lijiejie / bbscan Goto Github PK

Hi!
I'm a package maintainer at Debian.
I'm packaging BBScan. However, I have a question about versioning. The last tag is like 1.5
https://github.com/lijiejie/BBScan/releases/tag/v1.5

However, the description says 2.0.

Could you clarify this for me?

Best,
Nilson Silva

Nan's BBS 南生论坛 基于SSM框架，自适应手机端和电脑端，界面简洁美观，功能完善。分为用户系统和管理系统两部分
github地址：https://github.com/maliangnansheng/bbs-ssm
演示地址：http://www.nanshengbbs.top

AttributeError: 'module' object has no attribute '_base'
这个是什么问题？

https://github.com/qiuluo-oss/BBScan_py3

s
root@kali:/usr/local/xxxx/BBScan-master# python BBScan.py --help
Traceback (most recent call last):
File "BBScan.py", line 30, in
from lib.connectionPool import HTTPConnPool, HTTPSConnPool
File "/usr/local/xxxx/BBScan-master/lib/connectionPool.py", line 5, in
from urllib3.packages.six.moves.queue import Empty
ImportError: No module named six.moves.queue

我安装最新版本的six也不可以。

现在我的six如下:

six
<module 'six' from '/usr/lib/python2.7/dist-packages/six.pyc'>

BUG位置：BBScan.py http_request方法

当content-type不等于text/html时，会判断响应头content-length，
当content-length不存在时即漏报

1.3版本的BBScan，在我扫描时发现如果扫描目录上千个网站，后面的一大部分扫描结果不会保存到HTML中

下图中是扫出来的规则结果，但是HTML文件修改时间并没有变化，扫完以后也没有变化，无法保存到里面！

url文件过大时会出现Invalid domain，无法解析域名

我在增加自己的rule时候，发现bbscan 1.5版本不会对根目录的title进行匹配获取。
我使用的命令是 ：BBScan.py --script is_admin_site --no-crawl --no-check404 -f xxx.txt
添加规则比如：white.list 增加 {regex_text="<title>.JBoss.</title>"}

我这边直接python2.x执行提示缺少组件，比如urllib3。
直接去pip装的话，是找不到的，换了国内源也这样。
'''
Downloading/unpacking urllib3/dnspython
Cannot fetch index base URL http://pypi.xxx.com/simple
'''
然后python3运行的话，会发现语法不对，显然不是python3。
不知道jiejie童鞋知道是怎么回事么？

师傅，因为有些网站还是会有入口的uri的情况，这类型可能需要传入指定的url地址才可以访问或者进行目录的一些爆破工作，看了下源码bbscan会自动忽略掉后面的uri，请问后面会支持传入自定义url的方式吗？不知道是否方便加个联系方式呢？

127.0.0.1 - - [20/Nov/2018 17:57:12] "GET http://127.0.0.1:8000//www.log HTTP/1.1" 404 -
127.0.0.1 - - [20/Nov/2018 17:57:12] code 404, message File not found

实际上去浏览器上访问返回状态 200

127.0.0.1 - - [20/Nov/2018 17:58:25] "GET /www.log HTTP/1.1" 200 -
在代码中去除后http://127.0.0.1:8000/，返回状态为200了，但是扫描完后显示
No vulnerabilities found on sites in hosts

pip install awscli --upgrade --ignore-installed six

最新的python+最新的BBScan 1.4 报错了，报错如下：

objc[21336]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
objc[21336]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.

[09:57:13] Batch Web Scan start.
[main.exception] <type 'exceptions.IOError'> [Errno 11] Resource temporarily unavailable
Traceback (most recent call last):
File "BBScan.py", line 656, in
q_results = multiprocessing.Manager().Queue()
File "/usr/lib/python2.7/multiprocessing/managers.py", line 667, in temp
token, exp = self._create(typeid, *args, **kwds)
File "/usr/lib/python2.7/multiprocessing/managers.py", line 565, in _create
conn = self._Client(self._address, authkey=self._authkey)
File "/usr/lib/python2.7/multiprocessing/connection.py", line 175, in Client
answer_challenge(c, authkey)
File "/usr/lib/python2.7/multiprocessing/connection.py", line 432, in answer_challenge
message = connection.recv_bytes(256) # reject large message
IOError: [Errno 11] Resource temporarily unavailable

微信：zanyryy（meloner）

师傅推荐的BBScan 马上动手下载起来玩起来..
但是在windows下和linux下运行都出现了问题
requirements 都已经通过pip安装
但是还是出错了

还要自己收集二级域名，会不会很麻烦？

扫描网站的时候总是报错 [ERROR] Fail to load script mongodb_unauth，这个要怎么解决

各位注意了，在BBScan.py 571,572行
单个url扫描结果超过5条只显示第1条记录

使用bbscan的时候发现一个问题，当扫描的时候host参数没有指定协议的时候，被扫描的网站如果配置了http强制301跳转https就无法扫描。
我看了一下代码，发现代码会默认使用http连接，conn_pool = HTTPConnPool，所以导致扫描请求发不出去。
现在很多网站切换https都会采用这种301的方式，建议可以对你的项目进行一定更新
以下是我的尝试方法
bbscan.py行136增加如下代码
#start
status, headers, html_doc = self.http_request("/")
location = headers.get('Location', '')
if status == 301 and location:
loc_schema, loc_host, loc_path = parse_url(location)
self.base_url = location
if loc_schema == 'https':
self.conn_pool = HTTPSConnPool(self.host, port=443, maxsize=self.args.t * 2, headers=HEADERS)
if loc_schema == 'http':
self.conn_pool = HTTPConnPool(self.host, port=443, maxsize=self.args.t * 2, headers=HEADERS)
print_msg('Location scan web: %s' % location)
#end

RT
loop = asyncio.get_event_loop() 改为 loop = asyncio.new_event_loop()

看了项目的说明文档中有示例可以使用--browser参数，于是
命令：BBScan.py --host www.xxx.com --browser
提示：BBScan: error: unrecognized arguments: --browser
这提示说明项目无法识别该参数，想问一下browser参数是否支持，作用何在。

Can that be used for test the Docker environment ?

下面是报错

Traceback (most recent call last):
  File "BBScan.py", line 30, in <module>
    from lib.connectionPool import HTTPConnPool, HTTPSConnPool
  File "/yourfolder/github/BBScan/lib/connectionPool.py", line 5, in <module>
    from urllib3.packages.six.moves.queue import Empty
ImportError: No module named six.moves.queue

尝试pip install six,未果。
谷歌未果。。。

hello
Web directory bruteforce
I want to work brute force on folders
Response is status 500
But the script does not accept or give any result
This question can be solved

C:\apps\forme\tools\bbscan>python bbscan.py --host www.baidu.com
[09:35:58] Batch web scan start.
Traceback (most recent call last):
File "", line 1, in
File "C:\Python27\lib\multiprocessing\forking.py", line 380, in main
prepare(preparation_data)
File "C:\Python27\lib\multiprocessing\forking.py", line 489, in prepare
file, path_name, etc = imp.find_module(main_name, dirs)
ImportError: No module named bbscan

作者你好，已经按照要求将需要的库安装了 但是执行扫描的时候会出现上述 请问如何解决？

将scripts/tools中的port_scan.py 放到scrpts下。执行以下命令：
python3 BBScan.py --scripts-only --script port_scan --host www.baidu.com --network 24 --save-ports ports_80.txt

报错：
[14:00:36] [scan_worker.1] object NoneType can't be used in 'await' expression
[14:00:36] Traceback (most recent call last):
File "BBScan.py", line 502, in scan_worker
await check_func(self, item[1])
TypeError: object NoneType can't be used in 'await' expression

能否直观点展示这个东西香在哪里，扫描出结果是啥样的，又会带来怎么样的帮助呢？

Hi, as shown in the following full dependency graph of BBScan, BBScan requires urllib3 (the latest version), while the installed version of requests(2.22.0) requires urllib3>=1.21.1,<1.26.

According to Pip's “first found wins” installation strategy, urllib3 1.25.3 is the actually installed version.

Although the first found package version urllib3 1.25.3 just satisfies the later dependency constraint (urllib3>=1.21.1,<1.26), it will lead to a build failure once developers release a newer version of urllib3.

Dependency tree--------

BBScan(version range:)
| +-beautifulsoup4(version range:>=4.3.2)
| +-py2-ipaddress(version range:>=3.4.1)
| +-pymongo(version range:)
| +-requests(version range:)
| | +-chardet(version range:>=3.0.2,<3.1.0)
| | +-idna(version range:>=2.5,<2.9)
| | +-urllib3(version range:>=1.21.1,<1.26)
| | +-certifi(version range:>=2017.4.17)
| +-urllib3(version range:)

Thanks for your attention.
Best,
Neolith

扫描https的站点都是直接404了

大佬好强，但是因为py2的原因无缘了。。。

虽然README说可以嵌入内部系统，但是args的方式只适合从命令行获取参数，不适合从二次开发，建议参考一下oneforall的入口方式，把参数暴漏出来

端口扫描脚本文件port_scan.py位置是不是应该放在script文件夹内，貌似放在scripts/tools文件夹才能正常扫描端口

$ python BBScan.py --host http://www.baidu.com/ --full-scan                                                                                                                                                     [21:52:10]
[21:52:18] Batch Web Scan start.
[21:52:18] Report thread created, prepare target Queue...
[21:52:18] 1 targets entered Queue.
[21:52:18] Create 8 sub Processes...
[21:52:19] 8 sub process successfully created.
[21:52:19] Scan www.baidu.com
objc[20810]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
objc[20810]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.
[21:52:20] No vulnerabilities found on sites in hosts.

In macOS High Sierra 10.13.6 may have been in progress in another thread when fork()
因为mac安全问题导致

避免这个问题，使用前
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
就可以了
https://github.com/ansible/ansible/issues/32499#issuecomment-341578864

-md report.md
BBScan: error: unrecognized argument

今天尝试自己添加一些GET型的SQL注射规则，测试的时候发现添加的规则 并且匹配内容都是正确的 但是扫出来的结果却是
No vulnerabilities found on sites in hosts.

于是又测试了一下作者自带的zabbix的sql注入规则，网上找了台靶机

http://46.226.128.195//jsrpc.php?sid=0bcd4ade648214dc&type=9&method=screen.get&stamp=1471403798083&mode=2&screenid=&groupid=&hostid=0&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=1zabbix/jsrpc.php?sid=0bcd4ade648214dc&type=9&method=screen.get&tim%20estamp=1471403798083&mode=2&screenid=&groupid=&hostid=0&pageFile=hi%20story.php&profileIdx=web.item.graph&profileIdx2=(select%201%20from%20(select%20count(*),concat(floor(rand(0)*2),%20user())x%20from%20information_schema.character_sets%20group%20by%20x)y)&updateProfil%20e=true&screenitemid=&period=3600&stime=20160817050632&resourcetype=%2017&itemids%5B23297%5D=23297&action=showlatest&filter=&filter_task=&%20mark_color=1

结果是没问题的

但是用bbscan扫了下 结果是

No vulnerabilities found on sites in hosts.

E:\BBScan-master>python BBScan.py --host 46.226.128.195 --full-scan
[14:40:00] Batch web scan start.
[14:40:00] Report thread created, prepare target Queue...
[14:40:00] 1 targets entered Queue.
[14:40:00] Create 10 sub Processes...
[14:40:00] 10 sub process successfully created.
[14:40:01] Scan 46.226.128.195
[14:40:28] No vulnerabilities found on sites in hosts.

很奇怪的问题 只要是SQL注射出来的 用{tag}标签就匹配不上 如果是页面自带的比如{tag="script"}这样肯定没问题的

请教下作者 这个怎么样解决？

[10:59:24] Batch web scan start.
[10:59:24] Report thread created, prepare target Queue...
[10:59:24] 1 targets entered Queue.
[10:59:24] Create 30 sub Processes...
[10:59:25] [main.exception] <type 'exceptions.OSError'> [Errno 12] Cannot allocate memory
Traceback (most recent call last):
File "BBScan.py", line 718, in
p.start()
File "/usr/lib64/python2.7/multiprocessing/process.py", line 130, in start
self._popen = Popen(self)
File "/usr/lib64/python2.7/multiprocessing/forking.py", line 121, in init
self.pid = os.fork()
OSError: [Errno 12] Cannot allocate memory

$ ./BBScan.py --host www.xx-oo.com
[Errno 8] nodename nor servname provided, or not known
No vulnerabilities found for sites in temp.

当域名中含有'-'的时候，host解析会出错，这个应该是python本身的一个问题，不知道怎么规避一下

自定义了规则无效，但漏洞明明是存在的，之前也遇到了这个问题，那次莫名其妙的就好了，这次又遇到这样的情况。

首先，大佬你有幾段不曉得怎麼搞的變成了單引號(')
第二個，請問
/data/data/com.termux/files/usr/bin/bash: xit: command not found
這個xit:是什麼？

win10和Debian 3.16.36-1上用，跑到线程僵死半个小时以上没反应，线程消耗cpu持续为0

http_request方法对于响应码的处理似乎存在bug
其中原本响应码为404的情况经过http_request请求响应码是206：
例子：https://bit.baidu.com/accesslog