首页 > 代码库 > Web漏洞扫描工具-python
Web漏洞扫描工具-python
这是去年毕设做的一个Web漏洞扫描小工具,主要针对简单的SQL注入漏洞、SQL盲注和XSS漏洞,代码是看过github外国大神(听说是SMAP的编写者之一)的两个小工具源码,根据里面的思路自己写的。以下是使用说明和源代码。
一、使用说明:
1.运行环境:
Linux命令行界面+Python2.7
2.程序源码:
Vim scanner//建立一个名为scanner的文件
Chmod a+xscanner//修改文件权限为可执行的
3.运行程序:
Python scanner//运行文件
若没有携带目标URL信息,界面输出帮助信息,提醒可以可输入的参数。
参数包括:
--h 输出帮助信息
--url 扫描的URL
--data POST请求方法的参数
--cookie HTTP请求头Cookie值
--user-agent HTTP请求头User-Agent值
--random-agent 是否使用浏览器伪装
--referer 目标URL的上一层界面
--proxy HTTP请求头代理值
例如扫描“http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=&Submit=Submit”
Python scanner--url="http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=&Submit=Submit"--cookie="security=low;PHPSESSID=menntb9b2isj7qha739ihg9of1"
输出扫描结果如下:
结果显示:
存在XSS漏洞,漏洞匹配漏洞特征库“”>.XSS.<””,属于嵌入标签外的类型。
存在SQL注入漏洞,目标网站服务器的数据库类型为MYSQL。
存在BLIND SQL注入漏洞。
二、源代码:
代码验证过可以运行,我个人推荐用DVWA测试吧。
#!-*-coding:UTF-8-*-
import optparse, random, re, string, urllib, urllib2,difflib,itertools,httplib
NAME = "Scanner for RXSS and SQLI"
AUTHOR = "Lishuze"
PREFIXES = (" ", ") ", "' ", "') ", "\"")
SUFFIXES = ("", "-- -", "#")
BOOLEAN_TESTS = ("AND %d=%d", "OR NOT (%d=%d)")
TAMPER_SQL_CHAR_POOL = ('(', ')', '\'', '"')
TAMPER_XSS_CHAR_POOL = ('\'', '"', '>', '<', ';')
GET, POST = "GET", "POST"
COOKIE, UA, REFERER = "Cookie", "User-Agent", "Referer"
TEXT, HTTPCODE, TITLE, HTML = xrange(4)
_headers = {}
USER_AGENTS = (
"Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Firefox/38.0",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36",
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7_0; en-US) AppleWebKit/534.21 (KHTML, like Gecko) Chrome/11.0.678.0 Safari/534.21",
)
XSS_PATTERNS = (
(r"<!--[^>]*%(chars)s|%(chars)s[^<]*-->","\"<!--.'.xss.'.-->\", inside the comment", None),
(r"(?s)<script[^>]*>[^<]*?'[^<']*%(chars)s|%(chars)s[^<']*'[^<]*</script>","\"<script>.'.xss.'.</script>\", enclosed by <script> tags, inside single-quotes", None),
(r'(?s)<script[^>]*>[^<]*?"[^<"]*%(chars)s|%(chars)s[^<"]*"[^<]*</script>',"'<script>.\".xss.\".</script>', enclosed by <script> tags, inside double-quotes", None),
(r"(?s)<script[^>]*>[^<]*?%(chars)s|%(chars)s[^<]*</script>","\"<script>.xss.</script>\", enclosed by <script> tags", None),
(r">[^<]*%(chars)s[^<]*(<|\Z)", "\">.xss.<\", outside of tags", r"(?s)<script.+?</script>|<!--.*?-->"),
(r"<[^>]*'[^>']*%(chars)s[^>']*'[^>]*>", "\"<.'.xss.'.>\", inside the tag, inside single-quotes", r"(?s)<script.+?</script>|<!--.*?-->"),
(r'<[^>]*"[^>"]*%(chars)s[^>"]*"[^>]*>', "'<.\".xss.\".>', inside the tag, inside double-quotes", r"(?s)<script.+?</script>|<!--.*?-->"),
(r"<[^>]*%(chars)s[^>]*>", "\"<.xss.>\", inside the tag, outside of quotes", r"(?s)<script.+?</script>|<!--.*?-->")
)
DBMS_ERRORS = {
"MySQL": (r"SQL syntax.*MySQL", r"Warning.*mysql_.*", r"valid MySQL result", r"MySqlClient\."),
"Microsoft SQL Server": (r"Driver.* SQL[\-\_\ ]*Server", r"OLE DB.* SQL Server", r"(\W|\A)SQL Server.*Driver", r"Warning.*mssql_.*", r"(\W|\A)SQL Server.*[0-9a-fA-F]{8}", r"(?s)Exception.*\WSystem\.Data\.SqlClient\.", r"(?s)Exception.*\WRoadhouse\.Cms\."),
"Microsoft Access": (r"Microsoft Access Driver", r"JET Database Engine", r"Access Database Engine"),
"Oracle": (r"ORA-[0-9][0-9][0-9][0-9]", r"Oracle error", r"Oracle.*Driver", r"Warning.*\Woci_.*", r"Warning.*\Wora_.*")
}
def _retrieve_content_xss(url, data=http://www.mamicode.com/None):>
最后,有意向把这个当毕业设计的,可以加QQ29027646买论文看原理。
Web漏洞扫描工具-python