Skip to content

Commit de3ed19

Browse files
shmilyltyshmilylty
authored
Merge pull request #158 from shmilylty/dev
Dev
2 parents 26ce32c + 2428017 commit de3ed19

File tree

5,015 files changed

+28
-81580
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

5,015 files changed

+28
-81580
lines changed

.travis.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ jobs:
5454
os: windows
5555
language: shell
5656
before_install:
57-
- choco install python --version 3.6.0
57+
- choco install python --version 3.6.1
5858
- python -m pip install --upgrade pip
5959
- chcp.com 65001
6060
env:

brute.py

+17-17
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,7 @@ def gen_subdomains(expression, path):
157157
"""
158158
Generate subdomains
159159
160-
:param str expression: generate subdomains's expression
160+
:param str expression: generate subdomains expression
161161
:param str path: path of wordlist
162162
:return set subdomains: list of subdomains
163163
"""
@@ -188,7 +188,7 @@ def gen_fuzz_subdomains(expression, rule, fuzzlist):
188188
"""
189189
Generate subdomains based on fuzz mode
190190
191-
:param str expression: generate subdomains's expression
191+
:param str expression: generate subdomains expression
192192
:param str rule: regexp rule
193193
:param str fuzzlist: fuzz dictionary
194194
:return set subdomains: list of subdomains
@@ -217,7 +217,7 @@ def gen_word_subdomains(expression, path):
217217
"""
218218
Generate subdomains based on word mode
219219
220-
:param str expression: generate subdomains's expression
220+
:param str expression: generate subdomains expression
221221
:param str path: path of wordlist
222222
:return set subdomains: list of subdomains
223223
"""
@@ -375,14 +375,14 @@ def check_dict():
375375
exit(0)
376376

377377

378-
def gen_result_infos(items, infos, subdomains, ip_times, wc_ips, wc_ttl, bk_cname):
378+
def gen_result_infos(items, infos, subdomains, ip_times, wc_ips, wc_ttl):
379379
qname = items.get('name')[:-1] # 去除最右边的`.`点号
380380
reason = items.get('status')
381381
resolver = items.get('resolver')
382382
data = items.get('data')
383383
answers = data.get('answers')
384384
info = dict()
385-
cname = list()
385+
cnames = list()
386386
ips = list()
387387
public = list()
388388
times = list()
@@ -397,13 +397,14 @@ def gen_result_infos(items, infos, subdomains, ip_times, wc_ips, wc_ttl, bk_cnam
397397
have_a_record = True
398398
ttl = answer.get('ttl')
399399
ttls.append(ttl)
400-
cname.append(answer.get('name')[:-1]) # 去除最右边的`.`点号
400+
cname = answer.get('name')[:-1]
401+
cnames.append(cname) # 去除最右边的`.`点号
401402
ip = answer.get('data')
402403
ips.append(ip)
403404
public.append(utils.ip_is_public(ip))
404405
num = ip_times.get(ip)
405406
times.append(num)
406-
isvalid, reason = is_valid_subdomain(ip, ttl, num, wc_ips, wc_ttl, cname, bk_cname)
407+
isvalid, reason = is_valid_subdomain(ip, ttl, num, wc_ips, wc_ttl, cname)
407408
logger.log('TRACE', f'{ip} effective: {isvalid} reason: {reason}')
408409
is_valid_flags.append(isvalid)
409410
if not have_a_record:
@@ -413,7 +414,7 @@ def gen_result_infos(items, infos, subdomains, ip_times, wc_ips, wc_ttl, bk_cnam
413414
info['resolve'] = 1
414415
info['reason'] = reason
415416
info['ttl'] = ttls
416-
info['cname'] = cname
417+
info['cname'] = cnames
417418
info['ip'] = ips
418419
info['public'] = public
419420
info['times'] = times
@@ -454,7 +455,7 @@ def stat_ip_times(result_paths):
454455
return times
455456

456457

457-
def deal_output(output_paths, ip_times, wildcard_ips, wildcard_ttl, bk_cname):
458+
def deal_output(output_paths, ip_times, wildcard_ips, wildcard_ttl):
458459
logger.log('INFOR', f'Processing result')
459460
infos = dict() # 用来记录所有域名有关信息
460461
subdomains = list() # 用来保存所有通过有效性检查的子域
@@ -480,8 +481,7 @@ def deal_output(output_paths, ip_times, wildcard_ips, wildcard_ttl, bk_cname):
480481
logger.log('TRACE', f'Processing {line}, {qname} no response')
481482
continue
482483
infos, subdomains = gen_result_infos(items, infos, subdomains,
483-
ip_times, wildcard_ips,
484-
wildcard_ttl, bk_cname)
484+
ip_times, wildcard_ips, wildcard_ttl)
485485
return infos, subdomains
486486

487487

@@ -515,10 +515,11 @@ def check_ip_times(times):
515515
return False
516516

517517

518-
def is_valid_subdomain(ip, ttl, times, wc_ips, wc_ttl, cname, bk_cname):
518+
def is_valid_subdomain(ip, ttl, times, wc_ips, wc_ttl, cname):
519519
ip_blacklist = settings.brute_ip_blacklist
520-
if cname in bk_cname:
521-
return 0, 'cname blacklist' # 有些泛解析会统一解析到一个cname上
520+
cname_blacklist = settings.brute_cname_blacklist
521+
if cname in cname_blacklist:
522+
return 0, 'cname blacklist' # 有些泛解析会统一解析到一个cname上
522523
if ip in ip_blacklist: # 解析ip在黑名单ip则为非法子域
523524
return 0, 'IP blacklist'
524525
if all([wc_ips, wc_ttl]): # 有泛解析记录才进行对比
@@ -583,11 +584,10 @@ class Brute(Module):
583584
def __init__(self, target=None, targets=None, process=None, concurrent=None,
584585
word=False, wordlist=None, recursive=False, depth=None, nextlist=None,
585586
fuzz=False, place=None, rule=None, fuzzlist=None, export=True,
586-
alive=True, format='csv', path=None, bk_cname=[]):
587+
alive=True, format='csv', path=None):
587588
Module.__init__(self)
588589
self.module = 'Brute'
589590
self.source = 'Brute'
590-
self.bk_cname = bk_cname
591591
self.target = target
592592
self.targets = targets
593593
self.process_num = process or utils.get_process_num()
@@ -716,7 +716,7 @@ def main(self, domain):
716716
output_paths.append(output_path)
717717
ip_times = stat_ip_times(output_paths)
718718
self.infos, self.subdomains = deal_output(output_paths, ip_times,
719-
wildcard_ips, wildcard_ttl, self.bk_cname)
719+
wildcard_ips, wildcard_ttl)
720720
delete_file(dict_path, output_paths)
721721
end = time.time()
722722
self.elapse = round(end - start, 1)

common/module.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ def finish(self):
6060
self.elapse = round(self.end - self.start, 1)
6161
logger.log('DEBUG', f'Finished {self.source} module to '
6262
f'collect {self.domain}\'s subdomains')
63-
logger.log('INFOR', f'The {self.source} module took {self.elapse} seconds '
63+
logger.log('INFOR', f'{self.source} module took {self.elapse} seconds '
6464
f'found {len(self.subdomains)} subdomains')
6565
logger.log('DEBUG', f'{self.source} module found subdomains of {self.domain}\n'
6666
f'{self.subdomains}')

common/records.py

+2-3
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,11 @@
11
import os
2-
from sys import stdout
32
from collections import OrderedDict
4-
from contextlib import contextmanager
53
from inspect import isclass
64

7-
from .tablib import tablib
85
from sqlalchemy import create_engine, exc, inspect, text
96

7+
from .tablib import tablib
8+
109
DATABASE_URL = os.environ.get('DATABASE_URL')
1110

1211

common/request.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ def get_html_title(markup):
9494
return h2.text
9595

9696
h3 = soup.h3
97-
if h2:
97+
if h3:
9898
return h3.text
9999

100100
desc = soup.find('meta', attrs={'name': 'description'})

common/utils.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -832,4 +832,4 @@ def looks_like_ip(maybe_ip):
832832
if IP_RE.match(maybe_ip):
833833
return True
834834
except socket.error:
835-
return False
835+
return False

config/setting.py

+2
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,8 @@
6060
fuzz_place = None # 指定爆破的位置 指定的位置用`*`表示 示例:www.*.example.com
6161
fuzz_rule = None # fuzz域名的正则 示例:'[a-z][0-9]' 表示第一位是字母 第二位是数字
6262
brute_ip_blacklist = {'0.0.0.0', '0.0.0.1'} # IP黑名单 子域解析到IP黑名单则标记为非法子域
63+
# CNAME黑名单 子域解析到CNAME黑名单则标记为非法子域
64+
brute_cname_blacklist = {'nonexist.sdo.com', 'shop.taobao.com'}
6365
ip_appear_maximum = 100 # 多个子域解析到同一IP次数超过100次则标记为非法(泛解析)子域
6466

6567
# 代理设置

data/rules/CNAME

-1
This file was deleted.

0 commit comments

Comments
 (0)