Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口

Overview

Glass(镜) V2.0-剑客到刺客的蜕变

一、简介:

    _____    _      _____                    
 __|___  |__| | __ |_   _|__  __ _ _ __ ___  
/ __| / / __| |/ /   | |/ _ \/ _` | '_ ` _ \ 
\__ \/ / (__|   <    | |  __/ (_| | | | | | |
|___/_/ \___|_|\_\   |_|\___|\__,_|_| |_| |_|
  ____ _               
 / ___| | __ _ ___ ___ 
| |  _| |/ _` / __/ __|
| |_| | | (_| \__ \__ \
 \____|_|\__,_|___/___/ 	http://www.s7ck.com    

Glass为s7ck Team 红队武器库F-Box里的一款信息收集工具。

在红队作战中,信息收集是必不可少的环节,如何才能从大量的资产中提取有用的系统(如OA、VPN、路由、Weblogic...)是众多红队人员头疼的问题。

Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。

Glass旨在帮助红队人员在资产信息收集期间能够快速从C段、大量杂乱的资产中精准识别到易被攻击的系统,从而实施进一步测试攻击。

s7ck Team F-box旨在通过开源或者开放的方式,长期维护并推进涉及安全研究各个领域不同环节的工具化,高度自动化,将立足于不同安全领域、不同安全环节的研究人员和工具链接/封装/优化起来。

主要目的是改善安全圈内工具庞杂、水平层次不齐、开源无人维护、工具找不到的等多种问题,营造一个更好更开放的安全工具促进与交流的技术氛围。

开发语言

  • Python3

运行环境

  • Linux
  • Windows
  • Mac

使用依赖库

  • requests
  • colorama
  • prettytable
  • xlsxwriter

安装

git clone https://github.com/s7ckTeam/Glass
cd Glass
pip3 install -r requirements.txt

二、更新日志:

正式版

  • 2.0.6 更改默认搜索设置,添加哪个api就会默认调用哪个,不需要指定,如果有多个api-s指定

  • 2.0.5 添加自定义搜索(-s,--search)

    1. 添加钟馗之眼(https://www.zoomeye.org/)搜索
    2. config/config.pyzoomeyeApi设置,输入key值即可(注: 用的时候注意api使用条数)
    3. -s参数[eye(钟馗之眼) or fofa(Fofa)](python3 Glass.py -i 127.0.0.1 -s eye or fofa)
    4. 不加参数-s默认使用fofa搜索
  • 2.0.4 添加删除更新的缓存文件

  • 2.0.3 扫描域名或批量扫描时可不加协议(注: 建议添加协议)

  • 2.0.2 增加自定义输出格式(-o,--output)

    1. 支持输出的格式有:txtjsonhtmlxlscsv
    2. 默认输出txt格式
    3. 输出目录在根目录output
  • 2.0

    1. 增加代理功能(--proxy)
    2. 增加获取代理功能(--proxy-list)
      • 首次使用会按照参数获取相应代理,然后在根目录生成/proxyFile/proxy.txt
      • 参数(all)获取全部
      • 参数(cn)获取国内
    3. 增加在线更新功能(--update)
    4. 去除print,改用logging输出
    5. 优化运行代码,后期还会优化
    6. 增加对url协议使用相应协议的代理
    7. 增加查看版本参数(-v,--version)
    8. 使用不生成pyc文件
    9. 全局随机分配代理,获取到多少就用多少,每次访问都不一样
    10. 将获取到的代理文件保存,根目录生成/proxyFile/proxy.txt,终端以表格形式输出,一目了然
    11. 增加版本判断,建议使用 >=python 3.7.3
    12. 对证书认证方面的处理
    13. 每过15分钟会重新获取一次代理IP
  • 1.3(添加cookie识别方式,将识别规则改为列表,防止重复的cms不带入识别,识别精准度提高,速度更快)

  • 1.2(修复编码问题,以及fofa会员获取数量问题,现在默认100,在config/config.pyfofaSize更改,普通会员为100,高级10000,企业100000,请自行更改)

  • 1.1(处理每日一说超时后写入空文件问题)

  • 1.0(全面优化识别效率,命中率99%

  • 0.9(添加每日一说获取异常,添加识别规则)

Glass V2.0新版内容部分截图

测试版更新信息

  • 0.9(优化IP段的扫描,以及批量下可添加IP段)
  • 0.8(更改线程运行方式)
  • 0.7(与协程对比,最好还是用线程并发)
  • 0.6(更改配色方案,采用线程并发,增加单url以及批量url识别)
  • 0.5(优化采集速度以及与识别分开,增加输出)
  • 0.4(整理识别规则)
  • 0.3(添加指纹扫描)
  • 0.2(更新每天一说,让红队不再乏味)
  • 0.1(写出整体实现功能,Fofa接口的设置与采集)

三、使用方法:

Usage: python3 Glass.py -i 127.0.0.1 or 127.0.0.0/24
Usage: python3 Glass.py -i 127.0.0.1 -s eye or fofa
Usage: python3 Glass.py -f ips.txt
Usage: python3 Glass.py -u https://96.mk/
Usage: python3 Glass.py -w webs.txt
Usage: python3 Glass.py --proxy-list all or cn
Usage: python3 Glass.py (-i -f -u -w) 127.0.0.1 or 127.0.0.0/24 --proxy all or cn
Usage: python3 Glass.py --update
Usage: python3 Glass.py -u https://96.mk/ -o html


usage: Glass.py [-h] [-i IP] [-f FILE] [-u URL] [-w WEB] [--proxy PROXY] [--proxy-list PROXYLIST] [-v] [--update] [-o OUTPUTTARGET] [-s SEARCH]

Glass scan.

optional arguments:
  -h, --help            show this help message and exit
  -i IP, --ip IP        Input your ip.
  -f FILE, --file FILE  Input your ips.txt.
  -u URL, --url URL     Input your url.
  -w WEB, --web WEB     Input your webs.txt.
  --proxy PROXY         Input your proxy options(all or cn) or proxy address(127.0.0.1:8080).
  --proxy-list PROXYLIST
                        List the proxys.
  -v, --version         Show program's version number and exit.
  --update              Update the program.
  -o OUTPUTTARGET, --output OUTPUTTARGET
                        Select the output format.
  -s SEARCH, --search SEARCH
                        Choose your search engine.


-i 可指定单独IP或者IP段(需添加您fofa的API或者zoomeye的API)
-f 批量要扫的IP或IP段(需添加您fofa的API或者zoomeye的API)
-u 单个url识别
-w 批量url识别
-s 指定搜索引擎
--proxy all/cn/http://127.0.0.1:8080 使用 all表示全部 cn表示国内或者自定义的代理(支持http、https)
--proxy-list all/cn 获取代理 all表示全部 cn表示国内

相关配置更改

  • API设置
    1. config/config.pyfofaApi设置,输入对应的emailkey即可
    2. config/config.pyzoomeyeApi设置,输入key值即可
  • 线程默认 100可在config/config.pythreadNum修改线程数 (注:建议在200以内)
  • 每日一说可设置开启关闭,在config/config.pytosayRunTrue为开,False为关
  • fofa会员搜索的更改,默认搜索100,在config/config.pyfofaSize更改,普通会员为100,高级10000,企业100000,请自行更改

Glass提供了四种指纹识别方式,可从本地读取识别,也可以从FOFA进行批量调用API识别(需要FOFA密钥)。

1.本地识别:

python Glass.py -u http://www.s7ck.com  // 单url测试
python Glass.py -w url.txt  // url文件内

2.FOFA识别:

注意:从FOFA识别需要配置FOFA 密钥以及邮箱,在.../config/config.py内配置好密钥以及邮箱即可使用。

fofaApi = {
    "email": "[email protected]",
    "key": "1234567890",
}
python3 Glass.py -i 127.0.0.1  //支持单IP资产
python3 Glass.py -i 127.0.0.1/24 //支持IP段资产
python3 Glass.py -f ips.txt //支持文本内IP资产,可添加IP段

结果输出

结果输出在../output/xxxxx.txt

识别规则添加方法

目前只加了对源码和header头文件进行识别,后面会陆续添加识别的规则以及方式

已加入cookie识别

规则文件在config/rules.py

添加方法

['CMS', 'headers', '(nginx)']
['CMS', 'cookie', '(MorkerSession)']
['CMS', 'code', '(Morker)']

三种识别方式,headers头文件识别,cookie识别,code源码识别

支持同方式多种识别内容,比如:

['CMS', 'code', '(Morker)|css/css.css']

注:单引号和反斜杆记得转义,转义符号为\

四、效果:

1.本地识别:

2.fofa识别:

五、特别感谢

  • s7ck Team
  • Morker
  • XBJ
  • d0gamn

特别感谢EHole(棱洞) 运行思路

六、文末

Github项目地址(BUG、需求、规则欢迎提交): https://github.com/s7ckTeam/Glass

404StarLink 2.0 - Galaxy

Glass 是 404Team 星链计划2.0中的一环,如果对Glass 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。

Owner
s7ck Team
s7ck Team
log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

5 Dec 10, 2021
Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions

dns-mf-hazard Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions How to use it? Installation You need python

Marek Wajdzik 2 Jan 01, 2022
Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

Opensource Project Simple Python Password Generator This repository is just for peoples who want to generate strong-passwords for there social-account

K A R T H I K 15 Dec 01, 2022
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF-GetWebShell) usage: python ProxyLogon.py --host=exchang

112 Dec 01, 2022
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile.

Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.

Mythic Agents 37 Dec 06, 2022
Lite version of my Gatekeeper backdoor for public use.

MayorSec Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning Gatekee

Joe Helle 56 Mar 25, 2022
This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information

Telefónica 66 Nov 08, 2022
This a simple tool XSS Detection Suite for CTFs games

This a simple tool XSS Detection Suite for CTFs games

Mostafa 2 Nov 24, 2021
Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

1 Nov 12, 2021
Caretaker 2 Jun 06, 2022
Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

Hocky Harijanto 0 Jan 10, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287

noPac Exploiting CVE-2021-42278 and CVE-2021-42287 原项目noPac在实现上可能有点问题,导致在本地没有打通,于是参考sam-the-admin项目进行修改。 使用 pip3 install -r requirements.txt # GetShel

W4ter 2 Jun 23, 2022
Agile Threat Modeling Toolkit

Threagile is an open-source toolkit for agile threat modeling:

Threagile 425 Jan 07, 2023
Port scanning tool that uses Python3. Created by Noble Wilson

Hello There! My name is Noble Wilson and I am an aspiring IT/InfoSec coder practicing for my future. ________________________________________________

1 Nov 23, 2021
IDA plugin for quickly copying disassembly as encoded hex bytes

HexCopy IDA plugin for quickly copying disassembly as encoded hex bytes. This whole plugin just saves you two extra clicks... but if you are frequentl

OALabs 46 Oct 30, 2022
Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

Finn Lancaster 3 Oct 05, 2022
Polkit - Local Privilege Escalation (CVE-2021-3560)

CVE-2021-3560 Polkit - Local Privilege Escalation Original discovery by kevin_backhouse from GitHub Security Lab References https://github.blog/2021-0

Salman Asad 1 Nov 12, 2021
A simple password generator using Python Tkinter.

Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

Prashant Agheda 1 Nov 02, 2022
WhPhisher: a Phishing tool With Python

WhPhisher Herramienta para hacer phishing con muchos métodos de túneling -----Como Instalarlo------- pkg install python3 pkg install git git clone htt

WhBeatZ 80 Jan 02, 2023
Python DNS Lookup: The Domain Name System (DNS) is basically the phonebook of the Internet

-Python-DNS-Lookup- ✨ 🌟 Python DNS Lookup ✨ 🌟 The Domain Name System (DNS) is

Ronnie Atuhaire 2 Feb 14, 2022