def async_run(func, items, callback):
"""
运行任务
:param func: 异步函数对象
:param items: 异步函数参数
:param callback: 回调函数
:return:
"""
# 任务组, 最大协程数
pool = AsyncPool()
# 插入任务任务
# for i in range(100000):
# pool.submit(thread_example(i), my_callback)
for i in items:
pool.submit(func(i), callback)
# 停止事件循环
pool.release()
# 获取线程数
msg = f'Current task {pool.running}'
LOGGER.info(msg)
# 等待
pool.wait()
def eyou_rce_callback(self, future):
resp = future.result()
if resp:
if resp['code'] == 200:
result = resp['text']
LOGGER.success(result)
else:
msg = 'The target ' + str(resp['url']) + ' not vuln !'
LOGGER.info(msg)
def __set__(self, value):
if 'http://' in value:
self.value = value
LOGGER.info(f'proxy => {self.value}')
elif 'socks5://' in value:
self.value = value
LOGGER.info(f'proxy => {self.value}')
else:
LOGGER.warning('Support only http:// or socks5://')
self.value = None
def command_search(args):
if len(args.split(' ')) == 1:
keyword = args.split(' ')[0]
result = module_manager.search_module(keyword)
if not result:
msg = f'search {keyword} not found'
LOGGER.info(msg)
else:
search_style(result)
else:
LOGGER.warning('Please input search <keyword>')
def start(self):
"""用户输入输出循环"""
print(self.banner)
while True:
try:
command, args = self.parse_line(input(self.prompt))
if not command:
continue
self.command_handle(command, args)
except (KeyboardInterrupt, EOFError):
LOGGER.info('Interrupt: use the \'exit\' command to quit')
def rg_uac_passleak_callback(self, future):
resp = future.result()
if resp['code'] == 200:
result = resp['text']
user = re.findall('"name":"(.*?)"', result)
password = re.findall('"password":"******"', result)
for i in range(len(user)):
msg = f'name:{user[i]},password:{password[i]}'
LOGGER.success(msg)
else:
msg = 'The target ' + str(resp['url']) + ' not vuln !'
LOGGER.info(msg)
def command_exec(args):
# 执行系统命令并时时打印
msg = f'exec {args}'
LOGGER.info(msg)
process = subprocess.Popen(args,
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
while process.poll() is None:
line = process.stdout.readline()
line = line.strip()
if line:
if IS_WIN:
print(line.decode('gbk', 'ignore'))
else:
print(line.decode('utf-8', 'ignore'))
def __set__(self, value):
if value == 'on':
self.value = True
LOGGER.info('debug => on')
return self.value
elif value == 'off':
self.value = False
LOGGER.info('debug => off')
return self.value
else:
LOGGER.info('setg debug on/off')
return self.value
def exploit(self):
targets = get_target(self.get_options('targets'))
async_run(self.eyou_rce, targets, self.eyou_rce_callback)
LOGGER.info('exploit complete')
def command_reload(self):
module_metadata = self.module_metadata()
LOGGER.info(f'Reloading module {module_metadata}...')
reload_module()
self.command_back()
LOGGER.success(f'Reload complete, please use {module_metadata}')
def command_run(self):
LOGGER.info(f'Running module {self.module_metadata()}...')
if self.check_run():
self.current_module.exploit()
def exploit(self):
targets = get_target(self.get_options('targets'))
async_run(self.rg_uac_passleak, targets, self.rg_uac_passleak_callback)
LOGGER.info('exploit complete')