#fofa_scan.pyimport requestsimport base64import json#requests模块与fofaAPI建立连接，base64模块将所查询的内容经过base64编码，json模块将输出内容转变成json格式#fofa信息收集def fofaAPI(scan):  bip = str(base64.b64encode(scan.encode("utf-8")),"utf-8")#将查询内容进行base64编码  req = requests.get("https://fofa.info/api/v1/search/all?email=${FOFA_EMAIL}&key=${FOFA_KEY}&qbase64="+str(bip))#填入fofa_email和fofa_key，记得去掉${}  json_req = json.loads(req.text) return json_req["results"]#json_req["results"][0]代表的是查询的域名，1代表的是对应的IP，2代表是开放的端口，如果去掉[0],则是将所有都打印出来。if __name__ == '__main__':print("[-] please import your code.")

#excel.pyimport xlwtimport xlrdimport os.path
#导入数据def import_excel(target_sheet,target_col,target_data):    book = xlwt.Workbook(encoding='utf-8',style_compression=0)    sheet = book.add_sheet(target_sheet,cell_overwrite_ok=True)    col = target_col
    for i in range(len(col)):        sheet.col(i).width = 256 * 40
    for i in range(len(col)):        sheet.write(0,i,col[i])
    for i in range(len(target_data)):        data = target_data[i]        for j in range(len(target_data[i])):            sheet.write(i+1,j,data[j])    file = './'+target_sheet+'.xls'    book.save(file)    return file
#导出域名数据def export_excel(file_path):    wb = xlrd.open_workbook(file_path)    sheet = wb.sheet_by_index(0)    value = sheet.col_values(colx=0,start_rowx=1,end_rowx=None)    return value
#将新域名导出放入txt文件中def export_excel_data_in_txt(file_path):    wb = xlrd.open_workbook(file_path)    sheet = wb.sheet_by_index(0)    value = sheet.col_values(colx=0,start_rowx=1,end_rowx=None)    for i in range(len(value)):        value[i] = value[i] + '\n'    f = open(os.path.splitext(file_path)[0]+'.txt','w')    for i in value:        f.write(i)    f.close()

#xray_start.pyimport osimport threadingimport queueimport subprocess
def gain_words(file):    words = queue.Queue()
with open(file) as txt:for i in txt:            i = i.strip()            words.put(i)return words
def rad_start(radName,xrayProxy,dicts):while True:if dicts.empty():returnelse:            i = dicts.get()            i = i.strip()            cmd = [radName, "-t", i, "-http-proxy", xrayProxy]            rsp = subprocess.Popen(cmd, start_new_session=True)            rsp.communicate()
def rad(file):    dicts = gain_words(file)    radName = "rad_windows_amd64.exe"    xrayProxy = "127.0.0.1:7777"    rad_start(radName,xrayProxy,dicts)    threads = []
for i in range(10):#数值越大，线程越多        t = threading.Thread(target=rad_start,args=(radName,xrayProxy,dicts))        threads.append(t)        t.start()for t in threads:        t.join()
def xray(output_file):    xrayName = "xray_windows_amd64.exe"    xrayProxy = "127.0.0.1:7777"    xrayShell = "start cmd /k " + xrayName + " webscan" + " --listen " + xrayProxy + " --html-output " + output_file    os.system(xrayShell)

#main.pyimport fofa_scanimport excelimport os,os.pathimport timeimport xray_start
#检测是否存在相同名字的文件夹，没有则创建def mkdir_dir(list_dir,add_dir):def mkdir_dir(add_dir):if os.path.exists(add_dir):returnelse:        os.mkdir(add_dir)
#输出主域名def delete_spot(uri):    first_spot = uri.find('.')    second_spot = uri.find('.',first_spot+1)if uri[first_spot+1:second_spot] == '${你要收集的资产关键字}':        uri = str(uri.split('/')[0])return uri
else:return delete_spot(uri=uri[first_spot+1:])
#拼接新域名，如果fofa收集的域名不存在http协议，则添加。def add_value(data):    tmp_url = data[0]    tmp_ip = data[1]    tmp_port = data[2]
if "http://" in tmp_url:        tmp_protocol = "http://"elif "https://" in tmp_url:        tmp_protocol = "https://"else:if '443' in tmp_port:            tmp_url = "https://" + tmp_url[0:]            tmp_protocol = "https://"else:            tmp_url = "http://" + tmp_url[0:]            tmp_protocol = "http://"    new_url = tmp_protocol + tmp_ip + ":" + tmp_portreturn [tmp_url,tmp_ip,tmp_port,new_url]
if __name__ == '__main__':#检测带有域名关键字的站点    domain_target = '关键字'    col = ('域名','IP','开放端口','拼接域名')
#创建target文件夹    list_dir = os.listdir()    add_dir = str(time.strftime("%Y_%m_%d",time.localtime())) +'target'    mkdir_dir(list_dir,add_dir)    os.chdir(add_dir)#进入到target目录    os.system('explorer .')
    print("[+] 正在查询带有%的域名" % domain_target)    domain_data = list(fofa_scan.fofaAPI(scan="${填入fofa语句}"))for i in range(len(domain_data)):        domain_data[i] = add_value(domain_data[i])    target_file = excel.import_excel(target_sheet=domain_target, target_col=col, target_data=domain_data)
    time.sleep(3)
#检测子域名情况    target_url_list = excel.export_excel(target_file)
for url in target_url_list:        uri = url.strip()if "http://"  in url:            uri = uri.replace('http://','',1)elif "https://" in url:            uri = uri.replace('https://','',1)        uri = delete_spot(uri)        uri_dir = 1        uri = uri.split(':')[0]if uri in os.listdir():passelse:            print("[+] 正在查询%s子域名信息..." % uri)            son_list_dir = os.listdir()            mkdir_dir(list_dir=son_list_dir,add_dir=uri)#查询子域名信息            domain_data = list(fofa_scan.fofaAPI(scan="domain=" + uri + "&&country=CN"))            os.chdir(uri)  # 进入到各个检测目录for i in range(len(domain_data)):                domain_data[i] = add_value(domain_data[i])            son_target_file = excel.import_excel(target_sheet=uri, target_col=col, target_data=domain_data)            excel.export_excel_data_in_txt(son_target_file)            os.chdir('..')
    print('[+] 信息收集完成！')    time.sleep(3)

    check_target_dir = os.getcwd()    all_target_dir = os.listdir()    target_file = os.path.join(os.getcwd(),target_file.split('./')[1])    os.chdir('..')    output_file = os.path.join(add_dir, os.path.splitext(target_file)[0]) + ".html"    xray_start.xray(output_file)    print('[+] 开始调用xray检测...')    time.sleep(5)for i in all_target_dir:      target_dir = os.path.join(check_edu_dir,i)if os.path.isdir(target_dir):            file = os.path.join(check_target_dir,i,i+".txt")            xray_start.rad(file)    os.system(output_file)    print('[+] 扫描结束！')    print('[+] 扫描报告路径：%s' % output_file)