From fa37dda0ce5ced7e9ae6fbff9be0a0c55b147a6a Mon Sep 17 00:00:00 2001 From: kelvinBen Date: Wed, 11 Nov 2020 11:43:38 +0800 Subject: [PATCH] =?UTF-8?q?1.=20=E5=B0=86web=E4=BB=BB=E5=8A=A1=E5=A4=84?= =?UTF-8?q?=E7=90=86=E9=80=BB=E8=BE=91=E6=B7=BB=E5=8A=A0=E8=87=B3=E4=BB=BB?= =?UTF-8?q?=E5=8A=A1=E5=A4=84=E7=90=86=E4=B8=AD=E5=BF=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app.py | 6 ++--- libs/task/base_task.py | 2 +- libs/task/ios_task.py | 1 - libs/task/web_task.py | 61 ++++++++++++++++-------------------------- update.md | 16 ++--------- 5 files changed, 29 insertions(+), 57 deletions(-) diff --git a/app.py b/app.py index 1047453..32d5405 100644 --- a/app.py +++ b/app.py @@ -63,10 +63,10 @@ def web(inputs: str, rules: str, all_str:bool,threads:int) -> None: bootstrapper = Bootstrapper(__file__) bootstrapper.init() - # BaseTask("Web", inputs, rules,all_str, threads).start() + BaseTask("Web", inputs, rules,all_str, threads).start() - task = WebTask(input, rules,all,threads) - task.start() + # task = WebTask(input, rules,all,threads) + # task.start() except Exception as e: raise e diff --git a/libs/task/base_task.py b/libs/task/base_task.py index 32fad56..1ef581e 100644 --- a/libs/task/base_task.py +++ b/libs/task/base_task.py @@ -76,7 +76,7 @@ class BaseTask(object): task_info = iOSTask(self.path,self.no_resource).start() # 调用Web 相关处理逻辑 else: - task_info = WebTask.start() + task_info = WebTask(self.path).start() return task_info def __threads_control__(self,file_queue): diff --git a/libs/task/ios_task.py b/libs/task/ios_task.py index 7b92c27..d6ebe4f 100644 --- a/libs/task/ios_task.py +++ b/libs/task/ios_task.py @@ -36,7 +36,6 @@ class iOSTask(object): return {"shell_flag":self.shell_flag,"file_queue":self.file_queue,"comp_list":[],"packagename":None} def __get_file_header__(self,file_path): - print("====================") hex_hand = 0x0 with open(file_path,"rb") as macho_file: macho_file.seek(hex_hand,0) diff --git a/libs/task/web_task.py b/libs/task/web_task.py index 14884ed..39da02a 100644 --- a/libs/task/web_task.py +++ b/libs/task/web_task.py @@ -17,38 +17,23 @@ class WebTask(object): value_list = [] result_dict = {} - def __init__(self, input, rules,all,threads): - self.path = input - if rules: - config.filter_strs.append(r'.*'+str(rules)+'.*') - self.all = all - self.threads = threads + def __init__(self, path): + self.path = path self.file_queue = Queue() - self.shell_falg=False def start(self): - # 此处判断是文件还是目录 - # 文件判断后缀 html,js,css,htm,xml等 - if len(config.web_file_suffix) <=0: scanner_file_suffix = ["html","js","html","xml"] scanner_file_suffix = config.web_file_suffix - if os.path.isdir(self.path): # 目录的话就提取 + if os.path.isdir(self.path): self.__get_scanner_file__(self.path,scanner_file_suffix) - else: - if not (self.path.split(".")[-1] in scanner_file_suffix): # 内容包含进行下步处理 + if not (self.path.split(".")[-1] in scanner_file_suffix): err_info = ("Retrieval of this file type is not supported. Select a file or directory with a suffix of %s" % ",".join(scanner_file_suffix)) raise Exception(err_info) self.file_queue.put(self.path) - - self.__start_threads() - - for thread in self.thread_list: - thread.join() - - self.__print__() + return {"comp_list":[],"shell_flag":False,"file_queue":self.file_queue,"packagename":None} def __get_scanner_file__(self,scanner_dir,file_suffix): dir_or_files = os.listdir(scanner_dir) @@ -61,22 +46,22 @@ class WebTask(object): if dir_file.split(".")[-1] in file_suffix: self.file_queue.put(dir_file_path) - def __print__(self): - print("=========The result set for the static scan is shown below:===============") - with open(cores.result_path,"a+") as f: - for key,value in self.result_dict.items(): - f.write(key+"\r") - for result in value: - if result in self.value_list: - continue - self.value_list.append(result) - print(result) - f.write("\t"+result+"\r") - print("For more information about the search, see: %s" %(cores.result_path)) + # def __print__(self): + # print("=========The result set for the static scan is shown below:===============") + # with open(cores.result_path,"a+") as f: + # for key,value in self.result_dict.items(): + # f.write(key+"\r") + # for result in value: + # if result in self.value_list: + # continue + # self.value_list.append(result) + # print(result) + # f.write("\t"+result+"\r") + # print("For more information about the search, see: %s" %(cores.result_path)) - def __start_threads(self): - for threadID in range(1,self.threads) : - name = "Thread - " + str(threadID) - thread = ParsesThreads(threadID,name,self.file_queue,self.all,self.result_dict) - thread.start() - self.thread_list.append(thread) \ No newline at end of file + # def __start_threads(self): + # for threadID in range(1,self.threads) : + # name = "Thread - " + str(threadID) + # thread = ParsesThreads(threadID,name,self.file_queue,self.all,self.result_dict) + # thread.start() + # self.thread_list.append(thread) \ No newline at end of file diff --git a/update.md b/update.md index dabdedf..a809184 100644 --- a/update.md +++ b/update.md @@ -1,27 +1,15 @@ ### V1.0.5 - 新增对DOM、SAX、DOM4J、JDOM等XML解析组件的识别 - - 新增反编译失败后提交issues入口 - - 新增ipa壳识别功能,将能够更好的对壳进行识别 - - 新增macho文件扫描功能 - - 新增结果url和ip地址单独输出到excel - - 优化后缀名获取方式 - -- 优化任务控制中心,将分散的入口整合为一个(web的除外) - -- 化任务处理逻辑,识别到有壳后,停止执行后继逻辑 - +- 优化任务控制中心,将分散的入口整合为一个 +- 优化任务处理逻辑,识别到有壳后,停止执行后继逻辑 - 修复部分DEX格式原因导致无法进行反编译问题 - - 修复ipa包中存在中文路径不能识别macho问题 - - - ### V1.0.4 - 新增对Flutter框架检测支持 - 对输出结果整体去重