-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathweb-scan.py
100 lines (86 loc) · 2.65 KB
/
web-scan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/usr/bin/python
#-*- coding=utf-8 -*-
"""
* web系统周期性巡检
* 1.svn git泄露
* 2.备份文件扫描
* 3.列出目录
* ???4.任意域名指向
"""
import io
import sys
import urllib
import urllib2
import httplib
import socket
import time
import threading
socket.setdefaulttimeout(10)
secretRs = []
# 重定义http方法 防止302跟随
class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
def http_error_301(self, req, fp, code, msg, headers):
result = urllib2.HTTPRedirectHandler.http_error_301(self, req, fp, code, msg, headers)
result.status = code
return result
def http_error_302(self, req, fp, code, msg, headers):
result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
result.status = code
return result
class scanner(threading.Thread):
def __init__(self, target):
threading.Thread.__init__(self)
self.target = target
def run(self):
target = self.target
# 敏感文件扫描
secretList = ["/.svn/entries", "/.git/config",
"/www.tar.gz", "/www.zip", "/www.rar",
"/wwwroot.tar.gz", "/wwwroot.zip", "/wwwroot.rar",
"/backup.tar.gz", "/backup.zip", "/backup.rar",
"/web.tar.gz", "/web.zip", "/web.rar",
"/log.tar.gz", "/log.zip", "/log.rar",
"/"+target+".sql", "/db.sql",
"/"+target+".tar.gz", "/"+target+".zip", "/"+target+".rar",
"/.config.php.swp", "/config.php.bak",
"/protected/yiic"]
# 取404页面大小用于比较 防止统一错误页面误记录
notfound_length = 0
try:
req = urllib2.Request("http://" + target + "/notfound_123ada12314ad889.tmp")
httplib.HTTPConnection.debuglevel = 1
opener_nf = urllib2.build_opener(SmartRedirectHandler)
resp_nf = opener_nf.open(req)
notfound_length = len(resp_nf.read())
except Exception, e:
pass
#print e
for info in secretList:
res = "http://" + target + info
try:
req = urllib2.Request(res)
opener = urllib2.build_opener(SmartRedirectHandler)
resp = opener.open(req)
status = resp.code
content_length = len(resp.read())
print str(content_length) + "-" + str(notfound_length) + "|" + res
if (200 == status) and (content_length <> notfound_length) and (resp.read().index("<html")>0):
print "\t#found# " + res
secretRs.append(res)
writer = open("secret-res.txt", "a")
writer.write(res+"\n")
writer.close()
except Exception, e:
pass
#print e
def dirList(target):
pass
def main():
reader = open("list.txt", "r")
for line in reader.readlines():
line = line.rstrip()
job = scanner(line)
job.start()
reader.close()
if __name__ == '__main__':
main()