up

3xp10it · 3xp10it · commit cbc8d61859b9 · 2017-12-18T18:01:22.000+08:00
diff --git a/crawler/crawler/settings.py b/crawler/crawler/settings.py
@@ -9,7 +9,7 @@
 #     http://scrapy.readthedocs.org/en/latest/topics/downloader-middleware.html
 #     http://scrapy.readthedocs.org/en/latest/topics/spider-middleware.html
 import os,sys
-exp10it_module_path = os.path.expanduser("~")+"/mypypi"
+exp10it_module_path = os.path.expanduser("~")+"/exp10it"
 sys.path.insert(0, exp10it_module_path)
 exploit_path = os.path.abspath("...")
 sys.path.insert(0, exploit_path)
diff --git a/crawler/crawler/spiders/exp10it_spider.py b/crawler/crawler/spiders/exp10it_spider.py
@@ -6,7 +6,7 @@
 import scrapy
 from scrapy_splash import SplashRequest
 from crawler.items import CrawlerItem
-exp10it_module_path = os.path.expanduser("~")+"/mypypi"
+exp10it_module_path = os.path.expanduser("~")+"/exp10it"
 sys.path.insert(0, exp10it_module_path)
 from exploit import get_url_cookie
 from exploit import get_url_belong_main_target_domain
@@ -78,10 +78,11 @@ def add_url_templet_to_collected_urls(self, url):
         url=re.sub(r"(#[^\?]*)$","",url)
         parsed = urlparse(url)
         if len(parsed)<4:
-            pdb.set_trace()
+            input(77777777777)
+            #pdb.set_trace()
         url_page = parsed[0] + "://" + parsed[1] + \
             (parsed[2] if "^" not in parsed[2] else parsed[2].split('^')[0])
-        param_part = parsed[2].split("^")[1] if "^" in url else parsed[4]
+        param_part = parsed[4].split("^")[1] if "^" in url else parsed[4]
         param_list = param_part.split("&")
         pure_param_list = []
         if param_list != ['']:
@@ -161,9 +162,10 @@ def start_requests(self):
                                     args={'lua_source': self.lua_script, 'http_method': 'POST',
                                         'body': post_data})
             else:
-                if url=="http://m.pingan.com/":
-                    input(6666666666)
-                    pdb.set_trace()
+                if "m.pingan.com" in url:
+                    pass
+                    #input(6666666666)
+                    #pdb.set_trace()
                 yield SplashRequest(url, self.parse_get, endpoint='execute',
                                     magic_response=True, meta={'handle_httpstatus_all': True},
                                     args={'lua_source': self.lua_script})
@@ -195,17 +197,21 @@ def parse_get(self, response):
             item['like_webshell_url'] == True
 
         if item['current_url']=="http://m.pingan.com/":
-            pdb.set_trace()
-        yield item
+            pass
+            #input(111111)
+            #pdb.set_trace()
+        return item
 
         url_main_target_domain = get_url_belong_main_target_domain(
             self.start_url)
 
         for url in urls:
             url_templet_list=get_url_templet_list(url)
             url_http_domain = get_http_domain_from_url(url)
-            if url=="http://m.pingan.com/":
-                pdb.set_trace()
+            if "m.pingan.com" in url:
+                pass
+                #input(22222222)
+                #pdb.set_trace()
             if url_is_sub_domain_to_http_domain(url, urlparse(url)[0] + "://" + url_main_target_domain) and url_http_domain not in item['sub_domains_list']:
                 item['sub_domains_list'].append(url_http_domain)
             if urlparse(url).hostname != self.domain:
@@ -241,8 +247,10 @@ def parse_get(self, response):
                 elif match_logoff:
                     pass
                 else:
-                    if url=="http://m.pingan.com/":
-                        pdb.set_trace()
+                    if "m.pingan.com" in url:
+                        pass
+                        #input(3333333333)
+                        #pdb.set_trace()
                     yield SplashRequest(url, self.parse_get, endpoint='execute', magic_response=True, meta={'handle_httpstatus_all': True}, args={'lua_source': self.lua_script})
 
     def parse_post(self, response):
@@ -263,5 +271,7 @@ def parse_post(self, response):
             item['like_webshell_url'] == True
 
         if item['current_url']=="http://m.pingan.com/":
-            pdb.set_trace()
-        yield item
+            pass
+            #input(66666666666)
+            #pdb.set_trace()
+        return item
diff --git a/develop.md b/develop.md
@@ -41,13 +41,13 @@ cms_url = get_cms_entry_from_start_url(target):
 
 exploit.py文件中:
 
-get_target_urls_from_db(target,"exp10itdb"):
+get_target_urls_from_db(target,"exploitdb"):
     简介:用于从数据库中取出已经完成的爬虫后的目标的所有url,用于漏洞检测
-    参数:target为目标url,目前第2个参数固定为"exp10itdb"
+    参数:target为目标url,目前第2个参数固定为"exploitdb"
     返回值:目标url列表,返回值是列表形式,列表中的第个值为url,但是有类特殊的url(url中包含"^"符号),这类特殊的url表示
            post类型的url,"^"之后的值为post的内容
     用法示例:
-    get_target_urls_from_db("https://www.baidu.com/cms","exp10itdb")的返回值为:
+    get_target_urls_from_db("https://www.baidu.com/cms","exploitdb")的返回值为:
     ['https://www.baidu.com/cms/admin.php',
     'https://www.baidu.com/cms/index.php?a=1&b=2',
     'https://www.baidu.com/cms/upload.php^filename=1.php&Submit=Submit',
diff --git a/exploit.py b/exploit.py
@@ -3,7 +3,7 @@
 import re
 import os
 import sys
-exp10it_module_path = os.path.expanduser("~")+"/mypypi"
+exp10it_module_path = os.path.expanduser("~")+"/exp10it"
 sys.path.insert(0, exp10it_module_path)
 import warnings
 from concurrent import futures
@@ -1236,7 +1236,8 @@ def get_target_table_name_info(target):
     if not target_is_pang_domain and not target_is_sub_domain:
         # 这时target为主要目标
         if target == "http://m.pingan.com/":
-            pdb.set_trace()
+            input(78787878)
+            # pdb.set_trace()
         if get_main_target_table_name(target) == "targets":
             target_is_main_and_table_is_targets = True
         elif get_main_target_table_name(target) == "first_targets":
diff --git a/exps/cmdi/cmdi.py b/exps/cmdi/cmdi.py
@@ -3,7 +3,7 @@
 import time
 import sys
 
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 from exp10it import CLIOutput
 
diff --git a/exps/code_leak/code_leak.py b/exps/code_leak/code_leak.py
@@ -2,7 +2,7 @@
 import os
 import sys
 
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 
 from exp10it import get_request
diff --git a/exps/heartbleed/heartbleed.py b/exps/heartbleed/heartbleed.py
@@ -1,7 +1,7 @@
 import re
 import os
 import sys
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 from urllib.parse import urlparse
 from exp10it import get_string_from_command
diff --git a/exps/iis/iis.py b/exps/iis/iis.py
@@ -1,7 +1,7 @@
 import re
 import os
 import sys
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 from exp10it import get_server_type
 from exp10it import get_string_from_command
diff --git a/exps/j_security_check/j_security_check.py b/exps/j_security_check/j_security_check.py
@@ -3,7 +3,7 @@
 import sys
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 
 from exp10it import COMMON_NOT_WEB_PORT_LIST
diff --git a/exps/joomla_rce/joomla_rce.py b/exps/joomla_rce/joomla_rce.py
@@ -5,7 +5,7 @@
 # joomla_exp write php shell to joomla root dir
 import os
 import sys
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 import re
 import time
diff --git a/exps/lfi/lfi.py b/exps/lfi/lfi.py
@@ -3,7 +3,7 @@
 import sys
 import requests
 
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 from exp10it import CLIOutput
 
diff --git a/exps/ms08-067/ms08-067.py b/exps/ms08-067/ms08-067.py
@@ -1,7 +1,7 @@
 import os
 import sys
 
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 
 import re
diff --git a/exps/ms17-010/ms17-010.py b/exps/ms17-010/ms17-010.py
@@ -1,7 +1,7 @@
 import re
 import os
 import sys
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 import time
 from urllib.parse import urlparse
diff --git a/exps/shellshock/shellshock.py b/exps/shellshock/shellshock.py
@@ -5,7 +5,7 @@
 import sys
 from urllib.parse import urlparse
 
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 from exploit import get_target_urls_from_db
 from exploit import execute_sql_in_db
diff --git a/exps/solr/solr.py b/exps/solr/solr.py
@@ -3,7 +3,7 @@
 import sys
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
diff --git a/exps/struts2/struts2.py b/exps/struts2/struts2.py
@@ -7,7 +7,7 @@
 import re
 import os
 import sys
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 from urllib.parse import urlparse
 from exp10it import CLIOutput
diff --git a/exps/uddiexplorer_SearchPublicRegistries/uddiexplorer_SearchPublicRegistries.py b/exps/uddiexplorer_SearchPublicRegistries/uddiexplorer_SearchPublicRegistries.py
@@ -3,7 +3,7 @@
 import os
 import sys
 
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 
 from exploit import get_target_table_name_list
diff --git a/exps/unauthorize/unauthorize.py b/exps/unauthorize/unauthorize.py
@@ -1,7 +1,7 @@
 import os
 import sys
 import re
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 import requests
 from exp10it import CLIOutput
diff --git a/exps/weblogic/weblogic.py b/exps/weblogic/weblogic.py
@@ -3,7 +3,7 @@
 import os
 import sys
 from urllib.parse import urlparse
-exp10it_module_path = os.path.expanduser("~") + "/mypypi"
+exp10it_module_path = os.path.expanduser("~") + "/exp10it"
 sys.path.insert(0, exp10it_module_path)
 
 
diff --git a/ipproxypool_scrapysplash_server.py b/ipproxypool_scrapysplash_server.py
@@ -1,7 +1,7 @@
 import os
 import sys
 
-exp10it_module_path = os.path.expanduser("~")+"/mypypi"
+exp10it_module_path = os.path.expanduser("~")+"/exp10it"
 sys.path.insert(0, exp10it_module_path)
 
 from exp10it import start_ipproxypool
diff --git a/readme.md b/readme.md
@@ -7,6 +7,7 @@ assume no liability and are not responsible for any misuse or damage caused by t
 ### Install 
 
 git clone https://github.com/3xp10it/exploit.git
+cd exploit && pip3 install -r requirements.txt
 
 ### Usage
 
