This repository has been archived by the owner on Jun 6, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
whuscan.py
98 lines (80 loc) · 3.41 KB
/
whuscan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/env python
# coding=utf-8
import os
import sys
import time
import check
import func
import spyder
import banner
import argparse
from urlparse import *
url = ''
domin = ''
scheme = ''
def main():
global url
global domin
global scheme
banner.showBanner()
# ----------------------------------------- GET all parameter START !----------------
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", help="Input the URL you want to whuscan here",
action="store", required=True)
parser.add_argument("-a", "--all", help="Exacute all whuscan steps including sql, xss, hash test",
action="store_true", default=False)
parser.add_argument("-s", "--sql", help="Crawl your website and check sql injection vulunbility",
action="store_true", default=False)
parser.add_argument("-hc", "--hashcheck", help="Crawl your website and check if your website hase been tampered",
action="store_true", default=False)
parser.add_argument("-rt", "--roundtime", help="Input the time between 2 rounds of the whuscan. 1 time default",
action="store", type=int, default=0)
args = parser.parse_args()
# ----------------------------------------- GET all parameter END !-------------------
count = 1
# ----------------------------------------- GET URL & domin START !-------------------
scheme = func.urlFilter(args.url)[0]
domin = func.urlFilter(args.url)[1]
url = scheme + '://' + domin
print '[*]Scanning ', url
# ----------------------------------------- GET URL & domin END !-------------------
for i in xrange(1, 9999):
print "\n[~]Writing log..."
print "[*]Starting", str(count), "times checking..."
# Connection test start
log_path = './log/target/' + domin + '/'
if os.path.exists(log_path): # Has connected before
pass
else: # First time to connect
if check.checkConn(url) == 1:
print "\n[Info]Connection Success!"
os.makedirs(log_path)
f = file(log_path + 'webhash.csv', "w")
f.close()
else:
print "\n[Info]Connection Fail."
exit()
# Connection test end
if (args.all or args.hashcheck):
sys.stdout.flush()
print "[*]hashcheck testing! => " + url
spyder.hashspider(url, log_path)
sys.stdout.flush()
if (args.all or args.sql):
print "\n[*]Sqli testing! => " + url
sys.stdout.flush()
time.sleep(5)
print "[*]Congratulations, No SQL vulunbility!"
if (args.roundtime != 0):
count = count + 1
for j in xrange(0, int(args.roundtime)):
print '\r' + str(time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime(time.time()))) + " | Next round will start in " + str(
args.roundtime - j) + " seconds",
sys.stdout.flush()
time.sleep(1)
print "\r \n"
else:
exit()
if __name__ == "__main__":
main()