Striker是一个令人反感的信息和漏洞扫描器
项目主页
都可以用来做什么?
- 检查并绕过Cloudflare
- 检索服务器和由头部提供支持
- 指纹Web服务器的操作系统
- 检测CMS(支持197个CMS)
- 如果目标正在使用Wordpress,请启动WPScan
- 检索robots.txt
- Whois查询
- 检查目标是蜜罐
- 端口扫描与横幅抓取
- 转储所有类型的DNS记录
- 生成可视化攻击面的地图
- 收集与目标相关的电子邮件
- 查找托管在同一Web服务器上的网站
- 使用谷歌查找主机
- 爬网站的URL有参数
- 使用SQLMap的在线实现进行SQLi扫描(需要<3分钟)
- 基本的XSS扫描
安装
git clone https://github.com/UltimateHackers/Striker
cd Striker
sudo pip install -r requirements.txt
python striker.py
┌─[hacker@parrot]─[~/Striker]
└──╼ $python striker.py
_________ __ __ __
/ _____// |________|__| | __ ___________
\_____ \\ __\_ __ \ | |/ // __ \_ __ \
/ \| | | | \/ | <\ ___/| | \/
/_______ /|__| |__| |__|__|_ \\___ >__|
\/ \/ \/
[?] Enter the target: parrotsec-cn.org
[!] IP Address : 185.209.84.199
[!] Server: nginx
[!] parrotsec-cn.org doesn't seem to use a CMS
[+] Honeypot Probabilty: 0%
----------------------------------------
[~] Trying to gather whois information for parrotsec-cn.org
[+] Whois information found
Updated Date : 2018-01-13 13:43:12
Status : clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name : Domain Administrator
Dnssec : unsigned
City : Phoenix
Expiration Date : 2018-06-23 13:24:20
Address : 1928 E. Highland Ave. Ste F104, PMB# 255
Zipcode : 85016
Domain Name : PARROTSEC-CHINA.ORG
Whois Server : whois.namesilo.com
State : AZ
Registrar : Namesilo, LLC
Referral Url : None
Country : US
Name Servers : JACK.NS.CLOUDFLARE.COM, JOAN.NS.CLOUDFLARE.COM
Org : See PrivacyGuardian.org
Creation Date : 2017-06-23 13:24:20
Emails : [email protected], [email protected]
----------------------------------------
[+] Robots.txt retrieved
# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
User-agent: *
Disallow: /auth/cas
Disallow: /auth/facebook/callback
Disallow: /auth/twitter/callback
Disallow: /auth/google/callback
Disallow: /auth/yahoo/callback
Disallow: /auth/github/callback
Disallow: /auth/cas/callback
Disallow: /assets/browser-update*.js
Disallow: /users/
Disallow: /u/
Disallow: /badges/
Disallow: /search
Disallow: /search/
Disallow: /tags
Disallow: /tags/
Disallow: /email/
Disallow: /session
Disallow: /session/
Disallow: /admin
Disallow: /admin/
Disallow: /user-api-key
Disallow: /user-api-key/
Disallow: /*?api_key*
Disallow: /*?*api_key*
----------------------------------------
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)
23/tcp closed telnet
25/tcp closed smtp
80/tcp open http nginx 1.12.2
110/tcp closed pop3
143/tcp closed imap
443/tcp open ssl/http nginx
445/tcp closed microsoft-ds
3389/tcp closed ms-wbt-server
----------------------------------------
Traceback (most recent call last):
File "striker.py", line 244, in <module>
dnsdump(domain)
File "striker.py", line 177, in dnsdump
res = DNSDumpsterAPI(False).search(domain)
File "/home/hacker/Striker/plugins/DNSDumpsterAPI.py", line 64, in search
req = s.get(dnsdumpster_url)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 515, in get
return self.request('GET', url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 502, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 612, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 504, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='dnsdumpster.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f39d0d6d150>: Failed to establish a new connection: [Errno 111] Connection refused',))
