搜索
    Hi~登录注册
    查看: 1040|回复: 3
    收起左侧

    lazybones自动化挖掘漏洞的一个小东西

    [复制链接]

    43

    主题

    0

    精华

    17 小时

    在线时间

    注册会员

    Rank: 2

    积分
    74
    发表于 2021-3-14 10:42:38 | 显示全部楼层 |阅读模式
    Lazybones使用说明开发思路
    通过调用OneForALL采集子域名并且调用masscan扫描端口 所有结果通过httpx获取title等信息 通过wafw00f判断存在waf的站 没有waf的自动调用xray进行扫描  并且将所有的httpx获取到的结果写入数据库 可通过web查询所有结果
    使用方法
    Python index.py -O baidu.com -t baidu.com -n 1500
    打包的文件夹内的Masscan是我github上面找的 不确定是否存在后门 如果有需要可以自己编译一份windows下用的
    Windows Linux Macos 均可使用
    不过要替换文件夹内对应程序的版本
    如果不需要写入数据库以及web查询可以注释掉相关代码
    QQ截图20210314104100.png
    程序配置
    打开Module.py 修改第39.54.56.67.111行程序分别对应的路径
    52行用的是top1500+端口 如果需要扫描全端口可以使用-n 1-65535
    web目录下的index.php自行修改mysql连接信息
    程序默认会将所有结果输出到result目录下并生成单独的文件
    核心代码
    [Python] 纯文本查看 复制代码
    import os
    import re
    import json
    import pymysql
    
    def OneForall(Target):
        subdomain_list_1 = []
        ip_list_1 = []
        url_list_1 = []
        with open("./OneForAll/results/"+Target+".json", "r",encoding='utf-8') as f:  # 打开json文件
            data = f.read()  # 读取文件
            data = json.loads(data)
            for i in data:
                subdomain = i['subdomain']
                subdomain_list_1.append(subdomain)
                url = i['url']
                url_list_1.append(url)
                ip = i['ip'].split(',')
                for x in ip:
                    ip_list_1.append(x)
        ip_list_2 = list(set(ip_list_1)) 
        for i in ip_list_2:
            with open('./result/'+Target+'_ip.txt',"a+",encoding='utf-8') as f:
                f.write(i+'\n')
                f.close()
        subdomain_list_2 = list(set(subdomain_list_1)) 
        for sub in subdomain_list_2:
            with open('./result/'+Target+'_subdomain.txt','a+',encoding='utf-8') as f:
                    f.write(sub+"\n")
                    f.close()
        url_list_2 = list(set(url_list_1)) 
        for i in url_list_2:
            with open('./result/'+Target+'.txt',"a+",encoding='utf-8') as f:
                f.write(i+'\n')
                f.close()
        os.system('D:\lazybones\httpx\httpx.exe  -l ./result/'+Target+'.txt -title -status-code -threads 100 -follow-redirects -json -o ./result/'+Target+'_httpx_json.txt')
        for line in open('./result/'+Target+'_httpx_json.txt','r',encoding='utf-8'):
            tmp = json.loads(line)
            with open('./result/'+Target+'_all_httpx.txt','a+',encoding='utf-8') as f:
                    f.write('url:'+tmp['url']+'     title:'+tmp['title']+'      webserver:'+tmp['webserver']+'      status-code:'+str(tmp['status-code'])+"\n")
                    f.close()
            if tmp['status-code'] == 200 or tmp['status-code'] == 403 or tmp['status-code'] == 404 or tmp['status-code'] == 401 or tmp['status-code'] == 400:
                with open('./result/'+Target+'_result.txt','a+',encoding='utf-8') as f:
                    f.write(tmp['url']+'\n')
                    f.close()
    
    def masscan(target,num):
        ports = "8192,8193,8194,32768,8196,8197,32770,7,8200,8,8201,8202,32771,32773,20,8213,21,22,25,8220,8222,30,8232,8250,60,65,66,8260,68,70,73,77,79,80,81,82,83,84,85,86,87,88,89,90,8280,91,93,8282,92,94,97,98,99,100,95,96,103,8288,104,106,8298,8300,108,110,111,113,114,8308,119,121,122,123,8322,132,133,135,137,138,139,8332,8333,8334,143,8341,8343,8351,161,162,8360,171,175,179,180,8377,8378,8380,8381,188,8383,8382,8384,16580,8388,8390,8391,200,198,199,206,8399,8400,8401,208,211,8402,8403,223,235,8189,8443,8444,8445,264,268,270,8465,280,8477,8480,8481,8484,8488,299,302,8499,8500,308,309,311,8512,321,333,8529,8545,8546,8548,8554,8567,381,8580,389,8582,391,8585,403,16788,8600,8601,8610,421,423,25000,427,25006,25010,436,442,443,444,445,447,25024,449,8649,465,8660,8666,8680,8681,8684,8686,8688,500,502,503,505,8700,511,512,41474,102,515,517,8710,520,522,523,8720,25105,57880,16922,16923,540,8735,16929,548,49705,554,41516,560,564,33338,8765,8777,586,587,8780,8781,591,8787,8788,602,8799,8800,8801,8802,610,16992,16993,8806,8808,17000,8810,8809,17003,8813,620,623,626,8820,8822,631,8828,636,8834,646,8839,8844,58000,8848,666,8860,8861,8864,8866,8868,8877,58031,8880,8881,688,8879,17071,8885,8886,8887,8888,8889,8890,8891,8892,701,8893,8895,8281,705,8898,8899,8900,8901,8902,17095,8896,8905,8283,58060,8910,8912,8913,733,58080,58083,8291,8955,8956,770,771,777,778,8972,58124,8974,8980,17173,789,8983,8987,8988,8989,8990,8991,8992,800,801,802,803,8997,804,805,806,8999,9000,9001,808,9002,9003,809,9006,9007,9005,9009,9010,9011,9008,9012,9015,9014,9013,9019,9020,9022,9025,41795,9030,9031,843,9036,9038,9039,50000,9042,9043,853,9050,9051,860,9053,866,9060,9061,873,876,877,9070,50030,880,9068,888,9080,889,9083,9084,9081,9085,9082,50045,9088,898,9090,900,901,902,9095,9096,9091,9092,9093,9099,50060,9100,911,9103,9098,9101,9105,916,50070,9111,9112,9110,9113,50075,925,9119,50080,50090,9131,50100,955,956,9151,50111,968,9168,983,9180,25565,9182,990,992,993,994,995,9188,9190,9191,1000,999,1001,1002,1004,1005,9198,9192,9200,9201,1010,32766,1016,9212,1020,1022,1023,1024,1025,1026,1027,9224,9231,1039,1042,1046,1080,1083,1085,50240,1088,1099,1100,9292,9295,1104,1107,9300,9301,1108,9302,9306,1122,1123,33890,1128,9333,9334,1158,1177,1180,1182,1194,1200,1201,1212,1213,1214,9418,1234,1241,9437,1248,9443,9444,9446,1260,1290,1300,1301,9494,1302,9500,1311,9504,1313,1314,9507,9512,9517,9527,9530,1344,9541,9542,1356,1389,17777,1400,9595,9600,1433,1434,1443,1445,9653,42424,1471,9666,9668,1494,1500,1503,9696,1505,9700,9704,1515,9711,1521,9718,49151,49152,49153,49154,1550,49155,58898,1554,1588,1600,1603,1604,17988,9800,9801,1610,18000,18001,18002,26214,9836,1645,9845,59009,1666,34440,9864,18060,9869,9870,1680,9876,18080,18081,9889,9888,1700,18082,18085,1701,18086,9898,18090,9900,9901,9909,9910,18103,9912,1720,9914,1723,1722,9918,9919,9922,1741,59093,9943,9944,59110,1777,9977,9980,9981,1790,9988,9989,18181,9990,9991,9992,1800,9995,34567,9997,9998,9999,10000,10001,10002,10003,10004,10005,1812,10007,10009,10010,1818,10016,10017,10021,1830,34599,10024,10025,10030,10035,10038,10040,10050,10051,18245,18246,1863,10056,10057,10060,10066,10068,10069,10070,1880,18264,1883,10078,10080,10082,10086,10087,10088,10089,26470,1900,1901,10098,10099,10101,1911,42873,10111,10118,1933,1935,1947,1949,51106,10152,10154,1962,1967,10162,1979,1980,1982,1984,1988,1991,1993,1999,2000,2001,2002,2005,2006,2007,10200,2008,2010,2011,2012,2013,2014,2009,2015,2020,2022,2030,2046,2049,2051,2052,2053,10243,2055,10250,2060,10255,2064,2070,2077,2080,2082,2083,2086,2087,2093,2094,2095,2096,2100,2110,2121,2123,2125,34899,10332,10333,2152,2160,2168,2181,34962,34963,34964,2222,2223,10443,2252,2261,2301,2306,2323,2332,2340,2348,10554,2375,2376,2379,18765,2382,2396,2401,2404,2406,18801,18803,27000,2424,2425,2427,59777,27015,27016,27017,2443,2455,2480,2490,18880,18881,2501,18888,18889,2517,2521,2525,2585,10777,2600,2601,19000,19010,2628,59999,60000,60001,19045,2663,60010,60022,60030,43651,19080,2715,19101,60080,60101,19150,11000,11001,2808,2809,19244,2869,2886,11080,2901,11158,11180,3000,3001,3002,3003,3005,3010,3012,3013,11211,11212,3030,3033,3050,3052,3075,3080,3094,3097,60443,11300,11310,60465,3128,11324,3133,11347,11362,11366,11371,11372,11381,27779,3216,3220,3260,3280,3283,3288,3299,3306,3307,3310,3311,3312,3333,3337,3352,3372,3377,3380,3388,3389,3390,3391,3398,3437,28017,44401,3443,3456,3460,3465,11660,3478,44445,3503,28080,3505,19888,3520,3522,28099,3523,3524,3525,3528,3531,3535,3541,3542,3580,3588,3600,3606,19994,19999,20000,20001,3618,20021,28214,20022,20046,20052,3668,3671,3680,3689,3690,3702,28280,52869,3721,8882,8883,61081,3737,8884,3749,20140,20142,20151,20153,11965,3780,20165,3784,3790,12000,12001,20200,20202,44818,3880,3938,20332,4000,4001,4005,4016,4022,4023,4040,4050,807,4063,4064,4070,810,811,812,12300,12315,12333,12345,4155,20547,4180,45149,28780,28784,45177,4237,37006,4242,61613,61616,4300,4321,9004,4369,4380,4389,20806,20808,4430,4433,4440,4443,4444,37215,4453,4455,4480,20880,4497,4500,4503,4505,4506,17185,4567,4569,4570,45554,20992,61999,4660,4664,12881,21080,4711,4712,4730,45692,62078,9086,9089,4782,4786,4800,21188,12999,4840,4842,4848,4850,21245,4880,4911,4949,5000,5001,5002,5003,5004,5005,5006,5007,5008,5009,5010,37777,5013,5038,5050,5051,5060,5061,5080,5081,5084,5093,5094,5095,5098,5100,5111,5118,13333,5151,5155,5156,13382,5200,5201,5203,29798,5222,5225,38000,5233,5255,5256,5258,5269,5280,29876,38080,38086,5351,5353,5357,13579,5400,29999,30000,30001,5427,5432,30015,5443,30025,30030,13666,30058,5501,30082,30088,21900,13720,13722,5544,5550,5552,5554,5555,5560,5561,5566,5577,5598,5600,5601,49960,5631,5632,5644,5655,5656,5672,5673,38443,5678,5683,22080,22105,38501,30310,30311,30312,30313,38517,5757,5780,13988,5800,5801,5802,14000,5811,14007,5820,22222,22228,5881,5887,5888,5898,5900,5901,5902,5903,55070,5938,22335,14147,22343,5966,30551,5984,5985,5986,6000,6001,6002,6003,6006,6010,6011,6020,50050,6060,6068,14265,6080,6082,6088,6090,22480,6100,6101,6103,6118,47078,38888,47088,30718,14338,6167,6170,6180,22580,6198,55351,55352,6226,14443,6259,6286,55442,14534,6346,14549,6363,6365,6372,6379,6388,55553,55555,31000,6443,6488,31082,6510,6543,6544,6546,6560,6565,6581,6587,6588,6590,6600,6602,6603,6606,6611,31188,47583,23023,6664,6665,6666,6667,6668,6669,6677,6680,6688,6697,6699,55858,31337,6778,6780,6782,6789,6800,6801,15000,15004,15018,6842,47808,6868,6869,6879,6881,6886,6887,6888,6889,6890,15080,6920,23352,6969,6988,23380,6998,7000,7001,7002,7003,7004,7005,7006,7007,7008,7009,7010,7011,7012,7014,7017,7018,7020,7021,7022,7023,7028,7031,23424,7041,7044,7048,7050,7055,7060,7070,7071,23454,7072,23458,7077,7080,7081,7082,7083,7084,7086,7088,7090,7093,7094,7100,7101,7102,7108,7111,7117,48080,7123,7129,7140,7144,7145,7170,7171,7180,7187,7199,7200,7201,7202,15400,7215,40000,40001,7272,7273,7280,7288,7300,40069,40080,7321,7330,31945,7380,15580,64738,7401,7402,7443,7474,7479,15672,7493,7500,15693,7501,15698,56688,7537,40310,7547,7548,7567,15801,7634,65000,65001,7657,7676,15888,7700,7702,7703,7709,7711,65055,7713,7742,7751,7776,7777,7778,7779,7780,7788,7789,7791,7799,7801,16000,16010,32400,16030,7856,16080,7888,7890,7896,7899,7900,7901,7903,7909,7911,7915,7921,7925,48899,7942,7943,7979,7995,7999,8000,8001,8002,8003,8004,8005,8006,8007,8008,8009,8010,8011,8012,8013,8014,8015,8016,8017,8018,8019,8020,8021,8022,8023,8024,8025,8026,8027,8028,8029,8030,8031,8032,8033,8035,8036,8037,8038,8039,8040,8041,8042,8043,8044,8045,8049,8050,8051,8052,8053,8054,8055,8056,8057,8058,8060,8061,8062,8064,8065,8066,8067,8068,8069,8070,8071,8073,8075,8077,8078,8079,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8102,8103,8104,8105,8110,8111,8112,8118,8119,8122,8123,8125,8126,8129,8130,8133,8136,8138,8139,8140,65486,8144,65493,8153,8159,8161,8168,8176,8180,8181,8182,8183,8184,8186,8188,65533,8190,8191"
        if num == 1500:
            os.system('D:\lazybones\masscan\masscan.exe -sS -p'+ports+' -iL ./result/'+target+'_ip.txt --rate 500 -oJ ./result/'+target+'_masscan_output.txt')
        else:
            os.system('D:\lazybones\masscan\masscan.exe -sS -p'+str(num)+' -iL ./result/'+target+'_ip.txt --rate 500 -oJ ./result/'+target+'_masscan_output.txt')
        with open("./result/"+target+"_masscan_output.txt", "r",encoding='utf-8') as f:  # 打开json文件
            data = f.read()  # 读取文件
            data = json.loads(data)
            f.close()
        for i in data:
            ip = i['ip']
            port = i['ports'][0]
            with open("./result/"+target+"_result.txt","a+",encoding='utf-8') as f:
                f.write(ip+":"+str(port['port'])+"\n")
                f.close()
        os.system('D:\lazybones\httpx\httpx.exe  -l D:/lazybones/result/'+target+'_result.txt -title -status-code -silent -threads 100 -follow-redirects -json -o D:/lazybones/result/'+target+'_httpx_json.txt')
        for line in open('./result/'+target+'_httpx_json.txt','r',encoding='utf-8'):
            tmp = json.loads(line)
            with open('./result/'+target+'_all_httpx.txt','a+',encoding='utf-8') as f:
                f.write('url:'+tmp['url']+'     title:'+tmp['title']+'      webserver:'+tmp['webserver']+'      status-code:'+str(tmp['status-code'])+"\n")
                f.close()
            if tmp['status-code'] == 200 or tmp['status-code'] == 403 or tmp['status-code'] == 404 or tmp['status-code'] == 401 or tmp['status-code'] == 400:
                with open('./result/'+target+'_wait.txt','a+',encoding='utf-8') as f:
                    f.write(tmp['url']+'\n')
                    f.close()
    
    def wafw00f(target):
        os.system('python ./wafw00f/wafw00f/main.py -i ./result/'+target+'_wait.txt -o ./result/'+target+'_waf.json')
        with open("./result/"+target+"_waf.json", "r",encoding='utf-8') as f:  # 打开json文件
            data = f.read()  
            data = json.loads(data)
            f.close()
            for i in data:
                if i['detected'] == False:
                    with open("./result/"+target+"_nowaf.txt","a+",encoding='utf-8') as f:
                        f.write(i['url']+"\n")
                        f.close()
                else:
                    with open("./result/"+target+"_yeswaf.txt","a+",encoding='utf-8') as f:
                        f.write(i['url']+"\n")
                        f.close()
    def xray(target):
        target_list = []
        for urls in open('./result/'+target+'_nowaf.txt'):
            urls = urls.replace('\n', '')
            target_list.append(urls)
        #print(target_list)
    
        for url in target_list:
            num = url.replace('http://','')
            num = num.replace('https://','')
            num = num.replace(':','_')
            num = num.replace('/','')
            #print(num)
            # a = './xray/xray_windows_amd64.exe webscan --basic-crawler '+url+' --html-output '+num+'.html'
            # print(a)
            os.system('D:/lazybones/xray/xray_windows_amd64.exe webscan --basic-crawler '+url+' --html-output ./result/'+num+'.html')
    
    def mysqladd(target):
        url_list = []
        title_list = []
        webserver_list = []
        status_code_list = []
        for data in open('./result/'+target+'_all_httpx.txt',encoding='utf-8'):
            data = data.replace('\n','')
            url = re.findall('url:(.*)     t',data)
            title = re.findall('title:(.*)     w',data)
            webserver = re.findall('webserver:(.*)     s',data)
            status_code = re.findall('status-code:(.*)',data)
            url_list.append(url)
            title_list.append(title)
            webserver_list.append(webserver)
            status_code_list.append(status_code)
            #print(status_code)
        db = pymysql.connect("localhost","root","root","Lazybones" ) 
        cursor = db.cursor()
        zhushi = target
        target = target.replace('.','_')
        target = target.replace('-','_')
        cursor.execute("DROP TABLE IF EXISTS "+target)
        cursor.execute("CREATE TABLE "+target+" (id int(255),url VARCHAR(255),title VARCHAR(255),webserver VARCHAR(255),status_code VARCHAR(255))comment="+"'"+zhushi+"'"+"")
        for id,a,b,c,d in zip(range(len(url_list)),url_list,title_list,webserver_list,status_code_list):
            insert_sql = "INSERT INTO "+target+" (id, url, title,webserver,status_code) VALUES (%s, %s,%s, %s,%s)"
            val = (id,a,b,c,d)
            try:
                cursor.execute(insert_sql, val)
                db.commit()
                print(id, "条记录已插入")
            except:
                db.rollback()

    下载地址回复可见
    游客,如果您要查看本帖隐藏内容请回复





    上一篇:一键socks5代理以及端口复用小工具
    下一篇:Immunity Canvas 某网据说有800个1day的工具 明天抽空写份教程
    回复

    使用道具 举报

    20

    主题

    0

    精华

    206 小时

    在线时间

    注册会员

    Rank: 2

    积分
    68
    发表于 2021-3-14 22:51:13 | 显示全部楼层
    感谢分享
    回复 支持 反对

    使用道具 举报

    0

    主题

    0

    精华

    4 小时

    在线时间

    新手上路

    Rank: 1

    积分
    4
    发表于 2021-3-16 15:20:23 | 显示全部楼层

    感谢分享
    感谢分享
    感谢分享
    感谢分享
    回复 支持 反对

    使用道具 举报

    0

    主题

    0

    精华

    4 小时

    在线时间

    新手上路

    Rank: 1

    积分
    2
    发表于 2021-4-22 14:30:45 | 显示全部楼层
    66666666666
    回复 支持 反对

    使用道具 举报

    游客
    回复
    您需要登录后才可以回帖 登录 | 获取账号

    快速回复 返回顶部 返回列表