Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口

Overview

Glass(镜) V2.0-剑客到刺客的蜕变

一、简介:

    _____    _      _____                    
 __|___  |__| | __ |_   _|__  __ _ _ __ ___  
/ __| / / __| |/ /   | |/ _ \/ _` | '_ ` _ \ 
\__ \/ / (__|   <    | |  __/ (_| | | | | | |
|___/_/ \___|_|\_\   |_|\___|\__,_|_| |_| |_|
  ____ _               
 / ___| | __ _ ___ ___ 
| |  _| |/ _` / __/ __|
| |_| | | (_| \__ \__ \
 \____|_|\__,_|___/___/ 	http://www.s7ck.com    

Glass为s7ck Team 红队武器库F-Box里的一款信息收集工具。

在红队作战中,信息收集是必不可少的环节,如何才能从大量的资产中提取有用的系统(如OA、VPN、路由、Weblogic...)是众多红队人员头疼的问题。

Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。

Glass旨在帮助红队人员在资产信息收集期间能够快速从C段、大量杂乱的资产中精准识别到易被攻击的系统,从而实施进一步测试攻击。

s7ck Team F-box旨在通过开源或者开放的方式,长期维护并推进涉及安全研究各个领域不同环节的工具化,高度自动化,将立足于不同安全领域、不同安全环节的研究人员和工具链接/封装/优化起来。

主要目的是改善安全圈内工具庞杂、水平层次不齐、开源无人维护、工具找不到的等多种问题,营造一个更好更开放的安全工具促进与交流的技术氛围。

开发语言

  • Python3

运行环境

  • Linux
  • Windows
  • Mac

使用依赖库

  • requests
  • colorama
  • prettytable
  • xlsxwriter

安装

git clone https://github.com/s7ckTeam/Glass
cd Glass
pip3 install -r requirements.txt

二、更新日志:

正式版

  • 2.0.6 更改默认搜索设置,添加哪个api就会默认调用哪个,不需要指定,如果有多个api-s指定

  • 2.0.5 添加自定义搜索(-s,--search)

    1. 添加钟馗之眼(https://www.zoomeye.org/)搜索
    2. config/config.pyzoomeyeApi设置,输入key值即可(注: 用的时候注意api使用条数)
    3. -s参数[eye(钟馗之眼) or fofa(Fofa)](python3 Glass.py -i 127.0.0.1 -s eye or fofa)
    4. 不加参数-s默认使用fofa搜索
  • 2.0.4 添加删除更新的缓存文件

  • 2.0.3 扫描域名或批量扫描时可不加协议(注: 建议添加协议)

  • 2.0.2 增加自定义输出格式(-o,--output)

    1. 支持输出的格式有:txtjsonhtmlxlscsv
    2. 默认输出txt格式
    3. 输出目录在根目录output
  • 2.0

    1. 增加代理功能(--proxy)
    2. 增加获取代理功能(--proxy-list)
      • 首次使用会按照参数获取相应代理,然后在根目录生成/proxyFile/proxy.txt
      • 参数(all)获取全部
      • 参数(cn)获取国内
    3. 增加在线更新功能(--update)
    4. 去除print,改用logging输出
    5. 优化运行代码,后期还会优化
    6. 增加对url协议使用相应协议的代理
    7. 增加查看版本参数(-v,--version)
    8. 使用不生成pyc文件
    9. 全局随机分配代理,获取到多少就用多少,每次访问都不一样
    10. 将获取到的代理文件保存,根目录生成/proxyFile/proxy.txt,终端以表格形式输出,一目了然
    11. 增加版本判断,建议使用 >=python 3.7.3
    12. 对证书认证方面的处理
    13. 每过15分钟会重新获取一次代理IP
  • 1.3(添加cookie识别方式,将识别规则改为列表,防止重复的cms不带入识别,识别精准度提高,速度更快)

  • 1.2(修复编码问题,以及fofa会员获取数量问题,现在默认100,在config/config.pyfofaSize更改,普通会员为100,高级10000,企业100000,请自行更改)

  • 1.1(处理每日一说超时后写入空文件问题)

  • 1.0(全面优化识别效率,命中率99%

  • 0.9(添加每日一说获取异常,添加识别规则)

Glass V2.0新版内容部分截图

测试版更新信息

  • 0.9(优化IP段的扫描,以及批量下可添加IP段)
  • 0.8(更改线程运行方式)
  • 0.7(与协程对比,最好还是用线程并发)
  • 0.6(更改配色方案,采用线程并发,增加单url以及批量url识别)
  • 0.5(优化采集速度以及与识别分开,增加输出)
  • 0.4(整理识别规则)
  • 0.3(添加指纹扫描)
  • 0.2(更新每天一说,让红队不再乏味)
  • 0.1(写出整体实现功能,Fofa接口的设置与采集)

三、使用方法:

Usage: python3 Glass.py -i 127.0.0.1 or 127.0.0.0/24
Usage: python3 Glass.py -i 127.0.0.1 -s eye or fofa
Usage: python3 Glass.py -f ips.txt
Usage: python3 Glass.py -u https://96.mk/
Usage: python3 Glass.py -w webs.txt
Usage: python3 Glass.py --proxy-list all or cn
Usage: python3 Glass.py (-i -f -u -w) 127.0.0.1 or 127.0.0.0/24 --proxy all or cn
Usage: python3 Glass.py --update
Usage: python3 Glass.py -u https://96.mk/ -o html


usage: Glass.py [-h] [-i IP] [-f FILE] [-u URL] [-w WEB] [--proxy PROXY] [--proxy-list PROXYLIST] [-v] [--update] [-o OUTPUTTARGET] [-s SEARCH]

Glass scan.

optional arguments:
  -h, --help            show this help message and exit
  -i IP, --ip IP        Input your ip.
  -f FILE, --file FILE  Input your ips.txt.
  -u URL, --url URL     Input your url.
  -w WEB, --web WEB     Input your webs.txt.
  --proxy PROXY         Input your proxy options(all or cn) or proxy address(127.0.0.1:8080).
  --proxy-list PROXYLIST
                        List the proxys.
  -v, --version         Show program's version number and exit.
  --update              Update the program.
  -o OUTPUTTARGET, --output OUTPUTTARGET
                        Select the output format.
  -s SEARCH, --search SEARCH
                        Choose your search engine.


-i 可指定单独IP或者IP段(需添加您fofa的API或者zoomeye的API)
-f 批量要扫的IP或IP段(需添加您fofa的API或者zoomeye的API)
-u 单个url识别
-w 批量url识别
-s 指定搜索引擎
--proxy all/cn/http://127.0.0.1:8080 使用 all表示全部 cn表示国内或者自定义的代理(支持http、https)
--proxy-list all/cn 获取代理 all表示全部 cn表示国内

相关配置更改

  • API设置
    1. config/config.pyfofaApi设置,输入对应的emailkey即可
    2. config/config.pyzoomeyeApi设置,输入key值即可
  • 线程默认 100可在config/config.pythreadNum修改线程数 (注:建议在200以内)
  • 每日一说可设置开启关闭,在config/config.pytosayRunTrue为开,False为关
  • fofa会员搜索的更改,默认搜索100,在config/config.pyfofaSize更改,普通会员为100,高级10000,企业100000,请自行更改

Glass提供了四种指纹识别方式,可从本地读取识别,也可以从FOFA进行批量调用API识别(需要FOFA密钥)。

1.本地识别:

python Glass.py -u http://www.s7ck.com  // 单url测试
python Glass.py -w url.txt  // url文件内

2.FOFA识别:

注意:从FOFA识别需要配置FOFA 密钥以及邮箱,在.../config/config.py内配置好密钥以及邮箱即可使用。

fofaApi = {
    "email": "[email protected]",
    "key": "1234567890",
}
python3 Glass.py -i 127.0.0.1  //支持单IP资产
python3 Glass.py -i 127.0.0.1/24 //支持IP段资产
python3 Glass.py -f ips.txt //支持文本内IP资产,可添加IP段

结果输出

结果输出在../output/xxxxx.txt

识别规则添加方法

目前只加了对源码和header头文件进行识别,后面会陆续添加识别的规则以及方式

已加入cookie识别

规则文件在config/rules.py

添加方法

['CMS', 'headers', '(nginx)']
['CMS', 'cookie', '(MorkerSession)']
['CMS', 'code', '(Morker)']

三种识别方式,headers头文件识别,cookie识别,code源码识别

支持同方式多种识别内容,比如:

['CMS', 'code', '(Morker)|css/css.css']

注:单引号和反斜杆记得转义,转义符号为\

四、效果:

1.本地识别:

2.fofa识别:

五、特别感谢

  • s7ck Team
  • Morker
  • XBJ
  • d0gamn

特别感谢EHole(棱洞) 运行思路

六、文末

Github项目地址(BUG、需求、规则欢迎提交): https://github.com/s7ckTeam/Glass

404StarLink 2.0 - Galaxy

Glass 是 404Team 星链计划2.0中的一环,如果对Glass 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。

Owner
s7ck Team
s7ck Team
A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

CVE-2021-44228 – Log4j RCE Unauthenticated About This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). This vulnerability

Pedro Havay 20 Nov 11, 2022
MITMSDR for INDIAN ARMY cybersecurity hackthon

There mainly three things here: MITMSDR spectrum Manual reverse shell MITMSDR Installation Clone the project and run the setup file: ./setup One of th

2 Jul 26, 2022
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p

2.4k Jan 07, 2023
recover Firefox and more browsers logins

Browser Creds this script will recover saved browsers logins into txt files. It currently only support windows 10. currently support : Chrome Opera Fi

HugoLB 41 Nov 09, 2022
Proof-of-concept obfuscation toolkit for C# post-exploitation tools

InvisibilityCloak Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio proj

259 Dec 19, 2022
LinOTP - the open source solution for two factor authentication

LinOTP LinOTP - the Open Source solution for multi-factor authentication Copyright © 2010-2019 KeyIdentity GmbH Coypright © 2019- arxes-tolina GmbH In

LinOTP 462 Jan 02, 2023
MassStringer, CTF Flag Finder

massStringer MassStringer, CTF Flag Finder Usage: python3 massStringer.py Enter absolute path of the directory to scan for flags Edit "flag = re.searc

SuperTsumu 4 Sep 06, 2022
Wordlist attacks on Bitwarden data.json files

BitwardenDecryptBrute This is a slightly modified version of BitwardenDecrypt. In addition to the decryption this version can do wordlist attacks for

42 Nov 09, 2022
The First Python Compatible Camera Hacking Tool

ZCam Hack webcam using python by sending malicious link. FEATURES : [+] Real-time Camera hacking [+] Python compatible [+] URL Shortener using bitly [

Sanketh J 109 Dec 28, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

Hossam 867 Dec 22, 2022
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

Abhinav Pathak 5 May 18, 2022
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

ExProlog ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065) Usage: exprolog.py [OPTIONS] ExProlog -

Herwono W. Wijaya 130 Dec 15, 2022
The Modern Hash Identification System

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

1.2k Dec 28, 2022
Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

BugAlert.org 208 Dec 15, 2022
Cobalt Strike Beacon configuration extractor and parser.

Cobalt Strike Configuration Extractor and Parser Overview Pure Python library and set of scripts to extract and parse configurations (configs) from Co

Stroz Friedberg 102 Dec 18, 2022
A DOM-based G-Suite password sprayer and user enumerator

A DOM-based G-Suite password sprayer and user enumerator

Mayk 1 Apr 07, 2022
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022
A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

11 Nov 15, 2022
Generate your own NFTs and their metadata based on your desired probabilities.

Generate your own NFTs and their metadata based on your desired probabilities. Use your own art assets too! Perfect for use with Candy Machine.

hex 7 Sep 16, 2022