• python写个御剑


    前言:

    今天师傅叫我,写个python版的御剑。然后我之前也写过

    不过不怎么样,这次有新想法。

    思路:

    御剑:读取御剑配置文件里的所有路径,加上用户要扫描的url。进行批量检测,如果状态码为200并且无Error.ini里面的错误就存在该路径。报存在save.txt (详细看代码)

    路径:

    御剑代码:

    import requests
    import random
    import os
    file=[]
    url=[]
    error=[]
    bc=[]
    ip=[]
    headers={}
    user=input('Import TXT:')
    banner='''
     ____            _                             
    |  _   ___  ___| |_ _ __ ___  _   _  ___ _ __ 
    | | | |/ _ / __| __| '__/ _ | | | |/ _  '__|
    | |_| |  __/\__  |_| | | (_) | |_| |  __/ |   
    |____/ \___||___/\__|_|  \___/ \__, |\___|_|   
                                   |___/        
    
    Producer:Nine world 
    '''
    useragent=[]
    twoo=[]
    print(banner)
    
    def urls():
        dk=open('{}'.format(user),'r')
        for k in dk.readlines():
            qcs="".join(k.split('
    '))
            url.append(qcs)
        print('[+]url.txt Load completion')
        print(' ')
        print(' ')
    urls()
    
    def judge():
      pd=os.listdir('御剑配置文件')
      for name in pd:
          file.append(name)
    
      for f in file:
        print('[+]existence {}'.format(f))
    
      print(' ')
      print(' ')
    
      dk=open('user-agent.txt','r')
      for d in dk.readlines():
          qc="".join(d.split('
    '))
          useragent.append(qc)
      print('[+]user-agent Load completion')
      print(' ')
      print(' ')
    judge()
    
    def errors():
        lv=open('Error/error.txt','r')
        for e in lv.readlines():
            qcsw="".join(e.split('
    '))
            error.append(qcsw)
        print('[+]The filter file is loaded')
        print(' ')
        print(' ')
    errors()
    
    def forge():
        sj=[]
        dkw=open('ip.txt','r')
        for i in dkw.readlines():
            k="".join(i.split('
    '))
            ip.append(k)
    
        for g in range(0,len(useragent)):
            u='User-Agent='
            x='X-Forwarded-For='
            c='Client-IP='
            sj.append(u+useragent[g]+'&'+x+ip[g]+'&'+c+ip[g])
        kc=list(set(sj))
        su=random.choice(kc)
        qc=str(su)
        for v in qc.split('&'):
            key,value=v.split('=',1)
            headers[key]=value
    forge()
    
    def exploit():
      wi=os.listdir('御剑配置文件')
      for w in wi:
          dp=open('{}'.format('御剑配置文件/'+w),'r',encoding='gbk')
          for s in dp.readlines():
              we="".join(s.split('
    '))
              for u in url:
                  up='{}'.format(u).rstrip('/')+we
                  try:
                    requet=requests.get(url=up,headers=headers,timeout=3,allow_redirects=False)
                    for e in error:
                        if requet.status_code==200 and not e in requet.text:
                            ok='[+]code:{} url:{}'.format(requet.status_code,requet.url)
                            if ok in twoo:continue
                            twoo.append(ok)
                            print(ok)
                        else:
                            no='[x]Not url :{}'.format(requet.url)
                            if no in bc:continue
                            bc.append(no)
                            print(no)
                  except Exception as u:
                      print('[-]Error {}'.format(u))
    
      if len(twoo)>0:
          od=open('save.txt','w')
          od.close()
    
          xr=open('save.txt','r')
          for c in twoo:
              print(c,file=open('save.txt','a'))
    
    
    exploit()

    测试效果:

     

     Github下载地址:https://github.com/422926799/python/tree/master/%E5%BE%A1%E5%89%91

  • 相关阅读:
    I2C驱动程序
    3.4.2内核下的I2C驱动
    ARM Linux bootloader笔记
    将博客搬至CSDN
    《淘宝技术这十年》读后感
    《华为研发》2读后感
    《大数据》涂子沛【3.0升级版】读后感
    Cadence画封装的步骤
    Cadence PCB层的概念
    fPLL结构及动态配置
  • 原文地址:https://www.cnblogs.com/haq5201314/p/9321041.html
Copyright © 2020-2023  润新知