Skip to content

支持CIDR扫描 #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
akkuman wants to merge 3 commits into
base: master
Choose a base branch
from
Open

支持CIDR扫描 #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
289b5b6
:sparkles: 参数支持cidr
akkuman Jan 5, 2022
6670656
:bug: 修正非标准ip的/24展开
akkuman Jan 5, 2022
d555eaa
:memo: 更新CIDR支持文档
akkuman Jan 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ POC的模板文件例子:`Plugins/Vul/Web/__template__.py`
| :------------------------------------------------------- | :-------------------------------------------- |
| python3 ShuiZe.py -d domain.com | 收集单一的根域名资产 |
| python3 ShuiZe.py --domainFile domain.txt | 批量跑根域名列表 |
| python3 ShuiZe.py -c 192.168.1.0,192.168.2.0,192.168.3.0 | 收集C段资产 |
| python3 ShuiZe.py -c 192.168.1.0,192.168.2.0,192.168.3.0 | 收集CIDR资产(支持 a.b.c.d/e 以及 a.b.c.d-d.e.f.g 形式的ip段,如果全部为纯ip的话,将自动展开为c段) |
| python3 ShuiZe.py -f url.txt | 对url里的网站漏洞检测 |
| python3 ShuiZe.py --fofaTitle XXX大学 | 从fofa里收集标题为XXX大学的资产,然后漏洞检测 |
| python3 ShuiZe.py -d domain.com --justInfoGather 1 | 仅信息收集,不检测漏洞 |
Expand Down
36 changes: 30 additions & 6 deletions ShuiZe.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1354,6 +1354,33 @@ def checkVersion():
except Exception as e:
print('获取版本信息失败...')

# 根据所给的cidr字符串获取所有的ip
def get_subnet(subnet: str):
cips = []
if subnet:
cip_list = subnet.split(',')
# 如果 c 段字符串不包含 /和-,则默认跑 c 段,否则根据用户所填写的实际段来跑
if '/' not in subnet and '-' not in subnet:
for cip in cip_list:
cip = str(IP(IP(cip).int() >> 8 << 8))
cips.append('{}/24'.format(cip))
else:
for cip in cip_list:
# 127.0.0.0-127.255.255.255
if '-' in cip:
# 不使用IPy处理是因为IPy不支持类似 127.0.0.2-127.255.255.255
ip_start, ip_end = cip.split('-')
for ip_int in range(IP(ip_start).int(), IP(ip_end).int()+1):
cips.append(str(IP(ip_int)))
else:
ip_, mask_ = cip.split('/')
mask_ = int(mask_ or 32)
ip_ = str(IP(IP(ip_).int() >> (32 - mask_) << (32 - mask_)))
cips.append('{}/{}'.format(ip_, mask_))
for cip in cips:
for ip in IP(cip):
yield ip

# 初始配置
def _init():
global domain, cSubnet, save_fold_path, excel, excel_name, excelSavePath, proxy, \
Expand Down Expand Up @@ -1428,12 +1455,9 @@ def _init():
requests_proxies = None

# 分割C段,获取ip
if cSubnet:
CIP_List = cSubnet.split(',')
for CIP in CIP_List:
for ip in IP('{}/24'.format(CIP)):
allTargets_Queue.put(str(ip))
allTargets_List.append(str(ip))
for ip in get_subnet(cSubnet):
allTargets_Queue.put(str(ip))
allTargets_List.append(str(ip))

# 扫描外网时加载文件扫描
if File and not isIntranet:
Expand Down