欢迎进入UG环球官网(环球UG)!

filecoin挖矿(www.ipfs8.vip):几款小众web指纹识别工具源码剖析

admin2个月前131

Webfinger

简介

这是一款很小巧的工具,由Python2编写,使用Fofa的指纹库
Github地址:https://github.com/se55i0n/Webfinger

可以参考官方的截图:

这个工具的使用体验异常不友好,接纳了过时的Python2,而且毗邻数据库的代码有错误,我只好帮他改BUG了,处置完一系列问题之后,乐成跑起来了,我用dedecms官网举行测试,效果还不错:

源码剖析

代码对照简朴,在匹配之前,先毗邻数据库查询总条数和每条信息,使用简朴的SQL语句:

def check(_id):
    with sqlite3.connect('./lib/web.db') as conn:
        cursor = conn.cursor()
        result = cursor.execute('SELECT name, keys FROM `fofa` WHERE id=\'{}\''.format(_id))
        for row in result:
            return row[0], row[1]
def count():
    with sqlite3.connect('./lib/web.db') as conn:
        cursor = conn.cursor()
        result = cursor.execute('SELECT COUNT(id) FROM `fofa`')
        for row in result:
            return row[0]

使用Navicat查看Fofa库:

一千条规则,对照齐全,若是自己要做指纹识别工具,也允许以借用这个Fofa库......

获取到Fofa指纹库的信息后,对语法举行剖析:

if '||' in key and '&&' not in key and '(' not in key:
    for rule in key.split('||'):
        if self.check_rule(rule, header, body, title):
            print '%s[+] %s   %s%s' %(G, self.target, name, W)
            break

剖析完语法后举行规则校验:

def check_rule(self, key, header, body, title):
    try:
        if 'title="' in key:
            if re.findall(rtitle, key)[0].lower() in title.lower():
                return True
        elif 'body="' in key:
            if re.findall(rbody, key)[0] in body: return True
        else:
            if re.findall(rheader, key)[0] in header: return True
    except Exception as e:
        pass

这几条规则的正则如下:

rtitle = re.compile(r'title="(.*)"')
rheader = re.compile(r'header="(.*)"')
rbody = re.compile(r'body="(.*)"')
rbracket = re.compile(r'\((.*)\)')

而其中的body和header也是对照简朴的:使用requests请求获得响应header和body,并用bs4对body举行剖析获得title信息

r = requests.get(url=self.target, headers=agent,
                    timeout=3, verify=False)
content = r.text
try:
    title = BeautifulSoup(content, 'lxml').title.text.strip()
    return str(r.headers), content, title.strip('\n')
except:
    return str(r.headers), content, ''

整体就是这样的情形了,值得一看的是语义剖析这部门,好比下面这段1||2||(3&&4)的剖析:
与操作优先,举行支解拿到34,使用num计数确保与操作中的每一项都通过检查,然后再依次举行或操作的检查,最终乐成剖析Fofa的规则

if '&&' in re.findall(rbracket, key)[0]:
    for rule in key.split('||'):
        if '&&' in rule:
            num = 0
            for _rule in rule.split('&&'):
                if self.check_rule(_rule, header, body, title):
                    num += 1
            if num == len(rule.split('&&')):
                print '%s[+] %s   %s%s' % (G, self.target, name, W)
                break
        else:
            if self.check_rule(rule, header, body, title):
                print '%s[+] %s   %s%s' % (G, self.target, name, W)
                break

总结

  • 一个小巧的工具,代码不多,功效适用
  • sqlite数据库导致自界说规则难题,晦气于拓展
  • 也允许以接纳多线程多历程的手艺提高效率
  • Fofa指纹库也允许以借用来完成自己的工具

Cmscan

先容

与Webfinger类似,这也是一款小巧的工具
https://github.com/ldbfpiaoran/cmscan

源码剖析

从开发角度来看,这个工具的代码并不是很规范,简朴剖析下吧:
首先是对title的剖析,使用了bs4:title = bresponse.findAll('title')
界说了一个大字典作为规则数据库:

title = {'phpMyAdmin':'phpMyAdmin',
         'seacms':'海洋CMS',
         'Powered by ASPCMS':'ASPCMS',
         'Powered by CmsEasy':'CmsEasy',
         .....
}

然后用正则直接去搜,有一点疑问,上面的title规则并不是正则花样,只是简朴的字符串,为什么不用if key.lower() in title.lower()这样更简朴的方式,理论上正则的效率是不如这种方式的

def scan_title():
    titlerule = rule.title
    web_information = 0
    for key in titlerule.keys():
        req = re.search(key,title,re.I)
        if req:
            web_information = titlerule[key]
            break
        else:
            continue
    return web_information

类似地,剖析响应头也是这样的原理,简朴加入了&符号的剖析,不如webfinger写的好;剖析body的内容和这个类似,就不再copy过来了

def scan_head():
    headrule = rule.head
    web_information = 0
    for key in headrule.keys():
        if '&' in key:
            keys = re.split('&',key)
            if re.search(keys[0],header,re.I) and re.search(keys[1],response,re.I) :
                web_information = headrule[key]
                break
            else:
                continue
        else:
            req = re.search(key,header,re.I)
            if req:
                web_information = headrule[key]
                break
            else:
                continue
    return web_information

关于文件头的获取,也只是简朴的requests:

response = requests.get(url=url, headers=headers)
bresponse = BeautifulSoup(response.text, "lxml")
title = bresponse.findAll('title')
for i in title:
    title = i.get_text()
head = response.headers
response = response.text
header = ''
for key in head.keys():
    header = header+key+':'+head[key]

发现它还提供了一个下载规则的剧本,也许内容是爬取Fofa库,用bs4剖析,拿到规则:

response = requests.get(url=url,headers=headers)
response = BeautifulSoup(response.text,"lxml")
rules = response.findAll('div',{'class':'panel panel-default'})
rule = {}
for i in rules:
    rule_len = len(i.findAll('a'))
    if rule_len > 0 :
        rulelist = i.findAll('a')
        temporary = {}
        for b in rulelist:
            s = un_base(b.attrs['href'])
            temporary[b.get_text()] = s
        rule[i.find('label').get_text()] = temporary

然后保留到mysql中,供后续使用:

def saverule(types,name,rules):
    try:
        conn = pymysql.connect(host='127.0.0.1',user='root',passwd='521why1314',db='mysql',charset='utf8')
        conn = conn.cursor()
        conn.execute('use rules')
        savesql = 'insert into `fofarule` (`types`,`name`,`rules`) VALUES (%s,%s,%s)'
        conn.execute(savesql,(types,name,rules))
    except:
        conn.close()

总结

很简朴的小工具,代码质量不高,看得出来是新手之作。原理和之前webfinger差不多,都是对header,title,body中的要害字做匹配,这里是写在代码中,webfinger是