def parse_refs(data): try: fetch_heads = re.findall(r'([a-z0-9]{40})\trefs/heads/(.+?)\n', data, re.M) FETCH_HEAD = "" for index in fetch_heads: writeFile( os.path.join(paths.GITHACK_DIST_TARGET_GIT_PATH, "refs/remotes/origin/%s" % str(index[1])), "%s\n" % (index[0])) FETCH_HEAD += "%s\tnot-for-merge\t'%s' of %s\n" % ( index[0], index[1], target.TARGET_GIT_URL[:-5]) config = """[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true ignorecase = true precomposeunicode = true [remote "origin"] url = %s fetch = +refs/heads/*:refs/remotes/origin/* """ % (target.TARGET_GIT_URL[:-1]) writeFile(os.path.join(paths.GITHACK_DIST_TARGET_GIT_PATH, "config"), config) except: logger.warning("Parse refs Fail")
def method_a(): logger.info("Try to Clone straightly") git_dir = os.path.join(paths.GITHACK_DIST_TARGET_PATH, ".git") if os.path.exists(git_dir): logger.warning("[Skip][First Try] %s already exists." % (git_dir)) return valid_git_repo() return clone()
def DNSzoneTransfer(): path = os.path.join(paths.OUTPUT_PATH, "DNS-zoneTransfer.txt") logger.info("Target domain: " + conf.TARGET) if zonetransfer_poc(conf.TARGET, path): logger.warning("Vulnerable!") logger.info("Save results to %s" % path) else: logger.info("Not vulnerable.")
def DNSzoneTransfer(): path = os.path.join(paths.OUTPUT_PATH, 'DNS-zoneTransfer.txt') logger.info('Target domain: ' + conf.TARGET) if zonetransfer_poc(conf.TARGET, path): logger.warning('Vulnerable!') logger.info('Save results to %s' % path) else: logger.info('Not vulnerable.')
def method_c(): logger.info("Try to clone with Cache") git_dir = os.path.join(paths.GITHACK_DIST_TARGET_PATH, ".git") if not os.path.exists(git_dir): init() clone_from_cache() if not valid_git_repo(): logger.warning("Clone With Cache end. But missed some files.") return True
def request_data(url): for i in range(3): data = None try: request = urllib2.Request(url, None, {'User-Agent': randomAgent()}) data = urllib2.urlopen(request).read() if data: return data except Exception, e: if DEBUG: logger.warning("Request Exception: %s" % str(e))
def clone(): logger.info("Clone") cmd = "git clone %s %s" % (target.TARGET_GIT_URL, paths.GITHACK_DIST_TARGET_PATH) # process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) # stdout, stderr = process.communicate() # process.wait() ret = os.system(cmd) if ret: mkdir_p(paths.GITHACK_DIST_TARGET_PATH) logger.warning("Clone Error") return False return True
def parse_commit(data, commithash): obj = None try: de_data = zlib.decompress(data) m = re.search( 'commit \d+?\x00tree ([a-z0-9]{40})\n', de_data, re.M | re.S | re.I) if m: obj = m.group(1) parents = re.findall('parent ([a-z0-9]{40})\n', de_data, re.M | re.S | re.I) except: parents = [] if DEBUG: logger.warning("Decompress Commit(%s) Fail" % commithash) return (obj, parents)
def method_b(): logger.info("Try to Clone with Directory Listing") if isdirlist(): try: git_dir = os.path.join(paths.GITHACK_DIST_TARGET_PATH, ".git") if not os.path.exists(git_dir): init() clone_from_list("/") refresh_files() if not valid_git_repo(): logger.warning( "Clone With Directory Listing end. But missed some files.") return True except: return False logger.warning("[Skip][First Try] Target is not support Directory Listing") return False
def execute(self, request: Request, response: Response): self.target = '' self.requests = request self.response = response output = None try: output = self.audit() except NotImplementedError: logger.error('Plugin: {0} not defined "{1} mode'.format( self.name, 'audit')) except ConnectTimeout: retry = RETRY while retry > 0: logger.debug('Plugin: {0} timeout, start it over.'.format( self.name)) try: output = self.audit() break except ConnectTimeout: logger.debug('POC: {0} time-out retry failed!'.format( self.name)) retry -= 1 else: msg = "connect target '{0}' failed!".format(self.target) logger.error(msg) except HTTPError as e: logger.warning( 'Plugin: {0} HTTPError occurs, start it over.'.format( self.name)) except ConnectionError as e: msg = "connect target '{0}' failed!".format(self.target) logger.error(msg) except TooManyRedirects as e: logger.error(str(e)) except Exception as e: logger.error(str(e)) return output
def cache_objects(): for entry in parse_index(os.path.join(paths.GITHACK_DIST_TARGET_GIT_PATH, "index")): if 'sha1' in entry.keys(): try: data = get_objects(entry["sha1"]) if data: data = zlib.decompress(data) data = re.sub('blob \d+\00', '', data) target_dir = os.path.join(paths.GITHACK_DIST_TARGET_PATH, os.path.dirname(entry["name"])) if target_dir and not os.path.exists(target_dir): os.makedirs(target_dir) with open(os.path.join(paths.GITHACK_DIST_TARGET_PATH, entry["name"]), 'wb') as f: f.write(data) # logger.error(data[:4]) # if data[:4] == 'tree': # objs = parse_tree(data[11:]) # for obj in objs: # cache_commits(obj) except: logger.warning("Clone Objects(%s) Fail" % (entry["sha1"]))
def parse_tree(text, strict=False): count = 0 retVal = [] l = len(text) while count < l: mode_end = text.index(b' ', count) mode_text = text[count:mode_end] if strict and mode_text.startswith(b'0'): logger.warning("Invalid mode '%s'" % mode_text) break try: mode = int(mode_text, 8) except ValueError: logger.warning("Invalid mode '%s'" % mode_text) break name_end = text.index(b'\0', mode_end) name = text[mode_end + 1:name_end] count = name_end + 21 sha = text[name_end + 1:count] if len(sha) != 20: logger.warning("Sha has invalid length") break hexsha = sha_to_hex(sha) # print (name, mode, hexsha) retVal.append(hexsha) return retVal
def loadPlugin(url, poc=None): """load all plugins. """ if "://" not in url: url = "http://" + url url = url.strip("/") logger.info("Target url: %s" % url) plugin_path = os.path.join(os.path.dirname(os.path.dirname(os.path.realpath(__file__))),"plugins") if not os.path.isdir(plugin_path): logger.warning("%s is not a directory! " % plugin_path) raise EnvironmentError logger.info("Plugin path: %s " % plugin_path) items = os.listdir(plugin_path) if poc: logger.info('Loading plugins with "%s" key words.' % poc) else: poc="" for item in items: if item.endswith(".py") and not item.startswith('__'): plugin_name = item[:-3] if poc in plugin_name: logger.info("Loading plugin: %s" % plugin_name) module = importlib.import_module("plugins." + plugin_name) try: result = module.run(url) if result: logger.success(result) else: logger.error("Not Vulnerable %s " % plugin_name) except: logger.warning("ConnectionError ") else: continue logger.info("Finished")
async def _request(self, method, url, **kwargs): headers = kwargs.get('headers') if headers == None: headers = {} if 'Accept' not in headers.keys(): headers[ "Accept"] = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' if 'Accept-Charset' not in headers.keys(): headers["Accept-Charset"] = 'GB2312,utf-8;q=0.7,*;q=0.7' if 'Accept-Encoding' not in headers.keys(): headers["Accept-Encoding"] = 'gzip, deflate, sdch, br' headers['Referer'] = url if 'User-Agent' not in headers.keys( ) or 'aiohttp' in headers["User-Agent"]: headers["User-Agent"] = random.choice(USER_AGENTS) # random_ip = random_IP() # if 'Client_IP' not in headers.keys(): # headers['Client_IP'] = random_ip # if 'X-Forwarded-For' not in headers.keys(): # headers['X-Forwarded-For'] = random_ip kwargs.setdefault('headers', headers) kwargs.setdefault('verify_ssl', False) if self._limit: await self._limit.wait_available() total = self._max_fail_retries if method.lower() == 'get' else 0 timeout = int(conf['config']['basic']['timeout']) if 'timeout' not in kwargs.keys(): kwargs.setdefault('timeout', timeout) for count in range(total): resp = None try: resp = await super()._request(method, url, **kwargs) return resp except Exception as ex: pass logger.warning( 'request to {url} failed, retrying ({count} / {total})...'. format(url=url, count=count, total=total)) if resp: resp.close() await asyncio.sleep(self._retry_interval) try: return await super()._request(method, url, **kwargs) except TooManyRedirects: kwargs.setdefault('max_redirects', 3) try: return await self._request(method, url, **kwargs) except: return None except (ClientOSError, ClientResponseError, ClientConnectorError, ServerDisconnectedError): return None except Exception as e: if str(e).strip() != '': # errmsg = traceback.format_exc() # logger.error(errmsg) logger.error("Curl error: %s for %s" % (str(e), url)) return None