Beispiel #1
0
 def run_read(self, parameters):
     
     if len(parameters) != 2:
         msg = 'Usage: pixy <local temp directory> <pixy tool location>\n'
         msg += 'Example: payload pixy /tmp/mirror/ ~/tools/pixy/'
         return msg
     
     local_temp_dir = parameters[0]
     pixy_location = parameters[1]
         
     api_result = self.api_read( local_temp_dir, pixy_location )
             
     if not api_result:
         return 'No vulnerabilities were identified.'
     else:
         rows = []
         rows.append( ['Vulnerability type','Location'] )
         rows.append( [] )
         for vuln_type in api_result:
             for vuln_location in api_result[vuln_type]:
                 rows.append( [vuln_type, vuln_location ] )
                 
         result_table = table( rows )
         result_table.draw( 100 )
         return
Beispiel #2
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result['gcc_version']:
         return 'GCC version could not be identified.'
     else:
         rows = []
         rows.append( ['GCC Version', api_result['gcc_version'] ] )
         result_table = table( rows )
         result_table.draw( 80 )
         return rows
Beispiel #3
0
    def run_read(self, parameters):
        api_result = self.api_read(parameters)

        if not api_result["gcc_version"]:
            return "GCC version could not be identified."
        else:
            rows = []
            rows.append(["GCC Version", api_result["gcc_version"]])
            result_table = table(rows)
            result_table.draw(80)
            return
Beispiel #4
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result['os']:
         return 'Remote OS not identified.'
     else:
         rows = []
         rows.append( ['Remote OS', api_result['os'] ] ) 
         result_table = table( rows )
         result_table.draw( 80 )                    
         return rows
Beispiel #5
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     rows = []
     rows.append( ['Description', 'Value'] ) 
     rows.append( [] )
     for key in api_result:
         rows.append( [key, str(api_result[key]) ] )
                       
     result_table = table( rows )
     result_table.draw( 80 )                    
     return rows
Beispiel #6
0
    def run_read(self, parameters):

        api_res = self.api_read()
        if not api_res:
            return 'No vulnerability was found.'
        
        rows = [['Vuln Type', 'Remote Location', 'Vuln Param', 'Lineno'], []]
        for vulnty, files in api_res.iteritems():
            for f in files:
                rows.append([vulnty, f['loc'], f['vulnsrc'], str(f['lineno'])])
        
        restable = table(rows)
        restable.draw(100)
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result['kernel_version']:
         return 'Failed to identify kernel version.'
     else:
         rows = []
         rows.append( ['Kernel version',] ) 
         rows.append( [] )
         rows.append( [api_result['kernel_version'], ] )
                           
         result_table = table( rows )
         result_table.draw( 80 )                    
         return
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result:
         return 'No hashes were found.'
     else:
         rows = []
         rows.append( ['User','Hash'] )
         rows.append( [] )
         for user, uhash in api_result.items():
             rows.append( [user, uhash] )
                 
         result_table = table( rows )
         result_table.draw( 80 )
         return 
Beispiel #9
0
    def run_read(self, parameters):
        api_result = self.api_read(parameters)

        if not api_result["apache_run_user"]:
            return "Apache run user not found."
        else:
            rows = []
            rows.append(["Apache run user"])
            rows.append([])
            for key_name in api_result:
                for user in api_result[key_name]:
                    rows.append([user])
            result_table = table(rows)
            result_table.draw(80)
            return rows
Beispiel #10
0
    def run_read(self, parameters):
        api_result = self.api_read( parameters )

        rows = []
        rows.append( ['Running inside Virtual Machine',] ) 
        rows.append( [] )
        
        if api_result['running_vm']:
            rows.append(['The remote host is a virtual machine.',])
        else:
            rows.append(['The remote host is NOT a virtual machine.',])
            
        result_table = table( rows )
        result_table.draw( 80 )                    
        return rows
Beispiel #11
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result['version']:
         return 'Apache version not found.'
     else:
         rows = []
         rows.append( ['Version',] ) 
         rows.append( [] )
         for key_name in api_result:
             for version in api_result[key_name]:
                 rows.append( [version,] )
         result_table = table( rows )
         result_table.draw( 80 )                    
         return rows
Beispiel #12
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result:
         return 'No CPU information found.'
     else:
         rows = []
         rows.append( ['Description','Value'] )
         rows.append( [] )
         for name in api_result:
             rows.append( [name, api_result[name] ] )
                 
         result_table = table( rows )
         result_table.draw( 80 )
         return
Beispiel #13
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result['apache_run_group']:
         return 'Apache run group not found.'
     else:
         rows = []
         rows.append( ['Apache run group'] ) 
         rows.append( [] )
         for key_name in api_result:
             for group in api_result[key_name]:
                 rows.append( [group,] )
         result_table = table( rows )
         result_table.draw( 80 )                    
         return rows
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result['apache_root_directory']:
         return 'Apache root directory not found.'
     else:
         rows = []
         rows.append( ['Apache root directories'] ) 
         rows.append( [] )
         for key_name in api_result:
             for directory in api_result[key_name]:
                 rows.append( [directory,] )
         result_table = table( rows )
         result_table.draw( 80 )                    
         return
Beispiel #15
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result['hostname']:
         return 'Host name could not be identified.'
     else:
         rows = []
         rows.append( ['Hostname',] )
         rows.append( [] )
         for hostname in api_result['hostname']:
             rows.append( [hostname,] )
                 
         result_table = table( rows )
         result_table.draw( 80 )
         return rows
Beispiel #16
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result['apache_config']:
         return 'Apache configuration files not found.'
     else:
         rows = []
         rows.append( ['Apache configuration files'] ) 
         rows.append( [] )
         for key_name in api_result:
             for filename, file_content in api_result[key_name].items():
                 rows.append( [filename,] )
         result_table = table( rows )
         result_table.draw( 80 )                    
         return rows
Beispiel #17
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result:
         return 'Domain name not found.'
     else:
         rows = []
         rows.append( ['Domain name',] )
         rows.append( [] )
         for domain in api_result.values():
             rows.append( [domain,] )
                 
         result_table = table( rows )
         result_table.draw( 80 )
         return
Beispiel #18
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result:
         return 'No email files could be read.'
     else:
         rows = []
         rows.append( ['Email files'] ) 
         rows.append( [] )
         for filename in api_result:
             rows.append( [filename,] )
             
         result_table = table( rows )
         result_table.draw( 80 )                    
         return rows
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result:
         return 'No user configuration files found.'
     else:
         rows = []
         rows.append( ['User configuration files',] )
         rows.append( [] )
         for filename in api_result:
             rows.append( [filename,] )
                 
         result_table = table( rows )
         result_table.draw( 80 )
         return
Beispiel #20
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result['ssh_version']:
         return 'SSH version could not be identified.'
     else:
         rows = []
         rows.append( ['SSH version'] ) 
         rows.append( [] )
         
         rows.append( [api_result['ssh_version'],] )
             
         result_table = table( rows )
         result_table.draw( 80 )                    
         return rows
Beispiel #21
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     rows = []
     rows.append( ['Description', 'Hours', 'Minutes', 'Seconds'] )
     rows.append( [] )
     for key in api_result:
         hours = api_result[key]['hours']
         minutes = api_result[key]['minutes']
         seconds = api_result[key]['seconds']
         rows.append( [key, hours, minutes, seconds] )
             
     result_table = table( rows )
     result_table.draw( 80 )
     return rows
Beispiel #22
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result:
         return 'ARP cache not found.'
     else:
         rows = []
         rows.append( ['IP address', 'HW address', 'Device'] ) 
         rows.append( [] )
         for ip_address in api_result:
             hw_addr, device = api_result[ip_address]
             rows.append( [ip_address, hw_addr, device] )
         result_table = table( rows )
         result_table.draw( 80 )                    
         return
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result:
         return 'No MySQL configuration directories were found.'
     else:
         rows = []
         rows.append( ['MySQL configuration directory'] ) 
         rows.append( [] )
         for directory in api_result['directory']:
             rows.append( [directory,] )
             
         result_table = table( rows )
         result_table.draw( 80 )                    
         return
    def run_read(self, parameters):
        api_result = self.api_read( parameters )

        if not api_result['file'] and not api_result['version']:
            return 'Apache mod_security configuration files not found.'
        else:
            rows = []
            rows.append( ['Description','Value'] ) 
            rows.append( [] )
            for key_name in api_result:
                for k, v in api_result[key_name].items():
                    rows.append( [key_name, k] )
            result_table = table( rows )
            result_table.draw( 90 )               
            return
Beispiel #25
0
    def run_read(self, parameters):
        api_result = self.api_read(parameters)

        if not api_result:
            return "No firefox files were identified."
        else:
            rows = []
            rows.append(["Firefox file", "Read access"])
            rows.append([])
            for filename in api_result:
                rows.append([filename, "Yes"])

            result_table = table(rows)
            result_table.draw(80)
            return
Beispiel #26
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result:
         return 'No log files not found.'
     else:
         rows = []
         rows.append( ['Log files'] ) 
         rows.append( [] )
         for filename in api_result:
             rows.append( [filename,] )
             
         result_table = table( rows )
         result_table.draw( 80 )                    
         return
Beispiel #27
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result:
         return 'No firefox files were identified.'
     else:
         rows = []
         rows.append( ['Firefox file','Read access'] )
         rows.append( [] )
         for filename in api_result:
             rows.append( [filename, 'Yes' ] )
                 
         result_table = table( rows )
         result_table.draw( 80 )
         return rows
Beispiel #28
0
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
     
     if not api_result['apache_ssl_certificate'] and not api_result['apache_ssl_key']:
         return 'Apache SSL key and Certificate not found.'
     else:
         rows = []
         rows.append( ['Description', 'Value'] ) 
         rows.append( [] )
         for key_name in api_result:
             for desc, value in api_result[key_name].iteritems():
                 rows.append( [desc, value] )
         result_table = table( rows )
         result_table.draw( 80 )                    
         return
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result['current']:
         return 'Current user not found.'
     else:
         rows = []
         rows.append( ['Current user'] )
         rows.append( [] )
         for key_name in api_result:
             for user in api_result[key_name]: 
                 rows.append( [ user, ] )
                 
         result_table = table( rows )
         result_table.draw( 80 )
         return
 def run_read(self, parameters):
     api_result = self.api_read( parameters )
             
     if not api_result['apache_directory']:
         return 'Apache configuration directory not found.'
     else:
         rows = []
         rows.append( ['Apache directories',] )
         rows.append( [] )
         for key_name in api_result:
             for path in api_result[key_name]:
                 rows.append( [path,] )
                 
         result_table = table( rows )
         result_table.draw( 80 )
         return