-
Notifications
You must be signed in to change notification settings - Fork 19
/
xrayRad-Scan.py
159 lines (125 loc) · 4.68 KB
/
xrayRad-Scan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/usr/bin/ python
# -*- coding:utf-8 -*-
"""
-------------------------------------------------
Author: loecho
Datetime: 2020/8/31 10:15
ProjectN: xrayRad.py
Blog: https://loecho.me
Email: loecho@foxmail.com
-------------------------------------------------
"""
import subprocess
import sys
import time
from colorama import Fore, init
xrayPath = './xray_windows_amd64.exe'
def Alltype(url):
'''
默认扫描所有类型的漏洞
'''
filename = time.strftime('%Y-%m-%d-%H.%M.%S', time.localtime(time.time()))
target = url
print '\033[32m[+] ScanUrl: \033[0m' + target
cmd = [xrayPath, "webscan", "--browser-crawler", target, "--html-output",
"{}.html".format(filename)]
rsp = subprocess.Popen(cmd)
output, error = rsp.communicate()
def type(url, type_info):
target = url
print '\033[32m[+] ScanUrl: \033[0m' + target
'''
细化攻击类型,提升效率:
high: sqldet, cmd_injection, thinkphp, fastjson, shiro, xxe, path_traversal, upload, brute_force, ssrf
Low:dirscan, phantasm, baseline, redirect, crlf_injection, xss struts
'''
# 基本探测:
# High ='sqldet,cmd_injection,thinkphp,fastjson,shiro,xxe,path_traversal,upload,brute_force,ssrf'
# Low ='dirscan,phantasm,baseline,redirect,crlf_injection,xss,struts'
# all-探测类型:
alltype = {
'sqlin': 'sqldet', # 详细类型:
'cmd': 'cmd_injection',
'xss': 'xss',
'xxe': 'xxe',
'base': 'baseline',
'path': 'path_traversal',
'upload': 'upload',
'brute': 'brute_force',
'dir': 'dirsearch',
'phan': 'phantasm',
'urlred': 'redirect',
'crlf': 'crlf',
'thinkphp': 'thinkphp',
'shiro': 'shiro',
'fastjson': 'fastjson',
'struts': 'struts'
}
filename = time.strftime('%Y-%m-%d-%H.%M.%S', time.localtime(time.time()))
type = alltype[type_info]
cmd = [xrayPath, "webscan", "--plugins", type, "--browser-crawler", target, "--html-output",
"{}-{}.html".format(type_info, filename)]
rsp = subprocess.Popen(cmd)
output, error = rsp.communicate()
# 单类型:
def oneTypemain(filename, type_info):
file = open(filename)
for text in file.readlines():
url = text.strip('\n')
if "://" not in url:
url = "http://{}".format(url)
type(url, type_info)
else:
url = url
type(url, type_info)
# 全类型:
def typemain(filename):
file = open(filename)
for text in file.readlines():
url = text.strip('\n')
if "://" not in url:
url = "http://{}".format(url)
Alltype(url)
else:
url = url
Alltype(url)
if __name__ == '__main__':
try:
if len(sys.argv) > 2:
oneTypemain(filename=sys.argv[1], type_info=sys.argv[2])
else:
typemain(filename=sys.argv[1])
except Exception as r:
print Fore.LIGHTYELLOW_EX + '''
_ __ ____ __ _____
| |/ /_________ ___ __/ __ \____ _____/ / / ___/_________ _____
| // ___/ __ `/ / / / /_/ / __ `/ __ /_____\__ \/ ___/ __ `/ __ \\
/ |/ / / /_/ / /_/ / _, _/ /_/ / /_/ /_____/__/ / /__/ /_/ / / / /
/_/|_/_/ \__,_/\__, /_/ |_|\__,_/\__,_/ /____/\___/\__,_/_/ /_/
/____/
Version: v1.0
Author: loecho
Blog: https://loecho.me
--------------------------------------------------------------------------
sqlin SQL注入漏洞探测
cmd 命令执行漏洞探测
xss XSS漏洞探测
xxe XXE漏洞探测
base 基线检查
path 目录穿越
upload 文件上传
brute 暴力破解
dir 目录扫描
urlred 任意uRL跳转
crlf CRLF
thinkphp THINKPHP系列漏洞探测
shiro SHIRO系列漏洞探测
fastjson FASTJSON系列漏洞探测
struts STRUTS系列漏洞探测
usage:
<1> allType-漏洞检测
python2 xrayRad-Scan.py url.txt
<2> SQL注入漏洞检测
python2 xrayRad-Scan.py url.txt sqlin
---------------------------------------------------------------------------
'''