def __init__(self,
proxylist,
proxy_allow_addrs=None,
admin_allow_addrs=None,
proxy_credentials=None,
admin_credentials=None,
session_cls='proxytools.requests.ProxyListSession',
**session_kwargs):
if isinstance(session_cls, str):
session_cls = import_string(session_cls)
self.session = session_cls(proxylist,
forgetful_cookies=True,
enforce_content_length=True,
**session_kwargs)
self.proxylist = proxylist
self.started_at = datetime.utcnow()
self.proxy_allow_addrs = proxy_allow_addrs and netaddr.IPGlob(
proxy_allow_addrs)
self.admin_allow_addrs = admin_allow_addrs and netaddr.IPGlob(
admin_allow_addrs)
self.proxy_credentials = proxy_credentials
self.admin_credentials = admin_credentials
assert __file__.endswith('.py')
self.frontend_html = open(__file__[:-3] + '.html').read()
self.redirects = {
'/': '/superproxy/',
'/superproxy': '/superproxy/',
}
self.routes = {
'/superproxy/': self.frontend,
'/superproxy/requests': self.frontend,
'/superproxy/countries': self.frontend,
'/status': self.status,
'/countries': self.countries,
'/mem_top': self.mem_top,
'/proxies': self.proxies,
'/waiting': self.waiting,
'/history': self.history,
'/action': self.action,
}
self.actions_proxy = {
attr[13:]: getattr(self, attr)
for attr in dir(self) if attr.startswith('action_proxy_')
}
self.actions = {
attr[7:]: getattr(self, attr)
for attr in dir(self) if attr.startswith('action_')
and not attr.startswith('action_proxy_')
}
def ip_range(ip):
try:
r = []
for i in list(netaddr.IPGlob(ip)):
r.append(i)
return r
except netaddr.core.AddrFormatError:
invalid_ips.append(ip)
def load_proxy():
# Return if proxies specified in Px config
# Check if need to refresh
if (State.proxy_mode == MODE_CONFIG or
(State.proxy_refresh is not None and
time.time() - State.proxy_refresh < State.config.getint("settings", "proxyreload"))):
dprint("Skip proxy refresh")
return
# Reset proxy server list
State.proxy_mode = MODE_NONE
State.proxy_server = []
# Get proxy info from Internet Options
ie_proxy_config = WINHTTP_CURRENT_USER_IE_PROXY_CONFIG()
ok = ctypes.windll.winhttp.WinHttpGetIEProxyConfigForCurrentUser(ctypes.byref(ie_proxy_config))
if not ok:
dprint(ctypes.GetLastError())
else:
if ie_proxy_config.fAutoDetect:
State.proxy_mode = MODE_AUTO
elif ie_proxy_config.lpszAutoConfigUrl:
State.pac = ie_proxy_config.lpszAutoConfigUrl
State.proxy_mode = MODE_PAC
dprint("AutoConfigURL = " + State.pac)
else:
# Manual proxy
proxies = []
proxies_str = ie_proxy_config.lpszProxy or ""
for proxy_str in proxies_str.lower().replace(' ', ';').split(';'):
if '=' in proxy_str:
scheme, proxy = proxy_str.split('=', 1)
if scheme.strip() != "ftp":
proxies.append(proxy)
elif proxy_str:
proxies.append(proxy_str)
if proxies:
parse_proxy(",".join(proxies))
State.proxy_mode = MODE_MANUAL
# Proxy exceptions into noproxy
bypass_str = ie_proxy_config.lpszProxyBypass or "" # FIXME: Handle "<local>"
bypasses = [h.strip() for h in bypass_str.lower().replace(' ', ';').split(';')]
for bypass in bypasses:
try:
ipns = netaddr.IPGlob(bypass)
State.noproxy.add(ipns)
dprint("Noproxy += " + bypass)
except:
State.noproxy_hosts.append(bypass)
dprint("Noproxy hostname += " + bypass)
dprint("Proxy mode = " + str(State.proxy_mode))
State.proxy_refresh = time.time()
def __init__(self,
proxylist,
proxy_allow_addrs=None,
admin_allow_addrs=None,
proxy_credentials=None,
admin_credentials=None,
**session_kwargs):
from .requests import ProxyListSession
self.session = ProxyListSession(proxylist,
forgetful_cookies=True,
enforce_content_length=True,
**session_kwargs)
self.proxylist = proxylist
self.started_at = datetime.utcnow()
self.proxy_allow_addrs = proxy_allow_addrs and netaddr.IPGlob(
proxy_allow_addrs)
self.admin_allow_addrs = admin_allow_addrs and netaddr.IPGlob(
admin_allow_addrs)
self.proxy_credentials = proxy_credentials
self.admin_credentials = admin_credentials
assert __file__.endswith('.py')
self.frontend_html = open(__file__[:-3] + '.html').read()
self.redirects = {
'/': '/superproxy/',
'/superproxy': '/superproxy/',
}
self.routes = {
'/superproxy/': self.frontend,
'/superproxy/requests': self.frontend,
'/superproxy/countries': self.frontend,
'/status': self.status,
'/countries': self.countries,
'/mem_top': self.mem_top,
'/proxies': self.proxies,
'/waiting': self.waiting,
'/history': self.history,
'/action': self.action,
}
def enable(self, enable_list=None):
'''Set active set of connections via list of fnmatch/IP patterns to limit run_command; pass in None to reset to enable all connections'''
self.disabled = set()
if enable_list is None:
self.console.q.put(
(('ENABLED', True),
'All %d hosts currently enabled' % len(self.connections)))
return
if isinstance(enable_list, basestring):
# Handle single value being passed instead of list
enable_list = [enable_list]
# Assemble an enabled list, then complement it at the end
enabled = set()
for pattern in enable_list:
direct_match = self.locate(pattern)
if direct_match:
enabled.add(direct_match)
continue
# Try using pattern as IP network or glob first
# if it doesn't look like either, then treat it as a name wildcard
pattern_match = set()
try:
ip_match = netaddr.IPNetwork(pattern)
except Exception as e:
try:
ip_match = netaddr.IPSet(netaddr.IPGlob(pattern))
except Exception as e:
ip_match = None
for host, t in self.connections.items():
if ip_match:
try:
if netaddr.IPAddress(t.getpeername()[0]) in ip_match:
pattern_match.add(host)
except Exception as e:
pass
else:
if fnmatch.fnmatch(str(host), pattern):
pattern_match.add(host)
if len(pattern_match) > 1:
self.console.q.put((('ENABLED', True),
'Pattern wildcard "%s" matched %d hosts' %
(pattern, len(pattern_match))))
enabled.update(pattern_match)
# Take complement of enabled set
for host in self.connections:
if host not in enabled:
self.disabled.add(host)
self.console.q.put(
(('ENABLED', True), '%d hosts currently enabled' % len(enabled)))
def parseIP(ip):
target_ips = []
if "/" in ip:
for addr in netaddr.IPNetwork(ip.decode('utf-8')):
target_ips.append(str(addr))
elif "-" in ip or "*" in ip:
for addr in netaddr.IPGlob(ip.decode('utf-8')):
target_ips.append(str(addr))
else:
target_ips.append(str(netaddr.IPAddress(ip)))
return target_ips
def generate_hosts(addr):
"""
生成主机列表
:param addr: 地址
:type addr: str
:return: 主机列表
:rtype: netaddr.ip.glob.IPGlob
"""
if "/" in addr:
hosts = netaddr.IPNetwork(addr)
else:
hosts = netaddr.IPGlob(addr)
return hosts
class State(object):
allow = netaddr.IPGlob("*.*.*.*")
config = None
exit = False
hostonly = False
logger = None
noproxy = netaddr.IPSet([])
pac = None
proxy_mode = MODE_NONE
proxy_refresh = None
proxy_server = []
stdout = None
useragent = ""
ini = "px.ini"
max_disconnect = 3
max_line = 65536 + 1
def parsenoproxy(noproxy):
global NOPROXY
nops = [i.strip() for i in noproxy.split(",")]
for nop in nops:
if not nop:
continue
try:
if "-" in nop:
spl = nop.split("-", 1)
ipns = netaddr.IPRange(spl[0], spl[1])
elif "*" in nop:
ipns = netaddr.IPGlob(nop)
else:
ipns = netaddr.IPNetwork(nop)
NOPROXY.add(ipns)
except:
print("Bad noproxy IP definition")
sys.exit()
def parseipranges(iprangesconfig):
ipranges = netaddr.IPSet([])
iprangessplit = [i.strip() for i in iprangesconfig.split(",")]
for iprange in iprangessplit:
if not iprange:
continue
try:
if "-" in iprange:
spl = iprange.split("-", 1)
ipns = netaddr.IPRange(spl[0], spl[1])
elif "*" in iprange:
ipns = netaddr.IPGlob(iprange)
else:
ipns = netaddr.IPNetwork(iprange)
ipranges.add(ipns)
except:
print("Bad IP definition: %s" % iprangesconfig)
sys.exit()
return ipranges
def lookup(name):
'''Handle IPNetwork and IPGlob (and IPAddress) notation'''
try:
ip = netaddr.IPAddress(name)
return __generator([ip])
except Exception:
pass
try:
subnet = netaddr.IPNetwork(name)
return __generator(subnet)
except Exception:
pass
try:
glob = netaddr.IPGlob(name)
return __generator(glob)
except Exception:
pass
return None
def run(self, argv, context):
contexts = []
ipv4_addresses_gen = None
try:
# 192.168.1.0-255
try:
ipv4_addresses_gen = netaddr.IPGlob(argv[0])
except netaddr.core.AddrFormatError as e:
self.logger.debug('Caught exception %s' % str(e))
try:
# 192.168.1.0/24
ipv4_addresses_gen = netaddr.IPNetwork(argv[0])
except netaddr.core.AddrFormatError as e:
self.logger.debug('Caught exception %s' % str(e))
pass
for ipv4_addr in ipv4_addresses_gen:
contexts.append(hackersh.objects.RemoteSessionContext(IPV4_ADDRESS=str(ipv4_addr)))
except TypeError as e:
pass
return contexts
def parsecli():
global DEBUG
global LISTEN
global LOGGER
global MAX_IDLE
global MAX_WORKERS
global PORT
global ALLOWLOCAL
global ALLOW
global GATEWAY_IPADDRESSES
if "--debug" in sys.argv:
LOGGER = Log("debug-%s.log" % multiprocessing.current_process().name,
"w")
DEBUG = True
if getattr(sys, "frozen", False):
attachConsole()
if os.path.exists(INI):
config = configparser.ConfigParser()
config.read(INI)
if "proxy" in config.sections():
if "server" in config.options("proxy"):
server = config.get("proxy", "server").strip()
if server:
parseproxy(server)
if "port" in config.options("proxy"):
port = config.get("proxy", "port").strip()
try:
PORT = int(port)
except ValueError:
pass
if "listen" in config.options("proxy"):
listen = config.get("proxy", "listen").strip()
if listen:
LISTEN = listen
if "allow" in config.options("proxy"):
parseallow(config.get("proxy", "allow"))
if "allowlocal" in config.options("proxy"):
if config.get("proxy", "allowlocal") == "1":
ALLOWLOCAL = True
if "gateway" in config.options("proxy"):
if config.get("proxy", "gateway") == "1":
LISTEN = ''
if "noproxy" in config.options("proxy"):
parsenoproxy(config.get("proxy", "noproxy"))
if "settings" in config.sections():
if "workers" in config.options("settings"):
workers = config.get("settings", "workers").strip()
try:
MAX_WORKERS = int(workers)
except ValueError:
pass
if "threads" in config.options("settings"):
threads = config.get("settings", "threads").strip()
try:
MAX_THREADS = int(threads)
except ValueError:
pass
if "idle" in config.options("settings"):
idle = config.get("settings", "idle").strip()
try:
MAX_IDLE = int(idle)
except ValueError:
pass
if "log" in config.options("settings"):
if config.get("settings", "log") == "1":
LOGGER = Log(
"debug-%s.log" %
multiprocessing.current_process().name, "w")
DEBUG = True
for i in range(len(sys.argv)):
if "--proxy=" in sys.argv[i]:
parseproxy(sys.argv[i].split("=")[1])
elif "--noproxy=" in sys.argv[i]:
parsenoproxy(sys.argv[i].split("=")[1])
elif "--allow=" in sys.argv[i]:
parseallow(sys.argv[i].split("=")[1])
elif "--allowlocal" in sys.argv[i]:
ALLOWLOCAL = True
if "--gateway" in sys.argv:
LISTEN = ''
if "--install" in sys.argv:
install()
elif "--uninstall" in sys.argv:
uninstall()
elif "--quit" in sys.argv:
quit()
if NTLM_PROXY is None:
print("No proxy defined")
sys.exit()
if ALLOW is None:
if ALLOWLOCAL:
ALLOW = netaddr.IPSet()
else:
ALLOW = netaddr.IPGlob("*.*.*.*")
GATEWAY_IPADDRESSES = ALLOW # Default. Will be overriden in verify_request() if allowlocal is used
print("Serving at %s:%d proc %s" %
(LISTEN, PORT, multiprocessing.current_process().name))
if getattr(sys, "frozen", False):
detachConsole()
def try_auth(self,
T,
candidates,
as_password=False,
auth_user=None,
allow_prompt=True):
if not auth_user:
auth_user = self.default_user
for filter, value in candidates:
if not T.is_active():
self.logger.error('Remote dropped connection')
return None
if filter and filter != '*':
remote_ip = netaddr.IPAddress(T.getpeername()[0])
try:
subnet = netaddr.IPGlob(filter)
if remote_ip not in subnet:
continue
except netaddr.AddrFormatError:
try:
subnet = netaddr.IPNetwork(filter)
if remote_ip not in subnet:
continue
except netaddr.AddrFormatError:
# Not a subnet or IPGlob - try name based matching (fnmatch style, not regex)
if not fnmatch.fnmatch(T.name, filter):
continue
try:
if as_password:
try:
key = str(value)
except Exception as e:
self.logger.debug('Unusable password value (%s): [%s]',
str(e), repr(value))
continue
self.logger.debug('Trying password (%s) for %s',
'*' * len(key),
T.getpeername()[0])
# Quirky Force10 servers seem to request further password attempt
# for a second stage - retry password as long as it is listed as an option
while True:
if 'password' not in T.auth_password(
auth_user, str(key)):
break
else:
# Actual keys may not be loaded yet. Only loaded when actively used, so
# we don't prompt for passphrases unless we absolutely have to.
# Python3: paramiko.AgentKey is not hashable, but also not eligible for
# deferred loading, so don't try to lookup in dict as its not hashable, and
# can't be used as a dict key.
self.logger.debug('Trying private key (%s) for %s',
repr(value),
T.getpeername()[0])
if isinstance(value, paramiko.AgentKey
) or value not in self.deferred_keys:
# Not deferred - the value IS the key
key = value
elif not self.deferred_keys[value]:
# Deferred, and not yet loaded - try _importKey() to load it
# limit to single thread for the _importKey() call
with self.import_lock:
if not self.deferred_keys[value]:
self.deferred_keys[value] = _importKey(
value,
allow_prompt=allow_prompt,
logger=self.logger)
key = self.deferred_keys[value]
else:
# Deferred and already loaded
key = self.deferred_keys[value]
try:
if isinstance(key, paramiko.PKey):
T.auth_publickey(auth_user, key)
else:
self.logger.error('Skipping SSH key %s (%s)',
value, str(key))
except paramiko.BadAuthenticationType as e:
# Server configured to reject keys, don't bother trying any others
return None
if T.is_authenticated():
return key
except paramiko.AuthenticationException as e:
pass
return None
def get_glob(range_str):
wildcard = netaddr.IPGlob(range_str)
return list(wildcard)
