exploit-fix/tools/xdir.py at master · pythonone/exploit-fix · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import re

from exploit import ModulePath
from exploit import LOG_FOLDER_PATH

from exp10it import get_target_script_type

def single_dirb_scan(target):
    # 对一个target进行dirb扫描
    target=re.sub(r"/+","",target)
    import os

    if False == os.path.exists(ModulePath + "dirsearch"):
        os.system("git clone https://github.com/maurosoria/dirsearch.git %sdirsearch" % ModulePath)

    if False == os.path.exists(LOG_FOLDER_PATH):
        os.system("mkdir %s" % LOG_FOLDER_PATH)

    if False == os.path.exists(LOG_FOLDER_PATH + "/dirsearch_log"):
        os.system("cd %s && mkdir dirsearch_log" % LOG_FOLDER_PATH)
    log_file = LOG_FOLDER_PATH + "/dirsearch_log/%s_log.txt" % target.split("/")[-1]
    if os.path.exists(log_file):
        pass
    else:
        script_type=get_target_script_type(target)
        if len(script_type)>1:
            for each in script_type:
                tmp=each+","
            script_type_value=tmp[:-1]
        elif len(script_type)==1:
            script_type_value=script_type[0]
        else:
            return "get script type wrong in %stools/xdir.py" % ModulePath

        ext=script_type_value

        origin_log_dir = ModulePath + "dirsearch/reports/%s" % target.split("/")[-1]
        if False == os.path.exists(log_file):
            if (True == os.path.exists(origin_log_dir) and True == os.path.exists(origin_log_dir) and len(
                    os.listdir(origin_log_dir)) == 0) or False == os.path.exists(origin_log_dir):
                os.system(
                    "cd %sdirsearch && python3 dirsearch.py -u %s -t 200 -e %s --random-agents -x 301,302,500 -r" %
                    (ModulePath, target, ext))

            if False == os.path.exists(origin_log_dir):

                from colorama import init, Fore
                init(autoreset=True)
                print(Fore.YELLOW + target)

                print(
                    Fore.YELLOW +
                    "single_dirb_scan may be banned coz too much request to the target server")
                return ""
            else:
                origin_log_name_list = os.listdir(origin_log_dir)
                if len(origin_log_name_list) > 0:
                    os.system("mv %s/%s %s" %
                              (origin_log_dir, origin_log_name_list[0], log_file))
        else:
            pass

    strings = ""
    urls_list = []
    if os.path.exists(log_file) == True:
        # 如果dirbsearch失败则不会产生log文件
        with open(log_file, "r+") as f:
            for each_line in f:
                # 每行最后一个字符是\n
                if each_line[:3] == '200':
                    url = re.search(r"(http.*)", each_line).group(1)
                    if url not in urls_list and url[0:-(1 + len(url.split(".")[-1]))] + url.split(
                            ".")[-1].upper() not in urls_list and '.' in url[-6:]:
                        urls_list.append(url)
                        strings += (url + "\n")
        strings_to_write = strings
    else:
        strings_to_write = ""

    return strings_to_write

if __name__=='__main__':
    import sys
    target=sys.argv[1]
    single_dirb_scan(target)