Merge remote-tracking branch 'origin/master'

shmilylty · shmilylty · commit 3497bbdb6871 · 2020-05-13T13:19:20.000+08:00
diff --git a/README.md b/README.md
@@ -279,7 +279,7 @@ FLAGS
 
 ## 📄版权
 
-该项目签署了GPL-3.0授权许可，详情请参阅[LICENSE](https://github.com/shmilylty/OneForAll/LICENSE)。
+该项目签署了GPL-3.0授权许可，详情请参阅[LICENSE](https://github.com/shmilylty/OneForAll/blob/master/LICENSE)。
 
 ## 😘鸣谢
 
diff --git a/brute.py b/brute.py
@@ -579,7 +579,7 @@ def main(self, domain):
         output_path = temp_dir.joinpath(output_name)
         log_path = result_dir.joinpath('massdns.log')
         check_dict()
-        logger.log('INFOR', f'Running massdns to resolve subdomains')
+        logger.log('INFOR', f'Running massdns to brute subdomains')
         utils.call_massdns(massdns_path, dict_path, ns_path, output_path,
                            log_path, quiet_mode=self.quite,
                            process_num=self.process_num,
diff --git a/common/resolve.py b/common/resolve.py
@@ -161,7 +161,7 @@ def run_resolve(domain, data):
 
     ns_path = setting.brute_nameservers_path
 
-    logger.log('INFOR', f'Running massdns to brute subdomains')
+    logger.log('INFOR', f'Running massdns to resolve subdomains')
     utils.call_massdns(massdns_path, save_path, ns_path,
                        output_path, log_path, quiet_mode=True)
 
diff --git a/common/utils.py b/common/utils.py
@@ -308,7 +308,7 @@ def export_all_results(path, name, format, datas):
 
 def export_all_subdomains(alive, path, name, datas):
     path = check_path(path, name, 'txt')
-    logger.log('ALERT', f'The txt subdomain result for all main domains {path}')
+    logger.log('ALERT', f'The txt subdomain result for all main domains: {path}')
     subdomains = set()
     for row in datas:
         subdomain = row.get('subdomain')
diff --git a/docs/en-us/README.md b/docs/en-us/README.md
diff --git a/docs/en-us/usage_help.md b/docs/en-us/usage_help.md
@@ -21,7 +21,7 @@ The OneForAll command line interface is based on [Fire](https://github.com/googl
        oneforall.py --target=TARGET <flags>
    
    DESCRIPTION
-       OneForAll is a powerful subdomain collection tool
+       OneForAll is a powerful subdomain integration tool
    
        Example:
            python3 oneforall.py version
diff --git a/docs/installation_dependency.md b/docs/installation_dependency.md
@@ -52,7 +52,7 @@ git clone https://gitee.com/shmilylty/OneForAll.git
 3. 安装相关依赖
 ```bash
 cd OneForAll/
-sudo yum install python3-devel python3-pip -y
+sudo yum install gcc python3-devel python3-pip -y
 sudo python3 -m pip install -U pip setuptools wheel -i https://mirrors.aliyun.com/pypi/simple/
 sudo pip3 install uvloop -i https://mirrors.aliyun.com/pypi/simple/
 sudo pip3 install --ignore-installed -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
diff --git a/modules/certificates/censys_api.py b/modules/certificates/censys_api.py
@@ -31,7 +31,7 @@ def query(self):
         json = resp.json()
         status = json.get('status')
         if status != 'ok':
-            logger.log('ALERT', status)
+            logger.log('ALERT', f'{self.source} module {status}')
             return
         subdomains = self.match_subdomains(self.domain, str(json))
         self.subdomains = self.subdomains.union(subdomains)
diff --git a/modules/check/axfr.py b/modules/check/axfr.py
@@ -17,8 +17,9 @@
 
 class CheckAXFR(Module):
     """
-    DNS域传送漏洞检查类
+    DNS zone transfer vulnerability base class
     """
+
     def __init__(self, domain: str):
         Module.__init__(self)
         self.domain = self.register(domain)
@@ -28,18 +29,18 @@ def __init__(self, domain: str):
 
     def axfr(self, server):
         """
-        执行域传送
+        Perform domain transfer
 
-        :param server: 域名服务器
+        :param server: domain server
         """
-        logger.log('DEBUG', f'尝试对{self.domain}的域名服务器{server}进行域传送')
+        logger.log('DEBUG', f'Trying to perform domain transfer in {server} of {self.domain}')
         try:
             xfr = dns.query.xfr(where=server, zone=self.domain,
                                 timeout=5.0, lifetime=10.0)
             zone = dns.zone.from_xfr(xfr)
         except Exception as e:
             logger.log('DEBUG', e.args)
-            logger.log('DEBUG', f'对{self.domain}的域名服务器{server}进行域传送失败')
+            logger.log('DEBUG', f'Domain transfer to server {server} of {self.domain} failed')
             return
         names = zone.nodes.keys()
         for name in names:
@@ -49,13 +50,13 @@ def axfr(self, server):
             record = zone[name].to_text(name)
             self.results.append(record)
         if self.results:
-            logger.log('DEBUG', f'发现{self.domain}在{server}上的域传送记录')
+            logger.log('DEBUG', f'Found the domain transfer record of {self.domain} on {server}')
             logger.log('DEBUG', '\n'.join(self.results))
             self.results = []
 
     def check(self):
         """
-        正则匹配响应头中的内容安全策略字段以发现子域名
+        check
         """
         resolver = utils.dns_resolver()
         try:
@@ -65,7 +66,7 @@ def check(self):
             return
         nsservers = [str(answer) for answer in answers]
         if not len(nsservers):
-            logger.log('ALERT', f'没有找到{self.domain}的NS域名服务器记录')
+            logger.log('ALERT', f'No name server record found for {self.domain}')
             return
         for nsserver in nsservers:
             self.axfr(nsserver)
diff --git a/modules/check/csp.py b/modules/check/csp.py
@@ -1,5 +1,5 @@
 """
-检查内容安全策略收集子域名收集子域名
+Collect subdomains from ContentSecurityPolicy
 """
 import requests
 
@@ -10,7 +10,7 @@
 
 class CheckCSP(Module):
     """
-    检查内容安全策略收集子域名
+    Collect subdomains from ContentSecurityPolicy
     """
     def __init__(self, domain, header):
         Module.__init__(self)
@@ -21,9 +21,9 @@ def __init__(self, domain, header):
 
     def grab_header(self):
         """
-        抓取请求头
+        Get header
 
-        :return: 请求头
+        :return: ContentSecurityPolicy header
         """
         csp_header = dict()
         urls = [f'http://{self.domain}',
@@ -47,10 +47,10 @@ def check(self):
             self.csp_header = self.grab_header()
         csp = self.header.get('Content-Security-Policy')
         if not self.csp_header:
-            logger.log('DEBUG', f'获取{self.domain}域的请求头失败')
+            logger.log('DEBUG', f'Failed to get header of {self.domain} domain')
             return
         if not csp:
-            logger.log('DEBUG', f'{self.domain}域的响应头不存在内容安全策略字段')
+            logger.log('DEBUG', f'There is no Content-Security-Policy in the header of {self.domain}')
             return
         self.subdomains = self.match_subdomains(self.domain, csp)
 
diff --git a/modules/datasets/sublist3r.py b/modules/datasets/sublist3r.py
@@ -0,0 +1,48 @@
+from common.query import Query
+
+
+class Sublist3r(Query):
+    def __init__(self, domain):
+        Query.__init__(self)
+        self.domain = self.register(domain)
+        self.module = 'Dataset'
+        self.source = 'Sublist3rQuery'
+
+    def query(self):
+        """
+        向接口查询子域并做子域匹配
+        """
+        self.header = self.get_header()
+        self.proxy = self.get_proxy(self.source)
+        addr = 'https://api.sublist3r.com/search.php'
+        param = {'domain': self.domain}
+        resp = self.get(addr, param)
+        if not resp:
+            return
+        subdomains = self.match_subdomains(self.domain, resp.text)
+        self.subdomains = self.subdomains.union(subdomains)
+
+    def run(self):
+        """
+        类执行入口
+        """
+        self.begin()
+        self.query()
+        self.finish()
+        self.save_json()
+        self.gen_result()
+        self.save_db()
+
+
+def do(domain):  # 统一入口名字 方便多线程调用
+    """
+    类统一调用入口
+
+    :param str domain: 域名
+    """
+    query = Sublist3r(domain)
+    query.run()
+
+
+if __name__ == '__main__':
+    do('example.com')
diff --git a/modules/search/gitee.py b/modules/search/gitee.py
@@ -29,7 +29,7 @@ def search(self, full_search=False):
             if not resp:
                 break
             if resp.status_code != 200:
-                logger.log('ERROR', f'{self.source}模块搜索出错')
+                logger.log('ERROR', f'{self.source} module query failed')
                 break
             if 'class="empty-box"' in resp.text:
                 break
diff --git a/modules/search/github_api.py b/modules/search/github_api.py
@@ -46,7 +46,7 @@ def search(self):
             {'Accept': 'application/vnd.github.v3.text-match+json'})
 
         if not self.auth_github():
-            logger.log('ERROR', f'{self.source}模块登录失败')
+            logger.log('ERROR', f'{self.source} module login failed')
             return
         page = 1
         while True:
@@ -58,7 +58,7 @@ def search(self):
                 logger.log('ERROR', e.args)
                 break
             if resp.status_code != 200:
-                logger.log('ERROR', f'{self.source}模块搜索出错')
+                logger.log('ERROR', f'{self.source} module query failed')
                 break
             subdomains = self.match_subdomains(self.domain, resp.text)
             if not subdomains:
diff --git a/modules/search/zoomeye_api.py b/modules/search/zoomeye_api.py
@@ -23,11 +23,11 @@ def login(self):
         data = {'username': self.user, 'password': self.pwd}
         resp = self.post(url=url, json=data)
         if not resp:
-            logger.log('FATAL', f'登录失败无法获取{self.source}的访问token')
+            logger.log('FATAL', f'{self.source} module login failed, can not get access token')
             exit(1)
         data = resp.json()
         if resp.status_code == 200:
-            logger.log('DEBUG', f'{self.source}模块登录成功')
+            logger.log('DEBUG', f'{self.source} module login success')
             return data.get('access_token')
         else:
             logger.log('ALERT', data.get('message'))
diff --git a/oneforall.py b/oneforall.py
@@ -2,7 +2,7 @@
 # coding=utf-8
 
 """
-OneForAll is a powerful subdomain collection tool
+OneForAll is a powerful subdomain integration tool
 
 :copyright: Copyright (c) 2019, Jing Ling. All rights reserved.
 :license: GNU General Public License v3.0, see LICENSE for more details.
@@ -32,7 +32,7 @@
 message = white + '{' + red + version + white + '}'
 
 banner = f"""
-OneForAll is a powerful subdomain collection tool{yellow}
+OneForAll is a powerful subdomain integration tool{yellow}
              ___             _ _ 
  ___ ___ ___|  _|___ ___ ___| | | {message}{green}
 | . |   | -_|  _| . |  _| .'| | | {blue}
@@ -46,7 +46,7 @@ class OneForAll(object):
     """
     OneForAll help summary page
 
-    OneForAll is a powerful subdomain collection tool
+    OneForAll is a powerful subdomain integration tool
 
     Example:
         python3 oneforall.py version
