Exemple #1
0
def _createTargetDirs():
    """
    Create the output directory.
    """
    if not os.path.isdir(paths.POCSUITE_OUTPUT_PATH):
        try:
            if not os.path.isdir(paths.POCSUITE_OUTPUT_PATH):
                os.makedirs(paths.POCSUITE_OUTPUT_PATH, 0755)
            warnMsg = "using '%s' as the output directory" % paths.POCSUITE_OUTPUT_PATH
            logger.log(CUSTOM_LOGGING.WARNING, warnMsg)
        except (OSError, IOError), ex:
            try:
                tempDir = tempfile.mkdtemp(prefix="pocsuiteoutput")
            except Exception, _:
                errMsg = "unable to write to the temporary directory ('%s'). " % _
                errMsg += "Please make sure that your disk is not full and "
                errMsg += "that you have sufficient write permissions to "
                errMsg += "create temporary files and/or directories"
                raise PocsuiteSystemException(errMsg)

            warnMsg = "unable to create regular output directory "
            warnMsg += "'%s' (%s). " % (paths.POCSUITE_OUTPUT_PATH, getUnicode(ex))
            warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir)
            logger.log(CUSTOM_LOGGING.WARNING, warnMsg)

            paths.POCUSITE_OUTPUT_PATH = tempDir
Exemple #2
0
def main():
    try:
        paths['ROOT_PATH'] = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
        setPaths()
        parse_args()

        if IS_WIN:
            win_color_init()
        banner()

        if conf['DEBUG']:
            showDebugData()
        if conf['UPDATE']:
            update()

        load_payloads()

        if conf['ENGINE'] is 't':
            from lib.controller.threads import ThreadsEngine
            ThreadsEngine().run()
        elif conf['ENGINE'] is 'c':
            from lib.controller.coroutine import CoroutineEngine
            CoroutineEngine().run()
    except KeyboardInterrupt, e:
        logger.log(CUSTOM_LOGGING.ERROR, 'User quit!')
Exemple #3
0
    def common_http_redirect(self, result, headers, code, content, msg):
        content = decodePage(content, headers.get(HTTPHEADER.CONTENT_ENCODING), headers.get(HTTPHEADER.CONTENT_TYPE))

        threadData = getCurrentThreadData()
        threadData.lastRedirectMsg = (threadData.lastRequestUID, content)

        responseMsg = "HTTP response "
        responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, getUnicode(msg))

        if headers:
            logHeaders = "\n".join(["%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for (key, value) in headers.items()])
        else:
            logHeaders = ""

        logHTTPTraffic(threadData.lastRequestMsg, "%s%s" % (responseMsg, logHeaders))

        responseMsg += getUnicode(logHeaders)

        logger.log(7, responseMsg)

        if result:
            if self._get_header_redirect(headers):
                result.redurl = self._get_header_redirect(headers)

            if hasattr(result, 'redurl'):
                if not urlparse.urlsplit(result.redurl).netloc:
                    result.redurl = urlparse.urljoin(conf.url, result.redurl)

            if "set-cookie" in headers:
                result.setcookie = headers["set-cookie"].split("; path")[0]

            result.redcode = code

        return result
Exemple #4
0
    def _process_http_redirect(self, result, headers, code, content, msg, redurl):
        content = decodePage(content, headers.get(HTTPHEADER.CONTENT_ENCODING), headers.get(HTTPHEADER.CONTENT_TYPE))

        threadData = getCurrentThreadData()
        threadData.lastRedirectMsg = (threadData.lastRequestUID, content)

        responseMsg = "HTTP response "
        responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, getUnicode(msg))

        if headers:
            logHeaders = "\n".join("%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for (key, value) in headers.items())
        else:
            logHeaders = ""

        logHTTPTraffic(threadData.lastRequestMsg, "%s%s" % (responseMsg, logHeaders))

        responseMsg += getUnicode(logHeaders)

        logger.log(7, responseMsg)

        if "set-cookie" in headers:
            kb.redirectSetCookie = headers["set-cookie"].split("; path")[0]

        result.redcode = code
        result.redurl = redurl

        return result
Exemple #5
0
def pocThreads():
    """
    @function multiThread executing
    """
    kb.pCollect = set()

    while not kb.targets.empty() and kb.threadContinue:
        target, poc, pocname = kb.targets.get()
        infoMsg = "poc:'%s' target:'%s'" % (pocname, target)
        logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)
        # TODO json
        if isinstance(poc, dict):
            pocInfo = poc['pocInfo']
            result = execReq(poc, conf.mode, target)
            output = (target, pocname, pocInfo["vulID"], pocInfo["appName"], pocInfo["appVersion"], "success" if result else "failed", time.strftime("%Y-%m-%d %X", time.localtime()), str(result.result))
        else:
            kb.pCollect.add(poc.__module__)
            result = poc.execute(target, headers=conf.httpHeaders, mode=conf.mode, params=conf.params, verbose=True)
            if not result:
                continue
            output = (target, pocname, result.vulID, result.appName, result.appVersion, "success" if result.is_success() else result.error, time.strftime("%Y-%m-%d %X", time.localtime()), str(result.result))
            result.show_result()

        kb.results.add(output)
        if isinstance(conf.delay, (int, float)) and conf.delay > 0:
            time.sleep(conf.delay / 1000)
Exemple #6
0
    def crawlerThread():
        global countVisitedUrls

        while visitQueue.qsize() > 0:
            url = visitQueue.get()
            try:
                hashData = hashUrl(url)
                if hashData not in visited:
                    headers[HTTP_HEADER.USER_AGENT] = randomUserAgents()
                    response = requests.get(url, timeout=10, headers=headers)
                    crawlMsg = 'crawled %s depth: %d count: %d' % (url, currentDepth, countVisitedUrls)
                    logger.log(CUSTOM_LOGGING.SYSINFO, crawlMsg)
                    content = response.text

                    kb.pageEncoding = response.encoding
                    conf.cookie = str(response.cookies.get_dict())

                    try:
                        lock.acquire()
                        visited.add(hashData)
                        countVisitedUrls += 1
                        fp.write(url + '\n')
                        lock.release()
                    except Exception, ex:
                        logger.log(CUSTOM_LOGGING.ERROR, ex)
                        if lock.locked():
                            lock.release()
                        continue
                else:
                    continue
Exemple #7
0
def start():
    if kb.targets and kb.targets.qsize() > 1:
        infoMsg = "penework got a total of %d targets" % kb.targets.qsize()
        logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)

    runThreads(conf.threads, pocThreads)

    resultTable = PrettyTable(["target-url", "poc-name", "poc-id", "component", "version", "status"])
    resultTable.padding_width = 1

    if not kb.results:
        return

    toNum, sucNum = 0, 0
    for row in kb.results:
        resultTable.add_row(list(row)[:-2])
        toNum += 1
        if row[5] == 'success':
            sucNum += 1

    if not conf.quiet:
        print resultTable
        # infoMsg = "{} of {} success !".format(sucNum, toNum)
        # logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)
        print "success : {} / {}".format(sucNum, toNum)

    _createTargetDirs()
    _setRecordFiles()

    if conf.report:
        _setReport()
Exemple #8
0
def loadPoc(pocFile):
    if pocFile.endswith(".pyc"):
        conf.isPycFile = True

    if conf.isPocString:
        poc = conf.pocFile
        if not conf.pocname:
            if conf.pocFile:
                conf.pocname = os.path.split(conf.pocFile)[1]
            else:
                errMsg = "Use pocString must provide pocname"
                logger.log(CUSTOM_LOGGING.ERROR, errMsg)
        pocname = conf.pocname
    else:
        pocname = os.path.split(pocFile)[1]
        poc = readFile(pocFile)

    if not conf.isPycFile:
        if not re.search(POC_REGISTER_REGEX, poc):
            warnMsg = "poc: %s register is missing" % pocname
            logger.log(CUSTOM_LOGGING.WARNING, warnMsg)
            className = getPocClassName(poc)
            poc += POC_REGISTER_STRING.format(className)

        retVal = multipleReplace(poc, POC_IMPORTDICT)
    else:
        retVal = poc
    return {pocname: retVal}
Exemple #9
0
def showResult(tag):
    for key1, value1 in resultJson[tag].iteritems():
        for key2, value2 in value1.iteritems():
            if key1 != 'verifyInfo':
                logger.log(CUSTOM_LOGGING.SUCCESS, key2 + " : " + resultJson[tag][key1][key2])

    pass
Exemple #10
0
def execReq(poc, mode, targetUrl):
    pocInfo, devilJson = poc['pocInfo'], poc["pocExecute"]
    result = False

    infoMsg = "poc-%s '%s' has already been detected against '%s'." % (pocInfo["vulID"], pocInfo["name"], targetUrl)
    logger.log(CUSTOM_LOGGING.SUCCESS, infoMsg)

    for targetJson in devilJson[mode]:

        if mode == 'verify':
            result = _executeVerify(pocInfo, targetJson, targetUrl, 'verify')
            if targetJson['step'] == '0' and result:
                return True
            elif targetJson['step'] != '0' and not result:
                return False

        else:
            result = _executeAttack(pocInfo, targetJson, targetUrl)
            if targetJson['step'] == '0' and result:
                showResult(targetUrl + pocInfo['vulID'])
                return True
            elif targetJson['step'] != '0' and not result:
                return False

    if result:
        showResult(targetUrl + pocInfo['vulID'])

    return result
Exemple #11
0
def setPoc():
    """
    @function 重新设置conf.pocFile
    """
    if conf.isPocString:
        retVal = loadPoc(conf.pocFile)
        kb.pocs.update(retVal)
    elif len(conf.pocFile.split(",")) > 1:
        for pocFile in conf.pocFile.split(","):
            pocFile = os.path.abspath(pocFile)
            retVal = loadPoc(pocFile)
            kb.pocs.update(retVal)
    else:
        conf.pocFile = os.path.abspath(conf.pocFile)
        if os.path.isfile(conf.pocFile):
            retVal = loadPoc(conf.pocFile)
            kb.pocs.update(retVal)
        elif os.path.isdir(conf.pocFile):
            pyFiles = glob.glob(os.path.join(conf.pocFile, "*.py"))
            jsonFiles = glob.glob(os.path.join(conf.pocFile, "*.json"))
            pocFiles = pyFiles + jsonFiles
            for pocFile in pocFiles:
                retVal = loadPoc(pocFile)
                kb.pocs.update(retVal)
        else:
            errMsg = "can't find any valid PoCs"
            logger.log(CUSTOM_LOGGING.ERROR, errMsg)

    conf.pocFile = None
Exemple #12
0
    def common_http_redirect(self, result, headers, code, content, msg):
        content = decodePage(content, headers.get(HTTPHEADER.CONTENT_ENCODING), headers.get(HTTPHEADER.CONTENT_TYPE))

        threadData = getCurrentThreadData()
        threadData.lastRedirectMsg = (threadData.lastRequestUID, content)

        responseMsg = "HTTP response "
        responseMsg += "[#%d] (%d %s):\n" % (threadData.lastRequestUID, code, getUnicode(msg))

        if headers:
            logHeaders = "\n".join(["%s: %s" % (key.capitalize() if isinstance(key, basestring) else key, getUnicode(value)) for (key, value) in headers.items()])
        else:
            logHeaders = ""

        if conf.verbose <= 5:
            responseMsg += getUnicode(logHeaders)
        elif conf.verbose > 5:
            responseMsg += "%s\n\n%s\n" % (logHeaders, content)

        logger.log(7, responseMsg)

        if "location" in headers:
            result.redurl = headers.getheaders("location")[0].split("?")[0]
        elif "uri" in headers:
            result.redurl = headers.getheaders("uri")[0].split("?")[0]

        if "set-cookie" in headers:
            result.setcookie = headers["set-cookie"].split("; path")[0]

        result.redcode = code

        return result
Exemple #13
0
def crawl(url, currentDepth, countUrls):

    redisCon = Redis(host=conf.REDIS_HOST,
                      port=conf.REDIS_PORT,
                      password=conf.REDIS_PASSWD)

    try:
        headers = dict()
        headers[HTTP_HEADER.USER_AGENT] = randomUserAgents()

        response = requests.get(url, timeout=10, headers=headers)
        # crawlMsg = 'crawled %s depth: %d count: %d' % (url, currentDepth, countVisitedUrls)
        # logger.log(CUSTOM_LOGGING.SYSINFO, crawlMsg)
        content = response.text

        kb.pageEncoding = response.encoding
        conf.cookie = str(response.cookies.get_dict())
        hashData = hashUrl(url)
        redisCon.sadd('visited', hashData)
        redisCon.lpush('visitedList', url)
        getDB().insert({'url':url, 'depth': currentDepth, 'count':countUrls})

    except Exception, ex:
        logger.log(CUSTOM_LOGGING.ERROR, ex)
        # print traceback.print_exc()
        return
Exemple #14
0
 def execute(self, query):
     try:
         self.cursor = self.connector.execute(query)
     except (_sqlalchemy.exc.OperationalError, _sqlalchemy.exc.ProgrammingError) as ex:
         logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % ex.message if hasattr(ex, "message") else ex)
     except _sqlalchemy.exc.InternalError as ex:
         raise SqlmapConnectionException(ex[1])
Exemple #15
0
    def execute(self, target, headers=None, params=None, mode='verify', verbose=True):
        """
        :param url: the target url
        :param headers: a :class dict include some fields for request header.
        :param params: a instance of Params, includ extra params

        :return: A instance of Output
        """
        self.target = target
        self.url = parseTargetUrl(target)
        self.headers = headers
        self.params = params
        self.mode = mode
        self.verbose = verbose
        # TODO
        output = None

        try:
            if self.mode == 'attack':
                output = self._attack()
            else:
                output = self._verify()

        except NotImplementedError:
            logger.log(CUSTOM_LOGGING.ERROR, 'POC: %s not defined ' '%s mode' % (self.name, self.mode))
            output = Output(self)

        except Exception, e:
            logger.log(CUSTOM_LOGGING.ERROR, str(e))
            output = Output(self)
Exemple #16
0
    def run(self):

        threads = []

        try:
            for thread_num in xrange(self.threads_num):

                thread = threading.Thread(target=self.brute_names, name=str(thread_num))
                thread.setDaemon(True)
                thread.start()
                threads.append(thread)

            alive = True
            while alive:
                alive = False

                for thread in threads:
                    if thread.isAlive():
                        alive = True
                        time.sleep(0.1)

        except KeyboardInterrupt:

            if self.threads_num > 1:
                logger.log(CUSTOM_LOGGING.SYSINFO, "waiting for threads to finish (Ctrl+C was pressed)")

            try:
                while threading.activeCount() > 1:
                    pass

            except KeyboardInterrupt:
                raise PeneworkThreadException("user aborted (Ctrl+C was pressed multiple times)")
Exemple #17
0
    def execute(self, target, headers=None, params=None, mode='verify', verbose=True):
        """
        :param url: the target url
        :param headers: a :class dict include some fields for request header.
        :param params: a instance of Params, includ extra params

        :return: A instance of Output
        """
        self.target = target
        self.url = parseTargetUrl(target)
        self.headers = headers
        self.params = strToDict(params) if params else {}
        self.mode = mode
        self.verbose = verbose
        self.expt = 'None'
        # TODO
        output = None

        try:
            if self.mode == 'attack':
                output = self._attack()
            else:
                output = self._verify()

        except NotImplementedError, e:
            self.expt = (ERROR_TYPE_ID.NOTIMPLEMENTEDERROR, e)
            logger.log(CUSTOM_LOGGING.ERROR, 'POC: %s not defined ' '%s mode' % (self.name, self.mode))
            output = Output(self)
Exemple #18
0
 def registerPoc(self):
     pocString = multipleReplace(self.pocString, POC_IMPORTDICT)
     _, self.moduleName = filepathParser(self.pocName)
     try:
         importer = StringImporter(self.moduleName, pocString)
         importer.load_module(self.moduleName)
     except ImportError, ex:
         logger.log(CUSTOM_LOGGING.ERROR, ex)
Exemple #19
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(query)
            retVal = True
        except (pymysql.OperationalError, pymysql.ProgrammingError), msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
Exemple #20
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(utf8encode(query))
            retVal = True
        except cx_Oracle.DatabaseError, msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
Exemple #21
0
 def check_header(self, *args):
     poc_name = getattr(self, "name")
     headers = getattr(self, "headers")
     if field.lower() not in map(str.lower, headers.keys()):
         errMsg = "poc: %s need headers \"%s\"" % (poc_name, field)
         logger.log(CUSTOM_LOGGING.ERROR, errMsg)
         return
     return function(self, *args)
Exemple #22
0
 def check_param(self, *args):
     poc_name = getattr(self, "name")
     params = getattr(self, "params")
     if field not in params:
         errMsg = "poc: %s need params \"%s\"" % (poc_name, field)
         logger.log(CUSTOM_LOGGING.ERROR, errMsg)
         return
     return function(self, *args)
Exemple #23
0
 def execute(self, query):
     try:
         self.cursor = self.connector.execute(query)
     except (_sqlalchemy.exc.OperationalError, _sqlalchemy.exc.ProgrammingError), msg:
         logger.log(
             logging.WARN if conf.dbmsHandler else logging.DEBUG,
             "(remote) %s" % msg.message if hasattr(msg, "message") else msg,
         )
Exemple #24
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(utf8encode(query))
            retVal = True
        except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " "))
Exemple #25
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(query)
            retVal = True
        except Exception, msg: #todo fix with specific error
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
Exemple #26
0
 def run(self):
     try:
         self.result = func(*args, **kwargs)
         self.timeout_state = TIMEOUT_STATE.NORMAL
     except Exception as ex:
         logger.log(CUSTOM_LOGGING.TRAFFIC_IN, ex)
         self.result = default
         self.timeout_state = TIMEOUT_STATE.EXCEPTION
    def execute(self, query):
        try:
            self.cursor.execute(query)
        except (pyodbc.OperationalError, pyodbc.ProgrammingError) as msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
        except pyodbc.Error as msg:
            raise SqlmapConnectionException(msg[1])

        self.connector.commit()
 def fetchall(self):
     try:
         retVal = []
         for row in self.cursor.fetchall():
             retVal.append(tuple(row))
         return retVal
     except _sqlalchemy.exc.ProgrammingError, msg:
         logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
         return None
Exemple #29
0
    def execute(self, query):
        try:
            self.cursor.execute(query)
        except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError) as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))
        except ibm_db_dbi.InternalError as ex:
            raise SqlmapConnectionException(getSafeExString(ex))

        self.connector.commit()
Exemple #30
0
 def execute(self, query):
     try:
         self.cursor = self.connector.execute(query)
     except (_sqlalchemy.exc.OperationalError,
             _sqlalchemy.exc.ProgrammingError), msg:
         logger.log(
             logging.WARN if conf.dbmsHandler else logging.DEBUG,
             "(remote) %s" %
             msg.message if hasattr(msg, "message") else msg)
Exemple #31
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(utf8encode(query))
            retVal = True
        except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG,
                       "(remote) %s" % str(msg).replace("\n", " "))
Exemple #32
0
    def execute(self, query):
        try:
            self.cursor.execute(query)
        except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError) as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(ex))
        except ibm_db_dbi.InternalError as ex:
            raise SqlmapConnectionException(getSafeExString(ex))

        self.connector.commit()
Exemple #33
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(query)
            retVal = True
        except (pymysql.OperationalError, pymysql.ProgrammingError), msg:
            logger.log(logging.WARNING if conf.dbmsHandler else logging.DEBUG,
                       "(remote) %s" % msg[1])
Exemple #34
0
 def fetchall(self):
     try:
         retVal = []
         for row in self.cursor.fetchall():
             retVal.append(tuple(row))
         return retVal
     except _sqlalchemy.exc.ProgrammingError, msg:
         logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg.message if hasattr(msg, "message") else msg)
         return None
Exemple #35
0
def _initModule(args):
    if not args.m:
        msg = 'Use -m to select a module name. Example: -m spider'
        sys.exit(logger.log(CUSTOM_LOGGING.ERROR, msg))
    if args.m and not os.path.isfile(os.path.join(paths.MODULES_PATH, args.m + ".py")):
        msg = 'module not exist. Use --show to view all available module names.'
        sys.exit(logger.log(CUSTOM_LOGGING.ERROR, msg))
    conf.MODULE_NAME = args.m
    conf.MODULE_FILE_PATH = os.path.join(paths.MODULES_PATH, conf.MODULE_NAME + ".py")
Exemple #36
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(utf8encode(query))
            retVal = True
        except cx_Oracle.DatabaseError, msg:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG,
                       "(remote) %s" % msg)
Exemple #37
0
    def execute(self, query):
        try:
            self.cursor.execute(query)
        except kinterbasdb.OperationalError as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(ex))
        except kinterbasdb.Error as ex:
            raise SqlmapConnectionException(getSafeExString(ex))

        self.connector.commit()
Exemple #38
0
def direct(query, content=True):
    select = True
    query = agent.payloadDirect(query)
    query = agent.adjustLateValues(query)
    threadData = getCurrentThreadData()

    if Backend.isDbms(DBMS.ORACLE) and query.upper().startswith("SELECT ") and " FROM " not in query.upper():
        query = "%s FROM DUAL" % query

    for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
        for sqlStatement in sqlStatements:
            if query.lower().startswith(sqlStatement) and sqlTitle != "SQL SELECT statement":
                select = False
                break

    if select:
        if re.search(r"(?i)\ASELECT ", query) is None:
            query = "SELECT %s" % query

        if conf.binaryFields:
            for field in conf.binaryFields:
                field = field.strip()
                if re.search(r"\b%s\b" % re.escape(field), query):
                    query = re.sub(r"\b%s\b" % re.escape(field), agent.hexConvertField(field), query)

    logger.log(CUSTOM_LOGGING.PAYLOAD, query)

    output = hashDBRetrieve(query, True, True)
    start = time.time()

    if not select and re.search(r"(?i)\bEXEC ", query) is None:
        timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
    elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query):
        output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
        if state == TIMEOUT_STATE.NORMAL:
            hashDBWrite(query, output, True)
        elif state == TIMEOUT_STATE.TIMEOUT:
            conf.dbmsConnector.close()
            conf.dbmsConnector.connect()
    elif output:
        infoMsg = "resumed: %s..." % getUnicode(output, UNICODE_ENCODING)[:20]
        logger.info(infoMsg)

    threadData.lastQueryDuration = calculateDeltaSeconds(start)

    if not output:
        return output
    elif content:
        if output and isListLike(output):
            if len(output[0]) == 1:
                output = [_[0] for _ in output]

        retVal = getUnicode(output, noneToNull=True)
        return safecharencode(retVal) if kb.safeCharEncode else retVal
    else:
        return extractExpectedValue(output, EXPECTED.BOOL)
Exemple #39
0
 def execute(self, query):
     try:
         self.cursor = self.connector.execute(query)
     except (_sqlalchemy.exc.OperationalError,
             _sqlalchemy.exc.ProgrammingError) as ex:
         logger.log(
             logging.WARN if conf.dbmsHandler else logging.DEBUG,
             "(remote) %s" % ex.message if hasattr(ex, "message") else ex)
     except _sqlalchemy.exc.InternalError as ex:
         raise SqlmapConnectionException(ex[1])
Exemple #40
0
    def execute(self, query):
        try:
            self.cursor.execute(query)
        except kinterbasdb.OperationalError as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG,
                       "(remote) %s" % getSafeExString(ex))
        except kinterbasdb.Error as ex:
            raise SqlmapConnectionException(getSafeExString(ex))

        self.connector.commit()
Exemple #41
0
def urlDecode(url):
    url = url.strip()
    try:
        url = str(url)
    except Exception, ex:
        logger.log(CUSTOM_LOGGING.ERROR, ex)
        try:
            url = url.encode('utf-8')
        except Exception, ex:
            logger.log(CUSTOM_LOGGING.ERROR, ex)
Exemple #42
0
def _initModule(args):
    if not args.m:
        msg = 'Use -m to select a module name. Example: -m spider'
        sys.exit(logger.log(CUSTOM_LOGGING.ERROR, msg))
    if args.m and not os.path.isfile("./module/" + args.m + ".py"):
        msg = 'module not exist. Use --show to view all available module names.'
        sys.exit(logger.log(CUSTOM_LOGGING.ERROR, msg))
    conf.MODULE_NAME = args.m
    conf.MODULE_FILE_PATH = os.path.join(paths.MODULES_PATH,
                                         conf.MODULE_NAME + ".py")
Exemple #43
0
    def execute(self, query):
        try:
            self.cursor.execute(getText(query))
        except self.__sqlite.OperationalError as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG,
                       "(remote) '%s'" % getSafeExString(ex))
        except self.__sqlite.DatabaseError as ex:
            raise SqlmapConnectionException(getSafeExString(ex))

        self.connector.commit()
Exemple #44
0
def exceptionHandledFunction(threadFunction):
    try:
        threadFunction()
    except KeyboardInterrupt:
        kb.threadContinue = False
        kb.threadException = True
        raise
    except Exception, errMsg:
        # thread is just going to be silently killed
        logger.log(CUSTOM_LOGGING.ERROR, "thread %s: %s" % (threading.currentThread().getName(), errMsg))
Exemple #45
0
def get_random_agent(path=paths.UA_LIST_PATH):
    if not th.has_key("UA_LIST"):
        _init_UAlist(path)
    try:
        return random.sample(th.UA_LIST, 1)[0]
    except IOError, e:
        warnMsg = "unable to read HTTP User-Agent header "
        warnMsg += "file '%s'" % path
        logger.log(CUSTOM_LOGGING.WARNING, warnMsg)
        return
Exemple #46
0
 def check_type(self, *args):
     poc_name = getattr(self, "name")
     require_type = getattr(self, type)
     fields = [field] if isinstance(field, basestring) else field
     for _ in fields:
         if (not require_type) or (_.lower() not in map(
                 str.lower, require_type.keys())):
             errMsg = "poc: %s need %s \"%s\"" % (poc_name, type, _)
             logger.log(CUSTOM_LOGGING.ERROR, errMsg)
             return
     return function(self, *args)
Exemple #47
0
    def run(self):
        try:
            poc = kb.registeredPocs[self.moduleName]
            result = poc.execute(self.target, headers=conf.httpHeaders, mode=self.mode, params=self.params)
            output = (self.target, self.pocName, result.vulID, result.appName, result.appVersion, (1, "success") if result.is_success() else result.error, time.strftime("%Y-%m-%d %X", time.localtime()), str(result.result))

            if self.delmodule:
                delModule(self.moduleName)
            return output
        except Exception, ex:
            logger.log(CUSTOM_LOGGING.ERROR, ex)
Exemple #48
0
 def fetchall(self):
     try:
         retVal = []
         for row in self.cursor.fetchall():
             retVal.append(tuple(row))
         return retVal
     except _sqlalchemy.exc.ProgrammingError as ex:
         logger.log(
             logging.WARN if conf.dbmsHandler else logging.DEBUG,
             "(remote) %s" % ex.message if hasattr(ex, "message") else ex)
         return None
Exemple #49
0
def runZoomEyeApi():
    logger.log(CUSTOM_LOGGING.SYSINFO, 'Enable ZoomEye API.')
    anslist = dorkSearch(query=conf.zoomeye_dork, type=conf.zoomeye_search_type, page=conf.zoomeye_max_page)
    tmpIpFile = os.path.join(conf.ZOOMEYE_OUTPUT_PATH, '%s_%s.txt' % (
        conf.zoomeye_dork.replace(':', '-').replace(' ', '-').strip(), time.strftime('%Y_%m_%d_%H_%M_%S')))
    with open(tmpIpFile, 'w') as fp:
        for each in anslist:
            if isinstance(each, list):
                each = each[0]
            fp.write(each + '\n')
    return tmpIpFile
Exemple #50
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(getBytes(query))
            retVal = True
        except (pymssql.OperationalError, pymssql.ProgrammingError) as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex).replace("\n", " "))
        except pymssql.InternalError as ex:
            raise SqlmapConnectionException(getSafeExString(ex))

        return retVal
Exemple #51
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(query)
            retVal = True
        except Exception as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))

        self.connector.commit()

        return retVal
Exemple #52
0
def _init_UAlist(path):
    infoMsg = "loading HTTP User-Agent header(s) from "
    infoMsg += "file '%s'" % path
    logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)

    # TODO 此处 conf.RANDOM_UA 在其他地方暂时没有用到
    conf.RANDOM_UA = True
    th.UA_LIST = getFileItems(path)

    successMsg = "Total: %d" % len(th.UA_LIST)
    logger.log(CUSTOM_LOGGING.SUCCESS, successMsg)
    debugPause()
Exemple #53
0
def openerHeaders(op):
    headers = {}
    try:
        assert isinstance(op, urllib2.OpenerDirector)
        _ = op.addheaders
        for pair in _:
            # pair_copy = [part for part in pair]
            headers.update({pair[0]: pair[1]})
    except:
        errMsg = 'unable to fetch headers from given opener'
        logger.log(CUSTOM_LOGGING.ERROR, errMsg)
    return headers
Exemple #54
0
def writeBinary(fileName, content, encoding='utf8'):
    """
    write file with given fileName and encoding
    """
    try:
        fp = codecs.open(fileName, mode='wb+', encoding=encoding)
        fp.write(content)
        fp.close()
        logger.log(CUSTOM_LOGGING.SYSINFO,
                   '"%s" write to Text file "%s"' % (content, fileName))
    except Exception as e:
        logger.log(CUSTOM_LOGGING.WARNING, e)
Exemple #55
0
def direct(query, content=True):
    select = True
    query = agent.payloadDirect(query)
    query = agent.adjustLateValues(query)
    threadData = getCurrentThreadData()

    if Backend.isDbms(DBMS.ORACLE) and query.upper().startswith(
            "SELECT ") and " FROM " not in query.upper():
        query = "%s FROM DUAL" % query

    for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
        for sqlStatement in sqlStatements:
            if query.lower().startswith(
                    sqlStatement) and sqlTitle != "SQL SELECT statement":
                select = False
                break

    if select and not query.upper().startswith("SELECT "):
        query = "SELECT %s" % query

    logger.log(CUSTOM_LOGGING.PAYLOAD, query)

    output = hashDBRetrieve(query, True, True)
    start = time.time()

    if not select and "EXEC " not in query.upper():
        _ = timeout(func=conf.dbmsConnector.execute,
                    args=(query, ),
                    duration=conf.timeout,
                    default=None)
    elif not (output and "sqlmapoutput" not in query
              and "sqlmapfile" not in query):
        output = timeout(func=conf.dbmsConnector.select,
                         args=(query, ),
                         duration=conf.timeout,
                         default=None)
        hashDBWrite(query, output, True)
    elif output:
        infoMsg = "resumed: %s..." % getUnicode(output, UNICODE_ENCODING)[:20]
        logger.info(infoMsg)
    threadData.lastQueryDuration = calculateDeltaSeconds(start)

    if not output:
        return output
    elif content:
        if output and isListLike(output):
            if len(output[0]) == 1:
                output = [_[0] for _ in output]

        retVal = getUnicode(output, noneToNull=True)
        return safecharencode(retVal) if kb.safeCharEncode else retVal
    else:
        return extractExpectedValue(output, EXPECTED.BOOL)
Exemple #56
0
 def run(self):
     self.start_time = time.time()
     msg = 'Set the number of concurrent: %d' % self.threads_num
     logger.log(CUSTOM_LOGGING.SUCCESS, msg)
     while self.queue.qsize() > 0 and self.is_continue:
         gevent.joinall([gevent.spawn(self._scan) for i in xrange(0, self.threads_num) if
                         self.queue.qsize() > 0])
     if self.found_single:
         msg = "[single-mode] found!"
         sys.stdout.write('\n')
         sys.stdout.flush()
         logger.log(CUSTOM_LOGGING.SYSINFO, msg)
Exemple #57
0
def initOptions(args):
    if '--debug' in sys.argv:  # cannot use dataToStdout before init
        infoMsg = '---args---\n%s' % args
        logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)
    _checkCNhelp(args)
    _checkUpdate(args)
    _checkShow(args)
    _initEngine(args)
    _initModule(args)
    _initTargetMode(args)
    _initOutput(args)
    _initSafeOptions(args)
Exemple #58
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor.execute(utf8encode(query))
            retVal = True
        except cx_Oracle.DatabaseError as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex))

        self.connector.commit()

        return retVal
Exemple #59
0
    def execute(self, query):
        retVal = False

        try:
            self.cursor = self.connector.execute(query)
            retVal = True
        except (_sqlalchemy.exc.OperationalError, _sqlalchemy.exc.ProgrammingError) as ex:
            logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(ex))
        except _sqlalchemy.exc.InternalError as ex:
            raise SqlmapConnectionException(getSafeExString(ex))

        return retVal
Exemple #60
0
def loadText(fileName, encoding='utf8'):
    """
    read file with given fileName and encoding
    """
    try:
        fp = codecs.open(fileName, mode='r', encoding=encoding)
        content = fp.readlines()
        fp.close()
        logger.log(CUSTOM_LOGGING.SYSINFO,
                   'return file "%s" content .' % fileName)
        return content
    except Exception as e:
        logger.log(CUSTOM_LOGGING.WARNING, e)