自己写了一个漏扫模板,方便使用
"""添加请求头部信息,塑造来源ip"""
import time
import requests
import argparse
import threadpool
from colorama import Fore, init
from random import randint
init()
header = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Firefox/111.0',
'Accept': '*/*',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
'Accept-Encoding': 'gzip, deflate',
'Cache-Control': 'no-cache',
'Pragma': 'no-cache',
'Connection': 'close',
"X-Forwarded-For": '%s.%s.%s.%s' % (randint(1, 255), randint(1, 255), randint(1, 255), randint(1, 255)) # 构造随机来源ip
}
# 扫描方法
def poc(url_poc):
try:
resp = requests.get(url_poc, verify=False, timeout=3)
if resp.status_code == 200:
print(Fore.GREEN + "[+]exist vulnerability,vulnerability address:\t" + url_poc)
with open('exp.txt', 'a+') as f:
f.write(url_poc + '\r')
except Exception:
print(Fore.RED + "timeout and not vulnerability...")
# 利用方法
def exp(poc_url, command):
data = {}
try:
pass
except:
pass
# 文本遍历
def pocs(file, path, pool=5):
f = open(file, 'r')
url_pool = [] # 任务池
thpools = threadpool.ThreadPool(pool) # 线程池
for i in f.readlines():
if i[:-1].startswith('http://') or i[:-1].startswith('https://'):
url = i[:-1]
else:
url = "http://" + i[:-1]
url_poc = url + path # 拼接漏洞url
url_pool.append(url_poc) # 将漏洞url加入任务池
ths = threadpool.makeRequests(poc, url_pool)
for th in ths:
thpools.putRequest(th)
thpools.wait()
# 主函数帮助文档 一些简单规则
def main():
parser = argparse.ArgumentParser(usage='[OPTIONS... -f -m -u]',
description='[DESCRIPTION... python xxx.py -f <file> 文本ip扫描' + '\n' + '-m -u 漏洞利用,根据自己需求添加]')
parser.add_argument('-f', '--file', type=str, help='<file>') # 测试文本
parser.add_argument('-m', '--command', type=str, help='<command>') # 远程命令执行测试命令
parser.add_argument('-u', '--url', type=str, help='<url>') # 单个地址测试
parser.add_argument('-p', type=str, help='<PATH>') # 测试规则路径
parser.add_argument('-t', type=int, help='<thread>') # 线程数
args = parser.parse_args()
file = args.file
exp_url = args.url
command = args.command
path = args.p
pool = args.t
if file != None and exp_url == None: # 批量检测
pocs(file, path, pool)
elif exp_url != None and file == None: # 单个利用
exp(exp_url, command)
elif args == None:
print('args is Null, please use' + Fore.GREEN + "<-h>" + Fore.WHITE + 'option look over help word')
else:
print("")
if __name__ == '__main__':
start = time.time()
main()
end = time.time()
print("scaning time:%.2f" % (end - start))