文章目录
解包
命令行输入
wedecode可自动扫描已安装的小程序并自动解包
记住解包路径
敏感信息扫描
使用python脚本(魔改别人的,具体谁的忘了,加了一个文件名输出)扫描解包的js文件中是否有各类密钥及敏感信息
powershell
python .\xcx_info_get.py 解包js路径
python
import json
import re
import sys
import os
# 辅助函数:匹配到内容时,自动附加文件路径
def ext(target_list, pattern, line, filepath):
matches = re.findall(pattern, line, re.IGNORECASE)
if matches:
target_list.extend([(m, filepath) for m in matches])
#脚本用于从JS文件中匹配身份证、手机号、ip、企业微信 webhook、密码、常见的云AK、谷歌云 AccessKey ID、京东云 AccessKey ID等相关信息
#使用方法: python secertinfo.py js文件所在目录
#生成文件: 目录名称_sensitive_info.txt
def extract_sensitive_info(directory):
# 初始化存储结果的列表
mails = []
phones = []
ids = []
ips = []
passwords = []
secertinfos = []
aks = []
google_aks = []
jinshanyun_aks = []
huoshan_aks = []
amazon_aks = []
jingdongyun_aks = []
jwt_tokens = []
PRIVATE_keys = []
Auth_tokens = []
Basic_tokens = []
Bearer_tokens = []
slack_webhooks = []
feishu_webhooks = []
dingding_webhooks = []
wx_webhooks = []
gzhs = []
qywx_corpids = []
appids = []
txy_APIs = []
grafana_account_token1s = []
grafana_account_token2s = []
grafana_api_tokens = []
grafana_keys = []
Github_tokens = []
Gitlab_tokens = []
# 定义正则表达式
#邮箱匹配
mail_pattern = r'[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}'
#手机号匹配
phone_pattern = r'(?<!\d)(13\d{9}|14[579]\d{8}|15[^4\D]\d{8}|166\d{8}|17[^49\D]\d{8}|18\d{9}|19[189]\d{8})(?!\d)'
#身份证匹配
id_pattern = r'\b\d{17}[\dXx]|\b\d{14}\d{1}|\b\d{17}[\dXx]'
#ip匹配
ip_pattern = r'\d+\.\d+\.\d+\.\d+'
#密码匹配小正则
password_pattern = r'(?:^|_)((?:username|password|key|auv)_)\s*[:=><]*\s*["\']([^"\']+)["\']'
#匹配信息大正则
secertinfo_pattern = r'(?i)((access_key|username|user|jwtkey|jwt_key|AESKEY|AES_KEY|appsecret|app_secret|access_token|password|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|phone|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api\.googlemaps\s+AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc\ password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn\.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env\.heroku_api_key|env\.sonatype_password|eureka\.awssecretkey)\s*[:=><]{1,2}\s*[\"\']{0,1}([0-9a-zA-Z\-_=+/]{8,64})[\"\']{0,1})'
#常见的云AK匹配
ak_pattern = r'''(['"]\s*(?:GOOG[\w\W]{10,30}|AZ[A-Za-z0-9]{34,40}|AKID[A-Za-z0-9]{13,20}|AKIA[A-Za-z0-9]{16}|IBM[A-Za-z0-9]{10,40}|OCID[A-Za-z0-9]{10,40}|LTAI[A-Za-z0-9]{12,20}|AK[\w\W]{10,62}|AK[A-Za-z0-9]{10,40}|AK[A-Za-z0-9]{10,40}|UC[A-Za-z0-9]{10,40}|QY[A-Za-z0-9]{10,40}|KS3[A-Za-z0-9]{10,40}|LTC[A-Za-z0-9]{10,60}|YD[A-Za-z0-9]{10,60}|CTC[A-Za-z0-9]{10,60}|YYT[A-Za-z0-9]{10,60}|YY[A-Za-z0-9]{10,40}|CI[A-Za-z0-9]{10,40}|gcore[A-Za-z0-9]{10,30})\s*['"])'''
#谷歌云 AccessKey ID匹配
google_ak_pattern = r'\bAIza[0-9A-Za-z_\-]{35}\b'
#金山云 AccessKey ID匹配
jinshanyun_ak_pattern = r'\bAKLT[a-zA-Z0-9-_]{16,28}\b'
#火山引擎 AccessKey ID匹配
huoshan_ak_pattern = r'\b(?:AKLT|AKTP)[a-zA-Z0-9]{35,50}\b'
#亚马逊 AccessKey ID匹配
amazon_ak_pattern = r'["''](?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}["'']'
#京东云 AccessKey ID匹配
jingdongyun_ak_pattern = r'\bJDC_[0-9A-Z]{25,40}\b'
#JWT Token匹配
jwt_token_pattern = r'eyJ[A-Za-z0-9_/+\-]{10,}={0,2}\.[A-Za-z0-9_/+\-\\]{15,}={0,2}\.[A-Za-z0-9_/+\-\\]{10,}={0,2}'
#PRIVATE KEY匹配
PRIVATE_key_pattern = r'-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\s*?-----[a-zA-Z0-9\/\n\r=+]*-----\s*?END[ A-Z0-9_-]*? PRIVATE KEY\s*?-----'
#Auth Token匹配
Auth_token_pattern = r'["''\[]*[Aa]uthorization["''\]]*\s*[:=]\s*[''"]?\b(?:[Tt]oken\s+)?[a-zA-Z0-9\-_+/]{20,500}[''"]?'
#Basic Token匹配
Basic_token_pattern = r'\b[Bb]asic\s+[A-Za-z0-9+/]{18,}={0,2}\b'
#Bearer Token匹配
Bearer_token_pattern = r'\b[Bb]earer\s+[a-zA-Z0-9\-=._+/\\]{20,500}\b'
#slack webhook匹配
slack_webhook_pattern = r'\bhttps://hooks.slack.com/services/[a-zA-Z0-9\-_]{6,12}/[a-zA-Z0-9\-_]{6,12}/[a-zA-Z0-9\-_]{15,24}\b'
#飞书 webhook匹配
feishu_webhook_pattern = r'\bhttps://open.feishu.cn/open-apis/bot/v2/hook/[a-z0-9\-]{25,50}\b'
#钉钉 webhook匹配
dingding_webhook_pattern = r'\bhttps://oapi.dingtalk.com/robot/send\?access_token=[a-z0-9]{50,80}\b'
#企业微信 webhook匹配
wx_webhook_pattern = r'\bhttps://qyapi.weixin.qq.com/cgi-bin/webhook/send\?key=[a-zA-Z0-9\-]{25,50}\b'
#微信公众号匹配
gzh_pattern = r'["''](gh_[a-z0-9]{11,13})["'']'
#企业微信 corpid匹配
qywx_corpid_pattern = r'["''](ww[a-z0-9]{15,18})["'']'
#微信 公众号/小程序 APPID匹配
appid_pattern = r'["''](wx[a-z0-9]{15,18})["'']'
#腾讯云 API网关 APPKEY匹配
txy_API_pattern = r'\bAPID[a-zA-Z0-9]{32,42}\b'
#grafana service account token匹配1
grafana_account_token1_pattern = r'\b(?:VUE|APP|REACT)_[A-Z_0-9]{1,15}_(?:KEY|PASS|PASSWORD|TOKEN|APIKEY)[\'"]*[:=]"(?:[A-Za-z0-9_\-]{15,50}|[a-z0-9/+]{50,100}==?)"'
#grafana service account token匹配2
grafana_account_token2_pattern = r'\bglsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}\b'
#grafana cloud api token匹配
grafana_api_token_pattern = r'\bglc_[A-Za-z0-9\-_+/]{32,200}={0,2}\b'
#grafana api key匹配
grafana_key_pattern = r'\beyJrIjoi[a-zA-Z0-9\-_+/]{50,100}={0,2}\b'
#Github Token匹配
Github_token_pattern = r'\b((?:ghp|gho|ghu|ghs|ghr|github_pat)_[a-zA-Z0-9_]{36,255})\b'
#Gitlab V2 Token匹配
Gitlab_token_pattern = r'\b(glpat-[a-zA-Z0-9\-=_]{20,22})\b'
# 遍历指定目录下的所有文件
for root, dirs, files in os.walk(directory):
for file in files:
if file.endswith('.js'): # 只处理JS文件
try:
with open(os.path.join(root, file), "r", encoding='utf-8', errors='ignore') as f:
lines = f.readlines()
for line in lines:
line = line.strip('\n').strip('\t')
'''
# 应用正则表达式
mails.extend(re.findall(mail_pattern, line, re.IGNORECASE))
phones.extend(re.findall(phone_pattern, line, re.IGNORECASE))
ids.extend(re.findall(id_pattern, line, re.IGNORECASE))
ips.extend(re.findall(ip_pattern, line, re.IGNORECASE))
passwords.extend(re.findall(password_pattern, line, re.IGNORECASE))
secertinfos.extend(re.findall(secertinfo_pattern, line, re.IGNORECASE))
aks.extend(re.findall(ak_pattern, line, re.IGNORECASE))
google_aks.extend(re.findall(google_ak_pattern, line, re.IGNORECASE))
jinshanyun_aks.extend(re.findall(jinshanyun_ak_pattern, line, re.IGNORECASE))
huoshan_aks.extend(re.findall(huoshan_ak_pattern, line, re.IGNORECASE))
amazon_aks.extend(re.findall(amazon_ak_pattern, line, re.IGNORECASE))
jingdongyun_aks.extend(re.findall(jingdongyun_ak_pattern, line, re.IGNORECASE))
jwt_tokens.extend(re.findall(jwt_token_pattern, line, re.IGNORECASE))
PRIVATE_keys.extend(re.findall(PRIVATE_key_pattern, line, re.IGNORECASE))
Auth_tokens.extend(re.findall(Auth_token_pattern, line, re.IGNORECASE))
Basic_tokens.extend(re.findall(Basic_token_pattern, line, re.IGNORECASE))
Bearer_tokens.extend(re.findall(Bearer_token_pattern, line, re.IGNORECASE))
slack_webhooks.extend(re.findall(slack_webhook_pattern, line, re.IGNORECASE))
feishu_webhooks.extend(re.findall(feishu_webhook_pattern, line, re.IGNORECASE))
dingding_webhooks.extend(re.findall(dingding_webhook_pattern, line, re.IGNORECASE))
wx_webhooks.extend(re.findall(wx_webhook_pattern, line, re.IGNORECASE))
gzhs.extend(re.findall(gzh_pattern, line, re.IGNORECASE))
qywx_corpids.extend(re.findall(qywx_corpid_pattern, line, re.IGNORECASE))
appids.extend(re.findall(appid_pattern, line, re.IGNORECASE))
txy_APIs.extend(re.findall(txy_API_pattern, line, re.IGNORECASE))
grafana_account_token1s.extend(re.findall(grafana_account_token1_pattern, line, re.IGNORECASE))
grafana_account_token2s.extend(re.findall(grafana_account_token2_pattern, line, re.IGNORECASE))
grafana_api_tokens.extend(re.findall(grafana_api_token_pattern, line, re.IGNORECASE))
grafana_keys.extend(re.findall(grafana_key_pattern, line, re.IGNORECASE))
Github_tokens.extend(re.findall(Github_token_pattern, line, re.IGNORECASE))
Gitlab_tokens.extend(re.findall(Gitlab_token_pattern, line, re.IGNORECASE))
'''
# 现在:每行只改这一处
ext(mails, mail_pattern, line, file)
ext(phones, phone_pattern, line, file)
ext(ids, id_pattern, line, file)
ext(ips, ip_pattern, line, file)
ext(passwords, password_pattern, line, file)
ext(secertinfos, secertinfo_pattern, line, file)
ext(aks, ak_pattern, line, file)
ext(google_aks, google_ak_pattern, line, file)
ext(jinshanyun_aks, jinshanyun_ak_pattern, line, file)
ext(huoshan_aks, huoshan_ak_pattern, line, file)
ext(amazon_aks, amazon_ak_pattern, line, file)
ext(jingdongyun_aks, jingdongyun_ak_pattern, line, file)
ext(jwt_tokens, jwt_token_pattern, line, file)
ext(PRIVATE_keys, PRIVATE_key_pattern, line, file)
ext(Auth_tokens, Auth_token_pattern, line, file)
ext(Basic_tokens, Basic_token_pattern, line, file)
ext(Bearer_tokens, Bearer_token_pattern, line, file)
ext(slack_webhooks, slack_webhook_pattern, line, file)
ext(feishu_webhooks, feishu_webhook_pattern, line, file)
ext(dingding_webhooks, dingding_webhook_pattern, line, file)
ext(wx_webhooks, wx_webhook_pattern, line, file)
ext(gzhs, gzh_pattern, line, file)
ext(qywx_corpids, qywx_corpid_pattern, line, file)
ext(appids, appid_pattern, line, file)
ext(txy_APIs, txy_API_pattern, line, file)
ext(grafana_account_token1s, grafana_account_token1_pattern, line, file)
ext(grafana_account_token2s, grafana_account_token2_pattern, line, file)
ext(grafana_api_tokens, grafana_api_token_pattern, line, file)
ext(grafana_keys, grafana_key_pattern, line, file)
ext(Github_tokens, Github_token_pattern, line, file)
ext(Gitlab_tokens, Gitlab_token_pattern, line, file)
except Exception as e:
print(f"Error processing file {file}: {e}")
# 整合所有结果到一个列表中
all_sensitive_info = [
('邮箱匹配', sorted(set(mails))),
('手机号匹配', sorted(set(phones))),
('身份证匹配', sorted(set(ids))),
('ip匹配', sorted(set(ips))),
('密码匹配小正则', sorted(set(passwords))),
('匹配信息大正则', sorted(set(secertinfos))),
('常见的云AK匹配', sorted(set(aks))),
('谷歌云 AccessKey ID匹配', sorted(set(google_aks))),
('金山云 AccessKey ID匹配', sorted(set(jinshanyun_aks))),
('火山引擎 AccessKey ID匹配', sorted(set(huoshan_aks))),
('亚马逊 AccessKey ID匹配', sorted(set(amazon_aks))),
('京东云 AccessKey ID匹配', sorted(set(jingdongyun_aks))),
('JWT Token匹配', sorted(set(jwt_tokens))),
('PRIVATE KEY匹配', sorted(set(PRIVATE_keys))),
('Auth Token匹配', sorted(set(Auth_tokens))),
('Basic Token匹配', sorted(set(Basic_tokens))),
('Bearer Token匹配', sorted(set(Bearer_tokens))),
('slack webhook匹配', sorted(set(slack_webhooks))),
('飞书 webhook匹配', sorted(set(feishu_webhooks))),
('钉钉 webhook匹配', sorted(set(dingding_webhooks))),
('企业微信 webhook匹配', sorted(set(wx_webhooks))),
('微信公众号匹配', sorted(set(gzhs))),
('企业微信 corpid匹配', sorted(set(qywx_corpids))),
('微信 公众号/小程序 APPID匹配', sorted(set(appids))),
('腾讯云 API网关 APPKEY匹配', sorted(set(txy_APIs))),
('grafana service account token匹配1', sorted(set(grafana_account_token1s))),
('grafana service account token匹配2', sorted(set(grafana_account_token2s))),
('grafana cloud api token匹配', sorted(set(grafana_api_tokens))),
('grafana api key匹配', sorted(set(grafana_keys))),
('Github Token匹配', sorted(set(Github_tokens))),
('Gitlab V2 Token匹配', sorted(set(Gitlab_tokens)))
]
# 写入结果到文件
output_filename = f"{directory}_sensitive_info.txt"
with open(output_filename, "w", encoding='utf-8', errors='ignore') as outfile:
for category, items in all_sensitive_info:
outfile.write(f"{category}:\n")
for item in items:
outfile.write(f"- {item}\n")
outfile.write("\n") # 添加空行分隔不同类别
if __name__ == "__main__":
print('开始扫描')
if len(sys.argv) != 2:
print("Usage: python secertinfo.py js文件所在目录")
sys.exit(1)
directory = sys.argv[1]
extract_sensitive_info(directory)
print('扫描结束,在目标目录下生成sensitive_info.txt')