Merge pull request #46 from wikiZ/main

Kunyu v1.6.5

CHANGELOG

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+
+## [v1.6.5] - 2021-2-25
+### Added
+- Added The retrieval results were scanned for viability
+- Fixed some module incompatibilities
+
 ## [v1.6.4] - 2021-1-4
 ### Added
 - Added "show rule"/"show config" command

README.md

@@ -91,16 +91,18 @@ Global commands:
         SearchDomain <Domain>                     Domain name associated/subdomain search
         EncodeHash <encryption> <query>           Encryption method interface 
         HostCrash <IP> <Domain>                   Host Header Scan hidden assets
+        show <config>/<rule>                      Show can set options or Kunyu config
         Seebug <query>                            Search Seebug vulnerability information
         set <option>                              Set Global arguments values
-        view/views <ID>                           Look over http/ssl row data information
+        view/views <ID>                           Look over banner row data information
         SearchKeyWord                             Query sensitive information by keyword
         Pocsuite3                                 Invoke the pocsuite component
         ExportPath                                Returns the path of the output file
+        CreateMap                                 Generate an IP distribution heat map
+        AliveScan                                 The viability of the last retrieval
         clear                                     Clear the console screen
-        show                                      Show can set options
         help                                      Print Help info
-        exit                                      Exit KunYu &
+        exit                                      Exit KunYu & 
 ```
 
 **OPTIONS**
@@ -227,6 +229,12 @@ EncodeHash base64 dasdasdsa
 
 ![](./images/encode.png)
 
+**Asset Survival Scan**
+
+After Kunyu V1.6.5, the survivability scan of the last retrieval result is added, and the result is output in real time by polling.
+
+![](./images/alivescan.png)
+
 **Seebug vulnerability query**
 
 You can query historical related vulnerabilities by entering information about the framework and equipment you want to find, but you need to note that only English is supported, and improvements and upgrades will be made later.

doc/README_CN.md

@@ -228,6 +228,10 @@ EncodeHash base64 dasdasdsa
 
 ![](../images/encode.png)
 
+**资产存活性扫描**
+
+Kunyu V1.6.5版本后，增加了对最后一次检索结果进行存活性扫描，结果通过轮询的方式实时输出。
+
 **Seebug漏洞查询**
 
 通过输入想要查找的框架、设备等信息，查询历史相关漏洞，但是需要注意仅支持英文，这里后期会进行改进，升级。

kunyu/config/__version__.py

@@ -15,7 +15,7 @@
 __python_version__ = sys.version.split()[0]
 __platform__ = platform.platform()
 __url__ = "https://github.com/knownsec/Kunyu"
-__version__ = '1.6.4'
+__version__ = '1.6.5'
 __author__ = '风起'
 __Team__ = 'KnownSec 404 Team'
 __author_email__ = 'onlyzaliks@gmail.com'

kunyu/config/setting.py

@@ -28,6 +28,7 @@
 COMMAND_INFO = ["Options", "Value", "Info"]
 SEMSITIVE_INFO = ["ID", "SEMSITIVE"]
 HOST_SCAN_INFO = ["IP", "Domain", "Title"]
+ALIVE_SCAN_INFO = ["ID", "IP", "Port", "Status"]
 RULE_INFO = ["KXID", "Author", "KX_Name", "Description", "KX_Finger", "CreateDate", "Source"]
 RULE_PARMAS = None
 

kunyu/core/console.py

@@ -237,7 +237,7 @@ def start(self):
                 sys.exit(0)
 
             except Exception as err:
-                console.print(err)
+                # console.print(err)
                 continue
 
 

kunyu/core/scanalive.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+# encoding: utf-8
+"""
+@author: 风起
+@contact: onlyzaliks@gmail.com
+@File: scanalive.py
+@Time: 2022/2/24 10:47
+"""
+
+import nmap
+
+class Scan_Alive_Ip:
+    def __init__(self):
+        self.alive_data_params = {}
+    def scan_port_status(self, ip, port):
+        nm = nmap.PortScanner()
+        # Semi-open scan using TCP SYN
+        nm.scan(ip, port, "-sS")
+        for host in nm.all_hosts():
+            for proto in nm[host].all_protocols():
+                for port in nm[host][proto].keys():
+                    self.alive_data_params = {"ip": ip, "port":port, "state":nm[host][proto][port]['state']}
+        return self.alive_data_params

kunyu/core/zoomeye.py

@@ -15,6 +15,7 @@
 
 import requests
 import platform
+from rich.live import Live
 from rich.table import Table
 from rich.console import Console
 
@@ -28,9 +29,10 @@
 from pocsuite3.lib.core.option import init_options
 
 from kunyu.config import setting
+from kunyu.core.scanalive import Scan_Alive_Ip
 import kunyu.lib.encode as encode
 from kunyu.config.setting import UA, USER_INFO_API, HOST_SEARCH_API, WEB_SEARCH_API, DOMAIN_SEARCH_API, HOST_SCAN_INFO, \
-    SEMSITIVE_INFO, RULE_PARMAS
+    SEMSITIVE_INFO, RULE_PARMAS, ALIVE_SCAN_INFO
 from kunyu.core.createmap import create_data_map
 from kunyu.lib.export import export_xls
 from kunyu.lib.batchfile import get_file
@@ -179,7 +181,7 @@ def get_timeout_resp(*args):
 class ZoomEye:
     from kunyu.config.setting import ZOOMEYE_FIELDS_HOST, ZOOMEYE_FIELDS_WEB, ZOOMEYE_FIELDS_INFO, ZOOMEYE_FIELDS_DOMAIN
     from kunyu.utils.convert import convert
-    ssl_data_params, raw_data_params, sensitive_params, scatter_params = {}, {}, [], []
+    ssl_data_params, raw_data_params, sensitive_params, scatter_params, scan_alive_params = {}, {}, [], [], []
     page, dtype, timeout = 1, 0, 30
     stype, btype = "v4", "host"
 
@@ -202,23 +204,26 @@ class ZoomEye:
         Pocsuite3                                 Invoke the pocsuite component
         ExportPath                                Returns the path of the output file
         CreateMap                                 Generate an IP distribution heat map
+        AliveScan                                 The viability of the last retrieval
         clear                                     Clear the console screen
         help                                      Print Help info
         exit                                      Exit KunYu & """
 
     # ZoomEye Command List
     Command_Info = ["help", "info", "set", "Seebug", "SearchWeb", "SearchHost", "SearchIcon", "HostCrash",
                     "SearchBatch", "SearchCert", "SearchDomain", "EncodeHash", "Pocsuite3", "ExportPath",
-                    "show", "clear", "view", "DirectoryCrash", "views", "SearchKeyWord", "CreateMap", "exit"]
+                    "show", "clear", "view", "DirectoryCrash", "AliveScan","views", "SearchKeyWord", "CreateMap", "exit"]
 
     def __init__(self):
         self.fields_tables = None
 
     def __params_clear(self):
+        # Resetting array contents
         self.raw_data_params.clear()
         self.ssl_data_params.clear()
         self.sensitive_params.clear()
         self.scatter_params.clear()
+        self.scan_alive_params.clear()
 
     def __command_search(self, search, types="host"):
         """"The raw data obtained is processed and finally displayed on the terminal,
@@ -284,7 +289,9 @@ def __command_search(self, search, types="host"):
                                        str(data.geoinfo.city.names.en), str(title), str(data.timestamp).split("T")[0]]
 
                         # Set scatter_params info
-                        self.scatter_params.append({"lng": str(lon), "lat": str(lat), "ip": data.ip})
+                        self.scatter_params.append({
+                            "lng": str(lon), "lat": str(lat), "ip": data.ip
+                        })
 
                         # Reset the <raw Data Params> element
                         self.raw_data_params[num] = data.portinfo.banner
@@ -296,6 +303,11 @@ def __command_search(self, search, types="host"):
                         except:
                             pass
 
+                        self.scan_alive_params.append({
+                                "ip":data.ip,
+                                "port":str(data.portinfo.port)
+                        })
+
                         # Get the sensitive information in the banner
                         sensitive = SearchKeyWord().get_keyword_sensitive(data.portinfo.banner)
                         if sensitive: self.sensitive_params.append(sensitive)
@@ -643,7 +655,28 @@ def command_hostcrash(cls, args):
             return
 
     @classmethod
-    def command_test(cls, args):
-        from kunyu.config.setting import RULE_FILE_PATH
-        from kunyu.core.rule import YamlRule
-        print(YamlRule().get_yaml_list())
+    def command_alivescan(cls, *args, **kwargs):
+        """
+        Verify the current viability of the last retrieval result
+        """
+        from kunyu.utils.convert import convert
+        ip_port_params, num = cls.scan_alive_params, 0
+        table = Table()
+        for column in ALIVE_SCAN_INFO:
+            table.add_column(column, justify="center", overflow=overflow)
+        logger.info("IP Service Viability Scan:")
+        # Polling output table content
+        with Live(table, refresh_per_second=4):
+            for data in ip_port_params:
+                try:
+                    num += 1
+                    alive_status = convert(Scan_Alive_Ip().scan_port_status(data["ip"], data["port"]))
+                    table.add_row(
+                        str(num), alive_status.ip, str(alive_status.port), str(alive_status.state)
+                    )
+                except KeyboardInterrupt:
+                    return
+                except Exception:
+                    continue
+        logger.info("IP Service Viability Scan is completed\n")
+

requirements.txt

@@ -1,10 +1,11 @@
 mmh3
-pyyaml
+pyyaml==5.3.1
 requests
 tld
 xlwt
-grequests
-rich
+grequests==0.6.0
+rich==11.0.0
+python-nmap==0.7.1
 colorama
 pocsuite3
 colorlog