def set_es_conn():
if db_set.get("es_open"):
try:
client = connections.create_connection(
hosts=db_set.get("es_addr"),
http_auth=db_set.get("es_auth"),
timeout=10)
info = client.info()
if "You Know, for Search" in str(info):
if int(info.get("version").get("number").replace(".",
"")) > 700:
logger.info("Success connect es : {}".format(
db_set.get("es_addr")))
others.es_conn = client
set_httpinfo()
else:
logger.warning("Your es version should be > 7.0.0")
sys.exit()
except Exception as ex:
logger.warning(
"es conn get error :{} , will exit program".format(ex))
logger.warning(
"if you don't want to use elasticsearch .please config 'es_open':False, in config.py"
.format(ex))
sys.exit()
def http_md5(self, dictdata):
'''
return bool
'''
method = dictdata.get("request").get("method")
name, value = self.getallargs(dictdata)
if db_set.get("es_uniq"):
hashstr = getmd5(
"{protocol}-{host}-{port}-{method}-{path}-{argsname}".format(argsname="".join(name),
method=method,
**dictdata.get("url")))
else:
hashstr = getmd5(
"{protocol}-{host}-{port}-{method}-{path}-{argsname}-{value}".format(
argsname="".join(name), value="".join(value),
method=method,
**dictdata.get("url")))
return hashstr
def init_options():
# 打补丁
pathch_urlencode()
cmd_line_options.update(cmd_line_parser().__dict__)
# 判断banner
if cmd_line_options.show_version:
print(banner())
sys.exit()
print(banner())
# 判断check-reveres
if cmd_line_options.check_reverse:
check_reverse()
sys.exit()
if cmd_line_options.command == "reverse":
return
# 此处需要改进,添加判读,容错,和sock代理等
if cmd_line_options.proxy:
host_port = cmd_line_options.proxy
cmd_line_options.proxy = {"http": "http://{}".format(host_port),
"https": "https://{}".format(host_port),
}
else:
cmd_line_options.proxy = {}
if cmd_line_options.verbose == 0:
logger.logger.setLevel(logging.DEBUG)
elif cmd_line_options.verbose == 1:
logger.logger.setLevel(logging.INFO)
elif cmd_line_options.verbose == 2:
logger.logger.setLevel(logging.WARNING)
elif cmd_line_options.verbose == 3:
logger.logger.setLevel(logging.CRITICAL)
# 验证DNS_Servers,添加到全局变量
if db_set.get("es_open"):
servers = find_dns_server().find_dnsservers()
logger.info("Found dns_servers:{}".format(servers))
if servers == []:
logger.warning("Not Found dns_servers, Check your Networks or edit data/common/dns_servers.txt")
sys.exit()
others.dns_servers = servers
# 处理html-output
logger.info("Vuln results will output to: {}".format(cmd_line_options.html_output))
cmd_line_options.allow_poc = []
cmd_line_options.allow_plugin = {}
cmd_line_options.pocs_perfile = []
cmd_line_options.pocs_perfoler = []
cmd_line_options.pocs_perscheme = []
cmd_line_options.pocs_perserver = []
cmd_line_options.pocs_load_moudle = {
"perfile": {},
"perfolder": {},
"perscheme": {},
"perserver": {}
}
poc_keys = {
"perfile": cmd_line_options.pocs_perfile,
"perfolder": cmd_line_options.pocs_perfoler,
"perscheme": cmd_line_options.pocs_perscheme,
"perserver": cmd_line_options.pocs_perserver
}
if cmd_line_options.command == "webscan":
cmd_line_options.poc_folders = ["perfile", "perfolder", "perscheme"]
if cmd_line_options.command == "hostscan":
cmd_line_options.poc_folders = ["perserver"]
if "all" not in cmd_line_options.disable:
if cmd_line_options.disable:
cmd_line_options.enable = None
for _dir in cmd_line_options.poc_folders:
# old way
# path_dir = os.path.join(paths.MYSCAN_POCS_PATH, _dir)
# exists_poc_with_ext = list(
# filter(lambda x: not x.startswith("__"), os.listdir(path_dir)))
# temp = copy.deepcopy(exists_poc_with_ext)
# for disable in cmd_line_options.disable:
# for poc in exists_poc_with_ext:
# if disable in poc and poc in temp:
# temp.remove(poc)
# for x in temp:
# poc_keys.get(_dir).append(os.path.join(path_dir, x))
# new way to get subdir
for root, dirs, files in os.walk(os.path.join(paths.MYSCAN_POCS_PATH, _dir)):
for file in files:
if file.endswith(".py") and not file.startswith("__"):
if not any([disable in file for disable in cmd_line_options.disable]):
poc_keys.get(_dir).append(os.path.abspath(os.path.join(root, file)))
else:
for _dir in cmd_line_options.poc_folders:
# path_dir = os.path.join(paths.MYSCAN_POCS_PATH, _dir)
# exists_poc_with_ext = list(
# filter(lambda x: (not x.startswith("__") and x.endswith(".py")),
# os.listdir(path_dir)))
# if "*" == cmd_line_options.enable:
# for poc in exists_poc_with_ext:
# poc_keys.get(_dir).append(os.path.join(path_dir, poc))
# else:
# for disable in cmd_line_options.enable:
# for poc in exists_poc_with_ext:
# if disable in poc:
# poc_keys.get(_dir).append(os.path.join(path_dir, poc))
for root, dirs, files in os.walk(os.path.join(paths.MYSCAN_POCS_PATH, _dir)):
for file in files:
if file.endswith(".py") and not file.startswith("__"):
if not cmd_line_options.enable:
poc_keys.get(_dir).append(os.path.abspath(os.path.join(root, file)))
else:
if any([enable in file for enable in cmd_line_options.enable]):
poc_keys.get(_dir).append(os.path.abspath(os.path.join(root, file)))
#
# for enable in cmd_line_options.enable:
# if enable in file:
# poc_keys.get(_dir).append(os.path.abspath(os.path.join(root, file)))
for _dir in cmd_line_options.poc_folders:
logger.debug("{} total: {} pocs".format(_dir.capitalize(), len(list(set(poc_keys.get(_dir))))))
for poc in list(set(poc_keys.get(_dir))):
logger.info("Load Pocs:{}".format(poc))
cmd_line_options.pocs_load_moudle[_dir][hash(poc)] = {
"poc": poc,
"class": load_file_to_module(poc)
}
if cmd_line_options.command == "webscan":
if not (cmd_line_options.pocs_perfile or cmd_line_options.pocs_perfoler or cmd_line_options.pocs_perscheme):
logger.warning("No Pocs ,please use --enable un_auth sqli")
sys.exit()
if cmd_line_options.command == "hostscan":
if not cmd_line_options.pocs_perserver:
logger.warning("No Pocs ,please use --enable brute ms17010")
sys.exit()
else:
logger.warning("No Pocs Load!")
# languages 插件参数处理
plugins_dir = os.path.join(paths.MYSCAN_PLUGINS_PATH, cmd_line_options.command)
exists_poc_with_ext = list(
filter(lambda x: not x.startswith("__"), os.listdir(plugins_dir)))
if cmd_line_options.plugins:
for openplugin in list(set(cmd_line_options.plugins)):
for plugin in exists_poc_with_ext:
if openplugin in plugin:
plugin_path = os.path.join(plugins_dir, plugin)
logger.info("Load Plugin:{}".format(plugin_path))
cmd_line_options.allow_plugin[hash(plugin_path)] = {
"poc": plugin_path,
"class": load_file_to_module(plugin_path)
}
if len(cmd_line_options.allow_plugin) == 0:
logger.warning("No Plugins Load!")
total_poc = 0
for x in cmd_line_options.pocs_load_moudle.values():
total_poc += len(x)
others.total_pocs=total_poc
if total_poc == 0 and len(cmd_line_options.allow_plugin) == 0:
logger.warning("No Plugins Pocs Load! Check your arguments ,Program will exit")
sys.exit()
# 处理ssti全局变量
importssti()
# 需要注册一下需要urlpath的插件
poc1 = os.path.join(paths.MYSCAN_POCS_PATH, "perfolder", "info", "myscan_dirscan.py")
if poc1 in cmd_line_options.pocs_perfoler:
get_dict()
# 打补丁
# patch_banner_timeout() #好像没用
ipv6_patch()
# 配置连接
set_es_conn()
# 配置dishost host
if cmd_line_options.host:
cmd_line_options.dishost = []