v1.0.3 #1 & #7 & #9

rtcatc · Nov 18, 2020 · 91bcd1c · 91bcd1c
1 parent 96475a2
commit 91bcd1c
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 17 deletions.
diff --git a/config.ini b/config.ini
@@ -1,7 +1,7 @@
 [blacklist]
 filename = jquery.js,flexible.js,data-set.js,monitor.js,umi.js,honeypot.js,.min.js,angular.js
 domain = api.map.baidu.com,alipayobjects.com
-apiExts = *,+,=,{,},[,],(,),<,>,@,#,",',@,:,?,!, ,^,\,.docx,.xlsx,.jpeg,.jpg,.bmp,.png,.svg,.vue,.js,.doc,.ppt,.pptx,.mp3,.png,.doc,.pptx,.xls,.mp4
+apiExts = *,+,=,{,},[,],(,),<,>,@,#,",',@,:,?,!, ,^,\,.docx,.xlsx,.jpeg,.jpg,.bmp,.png,.svg,.vue,.js,.doc,.ppt,.pptx,.mp3,.png,.doc,.pptx,.xls,.mp4,.gif
 
 [vulnTest]
 resultFilter = 未登录,请登录,权限鉴定失败,未授权,鉴权失败,unauth,状态失效,没有登录,会话超时,token???,login_failure

diff --git a/lib/Database.py b/lib/Database.py
@@ -43,7 +43,9 @@ def createProjectDatabase(self, url, type, cloneTag):
         unixTime = int(time.time())
         res = urlparse(url)
         domain = res.netloc
-        PATH = "tmp/" + self.projectTag + "_" + domain + "/" + self.projectTag + ".db"
+        if ":" in domain:
+            domain = str(domain).split(":")[0]
+        PATH = "tmp/" + self.projectTag + "_" + domain + '/' + self.projectTag + ".db"
         try:
             if Utils().creatSometing(2, PATH) == 1:
                 connect = sqlite3.connect(os.sep.join(PATH.split('/')))
@@ -234,17 +236,16 @@ def insertTextFromDB(self, res):
             blacks = ReadConfig()
             blacks.getValue("blacklist", "apiExts")
             black_ext = "".join(blacks.res).split(",")
-
-            for ext in black_ext:
-                if ("<html" not in text) and ("PNG" not in text) and (len(text) != 0) and (url.split("/")[-1] != "favicon.ico")\
-                        and (("." + str(url.split("/")[-1].split(".")[-1])) != ext):
-                    sql = "UPDATE api_tree SET result=\'" + text + "\' WHERE path=\"" + url + '\"'
-                else:
-                    sql = "UPDATE api_tree SET success=0 WHERE path=\"" + url + '\"'
-            cursor.execute(sql)
-            # except:
-            #     pass
-            # conn.commit()
+            try:
+                for ext in black_ext:
+                    if ("<html" not in text) and ("PNG" not in text) and (len(text) != 0) and (url.split("/")[-1] != "favicon.ico")\
+                            and (("." + str(url.split("/")[-1].split(".")[-1])) != ext):
+                        sql = "UPDATE api_tree SET result=\'" + text + "\' WHERE path=\"" + url + '\"'
+                    else:
+                        sql = "UPDATE api_tree SET success=0 WHERE path=\"" + url + '\"'
+                cursor.execute(sql)
+            except Exception as e:
+                self.log.error("[Err] %s" % e)
         conn.close()
 
     def insertCorsInfoIntoDB(self, request_b, response_h):

diff --git a/lib/ParseJs.py b/lib/ParseJs.py
@@ -56,7 +56,11 @@ def requestUrl(self):
                 #self.jsPathInScripts.append(jsPathInScript)
                 jsTag = Utils().creatTag(6)
                 res = urlparse(self.url)
-                PATH = "tmp/" + self.projectTag + "_" + res.netloc + "/" + self.projectTag + ".db"
+                domain = res.netloc
+                if ":" in domain:
+                    domain = str(domain).split(":")[0]
+                PATH = "tmp/" + self.projectTag + "_" + domain +'/' + self.projectTag + ".db"
+
                 conn = sqlite3.connect(os.sep.join(PATH.split('/')))
                 cursor = conn.cursor()
                 conn.isolation_level = None
@@ -66,7 +70,7 @@ def requestUrl(self):
                     inurl = self.url + "/§§§"
                 sql = "insert into js_file(name,path,local) values('%s','%s','%s')" % (jsTag + ".js" , inurl , jsTag + ".js")
                 cursor.execute(sql)
-                with open("tmp" + os.sep + self.projectTag + "_" + res.netloc + os.sep + jsTag + ".js", "wb") as js_file:
+                with open("tmp" + os.sep + self.projectTag + "_" + domain + os.sep + jsTag + ".js", "wb") as js_file:
                     js_file.write(jsPathInScript)
                     js_file.close()
                     cursor.execute("UPDATE js_file SET success = 1 WHERE local='%s';" % (jsTag + ".js"))

diff --git a/lib/common/utils.py b/lib/common/utils.py
@@ -36,7 +36,7 @@ def creatSometing(self, choice, path):  # choice1文件夹，2文件
         if choice == 2:
             path = path.split('/')
             del path[-1]
-            path = os.sep.join(path)
+            path = os.sep.join(path)    #
             path = os.getcwd() + os.sep + path
             try:
                 if not os.path.exists(path):

diff --git a/lib/getApiResponse.py b/lib/getApiResponse.py
@@ -10,7 +10,6 @@
 
 
 class ApiResponse(object):
-
     def __init__(self, urls,options):
         self.log = creatLog().get_logger()
         self.UserAgent = ["Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0",