def main():
if not sga.module:
sga.errorPrint("no module has been loaded")
return
try:
sga.module.exploit()
except Exception as e:
sga.errorPrint("failed: %s has an error: %s" % (sga.modulePath, e))
def main(cmd):
cmdList = cmd.split(" ")
if len(cmdList) < 2:
sga.errorPrint("search command: search [cveID/keyword]")
return
if not os.path.isfile(".com/cacheDB"):
sga.errorPrint(
"No local cache, use \"build\" command to build the local cache database file"
)
sga.infoPrint("use slow search")
result = slowSearch(cmdList[1])
else:
result = search(cmdList[1])
if len(result) <= 0:
return
maxLengthPath = 0
maxLengthAuthor = 0
maxLengthDate = 0
for k in result:
if maxLengthPath < len(k):
maxLengthPath = len(k)
if maxLengthAuthor < len(result[k]['author']):
maxLengthAuthor = len(result[k]['author'])
if maxLengthDate < len(result[k]['date']):
maxLengthDate = len(result[k]['date'])
string = "search keyword: %s" % (cmdList[1])
print(string)
print("-" * len(string))
spaceString1 = " " + " " * (maxLengthPath - 4)
spaceString2 = " " + " " * (maxLengthAuthor - 6)
spaceString3 = " " + " " * (maxLengthDate - 4)
print(" path%sauthor%sdate%sinfo" %
(spaceString1, spaceString2, spaceString3))
print(" ----%s------%s----%s----" %
(spaceString1, spaceString2, spaceString3))
for k in result:
spaceString1 = " " + " " * (maxLengthPath - len(k))
spaceString2 = " " + " " * (maxLengthAuthor -
len(result[k]['author']))
spaceString3 = " " + " " * (maxLengthDate - len(result[k]['date']))
print(" %s%s%s%s%s%s%s" %
(k, spaceString1, result[k]['author'], spaceString2,
result[k]['date'], spaceString3, result[k]['info']))
def main(cmd):
cmdList = cmd.split(" ")
if len(cmdList) < 2:
sga.errorPrint("load command: load scorcsoftPOC/other/test")
return
modulePath = cmdList[1]
badModule = False
sga.moduleOptions = None
if not os.path.isfile("%s.py" % (modulePath)):
sga.errorPrint("failed: %s is not exist" % (modulePath))
return
try:
importString = modulePath.replace("/", ".")
sga.module = importlib.import_module(importString)
except Exception as e:
sga.errorPrint("failed: %s has an error: %s" % (modulePath, e))
sga.module = None
return
try:
sga.moduleType = sga.moduleTypeList[sga.module.type]
sga.moduleOptions = sga.module.options # copy the module options to global module
except:
sga.errorPrint("failed: %s is not a SPF module" % (modulePath))
sga.module = None
return
for k in sga.module.options: # check the options
sga.moduleOptionsWord.append(
"%s " % (k)) # add current module option name auto complete
tmp = list(sga.module.options[k])
if "value" not in tmp or "info" not in tmp:
badModule = True
break
if "exploit" not in dir(sga.module): # check the main function
badModule = True
if badModule:
sga.errorPrint("failed: %s is not a SPF module" % (modulePath))
sga.module = None
return
sga.modulePath = modulePath
sga.commandWord.append("exploit") # add the exploit command auto complete
sga.commandPrompt = '\033[4;30mspf\033[0m \033[1;31m%s\033[0m(%s) > ' % (
sga.moduleType, sga.modulePath)
sga.successPrint("load: %s" % (modulePath))
def exploit(): #poc main function
sga.infoPrint("test module, target host: %s, target port: %s" %
(sga.get("rhost"), sga.get("rport")))
sga.successPrint("this is a successfully message for test")
sga.errorPrint("this is an error message for test")
sga.weakPrint("the target is vulnerable")
sga.infoPrint("哈哈骗你的,想什么呢")
sga.nweakPrint("the target is not vulnerable!")
def search(kw):
try:
for i in open(".com/cacheDB"):
if kw in i:
i = i.strip("\n")
i = i.strip("\r\n") # for stupit bugdows
info = json.loads(i)
return info
except:
sga.errorPrint(
"Can not use the local cache database, use \"build\" command to rebuild local cache database"
)
sga.infoPrint("use slow search")
slowSearch(kw)
def main(cmd):
cmdList = cmd.split(" ")
if len(cmdList) < 3:
sga.errorPrint("set command: set [option name] [option value]")
return
if not sga.module:
sga.errorPrint("no module has been load")
return
name = str(cmdList[1])
value = str(cmdList[2])
try:
sga.moduleOptions[name]['value'] = value
except:
pass
sga.infoPrint("set %s => %s" % (name, value))
def main(cmd):
badCommand = ["vi", "vim", "ex", "python", "python3", "cd"]
if cmd in badCommand:
sga.infoPrint("command \"%s\" is not supported in SPF :)" % (cmd))
return
result = subprocess.getstatusoutput(cmd)
if result[0] == 0:
string = "execute system command: %s" % (cmd)
sga.successPrint(string)
print("-" * (4 + len(string)))
output = result[1].split("\n")
for i in output:
print(" %s" % (i))
print("-" * (4 + len(string)))
else:
sga.errorPrint("unknow command: %s" % (cmd))