Skip to content

Commit

Permalink
Merge pull request #26 from wikiZ/main
Browse files Browse the repository at this point in the history
Update Kunyu Version V1.6.1
  • Loading branch information
0x7Fancy authored Nov 22, 2021
2 parents aaec90d + 7c9bbc1 commit 6063cca
Show file tree
Hide file tree
Showing 10 changed files with 107 additions and 19 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [v1.6.1] - 2021-11-20
### Added
- Optimized the issue of CTRL+C exiting the program when executing system commands
- The stype parameter is added, and the data type can be set to IPV4 or IPV6
- Added the views command to get the original information of the SSL certificate [views]

## [v1.6] - 2021-11-12
### Added
- Brand new style heading
Expand Down
21 changes: 18 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ Global commands:
HostCrash <IP> <Domain> Host Header Scan hidden assets
Seebug <query> Search Seebug vulnerability information
set <option> Set Global arguments values
view <ID> Look over banner row data information
view/views <ID> Look over http/ssl row data information
SearchKeyWord Query sensitive information by keyword
Pocsuite3 Invoke the pocsuite component
ExportPath Returns the path of the output file
Expand All @@ -109,8 +109,9 @@ Global commands:
ZoomEye:
page <Number> The number of pages returned by the query
dtype <0/1> Query associated domain name/subdomain name
stype <v4/v6> stype <v4/v6> Set to get data type IPV4 or IPV6
btype <host/web> Set the API interface for batch query
timeout <num> Set the timeout period of Kunyu HTTP request
timeout <num> Set the timeout period of Kunyu HTTP request
```

## Use case introduction
Expand Down Expand Up @@ -171,6 +172,14 @@ Command format: **SearchDomain Domain**

![](./images/searchdomain.png)

**Set the type of data to be obtained**

After the V1.6.1 version, the user can set the data type obtained through the stype parameter to IPV4 or IPV6 to realize the application scenario, and the default parameter is v4.

Command format: **set stype = v6**

![](./images/stype.png)

**View Banner Information**

The user can view the banner corresponding to the specified serial number through the view command, so as to further analyze the front-end code and Header header, and the user can intercept the banner information for further association matching.
Expand All @@ -179,6 +188,12 @@ Command format: **view ID**

![](./images/view.png)

The user can also view the SSL certificate information of the specified serial number through the views command, and further associate it by extracting the sensitive information in the SLL certificate information.

Command format: **views ID**

![](./images/views.png)

**Collection of Sensitive Information**

After Kunyu v1.6.0, the acquisition of sensitive information in the banner has been added. Normally use the relevant grammar and set the number of pages. Kunyu will automatically collect the sensitive data in the banner information of the last query result, and then use the SearchKeyWord command to view the result . **Currently, testing will continue to focus on this feature point**.
Expand Down Expand Up @@ -363,7 +378,7 @@ It is recommended to use Python3.2-3.9 version, other versions of Python3 may ha
Kunyu has joined [404Starlink](https://github.com/knownsec/404StarLink)


# 0x07 Community
# 0x08 Community

If you have any questions, you can submit an issue under the project, or contact us through the following methods.

Expand Down
17 changes: 16 additions & 1 deletion doc/README_CN.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ Global commands:
HostCrash <IP> <Domain> Host Header Scan hidden assets
Seebug <query> Search Seebug vulnerability information
set <option> Set Global arguments values
view <ID> Look over banner row data information
view/views <ID> Look over http/ssl row data information
SearchKeyWord Query sensitive information by keyword
Pocsuite3 Invoke the pocsuite component
ExportPath Returns the path of the output file
Expand All @@ -110,6 +110,7 @@ Global commands:
ZoomEye:
page <Number> 查询返回页数(默认查询一页,每页20条数据)
dtype <0/1> 查询关联域名/子域名(设置0为查询关联域名,反之为子域名)
stype <v4/v6> 设置获取数据类型IPV4或IPV6,默认为 ipv4,ipv6 全选
btype <host/web> 设置批量查询的API接口(默认为HOST)
timeout <num> 设置Kunyu HTTP请求的超时时间
```
Expand Down Expand Up @@ -172,6 +173,14 @@ SearchIcon /root/favicon.ico

![](../images/searchdomain.png)

**设置获取数据类型**

在V1.6.1版本后,用户可以通过stype参数设置获取的数据类型为IPV4或者IPV6,实现应用场景,默认参数为v4。

命令格式:**set stype = v6**

![](../images/stype.png)

**查看Banner信息**

用户可以通过view命令查看指定序号对应信息的Banner,从而进一步分析前端代码及Header头,用户可以截取banner信息进一步的关联匹配。
Expand All @@ -180,6 +189,12 @@ SearchIcon /root/favicon.ico

![](../images/view.png)

用户也可以通过views命令查看指定序号的SSL证书信息,通过提取SLL证书信息中的敏感信息进一步关联。

命令格式:**views ID**

![](../images/views.png)

**敏感信息收集**

在Kunyu v1.6.0版本后,增加了对banner中敏感信息的获取,平时使用正常使用相关语法,设置页数,Kunyu会自动收集上一次查询结果banner信息中的敏感数据,然后通过SearchKeyWord命令查看结果。**目前将持续测试关注该功能点**
Expand Down
Binary file modified images/infos.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified images/show.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/stype.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/views.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion kunyu/config/__version__.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
__python_version__ = sys.version.split()[0]
__platform__ = platform.platform()
__url__ = "https://github.com/knownsec/Kunyu"
__version__ = '1.6.0'
__version__ = '1.6.1'
__author__ = '风起'
__Team__ = 'KnownSec 404 Team'
__author_email__ = '[email protected]'
Expand Down
14 changes: 9 additions & 5 deletions kunyu/core/console.py
Original file line number Diff line number Diff line change
Expand Up @@ -157,8 +157,9 @@ def auxiliary(self, command, line=None):
)
command_info = [["page", self.getter("page"),"Set Search Page"],
["dtype", self.getter("dtype"), "Set Associated/Subdomain Search Schema"],
["timeout", self.getter("timeout"), "Set HTTP Requests Timeout"],
["btype", self.getter("btype"), "Set BatchFile Search Schema"]]
["stype", self.getter("stype"), "Set data type IPV4/IPV6 (option v4/v6)"],
["btype", self.getter("btype"), "Set BatchFile Search Schema"],
["timeout", self.getter("timeout"), "Set HTTP Requests Timeout"]]
for info in command_info:
table.add_row(
str(info[0]), str(info[1]), str(info[2])
Expand All @@ -172,8 +173,11 @@ def auxiliary(self, command, line=None):
return True

elif command in OS_SYSTEM:
command_os = "{} {}".format(command, line)
os.system(command_os)
try:
command_os = "{} {}".format(command, line)
os.system(command_os)
except KeyboardInterrupt:
print("")
return True

return False
Expand Down Expand Up @@ -202,7 +206,7 @@ def start(self):
sys.exit(0)

except Exception as err:
console.print(err)
# console.print(err)
continue


Expand Down
66 changes: 57 additions & 9 deletions kunyu/core/zoomeye.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ class ZoomeyeSearch(object):
def __init__(self, method):
self.auth = None
self.search = None
self.stype = None
self.page = 1
self.method = method
self.headers = {
Expand All @@ -61,6 +62,7 @@ def wrapper(*args, **kwargs):
nonlocal func
req_list = []
login_url = func(self, *args, **kwargs)
params["sub_type"] = self.stype
try:
for num in range(int(self.page)):
params['query'], params['page'] = self.search, (num + 1)
Expand Down Expand Up @@ -133,7 +135,7 @@ def __get_login(self):

# After the SDK public,The interface to get the data.
@ZoomeyeSearch(method="GET")
def _dork_search(self, url, search, page):
def _dork_search(self, url, search, page, sub_type):
""""The logic layer of ZoomEye processes the requested data
and feeds it back to the request layer to obtain the original data
"""
Expand All @@ -142,6 +144,7 @@ def _dork_search(self, url, search, page):
raise ArithmeticError
self.page = page
self.search = search
self.stype = sub_type.lower()
return url

except ArithmeticError:
Expand Down Expand Up @@ -169,9 +172,11 @@ class ZoomEye:
from kunyu.config.setting import ZOOMEYE_FIELDS_HOST, ZOOMEYE_FIELDS_WEB, ZOOMEYE_FIELDS_INFO, ZOOMEYE_FIELDS_DOMAIN
from kunyu.utils.convert import convert
raw_data_params = {}
ssl_data_params = {}
sensitive_params = []
page = 1
dtype = 0
stype = "v4"
btype = "host"
timeout = 30

Expand All @@ -188,7 +193,7 @@ class ZoomEye:
HostCrash <IP> <Domain> Host Header Scan hidden assets
Seebug <query> Search Seebug vulnerability information
set <option> Set Global arguments values
view <ID> Look over banner row data information
view/views <ID> Look over banner row data information
SearchKeyWord Query sensitive information by keyword
Pocsuite3 Invoke the pocsuite component
ExportPath Returns the path of the output file
Expand All @@ -199,8 +204,8 @@ class ZoomEye:

# ZoomEye Command List
Command_Info = ["help", "info", "set", "Seebug", "SearchWeb", "SearchHost", "SearchIcon", "HostCrash", "SearchBatch",
"SearchCert", "SearchDomain", "EncodeHash", "Pocsuite3", "ExportPath", "show", "clear", "view", "SearchKeyWord",
"exit"]
"SearchCert", "SearchDomain", "EncodeHash", "Pocsuite3", "ExportPath", "show", "clear", "view", "views",
"SearchKeyWord", "exit"]

def __init__(self):
self.fields_tables = None
Expand All @@ -212,6 +217,7 @@ def __command_search(self, search, types="host"):
:param types: Dynamically set according to the interface used
"""
self.raw_data_params.clear()
self.ssl_data_params.clear()
self.sensitive_params.clear()
GlobalVar.set_timeout_resp(self.timeout)
table = Table(show_header=True, style="bold")
Expand All @@ -238,35 +244,46 @@ def __command_search(self, search, types="host"):
return logger.warning("Please enter the correct field")

# Get data information
for result in _dork_search(api_url, search, self.page):
for result in _dork_search(api_url, search, self.page, self.stype):
try:
total = result['total']
webapp_name, server_name, db_name, system_os, language = "", "", "", "", ""
for i in range(len(result[result_type])):
num += 1
title, lat, lon = "", "", ""
title, data_isp = "", ""
data = self.convert(result[result_type][i])
if api_url == HOST_SEARCH_API:
if data.portinfo.title:
title = data.portinfo.title[0]
try:
data_isp = data.geoinfo.isp
except:
pass
"""
if data.geoinfo.location:
lat = data.geoinfo.location.lat
lon = data.geoinfo.location.lon
"""
# Set the output field
table.add_row(str(num), data.ip, str(data.portinfo.port), str(data.portinfo.service),
str(data.portinfo.app), str(data.geoinfo.isp), str(data.geoinfo.country.names.en),
str(data.portinfo.app), str(data_isp), str(data.geoinfo.country.names.en),
str(data.geoinfo.city.names.en), str(title), str(data.timestamp).split("T")[0])

# Set the exported fields
export_host = [str(num), data.ip, str(data.portinfo.port), str(data.portinfo.service),
str(data.portinfo.app), str(data.geoinfo.isp), str(data.geoinfo.country.names.en),
str(data.portinfo.app), str(data_isp), str(data.geoinfo.country.names.en),
str(data.geoinfo.city.names.en), str(title), str(data.timestamp).split("T")[0]]

# Reset the <raw Data Params> element
self.raw_data_params[num] = data.portinfo.banner

# Reset the <ssl raw Data Params> element
try:
ssl_raw_data = data.ssl
self.ssl_data_params[num] = ssl_raw_data
except:
pass

# Get the sensitive information in the banner
sensitive = SearchKeyWord().get_keyword_sensitive(data.portinfo.banner)
if sensitive: self.sensitive_params.append(sensitive)
Expand Down Expand Up @@ -301,6 +318,13 @@ def __command_search(self, search, types="host"):
# Reset the <raw Data Params> element
self.raw_data_params[num] = data.raw_data

# Reset the <ssl raw Data Params> element
try:
ssl_raw_data = data.ssl
self.ssl_data_params[num] = ssl_raw_data
except:
pass

# Get the sensitive information in the banner
sensitive = SearchKeyWord().get_keyword_sensitive(data.raw_data)
if sensitive: self.sensitive_params.append(sensitive)
Expand Down Expand Up @@ -483,11 +507,35 @@ def command_view(cls, serial):
else:
console.log("Banner Information is:\n", style="green")
console.print(raw_data)

print()
except ArithmeticError:
logger.warning("No retrieval operation is performed or the length of the dictionary key value is exceeded")
return

@classmethod
# look over ssl row_data info
def command_views(cls, serial):
"""
View ssl raw data information
You can views any ssl raw data by entering the serial number
:param serial): Please enter serial number ID
"""
try:
# If the key parameter is not specified, the key parameter is automatically set to 1
serials = 1 if serial is "" else serial
ssl_raw_data = cls.ssl_data_params.get(int(serials))
# Check whether the returned result is None
if ssl_raw_data is None:
raise ArithmeticError
else:
console.log("SSL Banner Information is:\n", style="green")
console.print(ssl_raw_data)
print()
except ArithmeticError:
logger.warning("SSL Banner information is empty")
return
pass

@classmethod
def command_searchkeyword(cls, *args, **kwargs):
try:
Expand Down

0 comments on commit 6063cca

Please sign in to comment.