def scanByDomain(self, domain):
# 数据库记录
content = ''
db = DBHelper()
sql = "insert into job_status (status, path) valuse(%d, '%s')" % (
0, file_name)
db.excute_ddl_sql('safe_jobs', sql)
# 生成报告头
self.exp_list = self.loadExp()
self.file.write('domain\t\t\tattack_results\n')
domain = self.httptools.get_standard_url(domain)
for obj in self.exp_list:
res = obj.expoit(domain)
if not res:
print('%s Exploit Failed:Unknow' % domain)
content += '%s\tExploit\tFailed:Unknow' % domain
else:
print('Exploit Success:%s' % str(res))
content += '%sExploit\tSuccess:%s' % (domain, str(res))
# 完成后修改数据库,可添加一项时间列,记录任务开始时间,任务完成后查找当前开始时间的行 状态修改为完成
sql = "update job_status set status=%d,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)" % (
1, content)
print(sql)
db.excute_ddl_sql('safe_jobs, sql')
def scanByQuery(self, query):
content = ''
# 数据库记录
db = DBHelper()
sql = "insert into job_status (status, path) valuse(%d, '%s')" % (
0, file_name)
db.excute_ddl_sql('safe_jobs', sql)
# 获取所有的EXP对象
self.exp_list = self.loadExp()
# 生成报告头
self.file.write('domain\t\t\tattack_results\n')
query_dsl = self.queryParser(query)
query_res = self.es.search(body=query_dsl,
index='showsafe',
doc_type='web',
size=100000)
domain_list = [
x['_source']['domain'] for x in query_res['hits']['hits']
]
for target in domain_list:
target = self.httptools.get_standard_url(target)
print('[+]TargetHOST:%s' % target)
for obj in self.exp_list:
res = obj.expoit(target)
if not res:
record = '%s\t\t\tFailed\n' % target
content += record
print(record)
else:
record = '%s\t\t\t%s\n' % target
content += record
print(record)
self.file.write(record)
content = content.replace('\n', ' ')
sql = "update job_status set status=%d,content='%s' where id =(select tmp.id from (select id from job_status order by id desc limit 1)tmp)" % (
1, content)
print(sql)
db.excute_ddl_sql("safe_jobs", sql)
self.file.close()
def run(self):
(option, args) = self.optionInit()
# print((option, args))
self.loaddir()
if option.module_name == 'exp_name':
if option.option == 'all':
print('全网扫描模式')
# 根据EXP名字查找模块文件
fp, pathname, desctiption = imp.find_module(option.exp_name)
# 加载找到的文件 exp_file为模块文件
exp_file = imp.load_module(option.exp_name, fp, pathname,
desctiption)
# 从文件初始化为类的对象
exp_file = exp_file.SafecatExploit()
# 初始化一个扫描脚本的对象,将要运行的EXP对象作为参数传入
self.exp_module = EXPModule(exp_file)
elif option.option == 'single' and option.thost:
target = self.httptools.get_standard_url(option.thost)
mod = importlib.import_module(option.exp_name)
print('[+] Test %s' % option.exp_name)
# 通过module名字获取module中类的对象
for name in dir(mod):
# dir(mod) 返回mod的属性,方法列表,getattr()获取列表中名字为变量name的那一个属性或方法;这里是取得类名
var = getattr(mod, name) # var即为最终获取到的类名
try:
poc = var(target) # 通过类名初始化类的对象
except Exception:
pass
result = poc.run() # 执行类的对象的方法
db = DBHelper()
sql = "insert into job_status (url, pocname, result) values('%s','%s','%s')" \
% (option.thost, mod.__name__, result)
db.excute_ddl_sql('showsafe', sql)
else:
print('请输入-m确定测试模式')
def scanOneHost(self, target):
# 数据库记录
content = ''
db = DBHelper()
sql = "insert into job_status (status, path) values(%d, '%s')" % (
0, file_name)
db.excute_ddl_sql('safe_jobs', sql)
# print('[+]Start scanning in mode single...')
print('[+]开始单个主机扫描,请稍后....')
res = self.exp.exploit(target)
if not res:
print('%s Exploit Failed:Unknown' % target)
content += '%s\tExploit\tFailed:Unknown' % target
else:
print('Exploit Success:%s\t\t%s' % ('x', str(res)))
content = '%sExploit\tSuccess:%s\t\t%s' % (target, 'x', str(res))
content = content.replace('\n', ' ')
# 直接先查询本表再更新在mysql会报错,只能在加一层刷新 http://blog.csdn.net/z_youarethebest/article/details/53785487
sql = "update job_status set status=%d, content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)" % (
1, content)
print(sql)
db.excute_ddl_sql('safe_jobs', sql)
