def __parse_conf_file(self):
parser = DefaultConfigParser()
# Utf-8 to avoid encoding issues
parser.read(EXPLOITS_CONF, 'utf8')
for section in parser.sections():
# Vulnerable product name
product = parser.safe_get(section, 'product', '', None)
if not product:
raise SettingsException('No vulnerable product name specified for ' \
'[{}]'.format(section))
# Vulnerability description
description = parser.safe_get(section, 'description', '', None)
if not description:
raise SettingsException('Missing vulnerability description for ' \
'[{}]'.format(section))
# Vulnerability type
type_ = parser.safe_get(section, 'type', '', None)
if type_ not in SUPPORTED_TYPES:
raise SettingsException(
'Unsupported vulnerability type for [{}]'.format(section))
# Detection command
detection_rawcmd = parser.safe_get(section, 'detection_cmd', '',
None)
# Detection command output success
detection_success = parser.safe_get(section, 'detection_success',
'', None)
if detection_rawcmd and len(
detection_rawcmd) > 0 and not detection_success:
raise SettingsException('Missing "detection_success" for [{}] since ' \
'"detection_cmd" is defined'.format(section))
# Exploit command
exploit_rawcmd = parser.safe_get(section, 'exploit_cmd', '', None)
# Exploit RCE output
exploit_rce_output = parser.safe_get_boolean(
section, 'exploit_rce_output', True)
# Exploit command output success (for auto test when exploit_rce_output == True)
exploit_success = parser.safe_get(section, 'exploit_success', '',
None)
if exploit_rawcmd and \
len(exploit_rawcmd) > 0 and \
exploit_rce_output and \
not exploit_success:
raise SettingsException(
'Missing "exploit_success" for [{}] since '
'"exploit_cmd" is defined and "exploit_rce_output=true"'.
format(section))
exploit = Exploit(section, product, description, type_,
detection_rawcmd, detection_success,
exploit_rawcmd, exploit_rce_output,
exploit_success)
self.exploits.append(exploit)
def __parse_conf_file(self):
parser = DefaultConfigParser()
# Utf-8 to avoid encoding issues
parser.read(EXPLOITS_CONF, 'utf8')
for section in parser.sections():
type_ = parser.safe_get(section, 'type', '', None)
if type_ not in SUPPORTED_TYPES:
raise SettingsException('Unsupported exploit type for [{}]'.format(type_))
rawcmd = parser.safe_get(section, 'command', '', None)
if not rawcmd:
raise SettingsException('No command specified for [{}]'.format(rawcmd))
description = parser.safe_get(section, 'description', '', None)
success = parser.safe_get(section, 'success', '', None)
exploit = Exploit(section, description, type_, rawcmd, success)
self.exploits.append(exploit)
