第161天:安全开发-Python-红队项目&漏扫调用&API推送微信&使命自动添加并
目次案例一:Python-红队项目-Xray调用推送微信
案例二:Python-红队项目-Awvs 调用自动添加
案例三: Python-红队项目-SQLMAP 调用自动添加
案例一:Python-红队项目-Xray调用推送微信
首先当地测试调用api发送信息给微信
api网站地址:(可以免费使用7天啊!)Server酱·Turbo版 | 一个请求通过API将消息推送到个人微信、企业微信、手机客户端和钉钉群、飞书群
https://i-blog.csdnimg.cn/direct/eb7196fd5049449c84ce5d1b9116ab0e.png
api调用方式,直接访问就可以,desp背面跟的是你要发送的数据,最好以post方式请求,get数据会比较少,xxx更换为你的key
https://sctapi.ftqq.com/xxxx.send?title=messagetitle&desp=messagecontent
这里我直接尝试访问,查看输出效果
https://i-blog.csdnimg.cn/direct/aa3b6fd3a7204a16a1fd16abf58c47ea.png
https://i-blog.csdnimg.cn/direct/77c67147f824478b8f9fc1ec00d66cd7.png 使用python请求
import requests
url = "https://sctapi.ftqq.com/xxx.send?title= test!!!"
content="""
ip = "127.0.0.1",
whoami = "admin",
work = "say hello"
"""
data={
'desp':content
}
print(data)
requests.post(url,data=data) https://i-blog.csdnimg.cn/direct/1b740b0e619841039c7e323d8b2553dc.png
https://i-blog.csdnimg.cn/direct/242e768c4b2b4b1b9ed68ad9ec592de2.png
在当地搭建一个Flask模块搭建起来的微型网站,其中里面的request对象有许多用法
在Flask中,request对象是一个非常紧张的全局对象,它封装了客户端发送给服务器的HTTP请求信息。通过request对象,你可以访问请求中的数据,比如查询字符串(query string)、表单数据(form data)、JSON数据、文件上传、头部信息(headers)、cookies等。
下面这个案例中搭建了一个微型的flask网站,当GET访问/x时就会触发test方法,吸收请求中的headers信息
from flask import Flask,request
app = Flask(__name__)
@app.route('/x',methods=["GET"])
def test():
x = request.headers
print(x)
if __name__ == "__main__":
app.run() https://i-blog.csdnimg.cn/direct/5d4d9d7019874aa390a4df0aad753bcd.png
https://i-blog.csdnimg.cn/direct/c57014094eb641e68230399e01b427ce.png
xray -webhook-output参数先容
在Xray中,使用--webhook-output参数来指定Webhook的URL地址。比方:
xray webscan --url http://example.com --webhook-output http://your-webhook-server.com/webhook这个命令会启动Xray的web扫描模式,对指定的URL举行扫描,并将扫描效果发送到http://your-webhook-server.com/webhook这个地址。
Xray发送到Webhook的响应格式是JSON,包罗了扫描效果的具体信息。响应的JSON布局大致如下:
{
"type": "xxx",
"data": {}
}使用这个参数把前面两个案例举行联合,把扫描出来的数据发送给自己搭建的建议网站,然后调用api接口,发送给微信
整合代码
from flask import Flask,request
import requests
app = Flask(__name__)
@app.route('/webhook',methods=["POST"])
def test():
try:
x = request.json
#print(x['data']['target']['url'])
url = "https://sctapi.ftqq.com/SCT257938Tua9PZKvryRYtsKHbNfgWacLg.send?title= vuln"
content="""
url : {url}
插件: {plugin}
vlun类型: {type}
""".format(url=x['data']['target']['url'],plugin=x['data']['plugin'],type=x['type'])
data={
'desp':content
}
print(data)
requests.post(url,data=data)
except Exception as e:
pass
if __name__ == "__main__":
app.run() 把xray返回过来的这三段数据发送给wx
https://i-blog.csdnimg.cn/direct/5b5cefa0839b4f8585800b033f81ef9f.png
程序启动后,xray扫描毛病网页
xray_windows_amd64.exe webscan --url http://testphp.vulnweb.com/artists.php?artist=1 --webhook-output http://127.0.0.1:5000/webhook 收到消息了
https://i-blog.csdnimg.cn/direct/6fd7755e3e674b10978d588920f01b34.png
查看效果
https://i-blog.csdnimg.cn/direct/e6ae625c247947d5b17317d7b68cfae1.png
每一条都会发送效果
案例二:Python-红队项目-Awvs 调用自动添加
参考文章:AWVS13批量脚本_awvs自界说脚本-CSDN博客
获取awvs的api-key
# 发送代码如下
api_add_url = "https://x/api/v1/targets"
headers = {
'X-Auth': 'x',
'Content-type': 'application/json'
}
data = '{"address":"http://vulnweb.com/","description":"create_by_reaper","criticality":"10"}'
r = requests.post(url=api_add_url, headers=headers, data=data,verify=False).json()
print(r)
新增扫描使命
Method:POST
URL: /api/v1/targets
代码
import requests# 发送代码如下
api_add_url = "https://x/api/v1/targets"
headers = {
'X-Auth': 'x',
'Content-type': 'application/json'
}
data = '{"address":"http://vulnweb.com/","description":"create_by_reaper","criticality":"10"}'
r = requests.post(url=api_add_url, headers=headers, data=data,verify=False).json()
print(r)
尝试运行创建
https://i-blog.csdnimg.cn/direct/167ff4477cd04625bfce18a36035aec3.png
添加乐成
https://i-blog.csdnimg.cn/direct/a5d362df7dbc4ae1b2f3d719649e3227.png 创建乐成后会有一个target-id号,以此来判断创建是否乐成,包括后续也必要用到这个id来举行启动
开启扫描
Method:POST
URL: /api/v1/scans
代码
import requests
id = xxxxxxxx
data = '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"target_id":"%s"}'% id
api_run_url="https://192.168.172.130:3443/api/v1/scans"
headers = {
'X-Auth': '1986ad8c0a5b3df4d7028d5f3c06e936c4d6110fabd7542828c3deca8e7fee4f9',
'Content-type': 'application/json'
}
r = requests.post(url=api_run_url, headers=headers, data=data, verify=False).json()
print(r) 创建失败的返回码
https://i-blog.csdnimg.cn/direct/a66f05b9e14442d3af483b641bf3267c.png
创建乐成的返回码,同样可以根据id号来判断
https://i-blog.csdnimg.cn/direct/c77fc2b706e849b2987707630ce54acc.png
乐成开启扫描
https://i-blog.csdnimg.cn/direct/a0cb19fb99e744dda86f43ffabac0e62.png
把这两个脚本联合一下,写一个把url写进文件夹,一键创建使命而且启动
import requests
# 发送代码如下
def touch_work(key,url):
api_add_url = "https://127.0.0.1:3443/api/v1/targets"
headers = {
'X-Auth': key,
'Content-type': 'application/json'
}
data = '{"address":"%s","description":"create_by_reaper","criticality":"10"}'% url
r = requests.post(url=api_add_url, headers=headers, data=data,verify=False).json()
id =r['target_id']
if id is not False:
print("任务创建成功,id号为: %s"%id)
return id
# 核心代码
def run_work(key,id):
data = '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"target_id":"%s"}'% id
api_run_url="https://127.0.0.1:3443/api/v1/scans"
headers = {
'X-Auth': key,
'Content-type': 'application/json'
}
r = requests.post(url=api_run_url, headers=headers, data=data, verify=False).json()
id = r["target_id"]
if id is not False:
print("启动扫描成功")
if __name__ == "__main__":
key = input("please input your api-key:")
with open("url.txt","r") as urls:
for url in urls:
url = url.replace("\n","")
print("扫描url:"+url)
id = touch_work(key,url)
run_work(key,id)
print("==================================") https://i-blog.csdnimg.cn/direct/4972400c87494805924c85cd3a69fdb6.png 乐成启动
https://i-blog.csdnimg.cn/direct/0b2314ed96134c108384222adf3ff3a6.png
案例三: Python-红队项目-SQLMAP 调用自动添加
参考文章:深入了解SQLMAP API - FreeBuf网络安全行业门户
sqlmap安装完成以后,同一个目次下会有sqlmapapi.py,可以使用这个文件调用sqlmap的api接口
https://i-blog.csdnimg.cn/direct/e89394c80bb749aaaa9fdb958aa62af6.png
sqlmap的api参数
# 0.启用sqlmap-API服务 python sqlmapapi.py -s
# 1.创建新使命记录使命ID @get("/task/new")
# 2.设置使命ID扫描信息 @post("/option/<taskid>/set ")
# 3.开始扫描对应ID使命 @post("/scan/<taskid>/start")
# 4.读取扫描状态判断效果 @get("/scan/<taskid>/status")
# 5.如果竣事删除ID并获取效果 @get("/task/<taskid>/delete")
# 6.扫描效果查看 @get("/scan/<taskid>/data")
python sqlmapapi.py -s 会启动一个当地端口,可以通过这个端口调用api
https://i-blog.csdnimg.cn/direct/7b6a8cb91f634586952533825c546fad.png
创建记录使命
https://i-blog.csdnimg.cn/direct/2a472e6357d5401aab00a904c0a1b134.png
设置扫描信息,数据必须使用json格式举行传输,因此必要使用json.dumps,将字典转化成为json格式,ua头中文本范例也必须是json格式
requests.post("http://127.0.0.1:8775/option/76a4c6fd0750fd10/set",data=json.dumps({'url':'http://testphp.vulnweb.com/artists.php?artist=1'}),headers={'Content-Type':'application/json'}).json() 如果返回true代表创建乐成啊
https://i-blog.csdnimg.cn/direct/d8ac7f6c4bf04fc98120169ffeffc6c1.png
开始扫描竟然也必要把目标url再次带入进去,我以为有些繁琐,不应该通过id判断已经写入了嘛
requests.post("http://127.0.0.1:8775/scan/0b03a4d6d1560beb/start",data=json.dumps({'url':'http://testphp.vulnweb.com/artists.php?artist=1'}),headers={'Content-Type':'application/json'}).json() 返回true代表乐成
https://i-blog.csdnimg.cn/direct/808cf230dbad4ec0830bdc40b949de71.png
读取扫描状态,这个读取效果,不消再次写入目标url,用过sqlmap的应该都知道sqlmap会有一段时间来反应
requests.get("http://127.0.0.1:8775/scan/b0717c18d0731951/status",headers={'Content-Type':'application/json'}).json() 如果状态时terminated证明乐成了,如果是running就是还在跑
https://i-blog.csdnimg.cn/direct/6158e16150af417bb9b815bbb78da050.png
查看输出效果
requests.get("http://127.0.0.1:8775/scan/b0717c18d0731951/data",headers={'Content-Type':'application/json'}).json()
https://i-blog.csdnimg.cn/direct/8d90c4f0da7241f0b950535d86f5d978.png
可以从中取出自己想要的数据,然后通过server酱酱把数据返回给微信
代码举行整合,优化
import requests,json
def create_task():
header = {
'Content-Type':'application/json'
}
r = requests.get("http://127.0.0.1:8775/task/new",headers=header).json()
if r['success'] == True:
return r['taskid']
def set_task(id,scanurl):
url = "http://127.0.0.1:8775/option/%s/set"%id
headers = {
'Content-type': 'application/json'
}
data= {
'url':scanurl
}
r = requests.post(url,data=json.dumps(data),headers=headers).json()
if r['success'] == True:
print("设置扫描信息完成,id为:"+id)
def start_task(id,scanurl):
url="http://127.0.0.1:8775/scan/%s/start"%id
headers = {
'Content-type': 'application/json'
}
data= {
'url':scanurl
}
r = requests.post(url,data=json.dumps(data),headers=headers).json()
if r['success'] == True:
print("开始扫描任务,id为:"+id)
def status_task(id):
url="http://127.0.0.1:8775/scan/%s/status"%id
headers = {
'Content-type': 'application/json'
}
print("扫描还在进行中")
while True:
r = requests.get(url,headers=headers).json()
if r['status'] == 'running':
pass
if r['status'] == 'terminated':
print("扫描已经结束,id为"+id)
break
def cat_data(id,scanurl):
url="http://127.0.0.1:8775/scan/%s/data"%id
headers = {
'Content-type': 'application/json'
}
r = requests.get(url,headers=headers).json()
if r['data']['status'] == 1:
print("存在sql注入漏洞")
for key in range(1,6):
key = str(key)
try:
print("sql注入类型为:"+r['data']['value']['data']['title'])
print("sql注入payload为:"+r['data']['value']['data']['payload'])
print("\n")
url1 = "https://sctapi.ftqq.com/SCT257938Tua9PZKvryRYtsKHbNfgWacLg.send?title= There is an SQL injection vulnerability!!!"
content="""
url : {url1}
sql注入漏洞类型: {type}
sql注入漏洞payload: {payload}
""".format(url1=scanurl,type=r['data']['value']['data']['title'],payload=r['data']['value']['data']['payload'])
data={
'desp':content
}
requests.post(url1,data=data)
except Exception as e:
pass
print("=================================python sqlmapapi by xiaodisec======================================")
if __name__ == "__main__":
#print(id)
#scanurl = "http://testasp.vulnweb.com/showthread.asp?id=0"
with open("url.txt","r") as urls:
for url in urls:
scanurl = url.replace("\n","")
print("正在扫描的url是:"+url)
id = create_task()
scanurl = scanurl.replace("\n","")
set_task(id,scanurl)
start_task(id,scanurl)
status_task(id)
cat_data(id,scanurl) 运行效果,这里我从效果里面设置了循环,由于同一个sql注入毛病中大概,差别种类的sql注入范例都可以或许适用,必要都举行打印
https://i-blog.csdnimg.cn/direct/c4ea96a0ba624427ac14049be46ca0be.png
而且设置了微信推送
https://i-blog.csdnimg.cn/direct/f6226769553949b7a5ed9bf31ffe27fe.png
https://i-blog.csdnimg.cn/direct/b4c42400cd044e47993ca20377d83650.png感觉照旧可以举行优化,可以把同一个url注入的信息同一次发送
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]