-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from Hatanezumi/main
优化输出显示,为多进程添加新控制参数
- Loading branch information
Showing
39 changed files
with
11,312 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
111.txt | ||
result.txt | ||
/__pycache__ | ||
/.vscode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" | ||
____ __ ____ ____ ____ ______ _____ __ ____ ____ | ||
/ ___/ / ]| \ | || \ | | / ___/ / ] / || \ | ||
( \_ / / | D ) | | | o )| | _____ ( \_ / / | o || _ | | ||
\__ | / / | / | | | _/ |_| |_|| | \__ | / / | || | | | ||
/ \ |/ \_ | \ | | | | | | |_____| / \ |/ \_ | _ || | | | ||
\ |\ || . \ | | | | | | \ |\ || | || | | | ||
\___| \____||__|\_||____||__| |__| \___| \____||__|__||__|__| | ||
|
||
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
import requests | ||
from urllib3.exceptions import InsecureRequestWarning | ||
from colorama import Fore, Style | ||
|
||
# 定义ANSI颜色代码 | ||
class Color: | ||
GREEN = "\\033[92m" | ||
RESET = "\\033[0m" | ||
|
||
# 禁用不安全请求警告 | ||
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | ||
|
||
# 设置全局默认最大重试次数和超时时间 | ||
def set_request_defaults(): | ||
requests.adapters.DEFAULT_RETRIES = 1 | ||
requests.adapters.DEFAULT_TIMEOUT = 3 | ||
|
||
# 图标 | ||
def print_banner(): | ||
with open("banner.txt", "r") as file: | ||
content = file.read() | ||
colored_content = f"{Fore.GREEN}{content}{Style.RESET_ALL}" | ||
print(colored_content) | ||
def print_help(): | ||
with open("help.txt", "r", encoding='utf-8') as file: | ||
content = file.read() | ||
colored_content = content | ||
print(colored_content) | ||
|
||
custom_headers = { | ||
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0", | ||
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", | ||
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", | ||
"Accept-Encoding": "gzip, deflate", | ||
"Upgrade-Insecure-Requests": "1", | ||
"Sec-Fetch-Dest": "document", | ||
"Sec-Fetch-Mode": "navigate", | ||
"Sec-Fetch-Site": "none", | ||
"Sec-Fetch-User": "", | ||
"Te": "trailers", | ||
"Connection": "close", | ||
"cookie":"TWFID=d2c3d09c522ed63e; ", | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#!/usr/bin/env python3 | ||
# -*- coding: utf-8 -*- | ||
''' | ||
@Author : Hatanezumi | ||
@Contact : [email protected] | ||
@Desc : 本部分是对任务进行多进程的调配 | ||
''' | ||
import os | ||
import url_scanner | ||
import multiprocessing | ||
from pathlib import Path | ||
from colorama import Fore, Style | ||
from tqdm import tqdm | ||
|
||
class Scanner(): | ||
def __init__(self, urls:list[str], proxy:str|None, max_cpu:int|None, force_cpu:int|None) -> None: | ||
self.urls = urls | ||
self.total = len(urls) | ||
self.finish = 0 | ||
self.proxy = proxy | ||
self.max_cpu = max_cpu | ||
self.force_cpu = force_cpu | ||
self.res_file_path = Path('result.txt') | ||
def worker(self,args:tuple[str,str]) -> str: | ||
return url_scanner.scan_urls(args[0],args[1]) | ||
def start(self) -> None: | ||
cpu_count = multiprocessing.cpu_count() | ||
cpu_count *= 5 | ||
cpu_count = self.max_cpu if self.max_cpu is not None and self.max_cpu <= cpu_count * 5 else cpu_count | ||
cpu_count = self.force_cpu if self.force_cpu is not None else cpu_count | ||
try: | ||
with multiprocessing.Pool(cpu_count) as pool: | ||
res_list = pool.imap_unordered(self.worker,[(i,self.proxy) for i in self.urls]) | ||
for res in tqdm(res_list, total=self.total, desc='当前进度'): | ||
self.finish += 1 | ||
os.system(f'title 当前进度:{self.finish}/{self.total}') | ||
res_text = ''.join(res) if len(res) != 1 else '' | ||
with open(self.res_file_path,'a',encoding='utf-8') as file: | ||
file.write(res_text) | ||
except KeyboardInterrupt: | ||
print(f'{Fore.GREEN}程序被终止,结果已保存到{self.res_file_path}{Fore.RESET}') | ||
os.system('pause') | ||
|
||
def start(urls:list[str], proxy:str|None, max_cpu:str|None, force_cpu:str|None) -> None: | ||
max_cpu = int(max_cpu) if max_cpu is not None else None | ||
force_cpu = int(force_cpu) if force_cpu is not None else None | ||
scanner = Scanner(urls,proxy=proxy,max_cpu=max_cpu,force_cpu=force_cpu) | ||
scanner.start() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
import json | ||
import re | ||
import requests | ||
import sys | ||
import os | ||
|
||
def scan_findinfo() -> list[str]: | ||
headers = { | ||
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"} | ||
|
||
fileurl = "/findinfo/JS" | ||
|
||
filemkdir = fileurl.split('_')[0] | ||
if not os.path.exists(filemkdir): | ||
os.makedirs(filemkdir) | ||
|
||
#get path + 路径名称 | ||
paths = [] | ||
for dirpath, dirnames, filenames in os.walk('./' + filemkdir): | ||
for file in filenames: | ||
try: | ||
with open("./" + filemkdir + "/" + file, "r", encoding='gb18030', errors='ignore') as f2: | ||
lines = f2.readlines() | ||
for line in lines: | ||
line = line.strip('\n').strip('\t') | ||
matches = re.findall(r'(?i)((access_key|username|user|jwtkey|jwt_key|AESKEY|AES_KEY|appsecret|app_secret|access_token|password|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api\.googlemaps\s+AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc\ password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn\.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env\.heroku_api_key|env\.sonatype_password|eureka\.awssecretkey)\s*[:=><]{1,2}\s*[\"\']{0,1}([0-9a-zA-Z\-_=+/]{8,64})[\"\']{0,1})', line) | ||
for match in matches: | ||
paths.append(file + "---" + str(match[0])) | ||
|
||
matches = re.findall(r'''(['"]\s*(?:GOOG[\w\W]{10,30}|AZ[A-Za-z0-9]{34,40}|AKID[A-Za-z0-9]{13,20}|AKIA[A-Za-z0-9]{16}|IBM[A-Za-z0-9]{10,40}|OCID[A-Za-z0-9]{10,40}|LTAI[A-Za-z0-9]{12,20}|AK[\w\W]{10,62}|AK[A-Za-z0-9]{10,40}|AK[A-Za-z0-9]{10,40}|UC[A-Za-z0-9]{10,40}|QY[A-Za-z0-9]{10,40}|KS3[A-Za-z0-9]{10,40}|LTC[A-Za-z0-9]{10,60}|YD[A-Za-z0-9]{10,60}|CTC[A-Za-z0-9]{10,60}|YYT[A-Za-z0-9]{10,60}|YY[A-Za-z0-9]{10,40}|CI[A-Za-z0-9]{10,40}|gcore[A-Za-z0-9]{10,30})\s*['"])''', line) | ||
for match in matches: | ||
paths.append(file + "---" + str(match)) | ||
|
||
matches = re.findall(r'[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}', line) | ||
for match in matches: | ||
paths.append(file + "---" + str(match)) | ||
|
||
matches = re.findall(r'(?<!\d)(13\d{9}|14[579]\d{8}|15[^4\D]\d{8}|166\d{8}|17[^49\D]\d{8}|18\d{9}|19[189]\d{8})(?!\d)', line) | ||
for match in matches: | ||
paths.append(file + "---" + str(match)) | ||
|
||
matches = re.findall(r'\b\d{17}[\dXx]|\b\d{14}\d{1}|\b\d{17}[\dXx]', line) | ||
for match in matches: | ||
paths.append(file + "---" + str(match)) | ||
|
||
matches = re.findall(r'\d+\.\d+\.\d+\.\d+', line) | ||
for match in matches: | ||
paths.append(file + "---" + str(match)) | ||
except Exception as e: | ||
print("发生错误") | ||
|
||
|
||
for var in (vars := sorted(set(paths))): | ||
with open(fileurl + '_path.txt', "a+", encoding='gb18030', errors='ignore') as paths_file: | ||
paths_file.write(var + '\n') | ||
# 打印当前路径到终端并设置颜色为黄色 | ||
print('\033[33m' + var + '\033[0m') | ||
return vars |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
|
||
特别声明:该脚本目前只针对于ASP.NET的站点 | ||
目前支持扫描的编辑器有 | ||
kindeditor ueditor fckeditor ckeditor ckfinder Cuteditor | ||
多进程是根据cpu核心数量开启的,可以通过-c来设定进程数量但不能超过cpu核心数,也可以通过--force_cpu来强制设定进程数量 | ||
感谢JSfinder模块的技术支持:L@2uR1te 师傅 | ||
本人QQ:1723680383 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
import requests | ||
|
||
def send_http_request(url, verify=False, timeout=5, headers=None, proxy=None): | ||
try: | ||
proxies = {"http": proxy, "https": proxy} if proxy else None | ||
response = requests.get(url, verify=verify, timeout=timeout, proxies=proxies) | ||
return response | ||
except requests.exceptions.RequestException as e: | ||
return None | ||
|
||
# 示例用法 | ||
#url = "https://funbox.com.tw/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config" | ||
#response = send_http_request(url) | ||
#print(response.text) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
import requests | ||
from bs4 import BeautifulSoup | ||
from urllib.parse import urlparse, urljoin | ||
|
||
# 定义JS文件规则列表 | ||
js_rules = [ | ||
"RSA.js", | ||
# 添加更多规则 | ||
] | ||
|
||
# 设置控制目录级别的变量 | ||
max_directory_levels = 4 | ||
|
||
def get_js_paths(url): | ||
try: | ||
# 发送GET请求获取网页内容 | ||
response = requests.get(url) | ||
response.raise_for_status() | ||
|
||
# 使用BeautifulSoup解析HTML | ||
soup = BeautifulSoup(response.text, 'html.parser') | ||
|
||
# 获取主机名 | ||
host = urlparse(url).hostname | ||
|
||
# 提取每个script标签中的src属性 | ||
js_paths = [tag.get('src') for tag in soup.find_all('script')] | ||
|
||
# 过滤JavaScript文件的路径并提取文件路径部分 | ||
filtered_js_paths = [] | ||
outputted_dirs = set() # 存储已输出的不匹配目录路径 | ||
|
||
for path in js_paths: | ||
if not path: | ||
continue | ||
if not urlparse(path).hostname: | ||
# 处理相对路径 | ||
path = urljoin(url, path) | ||
if urlparse(path).hostname == host: | ||
# 提取文件路径部分 | ||
path = urlparse(path).path | ||
filtered_js_paths.append(path) | ||
|
||
# 打印所有JavaScript文件的路径 | ||
for path in filtered_js_paths: | ||
# 检查是否在JS文件规则列表中 | ||
matching_rule = None | ||
for rule in js_rules: | ||
if rule in path: | ||
matching_rule = rule | ||
break | ||
|
||
if matching_rule: | ||
print("JavaScript文件路径:", path) | ||
print("发现匹配的规则:", matching_rule) | ||
else: | ||
# 修改部分,限制不匹配的JavaScript目录路径的最多指定级别 | ||
directory_parts = path.split('/')[:-1] | ||
if len(directory_parts) > max_directory_levels: | ||
directory_parts = directory_parts[:max_directory_levels] | ||
directory_path = '/'.join(directory_parts) + '/' | ||
if directory_path not in outputted_dirs: | ||
print("不匹配的JavaScript目录路径:", directory_path) | ||
outputted_dirs.add(directory_path) | ||
|
||
except requests.exceptions.RequestException as e: | ||
print("请求错误:", e) | ||
except Exception as e: | ||
print("发生错误:", e) | ||
|
||
if __name__ == "__main__": | ||
url = input("请输入网站的URL: ") | ||
get_js_paths(url) |
Oops, something went wrong.