.250.0/26', '13.210.67.128/26',
'35.167.191.128/26', '52.47.139.0/24', '52.199.127.192/26', '52.212.248.0/26', '205.251.192.0/19',
'52.66.194.128/26', '54.239.192.0/19', '70.132.0.0/18', '13.32.0.0/15', '13.224.0.0/14', '13.113.203.0/24',
'34.195.252.0/24', '35.162.63.192/26', '34.223.12.224/27', '13.35.0.0/16', '204.246.172.0/23',
'204.246.164.0/22', '52.56.127.0/25', '204.246.168.0/22', '13.228.69.0/24', '34.216.51.0/25',
'71.152.0.0/17', '216.137.32.0/19', '205.251.249.0/24', '99.86.0.0/16', '52.46.0.0/18', '52.84.0.0/15',
'54.233.255.128/26', '130.176.0.0/16', '64.252.64.0/18', '52.52.191.128/26', '204.246.174.0/23',
'64.252.128.0/18', '205.251.254.0/24', '143.204.0.0/16', '205.251.252.0/23', '52.78.247.128/26',
'204.246.176.0/20', '52.220.191.0/26', '13.249.0.0/16', '54.240.128.0/18', '205.251.250.0/23',
'52.222.128.0/17', '54.182.0.0/16', '54.192.0.0/16', '34.232.163.208/29', '58.250.143.0/24',
'58.251.121.0/24', '59.36.120.0/24', '61.151.163.0/24', '101.227.163.0/24', '111.161.109.0/24',
'116.128.128.0/24', '123.151.76.0/24', '125.39.46.0/24', '140.207.120.0/24', '180.163.22.0/24',
'183.3.254.0/24', '223.166.151.0/24', '113.107.238.0/24', '106.42.25.0/24', '183.222.96.0/24',
'117.21.219.0/24', '116.55.250.0/24', '111.202.98.0/24', '111.13.147.0/24', '122.228.238.0/24',
'58.58.81.0/24', '1.31.128.0/24', '123.155.158.0/24', '106.119.182.0/24', '180.97.158.0/24',
'113.207.76.0/24', '117.23.61.0/24', '118.212.233.0/24', '111.47.226.0/24', '219.153.73.0/24',
'113.200.91.0/24', '1.32.240.0/24', '203.90.247.0/24', '183.110.242.0/24', '202.162.109.0/24',
'182.23.211.0/24', '1.32.242.0/24', '1.32.241.0/24', '202.162.108.0/24', '185.254.242.0/24',
'109.94.168.0/24', '109.94.169.0/24', '1.32.243.0/24', '61.120.154.0/24', '1.255.41.0/24',
'112.90.216.0/24', '61.213.176.0/24', '1.32.238.0/24', '1.32.239.0/24', '1.32.244.0/24', '111.32.135.0/24',
'111.32.136.0/24', '125.39.174.0/24', '125.39.239.0/24', '112.65.73.0/24', '112.65.74.0/24',
'112.65.75.0/24', '119.84.92.0/24', '119.84.93.0/24', '113.207.100.0/24', '113.207.101.0/24',
'113.207.102.0/24', '180.163.188.0/24', '180.163.189.0/24', '163.53.89.0/24', '101.227.206.0/24',
'101.227.207.0/24', '119.188.97.0/24', '119.188.9.0/24', '61.155.149.0/24', '61.156.149.0/24',
'61.155.165.0/24', '61.182.137.0/24', '61.182.136.0/24', '120.52.29.0/24', '120.52.113.0/24',
'222.216.190.0/24', '219.159.84.0/24', '183.60.235.0/24', '116.31.126.0/24', '116.31.127.0/24',
'117.34.13.0/24', '117.34.14.0/24', '42.236.93.0/24', '42.236.94.0/24', '119.167.246.0/24',
'150.138.149.0/24', '150.138.150.0/24', '150.138.151.0/24', '117.27.149.0/24', '59.51.81.0/24',
'220.170.185.0/24', '220.170.186.0/24', '183.61.236.0/24', '14.17.71.0/24', '119.147.134.0/24',
'124.95.168.0/24', '124.95.188.0/24', '61.54.46.0/24', '61.54.47.0/24', '101.71.55.0/24', '101.71.56.0/24',
'183.232.51.0/24', '183.232.53.0/24', '157.255.25.0/24', '157.255.26.0/24', '112.25.90.0/24',
'112.25.91.0/24', '58.211.2.0/24', '58.211.137.0/24', '122.190.2.0/24', '122.190.3.0/24', '183.61.177.0/24',
'183.61.190.0/24', '117.148.160.0/24', '117.148.161.0/24', '115.231.186.0/24', '115.231.187.0/24',
'113.31.27.0/24', '222.186.19.0/24', '122.226.182.0/24', '36.99.18.0/24', '123.133.84.0/24',
'221.204.202.0/24', '42.236.6.0/24', '61.130.28.0/24', '61.174.9.0/24', '223.94.66.0/24', '222.88.94.0/24',
'61.163.30.0/24', '223.94.95.0/24', '223.112.227.0/24', '183.250.179.0/24', '120.241.102.0/24',
'125.39.5.0/24', '124.193.166.0/24', '122.70.134.0/24', '111.6.191.0/24', '122.228.198.0/24',
'121.12.98.0/24', '60.12.166.0/24', '118.180.50.0/24', '183.203.7.0/24', '61.133.127.0/24',
'113.7.183.0/24', '210.22.63.0/24', '60.221.236.0/24', '122.227.237.0/24', '123.6.13.0/24',
'202.102.85.0/24', '61.160.224.0/24', '182.140.227.0/24', '221.204.14.0/24', '222.73.144.0/24',
'61.240.144.0/24', '36.27.212.0/24', '125.88.189.0/24', '120.52.18.0/24', '119.84.15.0/24',
'180.163.224.0/24']


class bcolors:
HEADER = '\033[95m'
Expand Down Expand Up @@ -118,23 +68,12 @@ def geoip(ip):
return 'None'


def iscdn(host):
if not re.search(r'\d+\.\d+\.\d+\.\d+', host):
socket.setdefaulttimeout(1)
host = socket.gethostbyname(host)
result = True
for cdn in cdns:
if (ipaddress.ip_address(host) in ipaddress.ip_network(cdn)):
result = False
return result


def reverse_domain(host):
# 查询旁站
if iscdn(host):
result = []
data = {"remoteAddress": "{0}".format(host), "key": ""}
header = HEADERS
header = get_ua()
header.update({'Referer': 'https://www.yougetsignal.com/tools/web-sites-on-web-server/'})
header.update({'origin': 'https://www.yougetsignal.com'})
try:
Expand All @@ -149,7 +88,7 @@ def reverse_domain(host):
elif re.search(r'\d+\.\d+\.\d+\.\d+', url):
result.append(url)
except (TypeError, json.decoder.JSONDecodeError):
r = requests.get('http://api.hackertarget.com/reverseiplookup/?q={}'.format(host), headers=HEADERS,
r = requests.get('http://api.hackertarget.com/reverseiplookup/?q={}'.format(host), headers=get_ua(),
timeout=5)
if '<html>' not in r.text:
text = r.text
Expand All @@ -168,7 +107,7 @@ def virustotal(host):
return ['None']
resp = vtotal.domain_report(host)
history_ip = []

if resp.get('status_code') != 403:
for i in resp.get('json_resp').get('resolutions'):
address = i.get('ip_address')
Expand Down Expand Up @@ -199,7 +138,7 @@ def start(url):
sys.stdout.write(bcolors.RED + "GeoIP:\n" + bcolors.ENDC)
sys.stdout.write(bcolors.OKGREEN + '[+] Address: {}\n'.format(address) + bcolors.ENDC)
sys.stdout.write(bcolors.OKGREEN + '[+] Ipaddr: {}\n'.format(ipaddr) + bcolors.ENDC)
r = requests.get(url, headers=HEADERS, timeout=TIMEOUT, verify=False)
r = requests.get(url, headers=get_ua(), timeout=TIMEOUT, verify=False)
except Exception as e:
pass
sql = ''
Expand All @@ -209,7 +148,7 @@ def start(url):
result = checkwaf(r.headers, r.text[:10000])
if result == 'NoWAF':
r = requests.get(
url + '/index.php?id=1 ' + payload, headers=HEADERS, timeout=TIMEOUT)
url + '/index.php?id=1 ' + payload, headers=get_ua(), timeout=TIMEOUT)
result = checkwaf(r.headers, r.text[:10000])
except Exception as e:
webinfo = {}
Expand All @@ -234,12 +173,17 @@ def start(url):
else:
webinfo = {}
jsparse = ''
open_port = ScanPort(url).pool()
if open_port:
sys.stdout.write(bcolors.RED + "PortScan:\n" + bcolors.ENDC)
for _ in open_port:
sys.stdout.write(bcolors.OKGREEN + '[+] {}\n'.format(_) + bcolors.ENDC)
vuln = Vuln(url, open_port, webinfo.get('apps')).run()
if iscdn(host):
open_port = ScanPort(url).pool()
else:
open_port = ['CDN:0']
sys.stdout.write(bcolors.RED + "PortScan:\n" + bcolors.ENDC)
for _ in open_port:
sys.stdout.write(bcolors.OKGREEN + '[+] {}\n'.format(_) + bcolors.ENDC)
if POC:
vuln = Vuln(url, open_port, webinfo.get('apps')).run()
else:
vuln = []
if jsparse:
jsparse = list(map(lambda x: 'Leaks: ' + x, jsparse))
vuln.extend(jsparse)
Expand Down
80 changes: 80 additions & 0 deletions lib/iscdn.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
# coding=utf-8
import socket
import ipaddress
import re
import geoip2.database

# 通过VT查询pdns,然后排除国内外常见的cdn段,如果出现极有可能是真实ip
cdns = ['173.245.48.0/20', '103.21.244.0/22', '103.22.200.0/22', '103.31.4.0/22', '141.101.64.0/18',
'108.162.192.0/18',
'190.93.240.0/20', '188.114.96.0/20', '197.234.240.0/22', '198.41.128.0/17', '162.158.0.0/15',
'104.16.0.0/12',
'172.64.0.0/13', '131.0.72.0/22', '13.124.199.0/24', '144.220.0.0/16', '34.226.14.0/24', '52.124.128.0/17',
'54.230.0.0/16', '54.239.128.0/18', '52.82.128.0/19', '99.84.0.0/16', '52.15.127.128/26', '35.158.136.0/24',
'52.57.254.0/24', '18.216.170.128/25', '13.54.63.128/26', '13.59.250.0/26', '13.210.67.128/26',
'35.167.191.128/26', '52.47.139.0/24', '52.199.127.192/26', '52.212.248.0/26', '205.251.192.0/19',
'52.66.194.128/26', '54.239.192.0/19', '70.132.0.0/18', '13.32.0.0/15', '13.224.0.0/14', '13.113.203.0/24',
'34.195.252.0/24', '35.162.63.192/26', '34.223.12.224/27', '13.35.0.0/16', '204.246.172.0/23',
'204.246.164.0/22', '52.56.127.0/25', '204.246.168.0/22', '13.228.69.0/24', '34.216.51.0/25',
'71.152.0.0/17', '216.137.32.0/19', '205.251.249.0/24', '99.86.0.0/16', '52.46.0.0/18', '52.84.0.0/15',
'54.233.255.128/26', '130.176.0.0/16', '64.252.64.0/18', '52.52.191.128/26', '204.246.174.0/23',
'64.252.128.0/18', '205.251.254.0/24', '143.204.0.0/16', '205.251.252.0/23', '52.78.247.128/26',
'204.246.176.0/20', '52.220.191.0/26', '13.249.0.0/16', '54.240.128.0/18', '205.251.250.0/23',
'52.222.128.0/17', '54.182.0.0/16', '54.192.0.0/16', '34.232.163.208/29', '58.250.143.0/24',
'58.251.121.0/24', '59.36.120.0/24', '61.151.163.0/24', '101.227.163.0/24', '111.161.109.0/24',
'116.128.128.0/24', '123.151.76.0/24', '125.39.46.0/24', '140.207.120.0/24', '180.163.22.0/24',
'183.3.254.0/24', '223.166.151.0/24', '113.107.238.0/24', '106.42.25.0/24', '183.222.96.0/24',
'117.21.219.0/24', '116.55.250.0/24', '111.202.98.0/24', '111.13.147.0/24', '122.228.238.0/24',
'58.58.81.0/24', '1.31.128.0/24', '123.155.158.0/24', '106.119.182.0/24', '180.97.158.0/24',
'113.207.76.0/24', '117.23.61.0/24', '118.212.233.0/24', '111.47.226.0/24', '219.153.73.0/24',
'113.200.91.0/24', '1.32.240.0/24', '203.90.247.0/24', '183.110.242.0/24', '202.162.109.0/24',
'182.23.211.0/24', '1.32.242.0/24', '1.32.241.0/24', '202.162.108.0/24', '185.254.242.0/24',
'109.94.168.0/24', '109.94.169.0/24', '1.32.243.0/24', '61.120.154.0/24', '1.255.41.0/24',
'112.90.216.0/24', '61.213.176.0/24', '1.32.238.0/24', '1.32.239.0/24', '1.32.244.0/24', '111.32.135.0/24',
'111.32.136.0/24', '125.39.174.0/24', '125.39.239.0/24', '112.65.73.0/24', '112.65.74.0/24',
'112.65.75.0/24', '119.84.92.0/24', '119.84.93.0/24', '113.207.100.0/24', '113.207.101.0/24',
'113.207.102.0/24', '180.163.188.0/24', '180.163.189.0/24', '163.53.89.0/24', '101.227.206.0/24',
'101.227.207.0/24', '119.188.97.0/24', '119.188.9.0/24', '61.155.149.0/24', '61.156.149.0/24',
'61.155.165.0/24', '61.182.137.0/24', '61.182.136.0/24', '120.52.29.0/24', '120.52.113.0/24',
'222.216.190.0/24', '219.159.84.0/24', '183.60.235.0/24', '116.31.126.0/24', '116.31.127.0/24',
'117.34.13.0/24', '117.34.14.0/24', '42.236.93.0/24', '42.236.94.0/24', '119.167.246.0/24',
'150.138.149.0/24', '150.138.150.0/24', '150.138.151.0/24', '117.27.149.0/24', '59.51.81.0/24',
'220.170.185.0/24', '220.170.186.0/24', '183.61.236.0/24', '14.17.71.0/24', '119.147.134.0/24',
'124.95.168.0/24', '124.95.188.0/24', '61.54.46.0/24', '61.54.47.0/24', '101.71.55.0/24', '101.71.56.0/24',
'183.232.51.0/24', '183.232.53.0/24', '157.255.25.0/24', '157.255.26.0/24', '112.25.90.0/24',
'112.25.91.0/24', '58.211.2.0/24', '58.211.137.0/24', '122.190.2.0/24', '122.190.3.0/24', '183.61.177.0/24',
'183.61.190.0/24', '117.148.160.0/24', '117.148.161.0/24', '115.231.186.0/24', '115.231.187.0/24',
'113.31.27.0/24', '222.186.19.0/24', '122.226.182.0/24', '36.99.18.0/24', '123.133.84.0/24',
'221.204.202.0/24', '42.236.6.0/24', '61.130.28.0/24', '61.174.9.0/24', '223.94.66.0/24', '222.88.94.0/24',
'61.163.30.0/24', '223.94.95.0/24', '223.112.227.0/24', '183.250.179.0/24', '120.241.102.0/24',
'125.39.5.0/24', '124.193.166.0/24', '122.70.134.0/24', '111.6.191.0/24', '122.228.198.0/24',
'121.12.98.0/24', '60.12.166.0/24', '118.180.50.0/24', '183.203.7.0/24', '61.133.127.0/24',
'113.7.183.0/24', '210.22.63.0/24', '60.221.236.0/24', '122.227.237.0/24', '123.6.13.0/24',
'202.102.85.0/24', '61.160.224.0/24', '182.140.227.0/24', '221.204.14.0/24', '222.73.144.0/24',
'61.240.144.0/24', '36.27.212.0/24', '125.88.189.0/24', '120.52.18.0/24', '119.84.15.0/24',
'180.163.224.0/24', '46.51.216.0/21']

ASNS = ['55770', '49846', '49249', '48163', '45700', '43639', '39836', '393560', '393234', '36183', '35994', '35993',
'35204', '34850', '34164', '33905', '32787', '31377', '31110', '31109', '31108', '31107', '30675', '24319',
'23903', '23455', '23454', '22207', '21399', '21357', '21342', '20940', '20189', '18717', '18680', '17334',
'16702', '16625', '12222', '61107', '60922', '60626', '49689', '209101', '201585', '136764', '135429', '135295',
'133496', '395747', '394536', '209242', '203898', '202623', '14789', '133877', '13335', '132892']


def iscdn(host):
if not re.search(r'\d+\.\d+\.\d+\.\d+', host):
socket.setdefaulttimeout(1)
host = socket.gethostbyname(host)
result = True
for cdn in cdns:
if (ipaddress.ip_address(host) in ipaddress.ip_network(cdn)):
result = False
try:
with geoip2.database.Reader('db/GeoLite2-ASN.mmdb') as reader:
response = reader.asn(host)
for i in ASNS:
if response.autonomous_system_number == int(i):
result = False
except:
pass
return result
Loading

0 comments on commit 9f0bca3

Please sign in to comment.