御剑

御剑

关注
发信
关注(28)粉丝(399)

python写个御剑

前言:

今天师傅叫我,写个python版的御剑。然后我之前也写过

不过不怎么样,这次有新想法。

思路:

御剑:读取御剑配置文件里的所有路径,加上用户要扫描的url。进行批量检测,如果状态码为200并且无Error.ini里面的错误就存在该路径。报存在save.txt (详细看代码)

路径:

python写个御剑-LMLPHP

御剑代码:

import requests

import random

import os

file=[]

url=[]

error=[]

bc=[]

ip=[]

headers={}

user=input('Import TXT:')

banner='''

 ____            _

|  _ \  ___  ___| |_ _ __ ___  _   _  ___ _ __

| | | |/ _ \/ __| __| '__/ _ \| | | |/ _ \ '__|

| |_| |  __/\__ \ |_| | | (_) | |_| |  __/ |

|____/ \___||___/\__|_|  \___/ \__, |\___|_|

                               |___/

Producer:Nine world

'''

useragent=[]

twoo=[]

print(banner)

def urls():

    dk=open('{}'.format(user),'r')

    for k in dk.readlines():

        qcs="".join(k.split('\n'))

        url.append(qcs)

    print('[+]url.txt Load completion')

    print(' ')

    print(' ')

urls()

def judge():

  pd=os.listdir('御剑配置文件')

  for name in pd:

      file.append(name)

  for f in file:

    print('[+]existence {}'.format(f))

  print(' ')

  print(' ')

  dk=open('user-agent.txt','r')

  for d in dk.readlines():

      qc="".join(d.split('\n'))

      useragent.append(qc)

  print('[+]user-agent Load completion')

  print(' ')

  print(' ')

judge()

def errors():

    lv=open('Error/error.txt','r')

    for e in lv.readlines():

        qcsw="".join(e.split('\n'))

        error.append(qcsw)

    print('[+]The filter file is loaded')

    print(' ')

    print(' ')

errors()

def forge():

    sj=[]

    dkw=open('ip.txt','r')

    for i in dkw.readlines():

        k="".join(i.split('\n'))

        ip.append(k)

    for g in range(0,len(useragent)):

        u='User-Agent='

        x='X-Forwarded-For='

        c='Client-IP='

        sj.append(u+useragent[g]+'&'+x+ip[g]+'&'+c+ip[g])

    kc=list(set(sj))

    su=random.choice(kc)

    qc=str(su)

    for v in qc.split('&'):

        key,value=v.split('=',1)

        headers[key]=value

forge()

def exploit():

  wi=os.listdir('御剑配置文件')

  for w in wi:

      dp=open('{}'.format('御剑配置文件/'+w),'r',encoding='gbk')

      for s in dp.readlines():

          we="".join(s.split('\n'))

          for u in url:

              up='{}'.format(u).rstrip('/')+we

              try:

                requet=requests.get(url=up,headers=headers,timeout=3,allow_redirects=False)

                for e in error:

                    if requet.status_code==200 and not e in requet.text:

                        ok='[+]code:{} url:{}'.format(requet.status_code,requet.url)

                        if ok in twoo:continue

                        twoo.append(ok)

                        print(ok)

                    else:

                        no='[x]Not url :{}'.format(requet.url)

                        if no in bc:continue

                        bc.append(no)

                        print(no)

              except Exception as u:

                  print('[-]Error {}'.format(u))

  if len(twoo)>0:

      od=open('save.txt','w')

      od.close()

      xr=open('save.txt','r')

      for c in twoo:

          print(c,file=open('save.txt','a'))

exploit()

python写个御剑-LMLPHP

测试效果:

python写个御剑-LMLPHP

Github下载地址:https://github.com/422926799/python/tree/master/%E5%BE%A1%E5%89%91

04-26 20:04
Powered by LMLPHP ©2024 御剑 0.079980