https://github.com/yang8e/test

client.py放到wvs的目录下
server.py放到vps根目录下。
有高危会发邮件,账号密码等信息在client.py中
  • client.py
    import os
    import re
    import paramiko
    import smtplib
    
    def sendmail(message):
        smtpObj = smtplib.SMTP('smtp-mail.outlook.com',587)
        smtpObj.ehlo()
        smtpObj.starttls()
        smtpObj.login('admin@live.cn','222222')
        smtpObj.sendmail('admin@live.cn','admin@qq.com',message)
        smtpObj.quit()
    
    
    print('input urls------------------:')
    
    input_url = input()
    #远程连接服务器,进行信息收集,并下载到本地
    transport = paramiko.Transport(('45.1.1.1', 22))
    transport.connect(username='root', password='22222222')
    ssh = paramiko.SSHClient()
    ssh._transport = transport
    stdin,stdout,stderr = ssh.exec_command('python /root/server.py '+input_url)
    cat_ = stdout.read().decode()
    print(cat_)
    sftp = paramiko.SFTPClient.from_transport(transport)
    sftp.get('/root/url1.txt', 'url_list.txt')
    #---------------------------------------------------
    
    ls=open('url_list.txt','r')
    for i in ls: 
        get_ip = i.strip('\n')
        get_scan = os.popen('wvs_console.exe /scan '+get_ip).read()
        print(get_scan)
        if get_scan in '0 high':
            print('don\'t need look '+i+'\n\n')
        else:
            message = 'Subject: Vulnerability \n'+i
            sendmail(message) 
    
  • server.py
    import os
    import re
    import smtplib
    import sys
    
    def nmap_scan():
        os.system('nmap -T4 -p23,22,80,443,445,873,3128,3306,1433,4848,4440,6082,6379,7001,7021,7080,7474,7755,7766,7888,8060,8880,8000,8881,8008,8080,8081,8087,8443,8090,8099,8088,8882,8883,8884,8885,8886,8887,8888,9043,9080,9090,9200,10000,15672,18080,11211,27017,50000 --open -oG nmap_out.txt -iL url1.txt')
        list_nmap = []
        st = open('url1.txt','w')
        fo=open('nmap_out.txt','r')
        for i in fo.readlines():
            list_nmap.append(i)
        get_list = list(set(list_nmap))
        for line in get_list:
            if 'http' in line:
                ip = re.compile(r'(\d)*\.(\d)*\.(\d)*\.(\d)*')
                find_ip = ip.search(line)
                ip_cat = find_ip.group()
                line1 = line.split('Ports: ')
                line2 = line1[1].split(', ')
                for i in line2:
                    if 'http' in i:
                        port = i.split('/')
                        url = 'http://'+ip_cat+':'+port[0]
                        st.write(url+'\n')
    
    def theHarvester_scan(target):
        os.system('python /root/theHarvester/theHarvester.py -d '+target+' -b all -l 500 -s 300 > /root/url.txt')
        f=open('url.txt','r')
        file_read = f.read()
        r = re.findall("(.*?) : ",file_read)
        dd = "\n".join(r)
        d=open('url1.txt','w')
        d.write(dd)
        nmap_scan()
    
    input_url = sys.argv[1]
    theHarvester_scan(input_url)
    

发表评论

电子邮件地址不会被公开。 必填项已用*标注