Skip to content

Commit

Permalink
20220616-v1.0.9
Browse files Browse the repository at this point in the history
  • Loading branch information
@CLincat
CLincat committed Jun 16, 2022
1 parent d10d9fb commit ba309df
Show file tree
Hide file tree
Showing 19 changed files with 1,572 additions and 223 deletions.
155 changes: 86 additions & 69 deletions README.md
View file

Large diffs are not rendered by default.

156 changes: 87 additions & 69 deletions README_en-us.md
View file

Large diffs are not rendered by default.

62 changes: 55 additions & 7 deletions lib/core/coreScan.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from lib.tool.logger import logger
from lib.tool import check
from lib.report import output
from lib.tool.fingerprint import identify
from payloads.AlibabaDruid import alidruid
from payloads.AlibabaNacos import nacos
from payloads.ApacheAirflow import airflow
Expand All @@ -16,8 +17,10 @@
from payloads.ApacheTomcat import tomcat
from payloads.ApacheStruts2 import struts2
from payloads.AppWeb import appweb
from payloads.AtlassianConfluence import confluence
from payloads.Cisco import cisco
from payloads.Django import django
from payloads.ElasticSearch import elasticsearch
from payloads.F5BIGIP import f5bigip
from payloads.Fastjson import fastjson
from payloads.ThinkPHP import thinkphp
Expand All @@ -38,6 +41,9 @@ def __init__(self):
self.delay = config.get('delay') # * 延时
self.url_list = config.get('url_list') # * url列表
self.app_list = config.get('app_list') # * 框架列表
self.batch = config.get('batch')
self.no_waf = config.get('no_waf') # * 是否启用WAF指纹识别
# self.web_app = config.get('web_app') # * 是否启用框架指纹识别
self.thread_list = [] # * 已经运行的线程列表
self.results = [] # * 结果列表
self.queue = Queue() # * 创建线程池
Expand All @@ -48,8 +54,37 @@ def __init__(self):

def start(self):
''' 开始扫描, 添加poc并启动 '''
for u in self.url_list: # * 遍历urls
logger.info('yellow_ex', self.lang['core']['start']['start'] + u) # ? 提示, 开始扫描当前url
for u in self.url_list: # * 遍历urls
logger.info('yellow_ex', self.lang['core']['start']['start'] + u) # ? 提示, 开始扫描当前url

# * --------------------WAF指纹识别--------------------
if (not self.no_waf):
waf_info = identify.waf_identify(u) # * WAF指纹识别
if waf_info:
while True:
if (not self.batch): # * 是否使用默认选项
logger.info('red', '', print_end='')
operation = input(self.lang['core']['start']['waf_find'].format(waf_info)) # * 接收参数
else:
logger.info('red', self.lang['core']['start']['waf_find'].format(waf_info), print_end='')
operation = 'no' # * 默认选项No
logger.info('red', 'no', notime=True)

operation = operation.lower() # * 字母转小写
if operation in ['y', 'yes']: # * 继续扫描
logger.info('yellow_ex', self.lang['core']['stop']['continue']) # ? 日志, 继续扫描
break
elif operation in ['n', 'no']:
logger.info('yellow_ex', self.lang['core']['stop']['next']) # ? 日志, 下一个
u = 'next'
break
else:
logger.info('yellow_ex', self.lang['core']['start']['waf_not_find'])

if u == 'next':
continue
# * --------------------WAF指纹识别--------------------

if check.check_connect(u):
self.addPOC(u) # * 为url添加poc 并加入线程池
self.scanning() # * 开始扫描该url
Expand All @@ -75,6 +110,7 @@ def addPOC(self, url):
logger.info('reset', '', notime=True, print_end='') # * 重置文字颜色
_exit(0)


def scanning(self):
''' 正在扫描, 根据线程数启动poc '''
queue_thread = int(self.queue.qsize() / self.thread)+1 # * 循环次数
Expand All @@ -93,24 +129,36 @@ def scanning(self):
except KeyboardInterrupt:
if self.stop():
continue
else:
self.queue.queue.clear() # * 清空当前url的扫描队列
break # * 停止当前url的扫描, 并扫描下一个url


def stop(self):
''' # ! 功能还没写好
Ctrl+C暂停扫描
q(uit) 退出扫描
c(ontinue) 继续扫描
n(ext) 跳过当前url的扫描
m(odify) (还没写好)修改参数, 输入参数名和值(如-t 3)然后回车, 修改相应参数, 并继续扫描
wq(save and exit) 等待已经运行的poc, 保存并输出已有的漏洞结果, 有--output参数的话则同步保存至文件
'''
while True:
logger.info('reset', '[CTRL+C] q(uit)/c(ontinue)/wq(save and exit): ') # ? 提示信息
operation = input('\r'.ljust(70)) # * 接收参数
if operation == 'q': # * 退出
logger.info('reset', '', print_end='') # ? 提示信息
operation = input('\r[CTRL+C] - q(uit)/c(ontinue)/n(ext)/wq(save and exit): '.ljust(70))# * 接收参数
operation = operation.lower() # * 字母转小写

if operation in ['q', 'quit']: # * 退出扫描
_exit(0)
elif operation == 'c': # * 继续扫描
elif operation in ['c', 'continue']: # * 继续扫描
logger.info('yellow_ex', self.lang['core']['stop']['continue']) # ? 日志, 继续扫描
return True
elif operation == 'wq': # * 保存退出
elif operation in ['wq', 'save and exit']: # * 保存结果并退出
self.end()
elif operation in ['n', 'next']:
logger.info('yellow_ex', self.lang['core']['stop']['next']) # ? 日志, 扫描下一个目标

return False

def end(self):
''' 结束扫描, 等待所有线程运行完毕, 生成漏洞结果并输出/保存'''
Expand Down
2 changes: 1 addition & 1 deletion lib/initial/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ def __init__(self, args):
'https': args.http_proxy
}

app_list = ['alidruid', 'airflow', 'apisix', 'appweb', 'cisco', 'django', 'f5bigip', 'fastjson', 'flink', 'keycloak', 'nacos', 'solr', 'struts2', 'spring', 'thinkphp', 'tomcat', 'ueditor', 'weblogic', 'yonyou']
app_list = ['alidruid', 'airflow', 'apisix', 'appweb', 'cisco', 'confluence', 'django', 'elasticsearch', 'f5bigip', 'fastjson', 'flink', 'keycloak', 'nacos', 'solr', 'struts2', 'spring', 'thinkphp', 'tomcat', 'ueditor', 'weblogic', 'yonyou']
if args.application == 'all': # * -a参数
args.app_list = app_list
else:
Expand Down
38 changes: 32 additions & 6 deletions lib/initial/language.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,26 +47,39 @@ def language():
'output_text': 'Save the scan results in TXT format, no vulnerability will not generate files(e.g. --output-text result.txt)',
'output_json': 'Save the scan results in JSON format, no vulnerability will not generate files(e.g. --output-text result.json)'
},
'general_help': {
'title': 'General',
'name': 'General operating parameter',
'no_waf': 'Disable WAF detection',
'batch': 'The yes/no option does not require user input. The default option is used'
},
'lists_help': {
'title': 'Lists',
'name': 'Vulnerability list',
'list': 'View all payload'
},
'app_list_help': {
'title': 'Supported target types(Case insensitive)',
'name': 'AliDruid,airflow,apisix,appweb,cisco,django,f5bigip,fastjson,flink,keycloak,nacos,thinkphp,tomcat,spring,solr,struts2,ueditor,weblogic,yonyou'
'name': 'AliDruid,airflow,apisix,appweb,cisco,confluence,django,elasticsearch,f5bigip,fastjson,flink,keycloak,nacos,thinkphp,tomcat,spring,solr,struts2,ueditor,weblogic,yonyou'
},
'core': {
'start': {
'start': '[INFO] Start scanning target ',
'unable': '[WARN] Unable to connect to '
'unable': '[WARN] Unable to connect to ',
'waf': '[WAF] The WAF detection for the current URL starts',
'waf_find': '[WAF] {} is detected, Whether to continue scanning the current URL? - y(es)/N(o): ',
'waf_not_find': 'Not found the WAF',
'waf_timeout': 'WAF recognizes timeout and the target is not responding',
'waf_conn_error': 'WAF recognition error, unable to connect to destination URL',
'waf_error': 'WAF identification error, unknown error'
},
'addpoc': {
'notfound': '[ERROR] The application not found: ',
'error': '[ERROR] The addPOC is error'
},
'stop': {
'continue': '[INFO] Continue to scan'
'continue': '[INFO] Continue to scan',
'next': '[INFO] Skip current URL'
},
'end': {
'wait': '[INFO] Wait for all threads to finish. Please wait...',
Expand Down Expand Up @@ -126,26 +139,39 @@ def language():
'output_text': '以txt格式保存扫描结果, 无漏洞时不会生成文件(如: --output-text result.txt)',
'output_json': '以json格式保存扫描结果, 无漏洞时不会生成文件(如: --output-text result.json)'
},
'general_help': {
'title': 'General',
'name': '通用工作参数',
'no_waf': '禁用waf检测',
'batch': 'yes/no的选项不需要用户输入, 使用默认选项'
},
'lists_help': {
'title': 'Lists',
'name': '漏洞列表',
'list': '查看所有Payload'
},
'app_list_help': {
'title': '支持的目标类型(-a参数, 不区分大小写)',
'name': 'AliDruid,airflow,apisix,appweb,cisco,django,f5bigip,fastjson,flink,keycloak,nacos,thinkphp,tomcat,spring,solr,struts2,ueditor,weblogic,yonyou'
'name': 'AliDruid,airflow,apisix,appweb,cisco,confluence,django,elasticsearch,f5bigip,fastjson,flink,keycloak,nacos,thinkphp,tomcat,spring,solr,struts2,ueditor,weblogic,yonyou'
},
'core': {
'start': {
'start': '[INFO] 开始扫描目标 ',
'unable': '[WARN] 无法连接到 '
'unable': '[WARN] 无法连接到 ',
'waf': '[WAF] 开始对当前url进行WAF检测',
'waf_find': '[WAF] 目标疑似存在{} 是否继续扫描当前url? - y(es)/N(o): ',
'waf_not_find': '[WAF] 未发现WAF',
'waf_timeout': 'WAF识别超时, 目标没有响应',
'waf_conn_error': 'WAF识别出错, 无法连接至目标url',
'waf_error': 'WAF识别出错, 未知错误'
},
'addpoc': {
'notfound': '[ERROR] 未找到应用程序: ',
'error': '[ERROR] 添加POC时出现错误'
},
'stop': {
'continue': '[INFO] 继续扫描'
'continue': '[INFO] 继续扫描',
'next': '[INFO] 跳过当前url'
},
'end': {
'wait': '[INFO] 等待所有线程结束, 请稍等...',
Expand Down
Loading

0 comments on commit ba309df

Please sign in to comment.