logo

K8哥哥

没有绝对安全的系统

Ladon插件实例内网Web扫描C#源码

本文于 1491 天之前发表

PortScan

获取网页标题、服务器Banner,例子仅探测80端口
大家可自行修改添加其它端口识别定制Web扫描功能
如识别出特定中间件或WEB后再检测是否存在漏洞等
编译后的netscan.dll可改成任意名称Ladon均可加载

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.Text.RegularExpressions;

namespace LadonDLL
{
public class scan
{
public static string run(string ip)
{
if (string.IsNullOrEmpty(ip))
return "";
else
{

//192.11.22.10 Microsoft-IIS/10.0 IIS Windows
//192.11.22.1 H3C-Miniware-Webs ER3200G2系统管理
return ip + "\t" + getURLbanner(ip) + "\t" + GetTitle(getHtml("http://" + ip,2));

}

}

private static string getURLbanner(string url)
{
////HttpWebResponse res;
if (!url.ToLower().Contains("https://") && !url.ToLower().Contains("http://"))
url = "http://" + url;

try
{
var req = (HttpWebRequest)WebRequest.CreateDefault(new Uri(url));
req.Method = "HEAD";
req.Timeout = 1000;
var res = (HttpWebResponse)req.GetResponse();

if (res.StatusCode == HttpStatusCode.OK || res.StatusCode == HttpStatusCode.Forbidden || res.StatusCode == HttpStatusCode.Redirect || res.StatusCode == HttpStatusCode.MovedPermanently)
{
return res.Server;
}

//res.Close();

return res.Server;
}
catch (WebException ex)
{
return "";
}
}

private static string GetTitle(string html)
{
if (html.Contains("<hTmlKErRor>"))
{
//return html.Replace("<hTmlKErRor>", "");
return "";
}

html = html.Replace("<br>", "");
html = html.Replace("<BR>", "");
html = html.Replace("\r\n", "");
html = html.Replace("&nbsp;", " ");
html = html.Replace("\n", "").Trim();

String regex = @"<title.+</title>";

String title = Regex.Match(html, regex).ToString();
title = Regex.Replace(title, @"[\""]+", "");

title = title.TrimStart('<');

string regex2 = @">.+</title>";

string title2 = Regex.Match(title, regex2).ToString();
title2 = title2.TrimStart('>').Replace("</title>", "").Trim();

if (title2.Length > 50)
return title2.Substring(0, 50);

return title2;

}

private static string getHtml(string url, int codingType)
{

try
{
if (!url.ToLower().Contains("https://") && !url.ToLower().Contains("http://"))
url = "http://" + url;
WebClient myWebClient = new WebClient();
if (url.ToLower().Contains("https://"))
{
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true; // **** Always accept
};

}

byte[] myDataBuffer = myWebClient.DownloadData(url);
//return Encoding.Default.GetString(myDataBuffer);
string strWebData = System.Text.Encoding.Default.GetString(myDataBuffer);

//自动识别编码 不一定有<meta 比如 百度开放平台 content="text/html; charset=gbk">
//Match charSetMatch = Regex.Match(strWebData, "<meta([^>]*)charset=(\")?(.*)?\"", RegexOptions.IgnoreCase | RegexOptions.Multiline);
Match charSetMatch = Regex.Match(strWebData, "(.*)charset=(\")?(.*)?\"", RegexOptions.IgnoreCase | RegexOptions.Multiline);

string webCharSet = charSetMatch.Groups[3].Value.Trim().ToLower();

if (webCharSet != "gb2312" && webCharSet != "gbk")
{
webCharSet = "utf-8";
}

if (System.Text.Encoding.GetEncoding(webCharSet) != System.Text.Encoding.Default)
{
strWebData = System.Text.Encoding.GetEncoding(webCharSet).GetString(myDataBuffer);
}



//if (codingType == 1)
// return Encoding.Unicode.GetString(myDataBuffer);
//else if (codingType == 2)
// return Encoding.Default.GetString(myDataBuffer);//GBK 936
//else if (codingType == 3)
// return Encoding.UTF8.GetString(myDataBuffer);//65501

return strWebData;

}
catch (Exception ex)
{
//Console.WriteLine(url + " " + ex.Message);
return "<hTmlKErRor>" + ex.Message;
}

return "";
}

}
}

扫码加入K8小密圈