wvs+nmap+theharvester扫描

https://github.com/yang8e/test

client.py放到wvs的目录下
server.py放到vps根目录下。
有高危会发邮件，账号密码等信息在client.py中

• client.py

  import os
  import re
  import paramiko
  import smtplib
  
  def sendmail(message):
      smtpObj = smtplib.SMTP('smtp-mail.outlook.com',587)
      smtpObj.ehlo()
      smtpObj.starttls()
      smtpObj.login('admin@live.cn','222222')
      smtpObj.sendmail('admin@live.cn','admin@qq.com',message)
      smtpObj.quit()
  
  
  print('input urls------------------:')
  
  input_url = input()
  #远程连接服务器，进行信息收集，并下载到本地
  transport = paramiko.Transport(('45.1.1.1', 22))
  transport.connect(username='root', password='22222222')
  ssh = paramiko.SSHClient()
  ssh._transport = transport
  stdin,stdout,stderr = ssh.exec_command('python /root/server.py '+input_url)
  cat_ = stdout.read().decode()
  print(cat_)
  sftp = paramiko.SFTPClient.from_transport(transport)
  sftp.get('/root/url1.txt', 'url_list.txt')
  #---------------------------------------------------
  
  ls=open('url_list.txt','r')
  for i in ls: 
      get_ip = i.strip('\n')
      get_scan = os.popen('wvs_console.exe /scan '+get_ip).read()
      print(get_scan)
      if get_scan in '0 high':
          print('don\'t need look '+i+'\n\n')
      else:
          message = 'Subject: Vulnerability \n'+i
          sendmail(message) 
  

• server.py

  import os
  import re
  import smtplib
  import sys
  
  def nmap_scan():
      os.system('nmap -T4 -p23,22,80,443,445,873,3128,3306,1433,4848,4440,6082,6379,7001,7021,7080,7474,7755,7766,7888,8060,8880,8000,8881,8008,8080,8081,8087,8443,8090,8099,8088,8882,8883,8884,8885,8886,8887,8888,9043,9080,9090,9200,10000,15672,18080,11211,27017,50000 --open -oG nmap_out.txt -iL url1.txt')
      list_nmap = []
      st = open('url1.txt','w')
      fo=open('nmap_out.txt','r')
      for i in fo.readlines():
          list_nmap.append(i)
      get_list = list(set(list_nmap))
      for line in get_list:
          if 'http' in line:
              ip = re.compile(r'(\d)*\.(\d)*\.(\d)*\.(\d)*')
              find_ip = ip.search(line)
              ip_cat = find_ip.group()
              line1 = line.split('Ports: ')
              line2 = line1[1].split(', ')
              for i in line2:
                  if 'http' in i:
                      port = i.split('/')
                      url = 'http://'+ip_cat+':'+port[0]
                      st.write(url+'\n')
  
  def theHarvester_scan(target):
      os.system('python /root/theHarvester/theHarvester.py -d '+target+' -b all -l 500 -s 300 > /root/url.txt')
      f=open('url.txt','r')
      file_read = f.read()
      r = re.findall("(.*?) : ",file_read)
      dd = "\n".join(r)
      d=open('url1.txt','w')
      d.write(dd)
      nmap_scan()
  
  input_url = sys.argv[1]
  theHarvester_scan(input_url)