def _wrapper(args):
     try:
         out = Output()
         return func(args, out)
     except PenError as error:
         out.error(str(error))
     except SearchEngineError as error:
         out.error(str(error))
     except KeyboardInterrupt:
         out.error(u"强制退出")
     finally:
         out.close()
Exemple #2
0
    def __str__(self):
        resultStr = Output.Y(u"\n原始信息:\n")
        resultStr = resultStr + Output.B(
            "{0:>9} : ".format('URL')) + self['meta']['url'] + "\n"
        resultStr = resultStr + Output.B("{0:>9} : ".format('Status')) + str(
            self['meta']['statusCode']) + "\n"
        resultStr = resultStr + Output.B(
            "{0:>9} : ".format('Title')) + self['meta']['title'] + "\n"
        resultStr = resultStr + Output.B("{0:>9} : ".format('Headers')) + "\n"
        for key, value in self['meta']['headers'].iteritems():
            resultStr = resultStr + Output.G(
                "{0:>20} : ".format(key)) + value + "\n"

        resultStr = resultStr + Output.Y(u"\n识别结果:\n")
        for key, value in self['apps'].iteritems():
            appsInfo = ""
            for line in value:
                if line[3]:
                    appsInfo = appsInfo + line[0] + " " + line[3] + " ; "
                else:
                    appsInfo = appsInfo + line[0] + " ; "
            resultStr = resultStr + Output.Y(
                "{0:>11} : ".format(key)) + appsInfo + "\n"

        return resultStr
Exemple #3
0
    def __str__(self):
        resultStr = ""
        if self.get("FailedInfo", None):
            resultStr = Output.G(u"Exploit执行失败,原因:{0}".format(
                self['FailedInfo']['reason']).encode(sys.stdout.encoding))
            return resultStr

        for key, value in self.iteritems():
            for vkey, vvalue in value.iteritems():
                resultStr = resultStr + Output.R(key + ": ") + Output.Y(
                    vkey + ": ") + vvalue + "\n"

        if not resultStr:
            resultStr = Output.G(u"Exploit执行失败, 目标系统可能不存在漏洞".encode(
                sys.stdout.encoding))
            return resultStr

        return Output.G(u"目标系统存在漏洞,验证/利用成功,具体信息:\n".encode(
            sys.stdout.encoding)) + resultStr.strip()
Exemple #4
0
    def _hexViewContent(self, rawContent):
        '''
        十六进制方式显示文件内容
        '''
        result = ""
        loopCount = len(rawContent) / 16

        for i in range(loopCount + 1):
            directive = Output.Y("{0:0>8}:  ".format(hex(i * 16)[2:]))
            result = result + directive

            for j in range(16):
                result = result + self._getByteHex(rawContent, i, j) + " "

            result = result + " "
            for j in range(16):
                result = result + self._getByteReal(rawContent, i, j)

            result = result + "\n"

        return result
Exemple #5
0
    def _formatAttr(self, key, rtype):
        '''
        格式化exploit结果信息中的某个属性值对
        rtype :
            0 : 不存在漏洞
            1 : 存在漏洞
            2 : 有辅渗透信息(用于payload生成类型的exploit)
        key : 格式化的属性
        '''
        result = ""
        if rtype == self.NOTVUL:
            if key == 'isvul':
                value = u"不存在漏洞"
            else:
                value = self.get(key, None)
            if value:
                result = Output.Y("{0:>11} : ".format(key)) + Output.G(
                    self._encodeValue(value)) + "\n"
        elif rtype == self.VUL:
            if key == 'isvul':
                value = u"存在漏洞"
            else:
                value = self.get(key, None)
            if value:
                result = Output.Y("{0:>11} : ".format(key)) + Output.R(
                    self._encodeValue(value)) + "\n"
        elif rtype == self.INFO:
            if key == 'isvul':
                value = u"漏洞情况未知"
            else:
                value = self.get(key, None)
            if value:
                result = Output.Y("{0:>11} : {1}\n".format(
                    key, self._encodeValue(value)))
        elif rtype == self.ERROR:
            if key == 'isvul':
                value = u"Exploit执行失败"
            else:
                value = self.get(key, None)
            if value:
                result = Output.Y(
                    "{0:>11} : ".format(key)) + self._encodeValue(value) + "\n"
        else:
            raise ExploitResultError(
                "'isvul' attribute should be 'Result.NOTVUL/VUL/INFO/ERROR'")

        return result
Exemple #6
0
 def _getByteReal(self, data, i, j):
     if i * 16 + j >= len(data):
         return " "
     else:
         return Output.B(self._getAsciiVirualByte(data[i * 16 + j]))