Ejemplos de connectiondb en Python

Ejemplo n.º 1

Archivo: poc_scanner.py Proyecto: shuanx/Penetration-Tools

def verify_poc(scan_data):
    plugin_name = scan_data['plugin_name']
    plugin_filename = scan_data['plugin_filename']
    target = scan_data['target']
    info = {
        "pocname": plugin_name,
        "pocstring": open(plugin_filename, 'r').read(),
        "mode": 'verify'
    }
    try:
        invoker = Cannon(target, info)
        result = invoker.run()
        target_hash = md5hash(scan_data['target'])
        if result[-3][0] == 1:
            scan_result = {
                "plugin_filename": scan_data['plugin_filename'],
                "plugin_name": scan_data['plugin_name'],
                "plugin_id": scan_data['plugin_id'],
                "plugin_type": scan_data['plugin_type'],
                "plugin_app": scan_data['plugin_app'],
                "plugin_version": scan_data['plugin_version'],
                "target": scan_data['target'],
                "task_id": scan_data['task_id'],
                "task_name": scan_data['task_name'],
                "scan_result": result[-1],
                "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),
                "hash": target_hash,
                "tag": ""
            }
            connectiondb(vul_db).insert(scan_result)
            #insert_server_vul("poc","plugin_filename",time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),result[-1],hash)
    except Exception as e:
        raise e

Ejemplo n.º 2

 def multi_brute(self):
     data_save = []
     result = []
     self.resolver_ip = self.resolver_check()
     pool = Pool(processes=self.thread)
     for sub_domain in self.domain_handle():
         result.append(pool.apply_async(resolution, (sub_domain, )))
     pool.close()
     pool.join()
     for res in result:
         self.result = res.get()
         for subdomain in self.result:
             if self.result[subdomain] != self.resolver_ip:
                 data = {
                     "subdomain": subdomain,
                     "domain": self.domain,
                     "domain_id": self.domain_id,
                     "date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
                     "result": self.result[subdomain],
                     "title": '',
                 }
                 data_save.append(data)
     try:
         if data_save:
             connectiondb(subdomain_db).insert_many(data_save, ordered=True)
     except Exception as e:
         print("[!] %s Saved result error: %s" %
               (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), e))
     print("[*] %s %s Brute Done" %
           (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.domain))

Ejemplo n.º 3

 def __init__(self, asset_id):
     self.asset_id = asset_id
     self.result_tmp = []
     self.result = []
     self.port_list = connectiondb(config_db).find_one({"config_name": config_name})['port_list']
     self.processes = connectiondb(config_db).find_one({"config_name": config_name})['discovery_thread']
     self.asset_name = connectiondb(asset_db).find_one({"_id": self.asset_id})['asset_name']
     self.host_list = parse_target(connectiondb(asset_db).find_one({"_id": self.asset_id})['asset_host'])

Ejemplo n.º 4

Archivo: poc_scanner.py Proyecto: shuanx/Penetration-Tools

 def __init__(self, task_id):
     self.task_id = task_id
     self.tasks_db_cursor = connectiondb(tasks_db).find_one(
         {"_id": self.task_id})
     self.target_list = parse_target(self.tasks_db_cursor['scan_target'])
     self.plugin_id_list = self.tasks_db_cursor['plugin_id']
     self.result_tmp = []
     self.result = []
     self.processes = connectiondb(config_db).find_one(
         {"config_name": config_name})['poc_thread']

Ejemplo n.º 5

 def port_result(self):
     self.result.append(self.scan().command_line())
     for i in self.scan().csv().split('\r\n'):
         self.result.append(i)
     self.result.pop(1)
     connectiondb(port_db).update_one(
         {"_id": self.scan_id},
         {'$set': {
             'status': 'Done',
             'detail': self.result
         }})
     return self.result

Ejemplo n.º 6

 def save_result(self):
     if connectiondb(server_db).find_one({"asset_id": self.asset_id}):
         connectiondb(server_db).update({"asset_id": self.asset_id}, {"$set": {"tag": "delete"}}, multi=True)
     for res in self.result:
         res['asset_name'] = self.asset_name
         res['asset_id'] = self.asset_id
         res['tag'] = ""
         res['date'] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
         try:
             connectiondb(server_db).insert_one(res)
         except Exception as e:
             print("[!] Save discovery result error %s" % e)

Ejemplo n.º 7

def local_install():
    print("[*]Processing...")
    connectiondb(plugin_db).drop()
    path = os.getcwd() + '/pocsuite_plugin/'
    files = os.listdir(path)
    for file_name in files:
        plugin_info = parse_plugin(path + file_name.strip())
        if plugin_info is None:
            pass
        else:
            db_insert = connectiondb(plugin_db).insert_one(
                plugin_info).inserted_id
    print("[*]Processing Completed!")

Ejemplo n.º 8

Archivo: auth_scanner.py Proyecto: shuanx/Penetration-Tools

 def save_result(self, target, service, username, password):
     data = {
         "target": target,
         "service": service,
         "username": username,
         "password": password,
         "date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
         "task_id": self.task_id,
         "task_name": self.task_name,
         "tag": ""
     }
     self.week_count += 1
     connectiondb(weekpasswd_db).insert_one(data)

Ejemplo n.º 9

Archivo: auth_scanner.py Proyecto: shuanx/Penetration-Tools

 def _get_task(self):
     for task_info in connectiondb(auth_db).find():
         self.recursion = task_info['recursion']
         self.status = task_info['status']
         self.scan_date = task_info['date']
         self.task_id = task_info['_id']
         start_date = datetime.strptime(self.scan_date, "%Y-%m-%d %H:%M:%S")
         plan_time = (datetime.now() - start_date).total_seconds()
         if self.recursion == 0:
             pass
         # every day
         elif self.recursion == 1 and "Completed" in self.status:
             if plan_time > 60 * 60 * 24 * 1:
                 if self.start_loop_scan():
                     print(
                         "[*] Every Day Task Start...",
                         time.strftime("%Y-%m-%d %H:%M:%S",
                                       time.localtime()))
         # every week
         elif self.recursion == 7 and "Completed" in self.status:
             if plan_time > 60 * 60 * 24 * 7:
                 if self.start_loop_scan():
                     print(
                         "[*] Every Week Task Start...",
                         time.strftime("%Y-%m-%d %H:%M:%S",
                                       time.localtime()))
         # every month
         elif self.recursion == 30 and "Completed" in self.status:
             if plan_time > 60 * 60 * 24 * 30:
                 if self.start_loop_scan():
                     print(
                         "[*] Every Month Task Start...",
                         time.strftime("%Y-%m-%d %H:%M:%S",
                                       time.localtime()))

Ejemplo n.º 10

Archivo: auth_scanner.py Proyecto: shuanx/Penetration-Tools

 def __init__(self, task_id):
     self.task_id = task_id
     self.db_cursor = connectiondb(auth_db).find_one({"_id": self.task_id})
     self.processes = connectiondb(config_db).find_one(
         {"config_name": config_name})['auth_tester_thread']
     self.task_name = self.db_cursor['task_name']
     self.username_list = self.db_cursor['username']
     self.password_list = self.db_cursor['password']
     self.target_list = parse_target(self.db_cursor['target'])
     self.check_result = {}
     self.online_target = []
     self.service_list = self.db_cursor['service']
     self.args = self.db_cursor['args']
     self.result_pool = []
     self.result = []
     self.week_count = 0

Ejemplo n.º 11

def get_domain_title(domain_id):
    pool = Pool(processes=50)
    result = []
    for i in connectiondb(subdomain_db).find({"domain_id": domain_id}):
        result.append(pool.apply_async(get_title, (i['subdomain'], i['_id'])))
    pool.close()
    pool.join()
    for res in result:
        lock.acquire()
        try:
            connectiondb(subdomain_db).update_one(
                {"_id": res.get()["_id"]},
                {"$set": {
                    "title": res.get()['title']
                }})
        except Exception as e:
            print("update title error", e)
        lock.release()

Ejemplo n.º 12

Archivo: auth_scanner.py Proyecto: shuanx/Penetration-Tools

 def start_loop_scan(self):
     connectiondb(weekpasswd_db).update({"task_id": self.task_id},
                                        {"$set": {
                                            "tag": "delete"
                                        }},
                                        multi=True)
     connectiondb(auth_db).update_one({"_id": self.task_id}, {
         "$set": {
             "status": "Queued",
             "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),
             "week_count": 0,
         }
     })
     scanner = AuthCrack(self.task_id)
     if scanner:
         t1 = Thread(target=scanner.start_scan, args=())
         t1.start()
         return True

Ejemplo n.º 13

 def __init__(self, domain, domain_id):
     print("[*] %s %s Brute Start" %
           (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), domain))
     self.domain = domain
     self.domain_id = domain_id
     self.sub_domain = []
     self.third_domain = connectiondb(domain_db).find_one(
         {"_id": domain_id})['third_domain']
     self.resolver_ip = ''
     self.result = ''
     self.thread = int(
         connectiondb(config_db).find_one({"config_name": config_name
                                           })['subdomain_thread'])
     self.subdomain_dict_2 = connectiondb(config_db).find_one(
         {"config_name": config_name})['subdomain_dict_2']
     self.subdomain_dict_3 = connectiondb(config_db).find_one(
         {"config_name": config_name})['subdomain_dict_3']
     self.random_subdomain = ''.join(sample(digits + ascii_lowercase,
                                            10)) + '.' + domain

Ejemplo n.º 14

def start_domain_brute(domain_list, domain_id):
    time_start = datetime.now()
    print("[*] %s Domain Brute start %s" %
          (time_start.strftime("%Y-%m-%d %H:%M:%S"), domain_id))
    connectiondb(domain_db).update_one({"_id": domain_id},
                                       {"$set": {
                                           "status": "Running"
                                       }})
    for domain in domain_list:
        start_brute = DomainBrute(domain, domain_id)
        start_brute.multi_brute()
    connectiondb(domain_db).update_one({"_id": domain_id},
                                       {"$set": {
                                           "status": "Done"
                                       }})
    time_end = datetime.now()
    print("[*] %s Domain Brute Done %s" %
          (time_end.strftime("%Y-%m-%d %H:%M:%S"), domain_id))
    print("[*] %s Used Time: %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"),
                                    (time_end - time_start).seconds))
    get_domain_title(domain_id)

Ejemplo n.º 15

Archivo: poc_scanner.py Proyecto: shuanx/Penetration-Tools

    def _get_task(self):
        # while thread_lock:
        for task_info in connectiondb(tasks_db).find():
            self.recursion = int(task_info['task_recursion'])
            self.task_id = task_info['_id']
            self.status = task_info['task_status']
            self.end_date = task_info['end_date']
            if self.recursion == 0:
                pass
            # every day task
            if self.recursion == 1:
                # print self.task_id
                # scanner = PocsuiteScanner(self.task_id)
                # scanner.set_scanner()
                # print "1111"
                if "Processing" in self.status:
                    pass
                else:
                    start_date = datetime.datetime.strptime(
                        self.end_date, "%Y-%m-%d %H:%M:%S")
                    plan_time = (datetime.datetime.now() -
                                 start_date).total_seconds()
                    if plan_time > 60 * 60 * 24:
                        print("Every day recursion start......")
                        scanner = PocsuiteScanner(self.task_id)
                        scanner.set_scanner()

            # every week task
            elif self.recursion == 7:
                if "Processing" in self.status:
                    pass
                else:
                    start_date = datetime.datetime.strptime(
                        self.end_date, "%Y-%m-%d %H:%M:%S")
                    plan_time = (datetime.datetime.now() -
                                 start_date).total_seconds()
                    if plan_time > 60 * 60 * 24 * 7:
                        print("Every week start...")
                        scanner = PocsuiteScanner(self.task_id)
                        scanner.set_scanner()
            # every month task
            elif self.recursion == 30:
                if "Processing" in self.status:
                    pass
                else:
                    start_date = datetime.datetime.strptime(
                        self.end_date, "%Y-%m-%d %H:%M:%S")
                    plan_time = (datetime.datetime.now() -
                                 start_date).total_seconds()
                    if plan_time > 60 * 60 * 24 * 30:
                        print("Every month start...")
                        scanner = PocsuiteScanner(self.task_id)
                        scanner.set_scanner()

Ejemplo n.º 16

 def _get_task(self):
     print("Discovery scheduler success")
     for asset_info in connectiondb(asset_db).find():
         self.discover_option = asset_info['discover_option']
         if self.discover_option == "Enable":
             self.asset_id = asset_info['_id']
             try:
                 AssetDiscovery(self.asset_id).set_discovery()
             except Exception as e:
                 print(e)
                 return e
     print("Discovery scheduler done")

Ejemplo n.º 17

Archivo: poc_scanner.py Proyecto: shuanx/Penetration-Tools

    def set_scanner(self):
        connectiondb(tasks_db).update_one(
            {'_id': ObjectId(self.task_id)},
            {'$set': {
                'task_status': 'Processing'
            }})
        if connectiondb(vul_db).find_one({"task_id": self.task_id}):
            connectiondb(vul_db).update({'task_id': self.task_id},
                                        {"$set": {
                                            "tag": "delete"
                                        }},
                                        multi=True)
        pool_scanner = Pool(processes=self.processes)

        for target in self.target_list:
            for plugin_id in self.plugin_id_list:
                plugin_cursor = connectiondb(plugin_db).find_one(
                    {"_id": ObjectId(plugin_id)})
                scan_data = {
                    "plugin_filename":
                    plugin_cursor['plugin_filename'].encode("UTF-8"),
                    "plugin_name":
                    plugin_cursor['plugin_name'].encode("UTF-8"),
                    "plugin_id":
                    plugin_cursor['_id'],
                    "plugin_type":
                    plugin_cursor['plugin_type'],
                    "plugin_app":
                    plugin_cursor['plugin_app'],
                    "plugin_version":
                    plugin_cursor['plugin_version'],
                    "target":
                    target,
                    "task_id":
                    self.task_id,
                    "task_name":
                    self.tasks_db_cursor['task_name'],
                }
                pool_scanner.apply_async(verify_poc, (scan_data, ))
        pool_scanner.close()
        pool_scanner.join()

        connectiondb(tasks_db).update_one({'_id': ObjectId(self.task_id)}, {
            '$set': {
                'task_status': 'Completed',
                'end_date': time.strftime("%Y-%m-%d %H:%M:%S",
                                          time.localtime())
            }
        })

Ejemplo n.º 18

Archivo: poc_scanner.py Proyecto: shuanx/Penetration-Tools

def insert_server_vul(vul_type, vul_name, vul_time, vul_result, hash):
    try:
        server_info = connectiondb(server_db).find_one({"hash": hash})
        print server_info
        if server_info:
            vulinfo = {
                "vul_type": vul_type,
                "vul_name": vul_name,
                "vul_time": vul_time,
                "vul_result": vul_result
            }
            vulinfo_tmp = []
            if server_info.has_key('vulinfo'):
                vulinfo_tmp = server_info['vulinfo']
                vulinfo_tmp.append(vulinfo)
            else:
                vulinfo_tmp.append(vulinfo)
            connectiondb(server_db).update({'hash': hash},
                                           {'$set': {
                                               "vulinfo": vulinfo_tmp
                                           }}, False, False)
    except Exception as e:
        print "Insert_server_info Error:", e

Ejemplo n.º 19

def vul_view():
    # scanner view
    if request.method == "GET":
        vul_task = connectiondb(vul_db).find()
        return render_template('vul-scanner.html', vul_task=vul_task)
    else:
        if request.form.get('source') == "new_scan":
            target_id = []
            task_name = request.form.get('task_name')
            target_list = request.form.get('target_addr').split("\n")
            scan_type = request.form.get('scan_type')
            description_val = request.form.get('description_val')
            for target in parse_target(target_list):
                target_id.append(AcunetixScanner().start_task(
                    target, description_val, scan_type)['target_id'])
            task_data = {
                "task_name": task_name,
                "target_list": target_list,
                "scan_type": scan_type,
                "description": description_val,
                "status": "",
                "target_id": target_id,
                "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),
            }
            connectiondb(vul_db).insert(task_data)
            # print(new_scan)
            return "success"
        elif request.form.get('source') == "delete_task":
            task_id = request.form.get('delete')
            target_id = connectiondb(vul_db).find_one(
                {"_id": ObjectId(task_id)})['target_id']
            if connectiondb(vul_db).remove({"_id": ObjectId(task_id)}):
                for t_id in target_id:
                    AcunetixScanner().delete_target(t_id)
                return "success"
            else:
                return "warning"
        elif request.form.get('source') == "download_report":
            task_id = request.form.get('task_id')
            target_id = connectiondb(vul_db).find_one(
                {"_id": ObjectId(task_id)})['target_id']
            task_name = connectiondb(vul_db).find_one(
                {"_id": ObjectId(task_id)})['task_name']
            report_url = AcunetixScanner().reports(target_id, 'targets',
                                                   task_name)
            if report_url:
                return jsonify({
                    "html_url": report_url[0],
                    "pdf_url": report_url[1]
                })
            else:
                return "warning"

Ejemplo n.º 20

Archivo: auth_scanner.py Proyecto: shuanx/Penetration-Tools

 def start_scan(self):
     connectiondb(auth_db).update_one({"_id": self.task_id},
                                      {"$set": {
                                          "status": "Processing"
                                      }})
     # start host check
     tmp_result = []
     check_time = datetime.now()
     print("[*] %s %s Service Check..." %
           (check_time.strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
     for service in self.service_list:
         # Filter online host
         pool_a = Pool(processes=self.processes)
         for target in self.target_list:
             tmp_result.append(
                 pool_a.apply_async(service_check,
                                    (target, service, self.args)))
         pool_a.close()
         pool_a.join()
         for res_a in tmp_result:
             if res_a.get():
                 target = res_a.get()['target']
                 check_res = res_a.get()['result']
                 if check_res:
                     username = check_res['username']
                     password = check_res['password']
                     if not username:
                         username = "******"
                     if not password:
                         password = "******"
                     self.save_result(target, service, username, password)
                 else:
                     self.online_target.append(target)
         self.check_result[service] = self.online_target
         self.online_target = []
         tmp_result = []
     check_end_time = datetime.now()
     print("[*] %s %s Service Check Done..." %
           (check_end_time.strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
     print("[*] %s Service check used time: %ss" %
           (self.task_name, (check_end_time - check_time).seconds))
     # start crack
     print("[*] %s %s Crack Start..." %
           (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
     pool_b = Pool(processes=self.processes)
     for service, target_list in self.check_result.items():
         # print(service, target_list)
         self.result.append(
             pool_b.apply_async(hydra_scanner,
                                (target_list, service, self.username_list,
                                 self.password_list, self.args)))
     pool_b.close()
     pool_b.join()
     print("[*] %s %s Crack Done..." %
           (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
     for res_b in self.result:
         if res_b.get():
             for i in res_b.get():
                 target = i['target']
                 service = i['service']
                 username = i['username']
                 password = i['password']
                 self.save_result(target, service, username, password)
     print("[*] %s Crack used time: %ss" %
           (self.task_name, (datetime.now() - check_time).seconds))
     print("[*] %s %s Saving result..." %
           (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
     connectiondb(auth_db).update_one(
         {"_id": self.task_id},
         {"$set": {
             "status": "Completed",
             "week_count": self.week_count,
         }})
     print("[*] %s %s Save result done..." %
           (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))

Ejemplo n.º 21

 def __init__(self):
     self.sche_time = connectiondb(config_db).find_one({"config_name": config_name})['discovery_time'].split(":")
     self.asset_id = ''
     self.discover_option = ''