def listener_worker(): s = get_tcp_listener(ipv6=conf.ipv6, listen_port=int(conf.connect_back_port)) while True: try: conn, address = s.accept() conn.setblocking(1) client = AttribDict() client.conn = conn client.address = address kb.data.clients.append(client) info_msg = "new connection established from {0}".format( desensitization(address[0]) if conf.ppt else address[0]) logger.log(CUSTOM_LOGGING.SUCCESS, info_msg) except Exception: pass
def _set_connect_back(): ips = get_local_ip(all=True) if ips: kb.data.local_ips = ips if conf.mode == "shell" and conf.connect_back_host is None: data_to_stdout("[i] pocsusite is running in shell mode, you need to set connect back host:\n") message = '----- Local IP Address -----\n' for i, ip in enumerate(kb.data.local_ips): message += "{0} {1}\n".format(i, desensitization(ip) if conf.ppt else ip) data_to_stdout(message) while True: choose = None choose = input('Choose>: ').strip() if not choose: continue try: if choose.isdigit(): choose = int(choose) conf.connect_back_host = kb.data.local_ips[choose] data_to_stdout("you choose {0}\n".format( desensitization(conf.connect_back_host) if conf.ppt else conf.connect_back_host)) break except Exception: data_to_stdout("wrong number, choose again\n")
def start(): runtime_check() tasks_count = kb.task_queue.qsize() info_msg = "pocsusite got a total of {0} tasks".format(tasks_count) logger.info(info_msg) logger.debug("pocsuite will open {} threads".format(conf.threads)) try: run_threads(conf.threads, task_run) logger.info("Scan completed,ready to print") finally: task_done() if conf.mode == "shell" and not conf.api: info_msg = "connect back ip: {0} port: {1}".format( desensitization(conf.connect_back_host) if conf.ppt else conf.connect_back_host, conf.connect_back_port) logger.info(info_msg) info_msg = "watting for shell connect to pocsuite" logger.info(info_msg) if conf.console_mode: handle_listener_connection_for_console() else: handle_listener_connection()
def execute(self, target, headers=None, params=None, mode='verify', verbose=True): self.target = target self.url = parse_target_url( target ) if self.current_protocol == POC_CATEGORY.PROTOCOL.HTTP else self.build_url( ) self.headers = headers if isinstance(params, dict) or isinstance(params, str): self.params = params else: self.params = {} self.mode = mode self.verbose = verbose self.expt = (0, 'None') # TODO output = None try: output = self._execute() except NotImplementedError as e: self.expt = (ERROR_TYPE_ID.NOTIMPLEMENTEDERROR, e) logger.log( CUSTOM_LOGGING.ERROR, 'POC: {0} not defined "{1}" mode'.format(self.name, self.mode)) output = Output(self) except ConnectTimeout as e: self.expt = (ERROR_TYPE_ID.CONNECTTIMEOUT, e) while conf.retry > 0: logger.debug('POC: {0} timeout, start it over.'.format( self.name)) try: output = self._execute() break except ConnectTimeout: logger.debug('POC: {0} time-out retry failed!'.format( self.name)) conf.retry -= 1 else: msg = "connect target '{0}' failed!".format( desensitization(target) if conf.ppt else target) logger.error(msg) output = Output(self) except HTTPError as e: self.expt = (ERROR_TYPE_ID.HTTPERROR, e) logger.warn('POC: {0} HTTPError occurs, start it over.'.format( self.name)) output = Output(self) except ConnectionError as e: self.expt = (ERROR_TYPE_ID.CONNECTIONERROR, e) msg = "connect target '{0}' failed!".format( desensitization(target) if conf.ppt else target) logger.error(msg) output = Output(self) except TooManyRedirects as e: self.expt = (ERROR_TYPE_ID.TOOMANYREDIRECTS, e) logger.debug(str(e)) output = Output(self) except BaseException as e: self.expt = (ERROR_TYPE_ID.OTHER, e) logger.error("PoC has raised a exception") logger.error(str(traceback.format_exc())) # logger.exception(e) output = Output(self) if output: output.params = self.params return output
def task_run(): while not kb.task_queue.empty() and kb.thread_continue: target, poc_module = kb.task_queue.get() if not conf.console_mode: poc_module = copy.deepcopy(kb.registered_pocs[poc_module]) poc_name = poc_module.name # for hide some infomations if conf.ppt: info_msg = "running poc:'{0}' target '{1}'".format( poc_name, desensitization(target)) else: info_msg = "running poc:'{0}' target '{1}'".format( poc_name, target) logger.info(info_msg) # hand user define parameters if hasattr(poc_module, "_options"): for item in kb.cmd_line: value = cmd_line_options.get(item, "") if item in poc_module.options: poc_module.set_option(item, value) info_msg = "Parameter {0} => {1}".format(item, value) logger.info(info_msg) # check must be option for opt, v in poc_module.options.items(): # check conflict in whitelist if opt in CMD_PARSE_WHITELIST: info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format( poc_name, opt) logger.error(info_msg) raise SystemExit if v.require and v.value == "": info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format( poc=poc_name, key=opt) logger.error(info_msg) raise SystemExit try: result = poc_module.execute(target, headers=conf.http_headers, mode=conf.mode, verbose=False) except PocsuiteValidationException as ex: info_msg = "Poc:'{}' PocsuiteValidationException:{}".format( poc_name, ex) logger.error(info_msg) result = None if not isinstance(result, Output) and not None: _result = Output(poc_module) if result: if isinstance(result, bool): _result.success({}) elif isinstance(result, str): _result.success({"Info": result}) elif isinstance(result, dict): _result.success(result) else: _result.success({"Info": repr(result)}) else: _result.fail('target is not vulnerable') result = _result if not result: continue if not conf.quiet: result.show_result() result_status = "success" if result.is_success() else "failed" if result_status == "success" and kb.comparison: kb.comparison.change_success(target, True) output = AttribDict(result.to_dict()) if conf.ppt: # hide some information target = desensitization(target) output.update({ 'target': target, 'poc_name': poc_name, 'created': time.strftime("%Y-%m-%d %X", time.localtime()), 'status': result_status }) result_plugins_handle(output) kb.results.append(output)
def task_run(): while not kb.task_queue.empty() and kb.thread_continue: target, poc_module = kb.task_queue.get() if not conf.console_mode: poc_module = copy.deepcopy(kb.registered_pocs[poc_module]) poc_name = poc_module.name if conf.pcap: # start capture flow import os import logging os.environ["MPLBACKEND"] = "Agg" logging.getLogger("scapy").setLevel(logging.ERROR) from pocsuite3.lib.utils.pcap_sniffer import Sniffer from scapy.utils import wrpcap sniffer = Sniffer(urlparse(target).hostname) if sniffer.use_pcap: if not sniffer.is_admin: logger.warn( "Please use administrator privileges, and the poc will continue to execute without fetching the packet" ) conf.pcap = False else: sniffer.start() # let scapy start for a while time.sleep(1) else: logger.warn( "No libpcap is detected, and the poc will continue to execute without fetching the packet" ) conf.pcap = False # for hide some infomations if conf.ppt: info_msg = "running poc:'{0}' target '{1}'".format( poc_name, desensitization(target)) else: info_msg = "running poc:'{0}' target '{1}'".format( poc_name, target) logger.info(info_msg) # hand user define parameters if hasattr(poc_module, "_options"): for item in kb.cmd_line: value = cmd_line_options.get(item, "") if item in poc_module.options: poc_module.set_option(item, value) info_msg = "Parameter {0} => {1}".format(item, value) logger.info(info_msg) # check must be option for opt, v in poc_module.options.items(): # check conflict in whitelist if opt in CMD_PARSE_WHITELIST: info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format( poc_name, opt) logger.error(info_msg) raise SystemExit if v.require and v.value == "": info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format( poc=poc_name, key=opt) logger.error(info_msg) raise SystemExit try: result = poc_module.execute(target, headers=conf.http_headers, mode=conf.mode, verbose=False) except PocsuiteValidationException as ex: info_msg = "Poc:'{}' PocsuiteValidationException:{}".format( poc_name, ex) logger.error(info_msg) result = None if not isinstance(result, Output) and not None: _result = Output(poc_module) if result: if isinstance(result, bool): _result.success({}) elif isinstance(result, str): _result.success({"Info": result}) elif isinstance(result, dict): _result.success(result) else: _result.success({"Info": repr(result)}) else: _result.fail('target is not vulnerable') result = _result if not result: continue if not conf.quiet: result.show_result() result_status = "success" if result.is_success() else "failed" if result_status == "success" and kb.comparison: kb.comparison.change_success(target, True) output = AttribDict(result.to_dict()) if conf.ppt: # hide some information target = desensitization(target) output.update({ 'target': target, 'poc_name': poc_name, 'created': time.strftime("%Y-%m-%d %X", time.localtime()), 'status': result_status }) result_plugins_handle(output) kb.results.append(output) if conf.pcap: sniffer.join(20) if not sniffer.is_alive(): filename = urlparse(target).hostname + time.strftime( '_%Y_%m_%d_%H%M%S.pcap') logger.info(f"pcap data has been saved in: {filename}") wrpcap(filename, sniffer.pcap.results) else: logger.error("Thread terminates timeout. Failed to save pcap")