FileScan V1

FileScan: 敏感文件扫描 / 二次判断降低误报率 / 扫描内容规则化 / 多目录扫描

程序只供交流，请勿用于非法用途，否则产生的一切后果自行承担！！!

依赖

pip install requests

运行方式

python filescan.py http://www.0aa.me
python filescan.py http://www.0aa.me/0aa/index.php

结构

reque.py requests发送请求
filescan.py 入口文件，扫描结果相关
rule_parse.py 解析规则
backup_rule.py 扫描规则

验证方式

返回状态码
返回内容正则判断
返回header
返回内容大小

如果你只是想使用，不想添加规则，那么下面的东西你就不用看了。

规则

# 规则名字，可以随便写
    "url_backup": {
        # 是否每个目录都扫描 目前这个功能没有，后面会写
        "dir": True,
        # 是否需要拼接文件后缀名，dict有写filename的时候为True
        "suffix": True,
        # 规则
        "name":[{
            # 真规则的文件名
            "rule_true":[
                # zip rar
                "[DOMAIN]", "[HOST]", "[HOSTNAME]", "[TIME]", "[DOMAIN]1", "[HOST]1", "[HOSTNAME]1", "[TIME]1",
                "web", "webroot", "WebRoot", "website", "bin", "bbs", "shop", "www", "wwww",
                1, 2, 3, 4, 5, 6, 7, 8, 9,
                "www1", "www2", "www3", "www4", "default", "log", "logo", "kibana", "elk", "weblog",
                "mysql", "ftp", "FTP", "MySQL", "redis", "Redis",
                "cgi", "php", "jsp",
                "access", "error", "logs", "other_vhosts_access",
                "database", "sql",
            ],
            # 假规则的文件名，当一个漏洞真规则被判断存在的时候，就要用假规则去二次验证是否存在了
            "rule_false": "fuckcar10240x4d53"
        }],
        # 文件后缀名
        "filename": [
            "rar", "zip", "tar.gz", "tar.gtar", "tar", "tgz", "tar.bz", "tar.bz2", "bz", "bz2", "boz", "3gp", "gz2"
        ],
        # 判断是否存在
        "result": {
            # 返回页面大小
            "length": 50,
            # 返回状态码
            "status_code": [200],
            # 返回header
            "header":{
                # 返回header里面的字段名
                "Content-Type":[
                    # 字段值 可用正则
                    "application\/x-gzip", "text\/plain", "application\/x-bzip", "application\/bacnet-xdd+zip", "application\/x-gtar","application\/x-compressed", "application\/x-rar-compressed", "application\/x-tar", "application\/zip", "application\/force-download","application\/.*file", "application\/.*zip", "application\/.*rar", "application\/.*tar", "application\/.*down"
                ]
            }
        }
    }

看起来可能有些复杂，认真点看，其实不难，我认为很好理解。

规则里面的rule_true字段里面的几个替换符的意思如下: 程序会将你传入的url用urlparse库解析出host，大概的意思就是下面这样：如url: http://www.0aa.me

[DOMAIN] == 0aa.me
[HOST] == www.0aa.me
[HOSTNAME] == 0aa
[TIME] 这个特殊一点，根据你扫描的日期，获取前几天的日期（默认前两天），如：今天20170809，会生成三种格式：

2017—08-09 / 2017—08-08 / 2017—08-07

2017_08_09 / 2017_08_08 / 2017_08_07

20170809 / 20170808 / 20170807

配置相关

如果你想扫描更前面的日期，可以配置：

rule_parse.py 里面的 self.timenum 变量

限速：

filescan.py 里面的 self.sleep_time 变量

请求timeout时间：

reque.py 里面的 self.timeout 变量

效果

注：图中的url是我绑的host

最后再说一次：程序只供交流，请勿用于非法用途，否则产生的一切后果自行承担！！!

最后的最后感谢下： 北斗Team的所有挖掘机工程师 Saline大表哥 Redfree师傅

Error

Exception in thread Thread-1085 (most likely raised during interpreter shutdown):Exception in thread Thread-1064 (most likely raised during interpreter shutdown):
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner

Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 754, in run

File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner File "filescan.py", line 43, in _data
File "filescan.py", line 61, in _check

File "/usr/lib/python2.7/threading.py", line 754, in run File "/root/github/FileScan/reque.py", line 38, in query

File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request File "filescan.py", line 43, in _data
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 393, in exit
File "filescan.py", line 61, in _check
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 702, in close
File "/root/github/FileScan/reque.py", line 38, in query

File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 319, in close

File "/usr/local/lib/python2.7/dist-packages/urllib3/poolmanager.py", line 204, in clear File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 393, in exit

File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 702, in close File "/usr/local/lib/python2.7/dist-packages/urllib3/_collections.py", line 87, in clear
File "/usr/lib/python2.7/threading.py", line 168, in acquire
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 319, in close

File "/usr/local/lib/python2.7/dist-packages/urllib3/poolmanager.py", line 204, in clear<type 'exceptions.TypeError'>: 'NoneType' object is not callable
File "/usr/local/lib/python2.7/dist-packages/urllib3/_collections.py", line 87, in clear

File "/usr/lib/python2.7/threading.py", line 168, in acquire
<type 'exceptions.TypeError'>: 'NoneType' object is not callable

mosuan / filescan Goto Github PK

filescan's Introduction

FileScan V1

依赖

运行方式

结构

验证方式

规则

配置相关

效果

filescan's People

Stargazers

Watchers

Forkers

filescan's Issues

Error

线程没join，扫不全

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent