def resourceInfo(self):
req = requests.get('http://api.zoomeye.org/resources-info', headers=self.headers, )
content = json.loads(req.content)
if 'plan' in content:
self.plan = content['plan']
self.resources['web-search'] = content['resources']['web-search']
self.resources['host-search'] = content['resources']['host-search']
return True
return False
def search(self, dork, page=1, resource='web'):
req = requests.get(
'http://api.zoomeye.org/{}/search?query="{}"&page={}&facet=app,os'.format(resource, urllib.quote(dork), page + 1),
headers=self.headers
)
content = json.loads(req.content)
if 'matches' in content:
return [match['ip'] for match in content['matches']]
else:
return []
def _executeVerify(pocInfo, targetJson, targetUrl, mode):
url, startTime = parseTargetUrl(targetUrl), time.time()
step, method, path, params, headers, match, status_code = initilizeJson(targetJson)
if (targetUrl + pocInfo['vulID']) not in resultJson:
resultJson[targetUrl + pocInfo['vulID']] = {}
resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {'URL': url, 'Postdata': params, 'Path': path}
try:
if method == 'get':
r = req.get('%s/%s' % (url, path), params=params, headers=headers)
else:
r = req.post('%s/%s' % (url, path), data=params, headers=headers)
except Exception, ex:
logger.log(CUSTOM_LOGGING.ERROR, str(ex))
return False
def _executeVerify(pocInfo, targetJson, targetUrl, mode):
url, startTime = parseTargetUrl(targetUrl), time.time()
step, method, path, params, headers, match, status_code = initilizeJson(
targetJson)
if (targetUrl + pocInfo['vulID']) not in resultJson:
resultJson[targetUrl + pocInfo['vulID']] = {}
resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {
'URL': url,
'Postdata': params,
'Path': path
}
try:
if method == 'get':
r = req.get('%s/%s' % (url, path), params=params, headers=headers)
else:
r = req.post('%s/%s' % (url, path), data=params, headers=headers)
except Exception, ex:
logger.log(CUSTOM_LOGGING.ERROR, str(ex))
return False
def seek(self, keyword):
req = requests.get('https://www.seebug.org/api/user/poc_list?q=%s' % keyword, headers=self.headers, )
self.pocs = ast.literal_eval(req.content)
return '%s purchased poc related to keyword "%s"' % (len(self.pocs), keyword)
def static(self):
req = requests.get('https://www.seebug.org/api/user/poc_list', headers=self.headers, )
self.stats = ast.literal_eval(req.content)
if 'detail' in self.stats:
return False
return 'According to record total %s PoC purchased' % len(self.stats)
def retrieve(self, ID):
req = requests.get('https://www.seebug.org/api/user/poc_detail?id=%s' % ID, headers=self.headers, )
return ast.literal_eval(req.content)
def _attack(self):
response = req.get(self.url, timeout=10, headers={'123': '23'})
print self.url
return self.parse_attack(response)
def _attack(self):
response = req.get(self.url)
return self.parse_attack(response)
def _attack(self):
response = req.get(self.url,
headers={"referer": '123123321'},
timeout=10)
return self.parse_attack(response)
def _attack(self):
response = req.get(self.url, headers={"referer": '123123321'}, timeout=10)
return self.parse_attack(response)
