check this out: https://i.imgur.com/w2bnUIl.png

I took a while to collect 59M of targets and just lauch a personal exploit.
No bugs. Works perfect. Awsome job but
Mec uses only 10% cpu,10% of internet connection and 5% of memory.

How we can make this more faster and optimized?
I'll love to make my collab.
1800 hours is too long.
BTW how much hosts do you have tested so far?

Have nice night.

Best Regards. - Luan

#10 (comment)

I've been trying to use the zoomeye feature, but it says invalid access token.

when trying to obtain my token using verified account, i got the following message

{"url": "https://www.zoomeye.org", "message": "Upgrading...", "error": "bad_request"}

if you attempt to use zoomeye command,

[*] Your query is: joomla
[?] Search for public devices (h) or web services (w)? [h/w] h
[*] How many pages to crawl? (10 IPs on each page) 1000
[*] Crawling fetched pages from ZoomEye...
[-] Invalid access token

• Fixation of grammatical errors and fluency in sentences
• More suitable subtitles to minimize redundancy/needless length
• Consistency in wording

replace any code that depends on linux system

So, basically, this is what happens.
mec > z
[] Your query is: app:"Microsoft IIS httpd" ver:"6.0" country:rs
[?] Search for public devices (h) or web services (w)? [h/w] w (or h, doesn't matter. should get results either way)
[] How many results do you want? (10 IPs on each page) 1000
[*] Crawling fetched pages from ZoomEye...
[+] Found 0 hosts

I've tried using other accounts, with email verified, but no change.

Hello problems when i try add my target.txt .i try different way add to defualt pat,try add full path to my target.txt,try add data folder ...any time get that:
[-] Invalid input
how i solve that?

Hi, there is a problem with the zoomeye script it returns an error like "[-] Error with api_test", I try with the original script by evilclay and other script this works perfectly with my credentials.

Like using cURL it returns the access token.

I also search in the script I do not see where this little problem can come from.

In any case very good job that you carried out!

no clue, verification might be needed before writing to result.txt

sometimes custom_args is parsed as separated characters

planning to rewrite scanner method

After updating to latest version and selecting "N"/no for proxychains; I receive the following errors:
[-] proxy_pool not configured, type set proxy-pool to configure
[-] Cannot get proxy from proxy_pool

I'd much rather just use my VPN, any way to get around this?

Screenshot:

i am using kali llinux and there is no results in using zoomeye nether using censys
when i type ./install.py and reach my account and password for zoomeye and type them,
after i type my username and password ,
isearched the zoomeye it gave me 0 results for any kind of sarch,
i opened zoomeye.conf i dont find my credentials in zoomeye.conf
same as cencys,
i made changes manually to zoomeye.conf i typed my username and password like this
user:username
password:pass
and when i searched a query in zoomeye its also gave me 0 results

when exiting an exploit job, all sub-processes get terminated, become zombies

• it's updated upon job creation
• there are very likely many remaining jobs as the progress bar reaches 100%
• when progress bar reaches 100%, the whole session ends, leaving a bunch of unfinished jobs (as zombie processes)

specifically, per match changes key port to portinfo, now we need to extract port by match['portinfo']['port']'

{ "matches": [ {
    "geoinfo": {
        "asn": 45261,
        "city": {
            "names": {
                "en": "Brisbane",
                "zh-CN": "\u5e03\u91cc\u65af\u73ed"
            }
        },
        "continent": {
            "code": "OC",
            "names": {
                "en": "Oceania",
                "zh-CN": "\u5927\u6d0b\u6d32"
            }
        },
        "country": {
            "code": "AU",
            "names": {
                "en": "Australia",
                "zh-CN": "\u6fb3\u5927\u5229\u4e9a"
            }
        },
        "location": {
            "lat": -27.471,
            "lon": 153.0243
        }
    },
    "ip": "192.168.1.1",
    "portinfo": {
        "app": "",
        "banner": "+OK Hello there.\r\n-ERR Invalid command.\r\n\n",
        "device": "",
        "extrainfo": "",
        "hostname": "",
        "os": "",
        "port": 110,
        "service": "",
        "version": ""
    },
    "timestamp": "2016-03-09T16:14:04"
    }],
   "facets": {
   },
    "total": 28731397
}

./mec.py 
Traceback (most recent call last):
  File "./mec.py", line 7, in <module>
    from lib.cli import main
  File "/root/Downloads/massExpConsole/lib/cli/main.py", line 15, in <module>
    import lib.tools.baidu as baidu
  File "/root/Downloads/massExpConsole/lib/tools/baidu.py", line 12, in <module>
    from bs4 import BeautifulSoup
ImportError: No module named 'bs4'

i try pip3 install -r requirements.txt
but nothing

 /usr/bin/ld: cannot find -lncurses
    collect2: error: ld returned 1 exit status
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    
    ----------------------------------------
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-ysxbim9g/readline/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-tkrrm725-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-ysxbim9g/readline/

I have read the wiki documentation, still I cannot find a way to run without proxy-pool.

Is there a fix or workaround for this?

I have no reason to use proxy-pool, I'm sure many others are seeking another such workaround.

Thanks.

i dont know what does git pull mean but anyway i am not a python programmer .
same trouble here
take this zoomeye activated account and try urself
username: [email protected]
password: Ixw3vFVc65Kk
besides the same problem is with censys

• not showing outputs, thus we dont know whether it worked or not
• no error report
• should rewrite 045.py with requests module

[] Your query is: app:"WordPress" ver:"4.6"
[] How many results do you want? (10 IPs on each page) 10000
[*] Crawling fetched pages from ZoomEye...
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python3.5/threading.py", line 914, in _bootstrap_inner
self.run()
File "/usr/lib/python3.5/threading.py", line 862, in run
self._target(*self.args, **self.kwargs)
File "zoomeye.py", line 96, in progress
l_count = sum(1 for line in open(file))
FileNotFoundError: [Errno 2] No such file or directory: './data/zoomeye-app"wordpress"-ver"4.6".txt'

Naming seems to be a bit off, hence I'm unable to crawl for results.

https://github.com/jm33-m0/massExpConsole/blob/2e0a1addb96bad240c4b11b930a0db66f569d863/lib/cli/main.py#L466

that's what i get when trying pip3 install -r requirements.txt

creating build/lib.linux-x86_64-3.5
    x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,relro -g -fdebug-prefix-map=/build/python3.5-G3waep/python3.5-3.5.4=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 build/temp.linux-x86_64-3.5/Modules/3.x/readline.o readline/libreadline.a readline/libhistory.a -lncurses -o build/lib.linux-x86_64-3.5/readline.cpython-35m-x86_64-linux-gnu.so
    /usr/bin/ld: cannot find -lncurses
    collect2: error: ld returned 1 exit status
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

----------------------------------------

Command "/usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-1an0d0gk/readline/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-8jpnr12z-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-1an0d0gk/readline/

Hello,

Do you think it would be possible to add a feature to start zoomeye crawl on a given page or a given number IP ?
For example : Start to 10000 > Go to 100000

A limitation is fixed on zoomeye, so starting on this idea it would obtain a lot of hosts.

Thank's

baidu block my request when it detects crawler activity

how to change api censys and account zoomeye ?

Hi mate,

Traceback (most recent call last):
File "install.py", line 173, in
print(INTRO)
File "C:\Python36\lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
UnicodeEncodeError: 'charmap' codec can't encode characters in position 12-15: character maps to

any fix?

All requirements are installed but if i run mec.py it brings this error. how do i fix????

Traceback (most recent call last):
File "./mec.py", line 13, in
import util.baidu as baidu
File "/root/massExpConsole/util/baidu.py", line 12, in
from bs4 import BeautifulSoup
ImportError: No module named 'bs4'

The python builtin .lower() generates a bug:

When setting a value for target if the directory has capital letters in it the .lower()
function will convert the capital letters into lowercase letters ineffectively creating a bug when mec attempts to read the target file (This bug only pertains to linux because linux is case sensitive).

Steps to reproduce:
Create a directory/path containing capital letters and set as value to target variable, attempt to attack afterwards and the target file/list file will not be found.

currently this tool only supports fetching hosts from zoomeye and baidu, but sometimes more extended results are needed.
plan to add:

• weblogic scanner
• struts2 scanner
• joomla scanner

no output file, no error.
i will catch possible exceptions in next commit

Hello thank you for your great job!
i have some problems,when i start masscan module on scan one port,after some time ,my server reboot and all results dont saved.can i save my all result which i already to scan??

Hi
plz update

• /usr/share is owned by root, which means users have to run the script as root, and it should be avoided
• /usr/bin is for binaries installed by package manager mostly, better change it to /usr/local/bin (which is also in $PATH)

Hey,

I had to install "python3-bs4" using apt in order to use the tool.
"sudo apt-get install python3-bs4"

Hope it will help
john

Many HTTP servers fetched from proxy_pool don't support HTTP connect method, which proxychains relies on.

In essence, proxychains doesn't work with proxy_pool

I am seeking a solution