Beispiel #1
0
def load_poc_file_as_module(dir_or_file, filename=None):
    '''加载 POC 文件为 Python module

    :return: imp.load_source 的结果
    '''
    if filename is None:
        (dir, name) = (os.path.dirname(dir_or_file), os.path.basename(dir_or_file))
    else:
        (dir, name) = (dir_or_file, filename)
    mod_name = '{}-{}'.format(
        os.path.basename(name).rstrip('.py'),
        str(uuid.uuid4())
    ).replace('.', '_')
    poc_file = os.path.join(dir, name)
    try:
        logger.debug('Loading {}'.format(poc_file))
        return imp.load_source(
            'CScanPoc.{}'.format(mod_name), poc_file)
    except Exception as e:
        logger.error('Error loading {} {}'.format(poc_file, e))
        raise e
Beispiel #2
0
def load_file_as_module(dir_or_file, filename=None):
    '''加载 POC 文件为 Python module

    :param dir_or_file: @param{filename} 为空时,将该参数当作文件路径加载
    :param filename: 不为空时,加载 @param{dir_or_file} 目录下的该文件
    :return: imp.load_source 的结果
    '''
    if filename is None:
        (dirpath, name) = (path.dirname(dir_or_file),
                           path.basename(dir_or_file))
    else:
        (dirpath, name) = (dir_or_file, filename)
    mod_name = '{}-{}'.format(
        path.basename(name).rstrip('.py'),
        str(uuid.uuid4())).replace('.', '_')
    poc_file = path.join(dirpath, name)
    try:
        logger.debug('Loading %s', poc_file)
        return imp.load_source('CScanPoc.{}'.format(mod_name), poc_file)
    except Exception as err:
        logger.error('Error loading %s %s', poc_file, err)
        raise
Beispiel #3
0
 def sync_vuln_detail(self,
                      vuln_detail_dir,
                      vuln_detail_static_dir,
                      vuln_ids=None):
     '''
     :param vuln_detail_dir: 漏洞详情存放目录
        - htmls/...
        - imgs/...
     :param vuln_detail_static_dir: Cscan 站点漏洞静态资源目录
     :param vuln_ids: 为空/空列表时同步所有,为列表时只同步列表中指定的漏洞 ID
     '''
     logger.info('同步漏洞详情')
     vuln_update_sql = '''UPDATE vuln SET exploit=%s WHERE vuln_id=%s'''
     cursor = self.cnx.cursor()
     for f in Path(path.join(vuln_detail_dir, 'htmls')).glob('**/*.html'):
         vuln_id = f.name.rstrip('.html')
         if vuln_ids and vuln_id not in vuln_ids:
             continue
         logger.info('同步 %s' % f)
         try:
             cursor.execute(vuln_update_sql, (f.read_text(), vuln_id))
         except Exception as e:
             logger.error('更新失败 %s' % f, e)
     self.cnx.commit()
     if vuln_detail_static_dir:
         logger.info('同步静态资源')
         src_path = path.join(vuln_detail_dir, 'imgs')
         img_path = path.join(vuln_detail_static_dir, 'imgs')
         if not path.exists(img_path):
             os.makedirs(img_path)
         for i in os.listdir(src_path):
             fp = path.join(src_path, i)
             if not path.isfile(fp):
                 continue
             logger.debug('同步 %s' % i)
             copyfile(fp, path.join(img_path, i))