FridayXs-渗透测试自动化开发框架
发布于:2023-5-29
最后更新: 2024-12-12
次查看
type
Post
status
Published
date
May 29, 2023
slug
summary
tags
category
icon
password
00x01-信息收集000x01-备案查询000x02-主机扫描000x03-端口扫描000x04-子域名扫描000x05-目录扫描000x06-指纹识别00x02-漏洞扫描-开发中000x01-未授权扫描000x02-弱口令扫描000x03-· · ·00x03-其他工具-开发ing000x01-IPCD地址查询000x02-本地字符编码000x03-自定字典生存

00x01-信息收集

000x01-备案查询

通过调用一些在线接口对输入的网站进行查询,再通过单位名,对旗下备案的站点进行提取
notion image

000x02-主机扫描

通过调用python-nmap框架进行批量探测
nm = nmap.PortScanner()
nm.scan(hosts=host_test_ips, arguments=arguments)
notion image

000x03-端口扫描

同上,通过调用python-nmap框架进行批量探测
nm = nmap.PortScanner()
nm.scan(hosts=port_test_ips, arguments=arguments)
notion image

000x04-子域名扫描

在线:通过调用在线一些接口,目前包含有chaziyu.com、www.virustotal.com的接口查询。 爆破:通过python异步多线程进行dns解析,枚举线程的速度根据电脑带宽的大小决定。
dns_resolver = dns.resolver.Resolver()
dns_resolver.nameservers = ['119.29.29.29', '114.114.114.114', '8.8.4.4']
dns_resolver_result = dns_resolver.resolve(domain, "A")
notion image

000x05-目录扫描

通过调用dirsearch进行扫描,最后通过正则匹配回显示到前端。
dirscan_url_setting = ['-u'] + [dirscan_url]
dirscan_result_filename_setting = ['-o'] + [dirscan_result_filename]
dirscan_models =dirscan_code+ dirscan_url_setting + dirscan_result_filename_setting
dirscan_result = subprocess.Popen(dirscan_models, shell=False, stdout=dirscan_test, start_new_session=True)
notion image

000x06-指纹识别

通过调用ehole3.1进行批量扫描,最后通过返回json回显到前端。
ehole_exec_code = [ehole_path, "finger", "-l", ehole_project_target, "-o", ehole_project_result] + fingerprint_survey_setting

ehole_start = FingerprintSurey_task.apply_async(args=[project_name, ehole_exec_code, ehole_project_path, ehole_project_target, ehole_project_result, ehole_test])
notion image

00x02-漏洞扫描-开发中

000x01-未授权扫描

000x02-弱口令扫描

000x03-· · ·

00x03-其他工具-开发ing

notion image

000x01-IPCD地址查询

批量ip地址查询。
url = f"https://whois.pconline.com.cn/ipJson.jsp?ip={target}&json=true"
headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70',
    'Referer': 'http://whois.pconline.com.cn/'
}
response = requests.get(url, headers=headers)
response.raise_for_status()
ip_address = json.loads(response.text)['addr']
notion image

000x02-本地字符编码

防止一些代码在线网站查询不方便。
encoded_string = quote(project_name_encode)
decoded_string = unquote(project_name_encode)

encoded_string = (base64.b64encode(project_name_encode.encode('utf-8'))).decode('utf-8')
try:
    decoded_string = base64.b64decode(project_name_encode).decode('utf-8')

encoded_string = ''.join([f'\\u{ord(char):04x}' for char in str(project_name_encode)])
decoded_string = bytes(project_name_encode, 'utf-8').decode('unicode_escape')
notion image
notion image
notion image

000x03-自定字典生存

对提交的中文进行首字母提取,然后生成一个自定义的词典。
notion image
浏览器-快捷使用操作常见APK加固特征码
轻言易梦
轻言易梦
犹是如风一男孩