说来惭愧啊,花了两天时间才搞出来,确实有段时间没敲键盘了,经过 py中调用js,unescape()被忽略等bugs,其实现在想来也没什么,毕竟已经过去了。。。
import urllib2, re, string, PyV8, time
#url="http://toolbar.netcraft.com/site_report?url=http://www.sucop.com"
def jsc(crstr):
with PyV8.JSContext() as envl:
envl.securityToken = "foo"
envl.locals.prop = crstr
envl.eval('''
var CryptoJS=CryptoJS||function(i,m){var p={},h=p.lib={},n=h.Base=function(){function a(){}return{extend:function(b){a.prototype=this;var c=new a;b&&c.mixIn(b);
c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);
a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.$super.extend(this)}}}(),o=h.WordArray=n.extend({init:function(a,b){a=this.words=a||[];
this.sigBytes=b!=m?b:4*a.length},toString:function(a){return(a||e).stringify(this)},concat:function(a){var b=this.words,c=a.words,d=this.sigBytes,a=a.sigBytes;this.clamp();
if(d%4)for(var f=0;f<a;f++)b[d+f>>>2]|=(c[f>>>2]>>>24-8*(f%4)&255)<<24-8*((d+f)%4);else if(65535<c.length)for(f=0;f<a;f+=4)b[d+f>>>2]=c[f>>>2];else b.push.apply(b,c);
this.sigBytes+=a;return this},clamp:function(){var a=this.words,b=this.sigBytes;a[b>>>2]&=4294967295<<32-8*(b%4);a.length=i.ceil(b/4)},clone:function(){var a=
n.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var b=[],c=0;c<a;c+=4)b.push(4294967296*i.random()|0);
return o.create(b,a)}}),q=p.enc={},e=q.Hex={stringify:function(a){for(var b=a.words,a=a.sigBytes,c=[],d=0;d<a;d++){var f=b[d>>>2]>>>24-8*(d%4)&255;c.push((f>>>4).toString(16));
c.push((f&15).toString(16))}return c.join("")},parse:function(a){for(var b=a.length,c=[],d=0;d<b;d+=2)c[d>>>3]|=parseInt(a.substr(d,2),16)<<24-4*(d%8);
return o.create(c,b/2)}},g=q.Latin1={stringify:function(a){for(var b=a.words,a=a.sigBytes,c=[],d=0;d<a;d++)c.push(String.fromCharCode(b[d>>>2]>>>24-8*(d%4)&255));
return c.join("")},parse:function(a){for(var b=a.length,c=[],d=0;d<b;d++)c[d>>>2]|=(a.charCodeAt(d)&255)<<24-8*(d%4);
return o.create(c,b)}},j=q.Utf8={stringify:function(a){try{return decodeURIComponent(escape(g.stringify(a)))}catch(b){throw Error("Malformed UTF-8 data");}},parse:function(a){return g.parse(unescape(encodeURIComponent(a)))}},k=h.BufferedBlockAlgorithm=n.extend({reset:function(){this._data=o.create();
this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=j.parse(a));this._data.concat(a);
this._nDataBytes+=a.sigBytes},_process:function(a){var b=this._data,c=b.words,d=b.sigBytes,f=this.blockSize,e=d/(4*f),e=a?i.ceil(e):i.max((e|0)-this._minBufferSize,0),a=e*f,d=i.min(4*a,d);if(a){for(var g=0;g<a;g+=f)this._doProcessBlock(c,g);g=c.splice(0,a);b.sigBytes-=d}return o.create(g,d)},clone:function(){var a=n.clone.call(this);a._data=this._data.clone();return a},_minBufferSize:0});
h.Hasher=k.extend({init:function(){this.reset()},
reset:function(){k.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);this._doFinalize();return this._hash},clone:function(){var a=k.clone.call(this);a._hash=this._hash.clone();
return a},blockSize:16,_createHelper:function(a){return function(b,c){return a.create(c).finalize(b)}},_createHmacHelper:function(a){return function(b,c){return l.HMAC.create(a,c).finalize(b)}}});var l=p.algo={};return p}(Math);
(function(){var i=CryptoJS,m=i.lib,p=m.WordArray,m=m.Hasher,h=[],n=i.algo.SHA1=m.extend({_doReset:function(){this._hash=p.create([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(o,i){for(var e=this._hash.words,g=e[0],j=e[1],k=e[2],l=e[3],a=e[4],b=0;80>b;b++){if(16>b)h[b]=o[i+b]|0;else{var c=h[b-3]^h[b-8]^h[b-14]^h[b-16];h[b]=c<<1|c>>>31}c=(g<<5|g>>>27)+a+h[b];
c=20>b?c+((j&k|~j&l)+1518500249):40>b?c+((j^k^l)+1859775393):60>b?c+((j&k|j&l|k&l)-1894007588):c+((j^k^l)-899497514);a=l;l=k;k=j<<30|j>>>2;j=g;g=c}e[0]=e[0]+g|0;e[1]=e[1]+j|0;e[2]=e[2]+k|0;e[3]=e[3]+l|0;e[4]=e[4]+a|0},_doFinalize:function(){var i=this._data,h=i.words,e=8*this._nDataBytes,g=8*i.sigBytes;h[g>>>5]|=128<<24-g%32;h[(g+64>>>9<<4)+15]=e;i.sigBytes=4*h.length;
this._process()}});i.SHA1=m._createHelper(n);i.HmacSHA1=m._createHmacHelper(n)})();var response = CryptoJS.SHA1(unescape(prop));''')
vars=envl.locals
response=vars.response
response2=PyV8.JSObject.__str__(response)
#response2=PyV8.convert(response)
return response2
def grab(url, localfile):
headers={
'GET':'site_report?url=http://www.uestc.edu.cn HTTP/1.1',
'Host':'toolbar.netcraft.com',
'User-Agent':'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0',
'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language':'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
'Accept-Encoding':'gzip, deflate',
'Cookie':'__utma=207282326.130860318.1440300007.1440317156.1440386196.4; __utmz=207282326.1440300007.1.1.utmcsr=uptime.netcraft.com|utmccn=(referral)|utmcmd=referral|utmcct=/up/graph; __utma=126155282.1235327714.1440301396.1440301396.1440301396.1; __utmz=126155282.1440301396.1.1.utmcsr=toolbar.netcraft.com|utmccn=(referral)|utmcmd=referral|utmcct=/site_report',
'DNT':'1',
'Connection':'keep-alive',
'Cache-Control':'max-age=0'
}
req=urllib2.Request(url,headers=headers)
respons=urllib2.urlopen(req)
#print respons.read()
#print respons.headers['Set-Cookie']
cookie=respons.headers['Set-Cookie']
diccook=cookie.split(';')
temc=diccook[0].split('=')
tem2c=temc[1]
response2=jsc(tem2c)
#print response2
a=headers['Cookie'].split(';')
a1=''.join(['netcraft_js_verification_challenge=',tem2c])
a.append(a1)
a2=''.join(['netcraft_js_verification_response=',response2])
a.append(a2)
headers['Cookie']=';'.join(a)
#print headers
req3=urllib2.Request(url,headers=headers)
time.sleep(6)
respons3=urllib2.urlopen(req3)
respons4=respons3.read()
#print respons3.read()
p = re.findall('''<td width="37%"><a href=\'(.+?)\'>(.+?)</a></td>''',respons4)
p2 = re.findall(r'''</td>
<td>((\d+)\.(\d+)\.(\d+)\.(\d+))</td>
<td>(.+?)</td>
<td>(.+?)</td>
<td>(.+?)</td>''',respons4)
#print p2
myfile = open(localfile,'a')
Site = p[0][1]
Netblock_Owner = p[1][1]
Domain = p[2][1]
IP_address = p2[0][0]
OS = p2[0][5]
Web_server = p2[0][6]
Last_seen = p2[0][7]
myfile.write(Site)
myfile.write('----')
myfile.write(Netblock_Owner)
myfile.write('----')
myfile.write(Domain)
myfile.write('----')
myfile.write(OS)
myfile.write('----')
myfile.write(Web_server)
myfile.write('----')
myfile.write(IP_address)
myfile.write('----')
myfile.write(Last_seen)
myfile.write('\n')
myfile.close()
time.sleep(4)
def main():
#localfile = 'test.txt'
grab(url,localfile)
if __name__=="__main__":
main()# -*- coding: cp936 -*-
from os import listdir
import time
bb = __import__('1')
grab = bb.grab
if True:
tmp=listdir("./")
print("[*] 请选择攻击目标列表文件ID..")
for i in range(len(tmp)):
print("[%s] %s"%(i,tmp[i]))
print("[?] 列表:")
lf = raw_input("")
try:
ii = int(lf)
ff = tmp[ii]
if len(lf)>0:
flist = open("%s"%ff).readlines()
for i in range(len(flist)):
f = flist[i]
f = f.strip("\n")
#f = f.replace("http://","")
print("[+] AUTO-FUCK::[%s/%s]::%s"%(i+1,len(flist),f))
time.sleep(2)
print("please wait a moment...")
for i in range(len(flist)):
u = flist[i]
localfile = ''.join(['res-',ff])
#print u
uu = ''.join(['http://toolbar.netcraft.com/site_report?url=',u])
print uu
grab(uu, localfile)
except Exception,e:
print("[!] ERR:%s"%e)
else:
print("[?] 比如:URL")#####存数据库
#!/usr/local/bin/python
#-*- coding: UTF-8 -*-
import sys
import MySQLdb
conn = MySQLdb.connect('localhost', 'root', 'toor', 'Exploitsites');
cur = conn.cursor()
def bl(Site,Netblock_Owner,Domain,OS,Web_server,IP_address,Last_seen):
try:
with conn:
cur.execute("CREATE TABLE IF NOT EXISTS \
Wooyun(Id INT PRIMARY KEY AUTO_INCREMENT, Site VARCHAR(30),Netblock_Owner VARCHAR(90),Domain VARCHAR(20),OS VARCHAR(40),Web_server VARCHAR(130),IP_address VARCHAR(20),Last_seen VARCHAR(20))")
cur.execute("INSERT INTO Wooyun(Site,Netblock_Owner,Domain,OS,Web_server,IP_address,Last_seen) VALUES(%s,%s,%s,%s,%s,%s,%s)",(Site,Netblock_Owner,Domain,OS,Web_server,IP_address,Last_seen))
conn.commit()
except:
print 'save false'bb = __import__('ip')
bl = bb.bl
for i in range(1,7):
fi = 'res-f4-'+str(i)+'.txt'
flist = open(fi).readlines()
for i in range(len(flist)):
f = flist[i]
ff = f.split('----')
Site = ff[0]
Netblock_Owner = ff[1]
Domain = ff[2]
OS = ff[3]
Web_server = ff[4]
IP_address = ff[5]
Last_seen = ff[6].strip()
#print(Site,Netblock_Owner,Domain,OS,Web_server,IP_address,Last_seen)
bl(Site,Netblock_Owner,Domain,OS,Web_server,IP_address,Last_seen)######加个简单的测试
import MySQLdb
import sys
conn = MySQLdb.connect('localhost', 'root', 'toor', 'Exploitsites');
cur = conn.cursor()
with conn:
cur.execute("SELECT * FROM Wooyun")
rows = cur.fetchall()
print len(rows)
#for row in rows:
#print row至此,大致想要实现的功能都差不多了,待终。。。
