cutescan.py,,cutescan.py
cutescan.py,,cutescan.py
cutescan.py python 智能扫描网址备份 危险文件 目录脚本
#===============================================================================# Id :cutescan.y#===============================================================================import sys, urllib2, time, os , Queue, msvcrt, threading,refrom json import scannerdef cslogo(): print ''',--^----------,--------,-----,-------^--,| ||||||||| `--------' | O ..`+---------------------------^----------|`\\_,-------, ___@ PlayWeb ______|/ XXXXXX /`| // XXXXXX / `\\ // XXXXXX /\\______(/ XXXXXX // XXXXXX /(________( For example:`------' cutescan.py yaseng.me'''# show messagedef msg(text, type=0): if type == 0: str_def = "[*]" elif type == 1: str_def = "[+]" else: str_def = "[-]"; print str_def + text;# readfile to arraydef file_to_arr(file): arr=[] f = open(file) for line in f: arr.append(line.strip()) return arrclass ThreadGetKey(threading.Thread): def run(self): try: chr = msvcrt.getch() if chr == 'q': print "stopped by your action ( q )" os._exit(1) except: os._exit(1)def cutescan(host): msg("Cutescan :" + host) path_list1 = file_to_arr("data\\\\path1.txt") path_list2 = file_to_arr("data\\\\path2.txt") suffix_list= file_to_arr("data\\\\suffix.txt") # Compile the dictionary path_list1+=compile_domain(host) global file_queue global path_list global url_list global g_error_page_size path_list = [] url_list=[] file_queue = Queue.Queue() g_error_page_size=error_page_szie("http://"+host) for path2 in path_list2 : if len(path2) > 0: path_list.append(path2) for path1 in path_list1 : path_list.append(path1 + path2 ); #print path_list scandir("http://" + host+"/") url_list.insert(0,"http://" + host+"/") for url in url_list: for path in path_list : for suffix in suffix_list : file_queue.put(url + path+"." + suffix) msg("Target:%s %d available path found %d url list compiled " % (host,len(url_list),file_queue.qsize()),1) for i in range(30): Scaner().start()def scandir(curl): for path in path_list : url = curl + path + "/" #msg(url) try: r = urllib2.urlopen(url, timeout=10) size = dict(r.headers).get('content-length', 0) if g_error_page_size != size : msg("Path:" + url + " --->%d" % r.getcode(), 1); url_list.append(url) #scandir(url+"/") # Recursive fuzz path else : continue except urllib2.HTTPError as hr: # msg("Path:"+url+" --->%d" % hr.code,2); if(hr.code == 403) : url_list.append(url) scandir(url+"/") continue# compile domain to path_list exp : pentest.yaseng.com.cn => ['pentest.yaseng.com.cn', 'yaseng.com.cn', 'pentest', 'yaseng']def compile_domain(domain): path_list = [] url_re = re.compile('.(com|net|org|cc|gov|edu|cn|me|info|hk|tv|asia).*') # top domain .... rq=url_re.search(domain); if rq is None : return [] ret = url_re.sub('', domain) domain_arr = ret.split('.') path_list.append(domain) domain_len=len(domain_arr) if domain_len > 0 : if domain_len > 1 : path_list.append(domain_arr[domain_len-1]+rq.group()) path_list+=domain_arr return path_listdef error_page_szie(domain): try: ret=urllib2.urlopen(domain+"/cutescan9527.html", timeout=10) except : return 0 return dict(ret.headers).get('content-length', 0)class Scaner(threading.Thread): def __init__(self): threading.Thread.__init__(self) def run(self): while 1: if file_queue.empty() == True: break url = str(file_queue.get()) rfile="" try: #msg(url) rfile = urllib2.urlopen(url, timeout=10) size = dict(rfile.headers).get('content-length', 0) if g_error_page_size != size : msg("File %s found !!! Type:%s Size: %.4f m" % (url, rfile.headers['Content-Type'], float(size) / (1024 * 1024)) , 1); else : continue except : continueif __name__ == '__main__': cslogo() if len(sys.argv) > 1 : site_arr=file_to_arr(sys.argv[1]); for site in site_arr : try : urllib2.urlopen("http://"+site, timeout=10) cutescan(site) except : msg(site+" look unavailable ") continue#该片段来自于http://byrx.net
相关内容
- Python一句话生成N个随机数并挑出某个范围内的,pytho
- 比“目前最快的素数生产“快7倍,目前素数生产7倍,用
- python爬虫,抓豆瓣勾搭组妹纸照片,,import urlli
- 通过logging与ctypes打印不同颜色的日志,loggingctypes日志
- 爬取中图分类法,爬取图分类法,# -*- coding
- 发邮件(全功能),发邮件全功能,#coding=utf-
- python发微博升级版,python发微博,上次发了一个利用新浪
- python 微信自定义菜单的管理,python信自定义菜单,# -*
- 简易发送邮件(仅限普通文本,发送邮箱需开启smtp),
- 远程登录多台服务器执行其上脚本,远程登录多台,#!
评论关闭