目次
案例一:Python-红队项目-Xray调用推送微信
案例二:Python-红队项目-Awvs 调用自动添加
案例三: Python-红队项目-SQLMAP 调用自动添加
案例一:Python-红队项目-Xray调用推送微信
首先当地测试调用api发送信息给微信
api网站地址:(可以免费使用7天啊!)Server酱·Turbo版 | 一个请求通过API将消息推送到个人微信、企业微信、手机客户端和钉钉群、飞书群
api调用方式,直接访问就可以,desp背面跟的是你要发送的数据,最好以post方式请求,get数据会比较少,xxx更换为你的key
https://sctapi.ftqq.com/xxxx.send?title=messagetitle&desp=messagecontent
这里我直接尝试访问,查看输出效果
使用python请求
- import requests
- url = "https://sctapi.ftqq.com/xxx.send?title= test!!!"
- content="""
- ip = "127.0.0.1",
- whoami = "admin",
- work = "say hello"
- """
- data={
- 'desp':content
- }
- print(data)
- requests.post(url,data=data)
在当地搭建一个Flask模块搭建起来的微型网站,其中里面的request对象有许多用法
在Flask中,request对象是一个非常紧张的全局对象,它封装了客户端发送给服务器的HTTP请求信息。通过request对象,你可以访问请求中的数据,比如查询字符串(query string)、表单数据(form data)、JSON数据、文件上传、头部信息(headers)、cookies等。
下面这个案例中搭建了一个微型的flask网站,当GET访问/x时就会触发test方法,吸收请求中的headers信息
- from flask import Flask,request
- app = Flask(__name__)
- @app.route('/x',methods=["GET"])
- def test():
- x = request.headers
- print(x)
- if __name__ == "__main__":
- app.run()
xray -webhook-output参数先容
在Xray中,使用--webhook-output参数来指定Webhook的URL地址。比方:
- xray webscan --url http://example.com --webhook-output http://your-webhook-server.com/webhook
Xray发送到Webhook的响应格式是JSON,包罗了扫描效果的具体信息。响应的JSON布局大致如下:
- {
- "type": "xxx",
- "data": {}
- }
整合代码
- from flask import Flask,request
- import requests
- app = Flask(__name__)
- @app.route('/webhook',methods=["POST"])
- def test():
- try:
- x = request.json
- #print(x['data']['target']['url'])
-
- url = "https://sctapi.ftqq.com/SCT257938Tua9PZKvryRYtsKHbNfgWacLg.send?title= vuln"
- content="""
- url : {url}
- 插件: {plugin}
- vlun类型: {type}
- """.format(url=x['data']['target']['url'],plugin=x['data']['plugin'],type=x['type'])
- data={
- 'desp':content
- }
- print(data)
- requests.post(url,data=data)
- except Exception as e:
- pass
-
-
- if __name__ == "__main__":
- app.run()
程序启动后,xray扫描毛病网页
- xray_windows_amd64.exe webscan --url http://testphp.vulnweb.com/artists.php?artist=1 --webhook-output http://127.0.0.1:5000/webhook
查看效果
每一条都会发送效果
案例二:Python-红队项目-Awvs 调用自动添加
参考文章:AWVS13批量脚本_awvs自界说脚本-CSDN博客
获取awvs的api-key
- # 发送代码如下
- api_add_url = "https://x/api/v1/targets"
- headers = {
- 'X-Auth': 'x',
- 'Content-type': 'application/json'
- }
- data = '{"address":"http://vulnweb.com/","description":"create_by_reaper","criticality":"10"}'
- r = requests.post(url=api_add_url, headers=headers, data=data,verify=False).json()
- print(r)
Method OST
URL: /api/v1/targets
代码
- import requests# 发送代码如下
- api_add_url = "https://x/api/v1/targets"
- headers = {
- 'X-Auth': 'x',
- 'Content-type': 'application/json'
- }
- data = '{"address":"http://vulnweb.com/","description":"create_by_reaper","criticality":"10"}'
- r = requests.post(url=api_add_url, headers=headers, data=data,verify=False).json()
- print(r)
添加乐成
创建乐成后会有一个target-id号,以此来判断创建是否乐成,包括后续也必要用到这个id来举行启动
开启扫描
MethodOST
URL: /api/v1/scans
代码
- import requests
- id = xxxxxxxx
- data = '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"target_id":"%s"}'% id
- api_run_url="https://192.168.172.130:3443/api/v1/scans"
- headers = {
- 'X-Auth': '1986ad8c0a5b3df4d7028d5f3c06e936c4d6110fabd7542828c3deca8e7fee4f9',
- 'Content-type': 'application/json'
- }
- r = requests.post(url=api_run_url, headers=headers, data=data, verify=False).json()
- print(r)
创建乐成的返回码,同样可以根据id号来判断
乐成开启扫描
把这两个脚本联合一下,写一个把url写进文件夹,一键创建使命而且启动
- import requests
- # 发送代码如下
- def touch_work(key,url):
- api_add_url = "https://127.0.0.1:3443/api/v1/targets"
- headers = {
- 'X-Auth': key,
- 'Content-type': 'application/json'
- }
- data = '{"address":"%s","description":"create_by_reaper","criticality":"10"}'% url
- r = requests.post(url=api_add_url, headers=headers, data=data,verify=False).json()
- id = r['target_id']
- if id is not False:
- print("任务创建成功,id号为: %s"%id)
- return id
- # 核心代码
- def run_work(key,id):
- data = '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"target_id":"%s"}'% id
- api_run_url="https://127.0.0.1:3443/api/v1/scans"
- headers = {
- 'X-Auth': key,
- 'Content-type': 'application/json'
- }
- r = requests.post(url=api_run_url, headers=headers, data=data, verify=False).json()
- id = r["target_id"]
- if id is not False:
- print("启动扫描成功")
- if __name__ == "__main__":
- key = input("please input your api-key:")
- with open("url.txt","r") as urls:
- for url in urls:
- url = url.replace("\n","")
- print("扫描url:"+url)
- id = touch_work(key,url)
- run_work(key,id)
- print("==================================")
案例三: Python-红队项目-SQLMAP 调用自动添加
参考文章:深入了解SQLMAP API - FreeBuf网络安全行业门户
sqlmap安装完成以后,同一个目次下会有sqlmapapi.py,可以使用这个文件调用sqlmap的api接口
sqlmap的api参数
# 0.启用sqlmap-API服务 python sqlmapapi.py -s
# 1.创建新使命记录使命ID @get("/task/new")
# 2.设置使命ID扫描信息 @post("/option/<taskid>/set ")
# 3.开始扫描对应ID使命 @post("/scan/<taskid>/start")
# 4.读取扫描状态判断效果 @get("/scan/<taskid>/status")
# 5.如果竣事删除ID并获取效果 @get("/task/<taskid>/delete")
# 6.扫描效果查看 @get("/scan/<taskid>/data")
python sqlmapapi.py -s 会启动一个当地端口,可以通过这个端口调用api
创建记录使命
设置扫描信息,数据必须使用json格式举行传输,因此必要使用json.dumps,将字典转化成为json格式,ua头中文本范例也必须是json格式
- requests.post("http://127.0.0.1:8775/option/76a4c6fd0750fd10/set",data=json.dumps({'url':'http://testphp.vulnweb.com/artists.php?artist=1'}),headers={'Content-Type':'application/json'}).json()
开始扫描竟然也必要把目标url再次带入进去,我以为有些繁琐,不应该通过id判断已经写入了嘛
- requests.post("http://127.0.0.1:8775/scan/0b03a4d6d1560beb/start",data=json.dumps({'url':'http://testphp.vulnweb.com/artists.php?artist=1'}),headers={'Content-Type':'application/json'}).json()
读取扫描状态,这个读取效果,不消再次写入目标url,用过sqlmap的应该都知道sqlmap会有一段时间来反应
- requests.get("http://127.0.0.1:8775/scan/b0717c18d0731951/status",headers={'Content-Type':'application/json'}).json()
查看输出效果
- requests.get("http://127.0.0.1:8775/scan/b0717c18d0731951/data",headers={'Content-Type':'application/json'}).json()
可以从中取出自己想要的数据,然后通过server酱酱把数据返回给微信
代码举行整合,优化
- import requests,json
- def create_task():
- header = {
- 'Content-Type':'application/json'
- }
- r = requests.get("http://127.0.0.1:8775/task/new",headers=header).json()
- if r['success'] == True:
- return r['taskid']
- def set_task(id,scanurl):
- url = "http://127.0.0.1:8775/option/%s/set"%id
- headers = {
- 'Content-type': 'application/json'
- }
- data= {
- 'url':scanurl
- }
- r = requests.post(url,data=json.dumps(data),headers=headers).json()
- if r['success'] == True:
- print("设置扫描信息完成,id为:"+id)
- def start_task(id,scanurl):
- url="http://127.0.0.1:8775/scan/%s/start"%id
- headers = {
- 'Content-type': 'application/json'
- }
- data= {
- 'url':scanurl
- }
- r = requests.post(url,data=json.dumps(data),headers=headers).json()
- if r['success'] == True:
- print("开始扫描任务,id为:"+id)
- def status_task(id):
- url="http://127.0.0.1:8775/scan/%s/status"%id
- headers = {
- 'Content-type': 'application/json'
- }
- print("扫描还在进行中")
- while True:
- r = requests.get(url,headers=headers).json()
- if r['status'] == 'running':
- pass
- if r['status'] == 'terminated':
- print("扫描已经结束,id为"+id)
- break
- def cat_data(id,scanurl):
- url="http://127.0.0.1:8775/scan/%s/data"%id
- headers = {
- 'Content-type': 'application/json'
- }
- r = requests.get(url,headers=headers).json()
- if r['data'][0]['status'] == 1:
- print("存在sql注入漏洞")
- for key in range(1,6):
- key = str(key)
- try:
- print("sql注入类型为:"+r['data'][1]['value'][0]['data'][key]['title'])
- print("sql注入payload为:"+r['data'][1]['value'][0]['data'][key]['payload'])
- print("\n")
- url1 = "https://sctapi.ftqq.com/SCT257938Tua9PZKvryRYtsKHbNfgWacLg.send?title= There is an SQL injection vulnerability!!!"
- content="""
- url : {url1}
- sql注入漏洞类型: {type}
- sql注入漏洞payload: {payload}
- """.format(url1=scanurl,type=r['data'][1]['value'][0]['data'][key]['title'],payload=r['data'][1]['value'][0]['data'][key]['payload'])
- data={
- 'desp':content
- }
- requests.post(url1,data=data)
- except Exception as e:
- pass
- print("=================================python sqlmapapi by xiaodisec======================================")
- if __name__ == "__main__":
- #print(id)
- #scanurl = "http://testasp.vulnweb.com/showthread.asp?id=0"
- with open("url.txt","r") as urls:
- for url in urls:
- scanurl = url.replace("\n","")
- print("正在扫描的url是:"+url)
- id = create_task()
- scanurl = scanurl.replace("\n","")
- set_task(id,scanurl)
- start_task(id,scanurl)
- status_task(id)
- cat_data(id,scanurl)
而且设置了微信推送
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
