Giter Site home page Giter Site logo

w-digital-scanner / w13scan Goto Github PK

View Code? Open in Web Editor NEW
1.9K 49.0 359.0 2.83 MB

Passive Security Scanner (被动式安全扫描器)

License: GNU General Public License v2.0

Python 18.54% Smarty 81.44% Dockerfile 0.02%
security-tools passive-vulnerability-scanner

w13scan's Introduction

W13Scan

W13scan 是基于Python3的一款开源的Web漏洞发现工具,它支持主动扫描模式和被动扫描模式,能运行在Windows、Linux、Mac上。

GitHub issues GitHub stars GitHub forks GitHub license

Jietu20200516-184214

html模板源码:w13scan-report

声明

使用W13Scan前请遵守当地法律,W13Scan仅提供给教育行为使用。

特点

相比于其他专业的扫描工具,w13scan也有自己独有的优点。

免费/开源

安全从业人员可能不会信任任何程序,唯一能让人稍微信任的就是开源代码。

安全是建立在信任之上,信任需要开放和透明。w13scan核心代码完全开源,任何人可以检查其代码的安全性。

可以方便针对一些棘手且高度专业化的环境,可以按照w13scan开发文档补充其功能,自定义需要的模块。

丰富的检测插件

  • XSS扫描
    • 基于语义的反射型XSS扫描,准确率极高
    • XSS扫描会从网页中提取参数进行解析
  • jsonp信息泄漏
    • 基于语义解析寻找敏感信息
  • sql注入
    • 基于报错SQL注入检测
    • 基于网页相似度布尔类型的SQL注入检测
    • 基于时间SQL注入检测
  • http smuggling 走私攻击
  • Fastjson检测与利用
  • .Net通杀Xss检测
    • portswigger 2019十大攻击技术第六名
  • iis解析漏洞
  • 敏感文件信息泄漏
    • 支持含备份文件,debug文件,js敏感信息,php真实路径泄漏,仓库泄漏,phpinfo泄漏,目录遍历等
  • baseline检测(反序列化参数检测)
  • 命令/代码注入检测
    • 支持asp,php等语言的检测
    • 支持系统命令注入检测(支持无回显检测)
    • 支持get,post,cookie等方式检测
  • 路径穿越漏洞
  • struts2漏洞检测
    • 包括s2-016、s2-032、s2-045漏洞
  • webpack打包源文件泄漏
  • 未授权访问插件

扫描平台对比

w13scan测试了多个扫描平台,以下为扫描平台的测试报告

平台名称 扫描结果 扫描模式
WVS PHP Vulnweb 查看 crawlergo+w13scan 自动扫描
WVS AJAX Vulnweb 查看 被动扫描
demo.aisec.cn 查看 被动扫描

使用

Useage

usage: w13scan [options]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         Show program's version number and exit
  --debug               Show programs's exception
  --level {1,2,3,4,5}   different level use different payload: 0-5 (default 2)

Proxy:
  Passive Agent Mode Options

  -s SERVER_ADDR, --server-addr SERVER_ADDR
                        server addr format:(ip:port)

Target:
  options has to be provided to define the target(s)

  -u URL, --url URL     Target URL (e.g. "http://www.site.com/vuln.php?id=1")
  -f URL_FILE, --file URL_FILE
                        Scan multiple targets given in a textual file

Request:
  Network request options

  --proxy PROXY         Use a proxy to connect to the target URL
                        eg:[email protected]:8080 or [email protected]:1080
  --timeout TIMEOUT     Seconds to wait before timeout connection (default 30)
  --retry RETRY         Time out retrials times.

Output:
  output

  --html                When selected, the output will be output to the output
                        directory by default, or you can specify
  --json JSON           The json file is generated by default in the output
                        directory, you can change the path

Optimization:
  Optimization options

  -t THREADS, --threads THREADS
                        Max number of concurrent network requests (default 31)
  --disable DISABLE [DISABLE ...]
                        Disable some plugins (e.g. --disable xss sqli_error
                        webpack)
  --able ABLE [ABLE ...]
                        Enable some moudle (e.g. --enable xss webpack)

安装

安装w13scan需要依赖Python3.6以上环境.

git clone https://github.com/w-digital-scanner/w13scan.git
cd w13scan # 进入git目录
pip3 install -r requirements.txt
cd W13SCAN # 进入源码目录
python3 w13scan.py -h

被动扫描

python3 w13scan.py -s 127.0.0.1:7778 --html # 端口可省略,默认为7778,开启--html即实时生成html报告

HTTPS支持

如果想让w13scan被动模式支持https,先启动w13scan,然后在浏览器中访问 http://w13scan.ca 下载证书并信任它。

主动扫描

-u     输入一个url进行扫描
--file 从文件中读取url扫描

w13scan会对url进行参数分析并使用插件扫描,但不会进行爬虫。

结合动态爬虫扫描

crawlergo + w13scan 自动扫描

在目录crawlergo_example spider.py展示了如何与crawlergo爬虫结合联动。

反连平台(非必须)

修改config.py下有关反连平台的设置,可类似修改为

# REVERSE
USE_REVERSE = True  # 使用反连平台将False改为True
REVERSE_HTTP_IP = "127.0.0.1"  # 回连http IP地址,需要改为服务器ip,不能改为0.0.0.0,因为程序无法识别
REVERSE_HTTP_PORT = 9999  # 回连http端口

REVERSE_DNS = "dnslog.w13scan.hacking8.com" # 修改为自己的域名,并将域名dns修改为本机IP

REVERSE_RMI_IP = "127.0.0.1"  # Java RMI 回连IP,需要改为服务器ip,不能改为0.0.0.0,因为程序无法识别
REVERSE_RMI_PORT = 10002  # Java RMI 回连端口

REVERSE_SLEEP = 5  # 反连后延时检测时间,单位是(秒)

之后先启动反连平台

python3 reverse.py

再启动w13scan即可

集成到自己扫描器

w13scan是开源的,我们也希望安全研究人员将w13scan集成到自己的扫描器中。

请点击 开发文档

贡献&感谢

有关的文章

w13scan's People

Contributors

boy-hack avatar ciyfly avatar dependabot[bot] avatar evilran avatar go0p avatar jayus0821 avatar lorexxar avatar moond4rk avatar osxtest avatar sevensun003 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

m4d3bug spoock1024 re-expoc harry1080 huangyuan666 liuchengyan blankm1 lw1988 nepire nr4v3n imjdl bgrstar loveshell attackgithub awesome-security wucaishi azuremistake popmedd thinkergod arryboom triplekill end2dne aimorc no0d1es xiaoshuier 957204459 deeby kmwin dabing1205 linnoah jackyyvan 0x6b7966 j4ckzh0u nsdown heartway ic3-cr3am bailongwang1 s4copsd4v zztytu ch3ngxuyuan lonehand mixiyihao zshell seabreg grayguest luyg24 wdjcy sry309 51g53gv yangshuangfu darkyantou evi1hack maxncu hulala789 4mazing xiaoqin00 skskevin korsanye trevor3000 1870387 ricardsu lukw00heck kenanat ziqi521 qq431169079 hotsunrize yuexia-martin shellsec saxaul zjacai s1xg0d heartbee yut0u bigbrobro secsystem liwanlei echocipher kevinoclam morns0 junyjiang dreamsroid geck01 tengfei1010 a0xpg jonathanzhou348 qing-q twn850811 webs3c sdgdsffdsfff webvul ershu1 summerxxoo longofo yogistudio xxooo gkfnf badaozhenjun pgy866 sickoleager jack51706

w13scan's Issues

Unhandled exception (#fb764a1a) 

Python version: 3.7.4
Operating system: Linux-4.19.0-kali5-amd64-x86_64-with-Kali-kali-rolling-kali-rolling
Threads: 51

Traceback (most recent call last):
  File "/code/python_code/w13scan-master/W13SCAN/lib/baseproxy.py", line 485, in do_GET
    self.request.sendall(response.to_data())
  File "/code/python_code/w13scan-master/W13SCAN/lib/baseproxy.py", line 297, in to_data
    res_data = res_data.encode(self.decoding if self.decoding else 'utf-8')
UnicodeEncodeError: 'ascii' codec can't encode characters in position 170-178: ordinal not in range(128)

Unhandled exception (#a6a80196) 

W13scan plugin traceback:
Running version: 0.9.9
Python version: 3.7.3
Operating system: Windows-10-10.0.18362-SP0
Threads: 51

request raw:
GET /index.php?g=portal&m=list&a=index&id=36 1.1
host: hrsa.shenyang.gov.cn
proxy-connection: keep-alive
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
soapaction: 
accept-encoding: gzip, deflate
accept-language: zh-CN,zh;q=0.9
cookie: *

Traceback (most recent call last):
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\response.py", line 639, in _update_chunk_length
    self.chunk_left = int(line, 16)
ValueError: invalid literal for int() with base 16: b''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\response.py", line 704, in read_chunked
    self._update_chunk_length()
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\response.py", line 643, in _update_chunk_length
    raise httplib.IncompleteRead(line)
http.client.IncompleteRead: IncompleteRead(0 bytes read)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\response.py", line 527, in stream
    for line in self.read_chunked(amt, decode_content=decode_content):
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\response.py", line 732, in read_chunked
    self._original_response.close()
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "F:\hack\EXP\w13scan-master\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "F:\hack\EXP\w13scan-master\W13SCAN\plugins\PerFile\xss.py", line 70, in audit
    r = requests.get(url, headers=headers, params=data)
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "F:\hack\EXP\w13scan-master\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "C:\Users\Canon\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

Unhandled exception (#c05eab8b) 

W13scan plugin traceback:
Running version: 0.9.10
Python version: 3.7.3
Operating system: Windows-10-10.0.18362-SP0
Threads: 51

request raw:
GET /6438.html 1.1
host: www.agesec.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate, 
referer: https://www.baidu.com/link?url=Mi7hLV2gzitFOek7DR-IOHkMuySqMjM2kk1ZvcUKtdeR0gOEoBzjV8jMPtUmBBw9&wd=&eqid=be559993002a2788000000065d5dff39
connection: keep-alive
cookie: *

Traceback (most recent call last):
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\urllib3\response.py", line 639, in _update_chunk_length
    self.chunk_left = int(line, 16)
ValueError: invalid literal for int() with base 16: b''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\urllib3\response.py", line 704, in read_chunked
    self._update_chunk_length()
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\urllib3\response.py", line 643, in _update_chunk_length
    raise httplib.IncompleteRead(line)
http.client.IncompleteRead: IncompleteRead(0 bytes read)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\urllib3\response.py", line 527, in stream
    for line in self.read_chunked(amt, decode_content=decode_content):
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\urllib3\response.py", line 732, in read_chunked
    self._original_response.close()
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\W13SCAN\plugins\PerFile\sql_inject_error.py", line 52, in audit
    r = requests.get(url, headers=tmp_headers, cookies=urlencode(cookie))
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "d:\program files (x86)\microsoft visual studio\shared\python37_64\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

Unhandled exception (#f4dee8ae) 

W13scan plugin traceback:
Running version: 0.9.7
Python version: 3.7.4
Operating system: Darwin-18.6.0-x86_64-i386-64bit
Threads: 5

Traceback (most recent call last):
  File "/Users/go0p/Pycode/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/go0p/Pycode/w13scan/W13SCAN/plugin/PerFile/struts2_009.py", line 62, in audit
    r'class.classLoader.jarPath=%28%23context["xwork.MethodAccessor.denyMethodExecution"]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess["allowStaticMethodAccess"]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27' + lin + '%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23sbtest%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23sbtest.println%28%23d%29%2c%23sbtest.close%28%29%29%28meh%29&z[%28class.classLoader.jarPath%29%28%27meh%27%29]',
NameError: name 'lin' is not defined

Unhandled exception (#740d9ac2) 

Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51


Traceback (most recent call last):
  File "/Users/boyhack/programs/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/boyhack/programs/w13scan/W13SCAN/plugins/PerFile/analyze_parameter.py", line 60, in audit
    raise Exception("test exception")
Exception: test exception

Unhandled exception (#69f481bf) 

Python version: 3.7.4
Operating system: Linux-4.19.0-kali5-amd64-x86_64-with-Kali-kali-rolling-kali-rolling
Threads: 51

Traceback (most recent call last):
  File "/code/python_code/w13scan-master/W13SCAN/lib/baseproxy.py", line 479, in do_GET
    response = Response(request, self._proxy_sock)
  File "/code/python_code/w13scan-master/W13SCAN/lib/baseproxy.py", line 193, in __init__
    h.begin()
  File "/usr/lib/python3.7/http/client.py", line 306, in begin
    version, status, reason = self._read_status()
  File "/usr/lib/python3.7/http/client.py", line 267, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "/usr/lib/python3.7/socket.py", line 589, in readinto
    return self._sock.recv_into(b)
socket.timeout: timed out

Unhandled exception (#b104940c) 

W13scan baseproxy get request traceback:
Running version: 0.9.6
Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51

Traceback (most recent call last):
  File "/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/W13SCAN/plugins/PerFile/analyze_parameter.py", line 60, in audit
    raise Exception("test exception 111")
Exception: test exception

关于dvwa靶机的问题

在扫描dvwa靶机时,dvwa的登陆密码直接被 修改了,sql注入的时候可能修改了数据库

Unhandled exception (#2bd1781c) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /sendacc.jsp?cmd=ACC&did=0&sid=12&company_id=70831585&guest_id=10816134092004&status=0&guest_name=&guest_ip=122.55.63.80&guest_ip_info=%E8%8F%B2%E5%BE%8B%E5%AE%BE&area=%E9%A9%AC%E5%B0%BC%E6%8B%89%E9%83%BD%E4%BC%9A%E5%8C%BA%2D%E6%8B%89%E6%96%AF%E7%9A%AE%E7%BA%B3%E6%96%AF%E5%B8%82&from_page=&talk_page=http%3A%2F%2Fwww.tbqfx.com%2F&kf_time=1566389819&bto_id6d=-99&time=1566389880158&ucust_id=&style=1&is_mobile=n&visitor_type=new&is_uv=1&browser=firefox&os=os_other&is_revisit=0&page_title=%E5%A4%AA%E7%99%BD%E9%9D%92%E5%B3%B0%E5%B3%A1%E6%A3%AE%E6%9E%97%E5%85%AC%E5%9B%AD HTTP/1.1
host: accwww23.53kf.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: */*
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://www.tbqfx.com/
cookie: *

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "c:\python3\lib\site-packages\urllib3\response.py", line 479, in read
    data = self._fp.read(amt)
  File "c:\python3\lib\http\client.py", line 457, in read
    n = self.readinto(b)
  File "c:\python3\lib\http\client.py", line 501, in readinto
    n = self.fp.readinto(b)
  File "c:\python3\lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
ConnectionAbortedError: [WinError 10053] 你的主机中的软件中止了一个已建立的连接。

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 531, in stream
    data = self.read(amt=amt, decode_content=decode_content)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 496, in read
    raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
  File "c:\python3\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ("Connection broken: ConnectionAbortedError(10053, '你的主机中的软件中止了一个已建立的连接。', None, 10053, None)", ConnectionAbortedError(10053, '你的主机中的软件中止了一个已建立的连接。', None, 10053, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerFile\crlf.py", line 63, in audit
    r = requests.get(url, headers=headers, params=data)
  File "c:\python3\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "c:\python3\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "c:\python3\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "c:\python3\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "c:\python3\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ("Connection broken: ConnectionAbortedError(10053, '你的主机中的软件中止了一个已建立的连接。', None, 10053, None)", ConnectionAbortedError(10053, '你的主机中的软件中止了一个已建立的连接。', None, 10053, None))

Unhandled exception (#43ba8d57) 

W13scan plugin traceback:
Running version: 0.9.7
Python version: 3.7.4
Operating system: Darwin-18.6.0-x86_64-i386-64bit
Threads: 5

Traceback (most recent call last):
  File "/Users/go0p/Pycode/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/go0p/Pycode/w13scan/W13SCAN/plugins/PerFile/struts2.py", line 60, in audit
    print('headers',headers+'\n')
TypeError: unsupported operand type(s) for +: 'dict' and 'str'

Unhandled exception (#ce330470) 

W13scan plugin traceback:
Running version: 0.9.7
Python version: 3.7.4
Operating system: Windows-10-10.0.18362-SP0
Threads: 51

Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\adapters.py", line 412, in send
    conn = self.get_connection(request.url, proxies)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\adapters.py", line 315, in get_connection
    conn = self.poolmanager.connection_from_url(url)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\urllib3\poolmanager.py", line 283, in connection_from_url
    pool_kwargs=pool_kwargs)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\urllib3\poolmanager.py", line 222, in connection_from_host
    raise LocationValueError("No host specified.")
urllib3.exceptions.LocationValueError: No host specified.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "D:\Tools\w13scan\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "D:\Tools\w13scan\W13SCAN\plugins\PerFile\command_system.py", line 76, in audit
    r = requests.get(url1, headers=headers)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "D:\Tools\w13scan\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\sessions.py", line 668, in send
    history = [resp for resp in gen] if allow_redirects else []
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\sessions.py", line 668, in <listcomp>
    history = [resp for resp in gen] if allow_redirects else []
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\sessions.py", line 247, in resolve_redirects
    **adapter_kwargs
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37\lib\site-packages\requests\adapters.py", line 414, in send
    raise InvalidURL(e, request=request)
requests.exceptions.InvalidURL: No host specified.

Unhandled exception (#740d9ac2) 

Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51


Traceback (most recent call last):
  File "/Users/boyhack/programs/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/boyhack/programs/w13scan/W13SCAN/plugins/PerFile/analyze_parameter.py", line 60, in audit
    raise Exception("test exception")
Exception: test exception

Unhandled exception (#1e44e892) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /lineindex.aspx?id=002008001 1.1
host: www.21sj-tour.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
dnt: 1
connection: keep-alive
upgrade-insecure-requests: 1



Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerFile\sql_inject_time.py", line 254, in audit
    if not self.init(flag, k, copy.deepcopy(data)):
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerFile\sql_inject_time.py", line 65, in init
    r3 = requests.get(self.netloc, params=data, headers=self.headers)
  File "c:\python3\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "c:\python3\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "c:\python3\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 668, in send
    history = [resp for resp in gen] if allow_redirects else []
  File "c:\python3\lib\site-packages\requests\sessions.py", line 668, in <listcomp>
    history = [resp for resp in gen] if allow_redirects else []
  File "c:\python3\lib\site-packages\requests\sessions.py", line 247, in resolve_redirects
    **adapter_kwargs
  File "c:\python3\lib\site-packages\requests\sessions.py", line 640, in send
    adapter = self.get_adapter(url=request.url)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 731, in get_adapter
    raise InvalidSchema("No connection adapters were found for '%s'" % url)
requests.exceptions.InvalidSchema: No connection adapters were found for 'returninfovalue:ID%20%e9%94%99%e8%af%af'

Unhandled exception (#c42e76f5) 

W13scan plugin traceback:
Running version: 0.9.10
Python version: 3.7.0
Operating system: Darwin-17.5.0-x86_64-i386-64bit
Threads: 51

request raw:
GET / HTTP/1.1
host: push-socketio.kcs.top
connection: Upgrade
pragma: no-cache
cache-control: no-cache
upgrade: websocket
origin: https://www.kcs.top
sec-websocket-version: 13
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
accept-encoding: gzip, deflate, 
accept-language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7
cookie: *

Traceback (most recent call last):
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 544, in _get_chunk_left
    chunk_left = self._read_next_chunk_size()
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 511, in _read_next_chunk_size
    return int(line, 16)
ValueError: invalid literal for int() with base 16: b''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 576, in _readinto_chunked
    chunk_left = self._get_chunk_left()
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 546, in _get_chunk_left
    raise IncompleteRead(b'')
http.client.IncompleteRead: IncompleteRead(0 bytes read)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 397, in _error_catcher
    yield
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 479, in read
    data = self._fp.read(amt)
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 447, in read
    n = self.readinto(b)
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 481, in readinto
    return self._readinto_chunked(b)
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 592, in _readinto_chunked
    raise IncompleteRead(bytes(b[0:total_bytes]))
http.client.IncompleteRead: IncompleteRead(0 bytes read)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/usr/local/lib/python3.7/site-packages/W13SCAN/plugins/PerScheme/backup_domain.py", line 72, in audit
    content = r.raw2.read(10)
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 496, in read
    raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

默认配置的level0是怎么理解的?

请问,我看到config.py中level>=1加载部分插件,默认配置是level0,请问level0会加载哪些插件?其他的2-5分别会怎么工作?在哪个文件里有描述?我找了一下,没找到。

Unhandled exception (#740d9ac2) 

Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51


Traceback (most recent call last):
  File "/Users/boyhack/programs/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/boyhack/programs/w13scan/W13SCAN/plugins/PerFile/analyze_parameter.py", line 60, in audit
    raise Exception("test exception")
Exception: test exception

Unhandled exception (#a45d6048) 

W13scan baseproxy get request traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.18362-SP0
Threads: 51

request raw:
GET /chp_wap/ HTTP/1.1
host: www.jk725.cn
connection: keep-alive
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://www.jk725.cn/chp_wap/web/hospital/goYuYueTiJian
accept-encoding: gzip, deflate, 
accept-language: zh-CN,zh;q=0.9
cookie: *

Traceback (most recent call last):
  File "d:\program files\python37\lib\site-packages\W13SCAN\lib\baseproxy.py", line 500, in do_GET
    self.send_error(404, 'response is None {}'.format(errMsg))
  File "d:\program files\python37\lib\http\server.py", line 481, in send_error
    self.wfile.write(body)
  File "d:\program files\python37\lib\socketserver.py", line 799, in write
    self._sock.sendall(b)
  File "d:\program files\python37\lib\ssl.py", line 1034, in sendall
    v = self.send(byte_view[count:])
  File "d:\program files\python37\lib\ssl.py", line 1003, in send
    return self._sslobj.write(data)
ConnectionAbortedError: [WinError 10053] 你的主机中的软件中止了一个已建立的连接。

感觉有一丝需要改动的地方

您的主体代码我大致上看了下,代码写得很棒,我从中学到了不少组织代码结构的思路,但是有一个地方我觉得有改进的空间,不知道我说的是否正确。

在看代码的时候,我始终有一个疑惑,这个入口点在哪,并不是指程序的入口点,是请求进来后,是在哪拦截的,loader插件是把所有的插件怼上去,但是从哪进 loader,我大致上看了一遍后并没有找到,然后我在 https://github.com/boy-hack/w13scan/blob/master/lib/baseproxy.py#L460 发现了,是从这进来的,觉得这一处放置的位置并不是太合理,我更倾向于应该移动到主体代码中去,这样结构上会更明晰

Unhandled exception (#d41d8cd9) 

Running version: 0.9.6
Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51

just test function:createGithubIssue```

Unhandled exception (#822025b3) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.3
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /index.php?p=productsshow&id=265&c_id=56&lanmu=5117 1.1
host: zonicy.cn
proxy-connection: keep-alive
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
accept-language: zh-CN,zh;q=0.9



Traceback (most recent call last):
  File "D:\Python37\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "D:\Python37\lib\site-packages\urllib3\response.py", line 479, in read
    data = self._fp.read(amt)
  File "D:\Python37\lib\http\client.py", line 447, in read
    n = self.readinto(b)
  File "D:\Python37\lib\http\client.py", line 491, in readinto
    n = self.fp.readinto(b)
  File "D:\Python37\lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
ConnectionResetError: [WinError 10054] 远程主机强迫关闭了一个现有的连接。

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "D:\Python37\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "D:\Python37\lib\site-packages\urllib3\response.py", line 531, in stream
    data = self.read(amt=amt, decode_content=decode_content)
  File "D:\Python37\lib\site-packages\urllib3\response.py", line 496, in read
    raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
  File "D:\Python37\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "D:\Python37\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "D:\hacker系列\扫描工具\w13scan-master\w13scan-master\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "D:\hacker系列\扫描工具\w13scan-master\w13scan-master\W13SCAN\plugins\PerFile\command_system.py", line 75, in audit
    r = requests.get(netloc, params=data, headers=headers)
  File "D:\Python37\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "D:\Python37\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "D:\hacker系列\扫描工具\w13scan-master\w13scan-master\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "D:\Python37\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "D:\Python37\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "D:\Python37\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

Unhandled exception (#99914635) 

W13scan plugin traceback:
Running version: 0.9.10
Python version: 3.7.0
Operating system: Darwin-17.5.0-x86_64-i386-64bit
Threads: 51

request raw:
GET /socket.io/?token=2neAiuYvAU5cbMXpmsXD5OJlewXCKryg8dSpDCgag8ZwbZpn3uIHi0A1AOtpCibAwoXOiOG0Q0EbVvV2-RmJlZlfk8UDDLr3ciVQDIpjdsDpzXIW4N48I6qRyqznCVt1whuoNZhpWWEvf2GkomuuY5SIJbriLwX8.kJCJKG3RCVTLsAd5fjQ7cA%3D%3D&format=json&acceptUserMessage=true&connectId=connect_welcome&EIO=3&transport=websocket HTTP/1.1
host: push-socketio.kcs.top
connection: Upgrade
pragma: no-cache
cache-control: no-cache
upgrade: websocket
origin: https://www.kcs.top
sec-websocket-version: 13
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
accept-encoding: gzip, deflate, 
accept-language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7
cookie: *

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 639, in _update_chunk_length
    self.chunk_left = int(line, 16)
ValueError: invalid literal for int() with base 16: b''

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 397, in _error_catcher
    yield
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 704, in read_chunked
    self._update_chunk_length()
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 643, in _update_chunk_length
    raise httplib.IncompleteRead(line)
http.client.IncompleteRead: IncompleteRead(0 bytes read)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/requests/models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 527, in stream
    for line in self.read_chunked(amt, decode_content=decode_content):
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 732, in read_chunked
    self._original_response.close()
  File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/local/lib/python3.7/site-packages/urllib3/response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/usr/local/lib/python3.7/site-packages/W13SCAN/plugins/PerFile/crlf.py", line 63, in audit
    r = requests.get(url, headers=headers, params=data)
  File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/W13SCAN/thirdpart/requests/__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 686, in send
    r.content
  File "/usr/local/lib/python3.7/site-packages/requests/models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "/usr/local/lib/python3.7/site-packages/requests/models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ('Connection broken: IncompleteRead(0 bytes read)', IncompleteRead(0 bytes read))

command_system和post_command_system 插件验证错误 

url_flag = {
                "set|set&set": [
                    'Path=[\s\S]*?PWD=',
                    'Path=[\s\S]*?PATHEXT=',
                    'Path=[\s\S]*?SHELL=',
                    'Path\x3d[\s\S]*?PWD\x3d',
                    'Path\x3d[\s\S]*?PATHEXT\x3d',
                    'Path\x3d[\s\S]*?SHELL\x3d',
                    'SERVER_SIGNATURE=[\s\S]*?SERVER_SOFTWARE=',
                    'SERVER_SIGNATURE\x3d[\s\S]*?SERVER_SOFTWARE\x3d',
                    'Non-authoritative\sanswer:\s+Name:\s*',
                    'Server:\s*.*?\nAddress:\s*'
                ],
                "echo `echo 6162983|base64`6162983".format(randint): [
                    "NjE2Mjk4Mwo=6162983"
                ]
            }

应改为

url_flag = {
                "|set|set&set": [
                    'Path=[\s\S]*?PWD=',
                    'Path=[\s\S]*?PATHEXT=',
                    'Path=[\s\S]*?SHELL=',
                    'Path\x3d[\s\S]*?PWD\x3d',
                    'Path\x3d[\s\S]*?PATHEXT\x3d',
                    'Path\x3d[\s\S]*?SHELL\x3d',
                    'SERVER_SIGNATURE=[\s\S]*?SERVER_SOFTWARE=',
                    'SERVER_SIGNATURE\x3d[\s\S]*?SERVER_SOFTWARE\x3d',
                    'Non-authoritative\sanswer:\s+Name:\s*',
                    'Server:\s*.*?\nAddress:\s*'
                ],
                "|echo `echo 6162983|base64`6162983".format(randint): [
                    "NjE2Mjk4Mwo=6162983"
                ]
            }

POST /osrun/whois.php HTTP/1.1
Host: webscantest.com
Content-Length: 56
Cache-Control: max-age=0
Origin: http://webscantest.com
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://webscantest.com/osrun/whois.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7
Cookie: NB_SRVID=srv140700; TEST_SESSIONID=hj1gtcbkulk0df7vhggg0vf4o4
Connection: close
X-XSS-Protection:0

domain=example.com|echo%20`echo%206162983|base64`6162983

Unhandled exception (#bab72f14) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /sl/index.aspx?KindID=589&Type=304&FileID=2926 1.1
host: www.xxyw.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://www.xxyw.com/
dnt: 1
connection: keep-alive
upgrade-insecure-requests: 1
cache-control: max-age=0



Traceback (most recent call last):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "c:\python3\lib\site-packages\urllib3\response.py", line 479, in read
    data = self._fp.read(amt)
  File "c:\python3\lib\http\client.py", line 457, in read
    n = self.readinto(b)
  File "c:\python3\lib\http\client.py", line 501, in readinto
    n = self.fp.readinto(b)
  File "c:\python3\lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
ConnectionResetError: [WinError 10054] 远程主机强迫关闭了一个现有的连接。

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 531, in stream
    data = self.read(amt=amt, decode_content=decode_content)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 496, in read
    raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
  File "c:\python3\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerFile\sql_inject_bool.py", line 126, in audit
    r2 = requests.get(netloc, params=data, headers=headers)
  File "c:\python3\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "c:\python3\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "c:\python3\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "c:\python3\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "c:\python3\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

Unhandled exception (#740d9ac2) 

Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51


Traceback (most recent call last):
  File "/Users/boyhack/programs/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/boyhack/programs/w13scan/W13SCAN/plugins/PerFile/analyze_parameter.py", line 60, in audit
    raise Exception("test exception")
Exception: test exception

Unhandled exception (#c868d7fd) 

W13scan plugin traceback:
Running version: 0.9.7
Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51
GET /admin/ HTTP/1.1
host: emlog.demo
proxy-connection: keep-alive
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: http://emlog.demo/admin/
accept-encoding: gzip, deflate
accept-language: zh-CN,zh;q=0.9,en;q=0.8
cookie: *

Traceback (most recent call last):
  File "/Users/boyhack/programs/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/boyhack/programs/w13scan/W13SCAN/plugins/PerFile/analyze_parameter.py", line 75, in audit
    raise Exception("test 11")
Exception: test 11

Unhandled exception (#cb465701) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /e/tags/?tagname=清华大学朱令 1.1
host: www.oao2o.cn
proxy-connection: keep-alive
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate
accept-language: zh-CN,zh;q=0.9
cookie: *

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "c:\python3\lib\site-packages\urllib3\response.py", line 707, in read_chunked
    chunk = self._handle_chunk(amt)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 662, in _handle_chunk
    returned_chunk = self._fp._safe_read(self.chunk_left)
  File "c:\python3\lib\http\client.py", line 622, in _safe_read
    raise IncompleteRead(b''.join(s), amt)
http.client.IncompleteRead: IncompleteRead(8468 bytes read, 1265 more expected)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 527, in stream
    for line in self.read_chunked(amt, decode_content=decode_content):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 732, in read_chunked
    self._original_response.close()
  File "c:\python3\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ('Connection broken: IncompleteRead(8468 bytes read, 1265 more expected)', IncompleteRead(8468 bytes read, 1265 more expected))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerFile\cookie.py", line 46, in audit
    r = requests.get(url, cookies=data, headers=headers)
  File "c:\python3\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "c:\python3\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "c:\python3\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "c:\python3\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "c:\python3\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ('Connection broken: IncompleteRead(8468 bytes read, 1265 more expected)', IncompleteRead(8468 bytes read, 1265 more expected))

Unhandled exception (#ec951fe2) 

W13scan baseproxy get request traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /favicon.ico HTTP/1.1
host: www.xuekeedu.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
cookie: *

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\baseproxy.py", line 500, in do_GET
    self.send_error(404, 'response is None {}'.format(errMsg))
  File "c:\python3\lib\http\server.py", line 481, in send_error
    self.wfile.write(body)
  File "c:\python3\lib\socketserver.py", line 799, in write
    self._sock.sendall(b)
ConnectionAbortedError: [WinError 10053] 你的主机中的软件中止了一个已建立的连接。

Unhandled exception (#d2f28143) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET / HTTP/1.1
host: www.xxyw.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://www.xxyw.com/
dnt: 1
connection: keep-alive
upgrade-insecure-requests: 1
cache-control: max-age=0



Traceback (most recent call last):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "c:\python3\lib\site-packages\urllib3\response.py", line 479, in read
    data = self._fp.read(amt)
  File "c:\python3\lib\http\client.py", line 457, in read
    n = self.readinto(b)
  File "c:\python3\lib\http\client.py", line 501, in readinto
    n = self.fp.readinto(b)
  File "c:\python3\lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
ConnectionResetError: [WinError 10054] 远程主机强迫关闭了一个现有的连接。

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 531, in stream
    data = self.read(amt=amt, decode_content=decode_content)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 496, in read
    raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
  File "c:\python3\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerScheme\sensitive_folders.py", line 44, in audit
    r = requests.get(test_url, headers=headers, allow_redirects=False)
  File "c:\python3\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "c:\python3\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "c:\python3\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "c:\python3\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "c:\python3\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

Unhandled exception (#4abca377) 

W13scan baseproxy get request traceback:
Running version: 0.9.8
Python version: 3.7.3
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /cps/site/poll?cb=jsonp_bridge_1566198787223_2558439268470897&l=1&v=156619869541649774&s=11778604&e=18705410&dev=0&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223202696151260324680jmyv10874592888%22%2C%22sn%22%3A%22715595305%22%2C%22id%22%3A%22156619869541649774%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1566198787223 HTTP/1.1
host: p.qiao.baidu.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: */*
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://www.zzmind.com/
cookie: *

Traceback (most recent call last):
  File "E:\tools\poc\批量\w13scan\W13SCAN\lib\baseproxy.py", line 500, in do_GET
    self.send_error(404, 'response is None {}'.format(errMsg))
  File "D:\python\python3.7\lib\http\server.py", line 481, in send_error
    self.wfile.write(body)
  File "D:\python\python3.7\lib\socketserver.py", line 799, in write
    self._sock.sendall(b)
ConnectionAbortedError: [WinError 10053] 你的主机中的软件中止了一个已建立的连接。

Unhandled exception (#740d9ac2) 

Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51


Traceback (most recent call last):
  File "/Users/boyhack/programs/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/boyhack/programs/w13scan/W13SCAN/plugins/PerFile/analyze_parameter.py", line 60, in audit
    raise Exception("test exception")
Exception: test exception

Unhandled exception (#f3bb5d83) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /lineindex.aspx?id=002008001 1.1
host: www.21sj-tour.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
dnt: 1
connection: keep-alive
upgrade-insecure-requests: 1



Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerFile\command_system.py", line 75, in audit
    r = requests.get(netloc, params=data, headers=headers)
  File "c:\python3\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "c:\python3\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "c:\python3\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 668, in send
    history = [resp for resp in gen] if allow_redirects else []
  File "c:\python3\lib\site-packages\requests\sessions.py", line 668, in <listcomp>
    history = [resp for resp in gen] if allow_redirects else []
  File "c:\python3\lib\site-packages\requests\sessions.py", line 247, in resolve_redirects
    **adapter_kwargs
  File "c:\python3\lib\site-packages\requests\sessions.py", line 640, in send
    adapter = self.get_adapter(url=request.url)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 731, in get_adapter
    raise InvalidSchema("No connection adapters were found for '%s'" % url)
requests.exceptions.InvalidSchema: No connection adapters were found for 'returninfovalue:ID%20%e9%94%99%e8%af%af'

关于baseproxy.py 获取请求的问题。

baseproxy抓取链接的时候,有时候是/index.php?a=111 有时候是http://www.example.com/index.php?a=111
导致无法进入

def _is_replay(self):
        '''
        决定是否放行
        :return:
        '''
        ret = True
        target = self.path
        print(target)
        if not self.is_connected:
            target = self._target
        for i in INCLUDES:
            match = re.search(i, target, re.I)
            if match:
                ret = False
        for i in EXCLUDES:
            match = re.search(i, target, re.I)
            if match:
                ret = True
                break
        return ret

下面是抓取的信息

[2019-07-17 10:55:04] INFO HTTPServer is running at address( 0.0.0.0 , 7778 )......
/index.php?name=111
/index.php?name=111
/index.php?name=111
/index.php?name=111
clients4.google.com:443

Unhandled exception (#7a4c5b51) 

W13scan plugin traceback:
Running version: 0.9.10
Python version: 3.7.0
Operating system: Darwin-17.5.0-x86_64-i386-64bit
Threads: 51

request raw:
GET /kumex-trade/market/ 1.1
host: kitchen.kumex.top
connection: keep-alive
pragma: no-cache
cache-control: no-cache
accept: application/json, text/plain, */*
origin: https://www.kumex.top
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
referer: https://www.kumex.top/refer/overview
accept-encoding: gzip, deflate, 
accept-language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7
cookie: *

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/usr/local/lib/python3.7/site-packages/W13SCAN/plugins/PerFolder/filescan.py", line 114, in audit
    if payload["content-type_no1"]:
KeyError: 'content-type_no1'

Unhandled exception (#7ff66dda) 

W13scan baseproxy get request traceback:
Running version: 0.9.7
Python version: 3.7.4
Operating system: Darwin-18.6.0-x86_64-i386-64bit
Threads: 51

Traceback (most recent call last):
  File "/Users/go0p/Pycode/w13scan/W13SCAN/lib/baseproxy.py", line 482, in do_GET
    response = Response(request, self._proxy_sock)
  File "/Users/go0p/Pycode/w13scan/W13SCAN/lib/baseproxy.py", line 194, in __init__
    h.begin()
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 306, in begin
    version, status, reason = self._read_status()
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 267, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/socket.py", line 589, in readinto
    return self._sock.recv_into(b)
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1071, in recv_into
    return self.read(nbytes, buffer)
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 929, in read
    return self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

Unhandled exception (#740d9ac2) 

Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51


Traceback (most recent call last):
  File "/Users/boyhack/programs/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/boyhack/programs/w13scan/W13SCAN/plugins/PerFile/analyze_parameter.py", line 60, in audit
    raise Exception("test exception")
Exception: test exception

Unhandled exception (#3ba2b4f1) 

W13scan baseproxy get request traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Linux-4.19.0-kali5-amd64-x86_64-with-Kali-kali-rolling-kali-rolling
Threads: 51

request raw:
POST /control/auth_cross/email.php HTTP/1.1
host: 129.211.28.20:8010
proxy-connection: keep-alive
content-length: 28
cache-control: max-age=0
origin: http://129.211.28.20:8010
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: http://129.211.28.20:8010/control/auth_cross/email.php
accept-encoding: gzip, deflate
accept-language: zh-CN,zh;q=0.9
cookie: *

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/W13SCAN/lib/baseproxy.py", line 500, in do_GET
    self.send_error(404, 'response is None {}'.format(errMsg))
  File "/usr/lib/python3.7/http/server.py", line 481, in send_error
    self.wfile.write(body)
  File "/usr/lib/python3.7/socketserver.py", line 799, in write
    self._sock.sendall(b)
BrokenPipeError: [Errno 32] Broken pipe

Unhandled exception (#84a13f36) 

Python version: 3.7.4
Operating system: Linux-4.19.0-kali5-amd64-x86_64-with-Kali-kali-rolling-kali-rolling
Threads: 51

Traceback (most recent call last):
  File "/code/python_code/w13scan-master/W13SCAN/lib/baseproxy.py", line 479, in do_GET
    response = Response(request, self._proxy_sock)
  File "/code/python_code/w13scan-master/W13SCAN/lib/baseproxy.py", line 206, in __init__
    data = h.read()
  File "/usr/lib/python3.7/http/client.py", line 464, in read
    return self._readall_chunked()
  File "/usr/lib/python3.7/http/client.py", line 571, in _readall_chunked
    chunk_left = self._get_chunk_left()
  File "/usr/lib/python3.7/http/client.py", line 554, in _get_chunk_left
    chunk_left = self._read_next_chunk_size()
  File "/usr/lib/python3.7/http/client.py", line 514, in _read_next_chunk_size
    line = self.fp.readline(_MAXLINE + 1)
  File "/usr/lib/python3.7/socket.py", line 589, in readinto
    return self._sock.recv_into(b)
socket.timeout: timed out

Unhandled exception (#740d9ac2) 

Python version: 3.7.4
Operating system: Darwin-18.7.0-x86_64-i386-64bit
Threads: 51


Traceback (most recent call last):
  File "/Users/boyhack/programs/w13scan/W13SCAN/lib/plugins.py", line 51, in execute
    output = self.audit()
  File "/Users/boyhack/programs/w13scan/W13SCAN/plugins/PerFile/analyze_parameter.py", line 60, in audit
    raise Exception("test exception")
Exception: test exception

Unhandled exception (#5f2fee18) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /sl/index.aspx?KindID=762&Type=303&FileID=3835 1.1
host: www.xxyw.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://www.xxyw.com/
dnt: 1
connection: keep-alive
upgrade-insecure-requests: 1
cache-control: max-age=0



Traceback (most recent call last):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "c:\python3\lib\site-packages\urllib3\response.py", line 479, in read
    data = self._fp.read(amt)
  File "c:\python3\lib\http\client.py", line 457, in read
    n = self.readinto(b)
  File "c:\python3\lib\http\client.py", line 501, in readinto
    n = self.fp.readinto(b)
  File "c:\python3\lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
ConnectionResetError: [WinError 10054] 远程主机强迫关闭了一个现有的连接。

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 531, in stream
    data = self.read(amt=amt, decode_content=decode_content)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 496, in read
    raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
  File "c:\python3\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerFile\xpath_inject.py", line 79, in audit
    r = requests.get(netloc, headers=headers, params=data)
  File "c:\python3\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "c:\python3\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "c:\python3\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "c:\python3\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "c:\python3\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

Unhandled exception (#f156b3a2) 

W13scan plugin traceback:
Running version: 0.9.8
Python version: 3.7.4
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /sl/index.aspx?KindID=589&Type=304&FileID=2926 1.1
host: www.xxyw.com
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate
referer: http://www.xxyw.com/
dnt: 1
connection: keep-alive
upgrade-insecure-requests: 1
cache-control: max-age=0



Traceback (most recent call last):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 397, in _error_catcher
    yield
  File "c:\python3\lib\site-packages\urllib3\response.py", line 479, in read
    data = self._fp.read(amt)
  File "c:\python3\lib\http\client.py", line 457, in read
    n = self.readinto(b)
  File "c:\python3\lib\http\client.py", line 501, in readinto
    n = self.fp.readinto(b)
  File "c:\python3\lib\socket.py", line 589, in readinto
    return self._sock.recv_into(b)
ConnectionResetError: [WinError 10054] 远程主机强迫关闭了一个现有的连接。

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\requests\models.py", line 750, in generate
    for chunk in self.raw.stream(chunk_size, decode_content=True):
  File "c:\python3\lib\site-packages\urllib3\response.py", line 531, in stream
    data = self.read(amt=amt, decode_content=decode_content)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 496, in read
    raise IncompleteRead(self._fp_bytes_read, self.length_remaining)
  File "c:\python3\lib\contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "c:\python3\lib\site-packages\urllib3\response.py", line 415, in _error_catcher
    raise ProtocolError('Connection broken: %r' % e, e)
urllib3.exceptions.ProtocolError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python3\lib\site-packages\W13SCAN\lib\plugins.py", line 51, in execute
    output = self.audit()
  File "c:\python3\lib\site-packages\W13SCAN\plugins\PerFile\command_system.py", line 75, in audit
    r = requests.get(netloc, params=data, headers=headers)
  File "c:\python3\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "c:\python3\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "c:\python3\lib\site-packages\W13SCAN\thirdpart\requests\__init__.py", line 77, in session_request
    resp = self.send(prep, **send_kwargs)
  File "c:\python3\lib\site-packages\requests\sessions.py", line 686, in send
    r.content
  File "c:\python3\lib\site-packages\requests\models.py", line 828, in content
    self._content = b''.join(self.iter_content(CONTENT_CHUNK_SIZE)) or b''
  File "c:\python3\lib\site-packages\requests\models.py", line 753, in generate
    raise ChunkedEncodingError(e)
requests.exceptions.ChunkedEncodingError: ("Connection broken: ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None)", ConnectionResetError(10054, '远程主机强迫关闭了一个现有的连接。', None, 10054, None))

Unhandled exception (#a6eaf2c0) 

W13scan baseproxy get request traceback:
Running version: 0.9.8
Python version: 3.7.3
Operating system: Windows-10-10.0.17763-SP0
Threads: 51

request raw:
GET /js/12/000/0000/41160546/CA120000000411605460002.js HTTP/1.1
host: dcs.conac.cn
proxy-connection: keep-alive
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
accept: */*
referer: http://www.zjjy.com.cn/18/list.htm
accept-encoding: gzip, deflate
accept-language: zh-CN,zh;q=0.9
cookie: *

Traceback (most recent call last):
  File "D:\hacker系列\扫描工具\w13scan-master\w13scan-master\W13SCAN\lib\baseproxy.py", line 500, in do_GET
    self.send_error(404, 'response is None {}'.format(errMsg))
  File "D:\Python37\lib\http\server.py", line 481, in send_error
    self.wfile.write(body)
  File "D:\Python37\lib\socketserver.py", line 799, in write
    self._sock.sendall(b)
ConnectionAbortedError: [WinError 10053] 你的主机中的软件中止了一个已建立的连接。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.