def launch(self):
sem = Semaphore(0)
try:
scanner = VulnscanManager(config.omp_ip, config.omp_user, config.omp_password)
task_id, target_id = scanner.launch_scan(target='https://log.cmbchina.com',
profile="Full and fast",
callback_end=partial(lambda x: x.release(), sem)
)
print task_id, target_id
sem.acquire()
print("finished")
report_id = scanner.get_report_id(task_id)
self.result_name = task_id + '.csv'
cmd = 'omp --get-report ' + report_id + ' --format ' + data.format_csv + ' > ' + self.result_name
Utils.cmd_block(self.client, cmd)
Utils.sftp_get(config.server_ip,
config.port,
config.server_user,
config.server_password,
self.result_name,
'./temp/server/'+self.result_name)
except VulnscanException as e:
print("Error:")
print(e)
def openvas_start(self):
cmd = "sudo service openvas-scanner restart"
out = Utils.cmd_block(self.client, cmd).split("\n")
print "1", out
cmd = "sudo service openvas-manager restart"
out = Utils.cmd_block(self.client, cmd).split("\n")
print "2", out
cmd = "sudo openvasmd --rebuild --progress"
out = Utils.cmd_block(self.client, cmd).split("\n")
print "3", out
def creat_target(self):
cmd = 'omp -X "<create_target><name>' + self.target_name + '</name><hosts>' + self.ip + '</hosts></create_target>"'
out = Utils.cmd_block(self.client, cmd).split("\n")
print "4", out[0]
status = ET.fromstring(out[0]).attrib['status']
print status
if status == "400":
cmd = "omp -T | grep " + self.target_name
out = Utils.cmd_block(self.client, cmd).split("\n")
self.target_id = out[0].split(" ")[0]
if status == "201":
self.target_id = ET.fromstring(out[0]).attrib['id']
print self.target_id
def crashed(self):
cmd = 'find {} -type f | grep {}'.format(data.crash_report_folder,
self.app)
if Utils.cmd_block(data.client, cmd).split("\n")[0]:
return True
else:
return False
def get_files():
files = []
dirs = [data.metadata['bundle_directory'], data.metadata['data_directory']]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*.sqlite"'.format(
bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
temp = Utils.cmd_block(data.client, cmd).split("\n")
cmd = '{bin} {dirs_str} -type f -name "*.db"'.format(
bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
temp.extend(Utils.cmd_block(data.client, cmd).split("\n"))
for db in temp:
if db != '':
files.append(db)
return files
def __run_otool(self, query, grep=None):
"""Run otool against a specific architecture."""
cmd = '{bin} {query} {app}'.format(bin=data.DEVICE_TOOLS['OTOOL'],
query=query,
app=data.metadata['binary_path'])
if grep: cmd = '%s | grep -Ei "%s"' % (cmd, grep)
out = Utils.cmd_block(self.client, cmd).split("\n")
return out
def parse_plist(self, plist):
"""Given a plist file, copy it to temp folder, convert it to XML, and run plutil on it."""
# Copy the plist
plist_temp = self.build_temp_path_for_file(plist.strip("'"))
plist_copy = Utils.escape_path(plist_temp)
self.file_copy(plist, plist_copy)
# Convert to xml
cmd = '{plutil} -convert xml1 {plist}'.format(
plutil=data.DEVICE_TOOLS['PLUTIL'], plist=plist_copy)
Utils.cmd_block(self.client, cmd)
# Cat the content
cmd = 'cat {}'.format(plist_copy)
out = Utils.cmd_block(self.client, cmd)
# Parse it with plistlib
out = str(''.join(out).encode('utf-8'))
pl = plistlib.readPlistFromString(out)
return pl
def dump_binary():
target_doc_path = data.metadata['data_directory'] + '/Documents'
target_doc_file = target_doc_path + '/dumpdecrypted.dylib'
Utils.sftp_put(ip=config.mobile_ip,
port=config.ssh_port,
username=config.mobile_user,
password=config.mobile_password,
remote_path=target_doc_file,
local_file='./tools/dumpdecrypted.dylib')
target_bin_path = data.metadata['binary_path']
dump_cmd = 'DYLD_INSERT_LIBRARIES={} {}'.format(target_doc_file,
target_bin_path)
Utils.cmd_block(data.client, dump_cmd)
# get decrypted file from iphone
remote_file = './{}.decrypted'.format(data.metadata['binary_name'])
data.static_file_path = bin_get.via_sftp(remote_file)
def clutch():
client = data.client
clutch_i = Utils.cmd_block(client, 'clutch -i')
pat = re.compile(r'.+<(.+)>')
clutch_app_id = -1
for line in clutch_i.split('\n'):
# print line
m = pat.match(line)
if m:
if m.group(1) == data.app_bundleID:
clutch_app_id = int(line[0])
if clutch_app_id != -1:
clutch_success = False
print 'the application is encrypted, and use clutch to decrypt'
# clean the decrypted ipas already done by clutch
cmd = 'rm /private/var/mobile/Documents/Dumped/*.ipa'
Utils.cmd_block(client, cmd)
# Only dump binary files from the specified bundleID
cmd = 'clutch -b ' + str(clutch_app_id)
out = Utils.cmd_block(client, cmd)
pat = re.compile(r'.+Finished.+to (.+)\[0m')
for line in out.split('\n'):
m = pat.match(line)
if m:
clutch_success = True
# print m.group(1)
source = '{path}/{bundle_id}/{binary}'.format(
path=m.group(1),
bundle_id=data.metadata['bundle_id'],
binary=data.metadata['binary_name'])
data.static_file_path = bin_get.via_sftp(source)
if not clutch_success:
Utils.printy(
'Failed to clutch! Try to dump the decrypted app into a file. ',
2)
DumpDecrypted.dump_binary()
else:
# print 'the application is not encrypted'
data.static_file_path = bin_get.via_sftp(data.metadata['binary_path'])
def _detect_architectures(self, binary):
"""Use lipo to detect supported architectures."""
# Run lipo
cmd = '{lipo} -info {binary}'.format(lipo=data.DEVICE_TOOLS['LIPO'],
binary=binary)
out = Utils.cmd_block(self.client, cmd)
# Parse output
msg = out.strip()
res = msg.rsplit(': ')[-1].split(' ')
return res
def get_files(self):
files = []
dirs = [data.metadata['bundle_directory'], data.metadata['data_directory']]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*.plist"'.format(bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
temp = Utils.cmd_block(self.client, cmd).split("\n")
for f in temp:
if f != '':
files.append(f)
return files
def dump(self):
cmd = './keychain_dumper'
out = Utils.cmd_block(self.client, cmd)
lines = out.split('\n')
for line in lines:
if line.startswith('Keychain Data:') and not '(null)' in line:
content = line[15:]
if content:
self.all_keychain_values.append(content)
self.filter()
Utils.printy_result('Keychain Dump', 1)
return self.results
def get(self):
cmd = '{bin} -L {app}'.format(bin=data.DEVICE_TOOLS['OTOOL'],
app=data.metadata['binary_path'])
out = Utils.cmd_block(self.client, cmd).split("\n")
if out:
try:
data.shared_lib = out
print "--------------------shared_library-------------------"
for l in out:
print l
return True
except AttributeError:
return False
else:
return False
def get(self):
cmd = '{bin} -L {app}'.format(bin=data.DEVICE_TOOLS['OTOOL'],
app=data.metadata['binary_path'])
out = Utils.cmd_block(self.client, cmd).split("\n")
if out:
try:
del out[0]
for i in out:
i = i.strip('\t')
if len(i) > 0:
data.shared_lib.append(i)
# print "--------------------shared_library-------------------"
return True
except AttributeError:
return False
else:
return False
def get(self):
# Compose cmd string
dirs = [data.metadata['bundle_directory'], data.metadata['data_directory']]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*sql*"'.format(bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
out = Utils.cmd_block(self.client, cmd).split("\n")
# No files found
if not out:
print("No SQL files found")
return
# Add data protection class
retrieved_files = Utils.get_dataprotection(out)
for file_lable in retrieved_files:
print file_lable[0], "protection:", file_lable[1]
def file_copy(self, src, dst):
src, dst = Utils.escape_path(src), Utils.escape_path(dst)
cmd = "cp {} {}".format(src, dst)
Utils.cmd_block(self.client, cmd)
def delete_old_reports(self):
cmd = 'rm -f `find {} -type f | grep {}`'.format(
data.crash_report_folder, self.app)
Utils.cmd_block(data.client, cmd)
