源码包扫描
# import requests
import subprocess
import os, re
from urllib.parse import urlparse
from multiprocessing.pool import ThreadPool
pool = ThreadPool(10)
# 取消验证警告
# from requests.packages.urllib3.exceptions import InsecureRequestWarning
# requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
path = os.path.split(os.path.realpath(__file__))[0]
dict_path = os.path.join(path, "domain_dict")
result_path = os.path.join(path, "result")
# 判断结果
if not os.path.exists(dict_path):
# 如果不存在则创建目录
# 创建目录操作函数
os.mkdir(dict_path)
if not os.path.exists(result_path):
os.mkdir(result_path)
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:67.0) Gecko/20100101 Firefox/67.0"}
# 提取纯净的domain(xxxx.com)
def chuli_url(url):
url = urlparse(url).netloc
# url = url.split(".")[0]+"."+url.split(".")[1].split("/")[0]
# if "http://" in url:
# url = url.replace("http://", "")
# if "https://" in url:
# url = url.replace("https://", "")
return url
def rule_1(domain):
'''
xxx.com xxx1.com xxx2.com xxx01.com xxx_01.com
xxx_com xxx1_com xxx2_com xxx01_com
'''
my_list = []
ret = domain.split(".")
# with open("ret_demo.txt", "a") as f:
# f.write(str(ret)+"\n")
num_list = []
for x in range(1, 6):
num_list.append('0{}'.format(x))
for x in range(1,6):
num_list.append(str(x))
#print(num_list)
if len(ret) == 2:
# 情况一 xxx1.com 1
for z in num_list:
ret_1 = ret[0]+z+"."+ret[1]
my_list.append(ret_1)
# 情况二 xxx1_com 1
for z in num_list:
ret_2 = ret[0]+z+"_"+ret[1]
my_list.append(ret_2)
# 情况三 xxx.1.com
for z in num_list:
ret_3 = ret[0]+"."+z+"."+ret[1]
my_list.append(ret_3)
# 情况四 xxx_1.com 1
for z in num_list:
ret_4 = ret[0]+"_"+z+"."+ret[1]
my_list.append(ret_4)
# 情况五 xxx_1_com 1
for z in num_list:
ret_5 = ret[0]+"_"+z+"_"+ret[1]
my_list.append(ret_5)
# 情况六 xxx.1_com
for z in num_list:
ret_6 = ret[0]+"."+z+"_"+ret[1]
my_list.append(ret_6)
elif len(ret) == 3:
# 情况一 www.xxx1.com 1
for z in num_list:
ret_1 = ret[0]+"."+ret[1]+z+"."+ret[2]
my_list.append(ret_1)
# 情况二 www.xxx1_com 1
for z in num_list:
ret_2 = ret[0]+"."+ret[1]+z+"_"+ret[2]
my_list.append(ret_2)
# # 情况三 www.xxx.1.com
# for z in num_list:
# ret_3 = ret[0]+"."+z+"."+ret[1]
# my_list.append(ret_3)
# # 情况四 www.xxx_1.com
# for z in num_list:
# ret_4 = ret[0]+"_"+z+"."+ret[1]
# my_list.append(ret_4)
# 情况五 www_xxx_1_com 1
for z in num_list:
ret_5 = ret[0]+"_"+ret[1]+"_"+z+"_"+ret[2]
my_list.append(ret_5)
# 情况六 www_xxx1_com 1
for z in num_list:
ret_6 = ret[0]+"_"+ret[1]+z+"_"+ret[2]
my_list.append(ret_6)
return my_list
def rule_2(domain):
temp_list = []
temp_list.append(domain) # xx.com
if len(re.findall(".", domain)) == 1:
temp_list.append(domain.split(".")[0]+"_"+domain.split(".")[1]) # xxx_com
else:
# www.xx.com site.xx.vip web.sss.sss.cn
temp_list.append(domain.replace(".", "_"))
return temp_list
def my_requests(domain, domain_list_dict):
for x in domain_list_dict:
url_1 = "http://"+domain+"/"+x
url_2 = "https://"+domain+"/"+x
try:
print("[*] {}".format(domain+"/"+x))
ret_1 = requests.get(url=url_1, headers=headers, verify=False, timeout=5)
ret_2 = requests.get(url=url_2, headers=headers, verify=False, timeout=5)
if ret_1.status_code == 200:
with open("resulit.txt", "a", encodeing="utf-8") as f:
f.write(url_1+"\n")
print("[*] find {} :".format(url_1))
return
if ret_2.status_code == 200:
with open("resulit.txt", "a", encodeing="utf-8") as f:
f.write(url_2+"\n")
return
print("[*] find {} :".format(url_2))
except Exception as e:
print(e)
pass
# my_requests("192.168.17.139", ["xxx","www.tar", "sadga.txt"])
# exit()
def my_subprocess(rce):
print("[*] {}".format(rce))
child = subprocess.Popen(rce,stdout=subprocess.PIPE,stderr=subprocess.STDOUT,shell=True)
while child.poll() is None:
output = child.stdout.readline().decode("gbk", "ignore")
print(output.strip())
my_list = []
tar_list = [".bz2",".gz",".rar",".tar",".tar.bz2",".tar.gz",".tgz",".zip",".7z",".tar.gz2",".Z",".xz","tar.xz",".mdb.rar",".0SP1.rar",".0SP1.zip",".txt",".mdb.zip",".config.rar",".config.zip",".net.cn.rar",".net.cn.zip",".wjw.cn.rar",".wjw.cn.zip",".html",".sql"]
# domain = str(input("[*] domain(xx.com):"))
with open("domain.txt", "r") as f:
ret = f.readlines()
for domain in ret:
real_url = chuli_url(domain.strip())
domain = chuli_url(domain.strip())
domain_list = []
domain_list.extend(rule_2(domain)) # 构造基础
domain_list.extend(rule_1(domain))
temp_list = []
for a in domain_list:
for x in tar_list:
x = x.strip()
temp_list.append(a+x)
for x in temp_list: # 生成对应域名的字典
# print(x)
with open(os.path.join(dict_path,domain+".txt"), "a", encoding="utf-8") as f:
f.write(x+"\n")
# my_subprocess("python3 /root/dirsearch/dirsearch.py --random-agent -e * -t 20 -u {} -w {} --json-report={}".format(real_url, os.path.join(dict_path,domain+".txt"), os.path.join(path,domain+"_result.json")))
my_subprocess("python3 /root/dirsearch/dirsearch.py --random-agent -e * -t 20 -u {} -w {} --json-report={}".format(real_url, os.path.join(dict_path,domain+".txt"), os.path.join(result_path,domain+"_result.json",)))
# pool.close()
# pool.join()
# for x in my_list:
# print(x)
# with open("my_tarzip.txt", "a", encoding="utf-8") as f:
# f.write(x+"\n")
