启动并在配置好之后,巡风就i在后端开始的资产探测的扫描,先来看一下需要启动的三个脚本:aider.py、nasscan.py和vulscan.py
0x01:aider.py
这个脚本主要作用有两个,一是用作dns,建立socket连接,一个简单的DNS log平台,启动两个线程,一个线程执行udp服务,一个执行http服务;二是用来判断无返回类型的服务
import socket,thread,datetime,time query_history = [] url_history = [] def web_server(): # 创建http服务 web = socket.socket(socket.AF_INET,socket.SOCK_STREAM) # 监听8088(http)端口 web.bind(('0.0.0.0',8088)) # 监听端口 web.listen(10) while True: try: # 被动接受TCP客户端连接,(阻塞式)等待连接的到来 # 连接成功返回非负值,失败时返回-1 conn,addr = web.accept() # recv接受tcpp数据,最大为4096字节 data = conn.recv(4096) req_line = data.split("\r\n")[0] path = req_line.split()[1] route_list = path.split('/') html = "NO" if len(route_list) == 3: if route_list[1] == 'add': if route_list[2] not in url_history: url_history.append(route_list[2]) elif route_list[1] == 'check': if route_list[2] in url_history: url_history.remove(route_list[2]) html = 'YES' else: query_str = route_list[1] for query_raw in query_history: if query_str in query_raw: query_history.remove(query_raw) html = "YES" print datetime.datetime.now().strftime('%m-%d %H:%M:%S') + " " + str(addr[0]) +' web query: ' + path raw = "HTTP/1.0 200 OK\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: %d\r\nConnection: close\r\n\r\n%s" %(len(html),html) conn.send(raw) conn.close() except: pass if __name__=="__main__": # 创建一个socket对象,规定套接字家族和类型(非面向连接) dns = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) # 监听53(udp)端口 dns.bind(('0.0.0.0', 53)) # start_new_thread创建一个新线程,返回线程标识符 thread.start_new_thread(web_server,()) while True: try: # 接受udp数据,但返回值是(data,address)。其中data是包含接收数据的字符串,address是发送数据的套接字地址。 recv,addr = dns.recvfrom(1024) # 将请求添加到query_history数组中。 if recv not in query_history:query_history.append(recv) print datetime.datetime.now().strftime('%m-%d %H:%M:%S') + " " +str(addr[0]) +' Dns Query: ' + recv except Exception,e: print e