def __init__(self, flag):
self.es = Elasticsearch('127.0.0.1:9200')
self.flag = flag
self.file = open(file_name, 'a')
self.httptools = EXPHttp()
def __init__(self,flag):
self.es = Elasticsearch('127.0.0.1:9200')
self.flag = flag
self.file = open(file_name,'a')
self.httptools = EXPHttp()
class KEYModule():
def __init__(self, flag):
self.es = Elasticsearch('127.0.0.1:9200')
self.flag = flag
self.file = open(file_name, 'a')
self.httptools = EXPHttp()
'''载入相应模块的exp对象'''
def loadExploit(self):
expfile_list = []
expobj_list = []
path = "%s/exploit/%s" % (ROOT_PATH, self.flag)
sys.path.append(path)
print path, ROOT_PATH
for x in os.walk(path):
for y in x[2]:
if str(y).endswith('pyc') or str(y).startswith('__init__'):
continue
expfile_list.append(str(y).replace('.py', ''))
for x in expfile_list:
fp, pathname, description = imp.find_module(x)
obj = imp.load_module(x, fp, pathname, description)
expobj_list.append(obj.SafecatExploit())
return expobj_list
'''语法解析功能'''
def queryParser(self, query):
tmp = query.split(' ')
meta = []
query_dict = {}
res_list = []
for x in tmp:
if x.count(':') == 0:
res_list.append(x)
else:
x = x.replace('+', ' ')
meta = x.split(':')
res_list.append({meta[0]: meta[1]})
should_list = []
must_list = []
tmp = []
for x in res_list:
if str(x).count(':') == 0:
tmp = [{
'match': {
'ip': x
}
}, {
'match': {
'country': x
}
}, {
'match': {
'city': x
}
}, {
'match': {
'domain': x
}
}, {
'match': {
'serverinfo': x
}
}, {
'match': {
'flag': x
}
}, {
'match': {
'http_response': x
}
}]
should_list.extend(tmp)
else:
must_list.append({'match': x})
query_dsl = {
'query': {
'bool': {
'should': should_list,
'must': must_list
}
},
'_source': ['domain']
}
return query_dsl
'''根据用户搜索进行exp'''
def scanByQuery(self, query):
content = ''
#数据库记录
db = DBHelper()
sql = "insert into job_status (status,path) values(%s,'%s')" % (
'0', file_name)
db.execute_ddl_sql('safecat_jobs', sql)
#生成报告头
self.exp_list = self.loadExploit()
self.file.write('domain\t\t\tattack_results\n')
query_dsl = self.queryParser(query)
query_res = self.es.search(body=query_dsl,
index='safecat',
doc_type='hostcrawler',
size=100000)
domain_list = [
x['_source']['domain'] for x in query_res['hits']['hits']
]
for target in domain_list:
target = self.httptools.get_standard_url(target)
print '[+]TargetHOST:%s' % target
for obj in self.exp_list:
res = obj.exploit(target)
if not res:
record = '%s\t\t\tFailed\n' % target
content += record
print record
else:
record = '%s\t\t\t%s\n' % (target, res)
content += record
print record
self.file.write(record)
content = content.replace('\n', ' ')
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % (
'1', content)
print sql
db.execute_ddl_sql("safecat_jobs", sql)
self.file.close()
'''攻击一个域名'''
def scanByDomain(self, domain):
#数据库记录
content = ''
db = DBHelper()
sql = "insert into job_status (status) values(%s)" % '0'
db.execute_ddl_sql('safecat_jobs', sql)
self.exp_list = self.loadExploit()
self.file.write('domain\t\tattack_results')
domain = self.httptools.get_standard_url(domain)
for obj in self.exp_list:
res = obj.exploit(domain)
if not res:
print '%s Exploit Failed:Unknown' % domain
content += '%s\tExploit\tFailed:Unknown' % domain
else:
print 'Exploit Success:%s\t\t%s' % (x, str(res))
content = '%sExploit\tSuccess:%s\t\t%s' % (domain, x, str(res))
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % (
'1', content)
print sql
db.execute_ddl_sql("safecat_jobs", sql)
class KEYModule():
def __init__(self,flag):
self.es = Elasticsearch('127.0.0.1:9200')
self.flag = flag
self.file = open(file_name,'a')
self.httptools = EXPHttp()
'''载入相应模块的exp对象'''
def loadExploit(self):
expfile_list = []
expobj_list = []
path = "%s/exploit/%s" % (ROOT_PATH,self.flag)
sys.path.append(path)
print path,ROOT_PATH
for x in os.walk(path):
for y in x[2]:
if str(y).endswith('pyc') or str(y).startswith('__init__'):
continue
expfile_list.append(str(y).replace('.py',''))
for x in expfile_list:
fp, pathname, description = imp.find_module(x)
obj = imp.load_module(x, fp, pathname, description)
expobj_list.append(obj.SafecatExploit())
return expobj_list
'''语法解析功能'''
def queryParser(self,query):
tmp = query.split(' ')
meta = []
query_dict = {}
res_list = []
for x in tmp:
if x.count(':') == 0:
res_list.append(x)
else:
x = x.replace('+',' ')
meta = x.split(':')
res_list.append({meta[0]:meta[1]})
should_list = []
must_list = []
tmp = []
for x in res_list:
if str(x).count(':') == 0:
tmp = [
{'match':{'ip':x}},
{'match':{'country':x}},
{'match':{'city':x}},
{'match':{'domain':x}},
{'match':{'serverinfo':x}},
{'match':{'flag':x}},
{'match':{'http_response':x}}
]
should_list.extend(tmp)
else:
must_list.append({'match':x})
query_dsl = {
'query':{
'bool':{
'should':should_list,
'must':must_list
}
},
'_source':['domain']
}
return query_dsl
'''根据用户搜索进行exp'''
def scanByQuery(self,query):
content = ''
#数据库记录
db = DBHelper()
sql = "insert into job_status (status,path) values(%s,'%s')" % ('0',file_name)
db.execute_ddl_sql('safecat_jobs',sql)
#生成报告头
self.exp_list = self.loadExploit()
self.file.write('domain\t\t\tattack_results\n')
query_dsl = self.queryParser(query)
query_res = self.es.search(body=query_dsl,index='safecat',doc_type='hostcrawler',size=100000)
domain_list = [ x['_source']['domain'] for x in query_res['hits']['hits'] ]
for target in domain_list:
target = self.httptools.get_standard_url(target)
print '[+]TargetHOST:%s' % target
for obj in self.exp_list:
res = obj.exploit(target)
if not res:
record = '%s\t\t\tFailed\n' % target
content += record
print record
else:
record = '%s\t\t\t%s\n' % (target,res)
content += record
print record
self.file.write(record)
content = content.replace('\n',' ')
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content)
print sql
db.execute_ddl_sql("safecat_jobs",sql)
self.file.close()
'''攻击一个域名'''
def scanByDomain(self,domain):
#数据库记录
content = ''
db = DBHelper()
sql = "insert into job_status (status) values(%s)" % '0'
db.execute_ddl_sql('safecat_jobs',sql)
self.exp_list = self.loadExploit()
self.file.write('domain\t\tattack_results')
domain = self.httptools.get_standard_url(domain)
for obj in self.exp_list:
res = obj.exploit(domain)
if not res:
print '%s Exploit Failed:Unknown' % domain
content += '%s\tExploit\tFailed:Unknown' % domain
else:
print 'Exploit Success:%s\t\t%s' % (x,str(res))
content = '%sExploit\tSuccess:%s\t\t%s' % (domain,x,str(res))
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content)
print sql
db.execute_ddl_sql("safecat_jobs",sql)
