def verify_poc(scan_data): plugin_name = scan_data['plugin_name'] plugin_filename = scan_data['plugin_filename'] target = scan_data['target'] info = { "pocname": plugin_name, "pocstring": open(plugin_filename, 'r').read(), "mode": 'verify' } try: invoker = Cannon(target, info) result = invoker.run() target_hash = md5hash(scan_data['target']) if result[-3][0] == 1: scan_result = { "plugin_filename": scan_data['plugin_filename'], "plugin_name": scan_data['plugin_name'], "plugin_id": scan_data['plugin_id'], "plugin_type": scan_data['plugin_type'], "plugin_app": scan_data['plugin_app'], "plugin_version": scan_data['plugin_version'], "target": scan_data['target'], "task_id": scan_data['task_id'], "task_name": scan_data['task_name'], "scan_result": result[-1], "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()), "hash": target_hash, "tag": "" } connectiondb(vul_db).insert(scan_result) #insert_server_vul("poc","plugin_filename",time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),result[-1],hash) except Exception as e: raise e
def multi_brute(self): data_save = [] result = [] self.resolver_ip = self.resolver_check() pool = Pool(processes=self.thread) for sub_domain in self.domain_handle(): result.append(pool.apply_async(resolution, (sub_domain, ))) pool.close() pool.join() for res in result: self.result = res.get() for subdomain in self.result: if self.result[subdomain] != self.resolver_ip: data = { "subdomain": subdomain, "domain": self.domain, "domain_id": self.domain_id, "date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"), "result": self.result[subdomain], "title": '', } data_save.append(data) try: if data_save: connectiondb(subdomain_db).insert_many(data_save, ordered=True) except Exception as e: print("[!] %s Saved result error: %s" % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), e)) print("[*] %s %s Brute Done" % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.domain))
def __init__(self, asset_id): self.asset_id = asset_id self.result_tmp = [] self.result = [] self.port_list = connectiondb(config_db).find_one({"config_name": config_name})['port_list'] self.processes = connectiondb(config_db).find_one({"config_name": config_name})['discovery_thread'] self.asset_name = connectiondb(asset_db).find_one({"_id": self.asset_id})['asset_name'] self.host_list = parse_target(connectiondb(asset_db).find_one({"_id": self.asset_id})['asset_host'])
def __init__(self, task_id): self.task_id = task_id self.tasks_db_cursor = connectiondb(tasks_db).find_one( {"_id": self.task_id}) self.target_list = parse_target(self.tasks_db_cursor['scan_target']) self.plugin_id_list = self.tasks_db_cursor['plugin_id'] self.result_tmp = [] self.result = [] self.processes = connectiondb(config_db).find_one( {"config_name": config_name})['poc_thread']
def port_result(self): self.result.append(self.scan().command_line()) for i in self.scan().csv().split('\r\n'): self.result.append(i) self.result.pop(1) connectiondb(port_db).update_one( {"_id": self.scan_id}, {'$set': { 'status': 'Done', 'detail': self.result }}) return self.result
def save_result(self): if connectiondb(server_db).find_one({"asset_id": self.asset_id}): connectiondb(server_db).update({"asset_id": self.asset_id}, {"$set": {"tag": "delete"}}, multi=True) for res in self.result: res['asset_name'] = self.asset_name res['asset_id'] = self.asset_id res['tag'] = "" res['date'] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) try: connectiondb(server_db).insert_one(res) except Exception as e: print("[!] Save discovery result error %s" % e)
def local_install(): print("[*]Processing...") connectiondb(plugin_db).drop() path = os.getcwd() + '/pocsuite_plugin/' files = os.listdir(path) for file_name in files: plugin_info = parse_plugin(path + file_name.strip()) if plugin_info is None: pass else: db_insert = connectiondb(plugin_db).insert_one( plugin_info).inserted_id print("[*]Processing Completed!")
def save_result(self, target, service, username, password): data = { "target": target, "service": service, "username": username, "password": password, "date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"), "task_id": self.task_id, "task_name": self.task_name, "tag": "" } self.week_count += 1 connectiondb(weekpasswd_db).insert_one(data)
def _get_task(self): for task_info in connectiondb(auth_db).find(): self.recursion = task_info['recursion'] self.status = task_info['status'] self.scan_date = task_info['date'] self.task_id = task_info['_id'] start_date = datetime.strptime(self.scan_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.now() - start_date).total_seconds() if self.recursion == 0: pass # every day elif self.recursion == 1 and "Completed" in self.status: if plan_time > 60 * 60 * 24 * 1: if self.start_loop_scan(): print( "[*] Every Day Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())) # every week elif self.recursion == 7 and "Completed" in self.status: if plan_time > 60 * 60 * 24 * 7: if self.start_loop_scan(): print( "[*] Every Week Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())) # every month elif self.recursion == 30 and "Completed" in self.status: if plan_time > 60 * 60 * 24 * 30: if self.start_loop_scan(): print( "[*] Every Month Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
def __init__(self, task_id): self.task_id = task_id self.db_cursor = connectiondb(auth_db).find_one({"_id": self.task_id}) self.processes = connectiondb(config_db).find_one( {"config_name": config_name})['auth_tester_thread'] self.task_name = self.db_cursor['task_name'] self.username_list = self.db_cursor['username'] self.password_list = self.db_cursor['password'] self.target_list = parse_target(self.db_cursor['target']) self.check_result = {} self.online_target = [] self.service_list = self.db_cursor['service'] self.args = self.db_cursor['args'] self.result_pool = [] self.result = [] self.week_count = 0
def get_domain_title(domain_id): pool = Pool(processes=50) result = [] for i in connectiondb(subdomain_db).find({"domain_id": domain_id}): result.append(pool.apply_async(get_title, (i['subdomain'], i['_id']))) pool.close() pool.join() for res in result: lock.acquire() try: connectiondb(subdomain_db).update_one( {"_id": res.get()["_id"]}, {"$set": { "title": res.get()['title'] }}) except Exception as e: print("update title error", e) lock.release()
def start_loop_scan(self): connectiondb(weekpasswd_db).update({"task_id": self.task_id}, {"$set": { "tag": "delete" }}, multi=True) connectiondb(auth_db).update_one({"_id": self.task_id}, { "$set": { "status": "Queued", "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()), "week_count": 0, } }) scanner = AuthCrack(self.task_id) if scanner: t1 = Thread(target=scanner.start_scan, args=()) t1.start() return True
def __init__(self, domain, domain_id): print("[*] %s %s Brute Start" % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), domain)) self.domain = domain self.domain_id = domain_id self.sub_domain = [] self.third_domain = connectiondb(domain_db).find_one( {"_id": domain_id})['third_domain'] self.resolver_ip = '' self.result = '' self.thread = int( connectiondb(config_db).find_one({"config_name": config_name })['subdomain_thread']) self.subdomain_dict_2 = connectiondb(config_db).find_one( {"config_name": config_name})['subdomain_dict_2'] self.subdomain_dict_3 = connectiondb(config_db).find_one( {"config_name": config_name})['subdomain_dict_3'] self.random_subdomain = ''.join(sample(digits + ascii_lowercase, 10)) + '.' + domain
def start_domain_brute(domain_list, domain_id): time_start = datetime.now() print("[*] %s Domain Brute start %s" % (time_start.strftime("%Y-%m-%d %H:%M:%S"), domain_id)) connectiondb(domain_db).update_one({"_id": domain_id}, {"$set": { "status": "Running" }}) for domain in domain_list: start_brute = DomainBrute(domain, domain_id) start_brute.multi_brute() connectiondb(domain_db).update_one({"_id": domain_id}, {"$set": { "status": "Done" }}) time_end = datetime.now() print("[*] %s Domain Brute Done %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"), domain_id)) print("[*] %s Used Time: %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"), (time_end - time_start).seconds)) get_domain_title(domain_id)
def _get_task(self): # while thread_lock: for task_info in connectiondb(tasks_db).find(): self.recursion = int(task_info['task_recursion']) self.task_id = task_info['_id'] self.status = task_info['task_status'] self.end_date = task_info['end_date'] if self.recursion == 0: pass # every day task if self.recursion == 1: # print self.task_id # scanner = PocsuiteScanner(self.task_id) # scanner.set_scanner() # print "1111" if "Processing" in self.status: pass else: start_date = datetime.datetime.strptime( self.end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24: print("Every day recursion start......") scanner = PocsuiteScanner(self.task_id) scanner.set_scanner() # every week task elif self.recursion == 7: if "Processing" in self.status: pass else: start_date = datetime.datetime.strptime( self.end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24 * 7: print("Every week start...") scanner = PocsuiteScanner(self.task_id) scanner.set_scanner() # every month task elif self.recursion == 30: if "Processing" in self.status: pass else: start_date = datetime.datetime.strptime( self.end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24 * 30: print("Every month start...") scanner = PocsuiteScanner(self.task_id) scanner.set_scanner()
def _get_task(self): print("Discovery scheduler success") for asset_info in connectiondb(asset_db).find(): self.discover_option = asset_info['discover_option'] if self.discover_option == "Enable": self.asset_id = asset_info['_id'] try: AssetDiscovery(self.asset_id).set_discovery() except Exception as e: print(e) return e print("Discovery scheduler done")
def set_scanner(self): connectiondb(tasks_db).update_one( {'_id': ObjectId(self.task_id)}, {'$set': { 'task_status': 'Processing' }}) if connectiondb(vul_db).find_one({"task_id": self.task_id}): connectiondb(vul_db).update({'task_id': self.task_id}, {"$set": { "tag": "delete" }}, multi=True) pool_scanner = Pool(processes=self.processes) for target in self.target_list: for plugin_id in self.plugin_id_list: plugin_cursor = connectiondb(plugin_db).find_one( {"_id": ObjectId(plugin_id)}) scan_data = { "plugin_filename": plugin_cursor['plugin_filename'].encode("UTF-8"), "plugin_name": plugin_cursor['plugin_name'].encode("UTF-8"), "plugin_id": plugin_cursor['_id'], "plugin_type": plugin_cursor['plugin_type'], "plugin_app": plugin_cursor['plugin_app'], "plugin_version": plugin_cursor['plugin_version'], "target": target, "task_id": self.task_id, "task_name": self.tasks_db_cursor['task_name'], } pool_scanner.apply_async(verify_poc, (scan_data, )) pool_scanner.close() pool_scanner.join() connectiondb(tasks_db).update_one({'_id': ObjectId(self.task_id)}, { '$set': { 'task_status': 'Completed', 'end_date': time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) } })
def insert_server_vul(vul_type, vul_name, vul_time, vul_result, hash): try: server_info = connectiondb(server_db).find_one({"hash": hash}) print server_info if server_info: vulinfo = { "vul_type": vul_type, "vul_name": vul_name, "vul_time": vul_time, "vul_result": vul_result } vulinfo_tmp = [] if server_info.has_key('vulinfo'): vulinfo_tmp = server_info['vulinfo'] vulinfo_tmp.append(vulinfo) else: vulinfo_tmp.append(vulinfo) connectiondb(server_db).update({'hash': hash}, {'$set': { "vulinfo": vulinfo_tmp }}, False, False) except Exception as e: print "Insert_server_info Error:", e
def vul_view(): # scanner view if request.method == "GET": vul_task = connectiondb(vul_db).find() return render_template('vul-scanner.html', vul_task=vul_task) else: if request.form.get('source') == "new_scan": target_id = [] task_name = request.form.get('task_name') target_list = request.form.get('target_addr').split("\n") scan_type = request.form.get('scan_type') description_val = request.form.get('description_val') for target in parse_target(target_list): target_id.append(AcunetixScanner().start_task( target, description_val, scan_type)['target_id']) task_data = { "task_name": task_name, "target_list": target_list, "scan_type": scan_type, "description": description_val, "status": "", "target_id": target_id, "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()), } connectiondb(vul_db).insert(task_data) # print(new_scan) return "success" elif request.form.get('source') == "delete_task": task_id = request.form.get('delete') target_id = connectiondb(vul_db).find_one( {"_id": ObjectId(task_id)})['target_id'] if connectiondb(vul_db).remove({"_id": ObjectId(task_id)}): for t_id in target_id: AcunetixScanner().delete_target(t_id) return "success" else: return "warning" elif request.form.get('source') == "download_report": task_id = request.form.get('task_id') target_id = connectiondb(vul_db).find_one( {"_id": ObjectId(task_id)})['target_id'] task_name = connectiondb(vul_db).find_one( {"_id": ObjectId(task_id)})['task_name'] report_url = AcunetixScanner().reports(target_id, 'targets', task_name) if report_url: return jsonify({ "html_url": report_url[0], "pdf_url": report_url[1] }) else: return "warning"
def start_scan(self): connectiondb(auth_db).update_one({"_id": self.task_id}, {"$set": { "status": "Processing" }}) # start host check tmp_result = [] check_time = datetime.now() print("[*] %s %s Service Check..." % (check_time.strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) for service in self.service_list: # Filter online host pool_a = Pool(processes=self.processes) for target in self.target_list: tmp_result.append( pool_a.apply_async(service_check, (target, service, self.args))) pool_a.close() pool_a.join() for res_a in tmp_result: if res_a.get(): target = res_a.get()['target'] check_res = res_a.get()['result'] if check_res: username = check_res['username'] password = check_res['password'] if not username: username = "******" if not password: password = "******" self.save_result(target, service, username, password) else: self.online_target.append(target) self.check_result[service] = self.online_target self.online_target = [] tmp_result = [] check_end_time = datetime.now() print("[*] %s %s Service Check Done..." % (check_end_time.strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) print("[*] %s Service check used time: %ss" % (self.task_name, (check_end_time - check_time).seconds)) # start crack print("[*] %s %s Crack Start..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) pool_b = Pool(processes=self.processes) for service, target_list in self.check_result.items(): # print(service, target_list) self.result.append( pool_b.apply_async(hydra_scanner, (target_list, service, self.username_list, self.password_list, self.args))) pool_b.close() pool_b.join() print("[*] %s %s Crack Done..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) for res_b in self.result: if res_b.get(): for i in res_b.get(): target = i['target'] service = i['service'] username = i['username'] password = i['password'] self.save_result(target, service, username, password) print("[*] %s Crack used time: %ss" % (self.task_name, (datetime.now() - check_time).seconds)) print("[*] %s %s Saving result..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) connectiondb(auth_db).update_one( {"_id": self.task_id}, {"$set": { "status": "Completed", "week_count": self.week_count, }}) print("[*] %s %s Save result done..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
def __init__(self): self.sche_time = connectiondb(config_db).find_one({"config_name": config_name})['discovery_time'].split(":") self.asset_id = '' self.discover_option = ''