forked from tiaotiaolong/TTLScan
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathttlscan.py
179 lines (140 loc) · 5.32 KB
/
ttlscan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#coding=utf-8
import argparse
import logging
import time
from logging.handlers import RotatingFileHandler
from colorlog import ColoredFormatter
import importlib
import re
from lib import ttlscanlogger
from lib import parser_zoomeye
import os
from os import path
import requests
from config import config
#Logo
def print_logo():
print('\033[0;31;40m')
print("▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄ ▄▄ ▄▄▄▄")
print("▀▀▀██▀▀▀ ▀▀▀██▀▀▀ ██ ▄█▀▀▀▀█")
print(" ██ ██ ██ ██▄ ▄█████▄ ▄█████▄ ██▄████▄")
print(" ██ ██ ██ ▀████▄ ██▀ ▀ ▀ ▄▄▄██ ██▀ ██")
print(" ██ ██ ██ ▀██ ██ ▄██▀▀▀██ ██ ██ author:跳跳龙")
print(" ██ ██ ██▄▄▄▄▄▄ █▄▄▄▄▄█▀ ▀██▄▄▄▄█ ██▄▄▄███ ██ ██ scripts: 9")
print(" ▀▀ ▀▀ ▀▀▀▀▀▀▀▀ ▀▀▀▀▀ ▀▀▀▀▀ ▀▀▀▀ ▀▀ ▀▀ ▀▀ code by 2018-09-09")
print('\033[0m')
#判断字符串是否为ip
def isIP(one_str):
'''
正则匹配方法
判断一个字符串是否是合法IP地址
'''
compile_ip=re.compile('^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$')
if compile_ip.match(one_str):
return True
else:
return False
def scan_over(start_time):
over_time=time.time()
ttlscanlogger.logger.info("程序本次用时 {}s".format(over_time-start_time))
exit(0)
def scan_over_error():
ttlscanlogger.logger.info("输入源有误 程序自动退出")
exit(-1)
if __name__ == '__main__':
#准备工作
print_logo()
start_time=time.time()
#parser
parser=argparse.ArgumentParser(description="ttlscan help")
parser.add_argument('--ip', type=str , help='ip to pentest')
parser.add_argument('--ip_list', type=str , help='file contained ips')
parser.add_argument('--target_url',type=str, help="target url")
parser.add_argument('--target_url_list',type=str, help="target url list")
parser.add_argument('--search', type=str, help='search engine to get ip')
parser.add_argument('--search_page', type=str, help='pages to search default 20pages')
parser.add_argument('--script', type=str , help='script you want test')
parser.add_argument('--query', type=str , help='eg: python ttlscan.py --query scripts')
#参数传递
args=parser.parse_args()
ip,ip_list,search,target_url,target_url_list,script,search_page=args.ip,args.ip_list,args.search,args.target_url,args.target_url_list,args.script,args.search_page
query=args.query
#逻辑判断
#查询功能
if query=="scripts":
scripts_url_list=os.listdir(os.path.dirname(os.path.realpath(__file__))+"/plugins/url")
scripts_ip_list=os.listdir(os.path.dirname(os.path.realpath(__file__))+"/plugins/ip")
scripts_list=scripts_url_list+scripts_ip_list
temp=[]
for script in scripts_list:
if re.search('.py$',script) and 'init' not in script:
temp.append(script.split('.')[0])
ttlscanlogger.logger.info("scripts: {0}".format(' '.join(temp)))
scan_over(start_time)
ttlscanlogger.logger.info("{0} scan starting".format(time.strftime("%a %b %d %H:%M:%S %Y", time.localtime()) ))
#基于IP
if not ip==None:
#是合法ip
if(isIP(ip)):
#动态调用
module=importlib.import_module('plugins.ip.{}'.format(script))
module.POC(ip)
#Over
scan_over(start_time)
#基于IPLIST
if not ip_list==None:
with open(ip_list,'r') as f:
ip_list_temp=f.readlines()
module=importlib.import_module('plugins.ip.{}'.format(script))
for ip in ip_list_temp:
ip=ip.strip()
if(isIP(ip)):
module.POC(ip)
scan_over(start_time)
#基于第三方搜索引擎
if not search==None:
#如果是zoomeye搜索引擎
if search.strip()=="zoomeye":
#搜索页数默认值为50
if search_page==None:
search_page=20
else:
search_page=int(search_page)
#通过script获取搜索信息:
module=importlib.import_module('plugins.ip.{}'.format(script))
poc_info=module.POC_INFO()
#获取端口搜索信息
script_port=poc_info['port']
#声明ip列表集合
ip_from_pages_list=[]
#对pages进行深度遍历 形成ip列表
for page in range(search_page):
response=requests.get(url=config.zoomeye_search_api.format("port:"+str(script_port),str(search_page)),headers=config.headers)
#获取目标IP集合
object_ip_temp_list=parser_zoomeye.parser(response.text)
ip_from_pages_list+=object_ip_temp_list
#对IP进行探测
for ip in ip_from_pages_list:
ip=ip.strip()
if(isIP(ip)):
print(ip)
module.POC(ip)
scan_over(start_time)
exit(0)
#基于URL
if not target_url==None:
module=importlib.import_module('plugins.url.{}'.format(script))
module.POC(target_url)
scan_over(start_time)
#基于URLLIST
if not target_url_list==None:
with open(target_url_list,'r') as f:
url_list_temp=f.readlines()
module=importlib.import_module('plugins.url.{}'.format(script))
for url in url_list_temp:
url=url.strip()
module.POC(target_url)
scan_over(start_time)
#输入源有误
else:
scan_over_error()