def _scan(self, id, module, target):
data = self._init_data(id, module, target)
try:
logger.debug("Test %s:%s for %s:%s" %
(data['module_name'], self.func_name,
data['target_host'], data['target_port']))
func = getattr(module, self.func_name)
module.init = init
module.curl = curl
module.ceye_verify_api = ceye_verify_api
module.ceye_dns_api = ceye_dns_api
module.logger = logger
data = func(data)
if conf.VERBOSE or data['flag'] == 1:
if data['flag'] == 1:
self.found_count += 1
self.hashdb.insert(data)
self.hashdb.flush()
print_dic(data)
except AttributeError:
logger.error("Error %s:%s for %s:%s" %
(data['module_name'], self.func_name,
data['target_host'], data['target_port']))
self.change_error_count(1)
except KeyError as e:
logger.error(
"Missing necessary parameters: %s, please load parameters by -p. For example. -p cmd=whoami"
% e)
except Exception:
self.errmsg = traceback.format_exc()
self.is_continue = False
logger.error(self.errmsg)
pass
def show_task(args):
if args.task_show:
if os.path.isfile(paths.DATABASE_PATH):
datadase = TaskDB(paths.DATABASE_PATH)
datadase.connect()
rows = datadase.select_taskid(args.task_show)
for row in rows:
msg = "Taskid: %s, Status: %s, Value: %s" % (
row[1], row[2], unserialize_object(row[3]))
logger.sysinfo(msg)
if len(rows) == 0:
logger.error(
"The %s session is not exist! So we show all sessions as follow: "
% (args.task_show))
rows = datadase.select_all()
for row in rows:
msg = "Taskid: %s, Status: %s, Value: %s" % (
row[1], row[2], unserialize_object(row[3]))
logger.sysinfo(msg)
else:
datas = []
file = os.path.join(paths.DATA_PATH, args.task_show)
if os.path.isfile(file):
hashdb = TaskDataDB(file)
hashdb.connect()
for _row in hashdb.select_all():
data = {
"id": _row[0],
"tid": _row[1],
"flag": _row[2],
'target_host': _row[3],
'target_port': _row[4],
'url': _row[5],
'module_name': _row[6],
"req": unserialize_object(_row[7]),
"res": unserialize_object(_row[8]),
"other": unserialize_object(_row[9])
}
if conf.OUT != None:
datas.append(data)
else:
print_dic(data)
if conf.OUT != None:
output_excal(datas, conf.OUT.task_show)
else:
logger.error("The %s session_file is not exist. " %
(args.task_show))
else:
logger.error("The storage_file is not exist. ")
sys.exit()
async def do_scan(self, module: Script,target: Union[dict]) -> Iterable[dict]:
records = []
func_name = self.pm.func_name
parameter = self.pm.parameter
flag = -1
try:
poc = module.POC()
poc.initialize(target['host'], target['port'], target['url'], parameter)
func = getattr(poc, func_name)
logger.debug(
"Running %s:%s for %s:%s" % (module.__name__, func_name, poc.target_host, poc.target_port))
async with async_timeout.timeout(timeout=int(conf['basic']['timeout'])):
await func()
flag = poc.flag
if poc.url != None:
target['url'] = poc.url
except AttributeError as e:
if 'has no attribute \'POC\'' in get_safe_ex_string(e):
logger.error('Invalid POC script, Please check the script: %s' % module.__name__, )
elif '\'POC\' object has no attribute' in get_safe_ex_string(e):
logger.error('%s, Please check it in the script: %s' % (e, module.__name__))
elif 'Function is not exist.' in get_safe_ex_string(e):
logger.error(
'Function is not exist, Please check \'%s\' in the script: %s' % (
func_name, module.__name__,))
else:
self.errmsg = traceback.format_exc()
logger.error(self.errmsg)
logger.error("%s %s:%s for %s:%d" % (e, module.__name__, func_name, target['host'], target['port']))
self._error_task_count += 1
except KeyError as e:
logger.error("Missing parameters: %s, please load parameters by -p. For example. -p %s=value" % (
e, str(e).replace('\'', '')))
self._error_task_count += 1
except (ConnectionResetError, ConnectionAbortedError, TimeoutError):
flag = poc.flag
except (CancelledError, ConnectionRefusedError, OSError):
if target['status'] != None:
target['status'] -= 1
else:
target['status'] = -1
except Exception:
self._error_task_count += 1
errmsg = traceback.format_exc()
logger.error("Error for " + target['host'] + ":" + str(target['port']) + "\r\n"+ errmsg)
finally:
if conf.VERBOSE or flag >= 0:
if poc.flag >= 0:
self._find_task_count += 1
if module.__name__ == 'script.info.port_scan':
target['status'] = 5
if len(poc.res) == 0 :
poc.res = [{"info": None , "key": "port scan"}]
for res in poc.res:
target['service'] = res['info']
await self.vul_targets.put(target)
else:
target['status'] = 3
data = {
"id": target['id'],
"flag": poc.flag,
'module_name': module.__name__,
'func_name': func_name,
"name": poc.name,
'target_host': poc.target_host,
'target_port': poc.target_port,
'url': poc.url,
'base_url': poc.base_url,
'level': poc.level,
'type': poc.type,
"req": poc.req,
"res": poc.res,
"other": poc.other,
}
self.hashdb.insert(data)
self.hashdb.flush()
print_dic(data)
records.append(data)
logger.debug("Ending %s:%s for %s:%s" % (module.__name__, func_name, poc.target_host, poc.target_port))
return records
def scan(self, id, module, obj):
host, port, service, url = obj
try:
poc = module.POC()
poc.initialize(host, port, url, self.parameter)
func = getattr(poc, self.func_name)
logger.debug("Running %s:%s for %s:%s" %
(module.__name__, self.func_name, poc.target_host,
poc.target_port))
func()
logger.debug("Ending %s:%s for %s:%s" %
(module.__name__, self.func_name, poc.target_host,
poc.target_port))
if conf.VERBOSE or poc.flag >= 0:
if poc.flag >= 1:
self.change_found_count(1)
if poc.flag == 2:
if not conf[
'noportscan'] or module.__name__ != 'script.info.port_scan':
url = poc.url if poc.url != None else poc.base_url if poc.base_url != None else None
service = poc.service_type[0]
pool = self.put_queue_by_res(
id, module, host, port, service, url)
self.pools.append(pool)
data = {
"id": id,
"flag": poc.flag,
'module_name': module.__name__,
'func_name': self.func_name,
'target_host': poc.target_host,
'target_port': poc.target_port,
'url': poc.url,
'base_url': poc.base_url,
"req": poc.req,
"res": poc.res,
"other": poc.other,
}
self.hashdb.insert(data)
self.hashdb.flush()
print_dic(data)
except AttributeError as e:
if 'has no attribute \'POC\'' in get_safe_ex_string(e):
logger.error(
'Invalid POC script, Please check the script: %s' %
module.__name__, )
elif '\'POC\' object has no attribute' in get_safe_ex_string(e):
logger.error('%s, Please check it in the script: %s' %
(e, module.__name__))
elif 'Function is not exist.' in get_safe_ex_string(e):
logger.error(
'Function is not exist, Please check \'%s\' in the script: %s'
% (
self.func_name,
module.__name__,
))
else:
logger.error("%s %s:%s for %s:%d" %
(e, module.__name__, self.func_name, host, port))
self.change_error_count(1)
except KeyError as e:
logger.error(
"Missing parameters: %s, please load parameters by -p. For example. -p %s=value"
% (e, str(e).replace('\'', '')))
except Exception as e:
self.errmsg = traceback.format_exc()
self.is_continue = False
logger.error(self.errmsg)