Striker是一个令人反感的信息和漏洞扫描器

信息搜集

#1

Striker是一个令人反感的信息和漏洞扫描器

项目主页

都可以用来做什么?

  • 检查并绕过Cloudflare
  • 检索服务器和由头部提供支持
  • 指纹Web服务器的操作系统
  • 检测CMS(支持197个CMS)
  • 如果目标正在使用Wordpress,请启动WPScan
  • 检索robots.txt
  • Whois查询
  • 检查目标是蜜罐
  • 端口扫描与横幅抓取
  • 转储所有类型的DNS记录
  • 生成可视化攻击面的地图
  • 收集与目标相关的电子邮件
  • 查找托管在同一Web服务器上的网站
  • 使用谷歌查找主机
  • 爬网站的URL有参数
  • 使用SQLMap的在线实现进行SQLi扫描(需要<3分钟)
  • 基本的XSS扫描

安装

git clone https://github.com/UltimateHackers/Striker

2

 cd Striker
sudo pip install -r requirements.txt
python striker.py


┌─[hacker@parrot]─[~/Striker]
└──╼ $python striker.py

   _________ __          __ __
  /   _____//  |________|__|  | __ ___________
  \_____  \\   __\_  __ \  |  |/ // __ \_  __ \
  /        \|  |  |  | \/  |    <\  ___/|  | \/
 /_______  /|__|  |__|  |__|__|_ \\___  >__|
         \/                     \/    \/
[?] Enter the target: parrotsec-cn.org
[!] IP Address : 185.209.84.199
[!] Server: nginx
[!] parrotsec-cn.org doesn't seem to use a CMS
[+] Honeypot Probabilty: 0%
----------------------------------------
[~] Trying to gather whois information for parrotsec-cn.org
[+] Whois information found
Updated Date : 2018-01-13 13:43:12
Status : clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name : Domain Administrator
Dnssec : unsigned
City : Phoenix
Expiration Date : 2018-06-23 13:24:20
Address : 1928 E. Highland Ave. Ste F104, PMB# 255
Zipcode : 85016
Domain Name : PARROTSEC-CHINA.ORG
Whois Server : whois.namesilo.com
State : AZ
Registrar : Namesilo, LLC
Referral Url : None
Country : US
Name Servers : JACK.NS.CLOUDFLARE.COM, JOAN.NS.CLOUDFLARE.COM
Org : See PrivacyGuardian.org
Creation Date : 2017-06-23 13:24:20
Emails : abuse@namesilo.com, pw-7501d8a07a3c4e53907f7749a402a1ca@privacyguardian.org
----------------------------------------
[+] Robots.txt retrieved
# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
User-agent: *
Disallow: /auth/cas
Disallow: /auth/facebook/callback
Disallow: /auth/twitter/callback
Disallow: /auth/google/callback
Disallow: /auth/yahoo/callback
Disallow: /auth/github/callback
Disallow: /auth/cas/callback
Disallow: /assets/browser-update*.js
Disallow: /users/
Disallow: /u/
Disallow: /badges/
Disallow: /search
Disallow: /search/
Disallow: /tags
Disallow: /tags/
Disallow: /email/
Disallow: /session
Disallow: /session/
Disallow: /admin
Disallow: /admin/
Disallow: /user-api-key
Disallow: /user-api-key/
Disallow: /*?api_key*
Disallow: /*?*api_key*



----------------------------------------
PORT     STATE  SERVICE       VERSION
21/tcp   closed ftp
22/tcp   open   ssh           OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)
23/tcp   closed telnet
25/tcp   closed smtp
80/tcp   open   http          nginx 1.12.2
110/tcp  closed pop3
143/tcp  closed imap
443/tcp  open   ssl/http      nginx
445/tcp  closed microsoft-ds
3389/tcp closed ms-wbt-server
----------------------------------------
Traceback (most recent call last):
  File "striker.py", line 244, in <module>
    dnsdump(domain)
  File "striker.py", line 177, in dnsdump
    res = DNSDumpsterAPI(False).search(domain)
  File "/home/hacker/Striker/plugins/DNSDumpsterAPI.py", line 64, in search
    req = s.get(dnsdumpster_url)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 515, in get
    return self.request('GET', url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 502, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 612, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 504, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='dnsdumpster.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f39d0d6d150>: Failed to establish a new connection: [Errno 111] Connection refused',))

#2

請問你用的cmd的視窗是哪種系統的:blush:


#3

Parrot Securtiy OS

这是Parrot社区 你问是哪种系统? ??


#4

我一直想找你那種視窗工作看起來比較舒服 :grin:


Partners Wiki IRC