def updateProgram(): success = False if not os.path.exists(os.path.join(paths.w9scan_ROOT_PATH, ".git")): errMsg = "not a git repository. Please checkout the 'boy-hack/w9scan' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/boy-hack/w9scan.git w9scan')" logger.critical(errMsg) else: infoMsg = "updating w9scan to the latest development version from the " infoMsg += "GitHub repository" logger.info("\r[%s] [INFO] %s" % (time.strftime("%X"), infoMsg)) debugMsg = "w9scan will try to update itself using 'git' command" logger.info(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: process = subprocess.Popen( "git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.w9scan_ROOT_PATH.encode(locale.getpreferredencoding()) ) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/ pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex)
def main(): """ Main function of w9scan when running from command line. """ try: checkEnvironment() # 检测环境 setPaths(modulePath()) # 为一些目录和文件设置了绝对路径 banner() urlconfig.url = raw_input('Input url > ') urlconfig.url = makeurl(urlconfig.url) urlconfig.scanport = False input_scanport = raw_input('Need scan all ports ?(Y/N) (default N)> ') if input_scanport.lower() in ("y", "yes"): urlconfig.scanport = True urlconfig.threadNum = raw_input( 'You need start number of thread(Recommendation number is 5) > ') urlconfig.threadNum = int(urlconfig.threadNum) e = Exploit_run(urlconfig.threadNum) print '[***] ScanStart Target:%s' % urlconfig.url e.load_modules("www", urlconfig.url) e.run() e.init_spider() s = crawler.SpiderMain(urlconfig.url) s.craw() logger.report() except KeyboardInterrupt: logger.critical("[***] User Interrupt") exit() except Exception as info: print "[xxx] MainError", info exit()
def checkEnvironment(): try: os.path.isdir(modulePath()) except UnicodeEncodeError: errMsg = "your system does not properly handle non-ASCII paths. " errMsg += "Please move the w9scan's directory to the other location" logger.critical(errMsg) raise SystemExit if LooseVersion(VERSION) < LooseVersion("1.0"): errMsg = "your runtime environment (e.g. PYTHONPATH) is " errMsg += "broken. Please make sure that you are not running " errMsg += "newer versions of w9scan with runtime scripts for older " errMsg += "versions" logger.critical(errMsg) raise SystemExit
def main(): """ Main function of w9scan when running from command line. """ try: checkEnvironment() # 检测环境 setPaths(modulePath()) # 为一些目录和文件设置了绝对路径 banner() Test_Url = raw_input('Input url > ') Test_Url = Test_Url.strip() #Test_Url = "https://blog.hacking8.com/" e = Exploit_run(Test_Url) print '[***] ScanStart Target:%s' % Test_Url e.load_modules("www", Test_Url) logger.report() except KeyboardInterrupt: logger.critical("[***] UserInterrupt") exit()
def main(): """ Main function of w9scan when running from command line. """ try: checkEnvironment() # 检测环境 setPaths(modulePath()) # 为一些目录和文件设置了绝对路径 banner() Test_Url = raw_input('Input url > ') Test_Url = Test_Url.strip() #Test_Url = "https://blog.hacking8.com/" e = Exploit_run(Test_Url) print '[***] ScanStart Target:%s' % Test_Url e.load_modules("www",Test_Url) logger.report() except KeyboardInterrupt: logger.critical("[***] UserInterrupt") exit()
def main(): """ Main function of w9scan when running from command line. """ try: checkEnvironment() # 检测环境 setPaths(modulePath()) # 为一些目录和文件设置了绝对路径 banner() urlconfig.url = raw_input('Input url > ') urlconfig.url = makeurl(urlconfig.url) urlconfig.scanport = False input_scanport = raw_input('Need scan all ports ?(Y/N) (default N)> ') if input_scanport.lower() in ("y", "yes"): urlconfig.scanport = True urlconfig.threadNum = raw_input( 'You need start number of thread(Recommendation number is 5) > ') urlconfig.threadNum = int(urlconfig.threadNum) startTime = time.clock() e = Exploit_run(urlconfig.threadNum) print '[***] ScanStart Target:%s' % urlconfig.url e.load_modules("www", urlconfig.url) e.run() e.init_spider() s = crawler.SpiderMain(urlconfig.url) time.sleep(0.5) s.craw() endTime = time.clock() urlconfig.runningTime = endTime - startTime e.report() except KeyboardInterrupt: logger.critical("[***] User Interrupt") exit() except Exception as info: print "[xxx] MainError:", Exception, " :", info errinfo = Get_lineNumber_fileName() data = e.buildHtml.getData() aax = "error:%s urlconfig:%s date:%s" % (errinfo, str(urlconfig), data) createIssueForBlog(aax) exit()
def main(): """ Main function of w9scan when running from command line. """ try: checkEnvironment() # 检测环境 setPaths(modulePath()) # 为一些目录和文件设置了绝对路径 banner() # url config urlconfig.url = raw_input('Input url > ') urlconfig.url = urlconfig.url.strip() urlconfig.scanport = False input_scanport = raw_input('Need scan all ports ?(Y/N) (default N)> ') if input_scanport.lower() in ("y", "yes"): urlconfig.scanport = True e = Exploit_run() print '[***] ScanStart Target:%s' % urlconfig.url e.load_modules("www", urlconfig.url) logger.report() except KeyboardInterrupt: logger.critical("[***] UserInterrupt") exit()
def main(): """ Main function of w9scan when running from command line. """ checkEnvironment() # 检测环境 setPaths(modulePath()) # 为一些目录和文件设置了绝对路径 banner() parser = argparse.ArgumentParser(description="w9scan scanner") parser.add_argument("--update", help="update w9scan", action="store_true") parser.add_argument("--guide", help="w9scan to guide", action="store_true") parser.add_argument("-u", help="url") parser.add_argument("-p", "--plugin", help="plugins") parser.add_argument("-s", "--search", help="find infomation of plugin") args = parser.parse_args() urlconfig.mutiurl = False urlconfig.url = [] if args.update: updateProgram() return 0 if args.search: print(getPluginNum(args.search)) return 0 if args.u and args.plugin: url = args.u if url.startswith("@"): urlconfig.mutiurl = True fileName = url[1:] try: o = open(fileName, "r").readlines() for u in o: urlconfig.url.append(makeurl(u.strip())) except IOError as error: logger.critical("Filename:'%s' open faild" % fileName) exit() if len(o) == 0: logger.critical("[xxx] The target address is empty") exit() print urlconfig.url else: urlconfig.url.append(makeurl(url)) urlconfig.scanport = False urlconfig.find_service = False urlconfig.threadNum = 5 urlconfig.deepMax = 100 urlconfig.diyPlugin = LIST_PLUGINS startTime = time.clock() e = Exploit_run(urlconfig.threadNum) for u in urlconfig.url: print('[***] ScanStart Target:%s' % u) e.setCurrentUrl(u) e.load_modules(args.plugin, u) e.run() time.sleep(0.01) endTime = time.clock() urlconfig.runningTime = endTime - startTime e.report() return 0 try: inputUrl = raw_input('[1] Input url > ') if inputUrl is '': logger.critical("[xxx] You have to enter the url") exit() if inputUrl.startswith("@"): urlconfig.mutiurl = True fileName = inputUrl[1:] try: o = open(fileName, "r").readlines() for url in o: urlconfig.url.append(makeurl(url.strip())) except IOError as error: logger.critical("Filename:'%s' open faild" % fileName) exit() if len(o) == 0: logger.critical("[xxx] The target address is empty") exit() print urlconfig.url else: urlconfig.url.append(makeurl(inputUrl)) print '[***] URL has been loaded:%d' % len(urlconfig.url) print("[Tips] You can select these plugins (%s) or select all" % (' '.join(LIST_PLUGINS))) diyPlugin = raw_input("[2] Please select the required plugins > ") if diyPlugin.lower() == 'all': urlconfig.diyPlugin = LIST_PLUGINS else: urlconfig.diyPlugin = diyPlugin.strip().split(' ') print "[***] You select the plugins:%s" % (' '.join( urlconfig.diyPlugin)) urlconfig.scanport = False urlconfig.find_service = False if 'find_service' in urlconfig.diyPlugin: urlconfig.find_service = True input_scanport = raw_input( '[2.1] Need you scan all ports ?(Y/N) (default N)> ') if input_scanport.lower() in ("y", "yes"): urlconfig.scanport = True urlconfig.threadNum = raw_input( '[3] You need start number of thread (default 5) > ') if urlconfig.threadNum == '': urlconfig.threadNum = 5 urlconfig.threadNum = int(urlconfig.threadNum) urlconfig.deepMax = raw_input( '[4] Set the depth of the crawler (default 200 | 0 don\'t use crawler ) > ' ) if urlconfig.deepMax == '': urlconfig.deepMax = 100 startTime = time.clock() e = Exploit_run(urlconfig.threadNum) for url in urlconfig.url: print('[***] ScanStart Target:%s' % url) e.setCurrentUrl(url) e.load_modules("www", url) e.run() if not urlconfig.mutiurl: e.init_spider() s = crawler.SpiderMain(url) s.craw() time.sleep(0.01) endTime = time.clock() urlconfig.runningTime = endTime - startTime e.report() except KeyboardInterrupt: print("[***] User Interrupt") exit() except Exception as info: logger.critical("[xxx] MainError: %s:%s" % (str(Exception), info)) data = e.buildHtml.getData() aax = "error:%s urlconfig:%s date:%s" % ( str(Exception) + " " + str(info), str(urlconfig), data) createIssueForBlog(aax) exit()
def main(): """ Main function of w9scan when running from command line. """ checkEnvironment() # 检测环境 setPaths(modulePath()) # 为一些目录和文件设置了绝对路径 banner() parser = argparse.ArgumentParser(description="w9scan scanner") parser.add_argument("--update", help="update w9scan", action="store_true") parser.add_argument("--guide", help="w9scan to guide", action="store_true") args = parser.parse_args() if args.update: updateProgram() return 0 try: urlconfig.url = raw_input('[1] Input url > ') if urlconfig.url is '': logger.critical("[xxx] You have to enter the url") exit() urlconfig.url = makeurl(urlconfig.url) print '[***] ScanStart Target:%s' % urlconfig.url print("[Tips] You can select these plugins (%s) or select all" % (' '.join(LIST_PLUGINS))) diyPlugin = raw_input("[2] Please select the required plugins > ") if diyPlugin.lower() == 'all': urlconfig.diyPlugin = LIST_PLUGINS else: urlconfig.diyPlugin = diyPlugin.strip().split(' ') print "[***] You select the plugins:%s" % (' '.join( urlconfig.diyPlugin)) urlconfig.scanport = False if 'find_service' in urlconfig.diyPlugin: input_scanport = raw_input( '[2.1] Need you scan all ports ?(Y/N) (default N)> ') if input_scanport.lower() in ("y", "yes"): urlconfig.scanport = True urlconfig.threadNum = raw_input( '[3] You need start number of thread (default 5) > ') if urlconfig.threadNum == '': urlconfig.threadNum = 5 urlconfig.threadNum = int(urlconfig.threadNum) urlconfig.deepMax = raw_input( '[4] Set the depth of the crawler (default 200 | 0 don\'t use crawler ) > ' ) if urlconfig.deepMax == '': urlconfig.deepMax = 200 startTime = time.clock() e = Exploit_run(urlconfig.threadNum) e.load_modules("www", urlconfig.url) e.run() e.init_spider() s = crawler.SpiderMain(urlconfig.url) time.sleep(0.5) s.craw() endTime = time.clock() urlconfig.runningTime = endTime - startTime e.report() except KeyboardInterrupt: logger.critical("[***] User Interrupt") exit() except Exception as info: logger.critical("[xxx] MainError: %s:%s" % (str(Exception), info)) data = e.buildHtml.getData() aax = "error:%s urlconfig:%s date:%s" % ( str(Exception) + " " + str(info), str(urlconfig), data) createIssueForBlog(aax) exit()
pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode except (IOError, OSError), ex: success = False stderr = getSafeExString(ex) if success: logger.info("\r[%s] [INFO] %s the latest revision '%s'" % (time.strftime("%X"), "already at" if "Already" in stdout else "updated to", getRevisionNumber())) else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'boy-hack/w9scan' repository " errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/boy-hack/w9scan.git sqlmap')" logger.critical(errMsg) else: logger.critical("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) if not success: if subprocess.mswindows: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/) or just " infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/boy-hack/w9scan" else: infoMsg = "for Linux platform it's required " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')"