-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.py
133 lines (104 loc) · 4.88 KB
/
config.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# encoding: utf-8
# 全局配置文件
import sys
import random
# 字典来自文件列表
directory_dict = './dict/directory.lst'
directory_common_dict = './dict/directory_common.lst'
filename_dict = './dict/filename.lst'
package_ext_dict = './dict/package_ext.lst'
tempfile_ext_dict = './dict/tmpfile_ext.lst'
#王松的字典
extend_dict = "./dict/dict.txt"
#lijiejie的规则
l_black = "./dict/black.list"
l_white = "./dict/white.list"
# 每个域名扫描时长最多为(分)
TIMEOUT = 20
# 扫描域名策略
# 1 = 和域名全称相关: 包含 job.wooyun.org
# 2 = 和主域名相关: 包含 wooyun.org
# 3 = 和域名的名字相关: 包含 wooyun
basedomain = 2
# 判断文件或目录存在的状态码,多个以逗号隔开
# exclude_status = [200,403]
exclude_status = [200]
# 预设默认扩展名
custom_extion = 'php' # 自定义扩展名
default_extion = sys.argv[2] if len(sys.argv) == 3 else custom_extion
# 判断文件是否存在正则,如果页面存在如下定义的内容,将url从结果中剔除
page_not_found_reg = r'404|[nN]ot [fF]ound|不存在|未找到|Error|410 Gone|invalid service url|Bad Request'
# 检测返回的结果集条数限制,超过多少条判定为误报
resulst_cnt_val = 30
# 是否开启https服务器的证书校验
allow_ssl_verify = False
# 数据库文件
sqlfile = ['data','install','web','user', 'members']
sqlfile_ext = ['.sql','.bak','.sql.tar.gz','.sql.zip','.sql.rar']
# 线程数
threads_count = 32
# -------------------------------------------------
# requests 配置项
# -------------------------------------------------
# 超时时间
timeout = 6
# 是否允许URL重定向
allow_redirects = True
# 是否允许继承http Request类的Session支持,在发出的所有请求之间保持cookies。
allow_http_session = True
# 是否允许随机User-Agent
allow_random_useragent = True
# 是否允许随机X-Forwarded-For
allow_random_x_forward = True
# 代理配置
proxies = {
# "http": "http://user:[email protected]:3128/",
# "https": "http://10.10.1.10:1080",
# "http": "http://127.0.0.1:8118", # TOR 洋葱路由器
}
# 随机HTTP头
USER_AGENTS = [
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; AcooBrowser; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Acoo Browser; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)",
"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.5; AOLBuild 4337.35; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",
"Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 2.0.50727; Media Center PC 6.0)",
"Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322)",
"Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30)",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/523.15 (KHTML, like Gecko, Safari/419.3) Arora/0.3 (Change: 287 c9dfb30)",
"Mozilla/5.0 (X11; U; Linux; en-US) AppleWebKit/527+ (KHTML, like Gecko, Safari/419.3) Arora/0.6",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2pre) Gecko/20070215 K-Ninja/2.1.1",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9) Gecko/20080705 Firefox/3.0 Kapiko/3.0",
"Mozilla/5.0 (X11; Linux i686; U;) Gecko/20070322 Kazehakase/0.4.5",
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko Fedora/1.9.0.8-1.fc10 Kazehakase/0.5.6",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20",
"Opera/9.80 (Macintosh; Intel Mac OS X 10.6.8; U; fr) Presto/2.9.168 Version/11.52",
]
# 随机生成User-Agent
def random_useragent(condition=False):
if condition:
return random.choice(USER_AGENTS)
else:
return USER_AGENTS[0]
# 随机X-Forwarded-For,动态IP
def random_x_forwarded_for(condition=False):
if condition:
return '%d.%d.%d.%d' % (random.randint(1, 254),random.randint(1, 254),random.randint(1, 254),random.randint(1, 254))
else:
return '8.8.8.8'
# HTTP 头设置
headers = {
'User-Agent': random_useragent(allow_random_useragent),
'X_FORWARDED_FOR': random_x_forwarded_for(allow_random_x_forward),
# 'Referer' : 'http://www.google.com',
# 'Cookie': 'whoami=wyscan_dirfuzz',
}
compress_headers = {
'User-Agent': random_useragent(allow_random_useragent),
'X_FORWARDED_FOR': random_x_forwarded_for(allow_random_x_forward),
"Range" : "bytes=0-10240"
# 'Referer' : 'http://www.google.com',
# 'Cookie': 'whoami=wyscan_dirfuzz',
}