def launch(self): sem = Semaphore(0) try: scanner = VulnscanManager(config.omp_ip, config.omp_user, config.omp_password) task_id, target_id = scanner.launch_scan(target='https://log.cmbchina.com', profile="Full and fast", callback_end=partial(lambda x: x.release(), sem) ) print task_id, target_id sem.acquire() print("finished") report_id = scanner.get_report_id(task_id) self.result_name = task_id + '.csv' cmd = 'omp --get-report ' + report_id + ' --format ' + data.format_csv + ' > ' + self.result_name Utils.cmd_block(self.client, cmd) Utils.sftp_get(config.server_ip, config.port, config.server_user, config.server_password, self.result_name, './temp/server/'+self.result_name) except VulnscanException as e: print("Error:") print(e)
def openvas_start(self): cmd = "sudo service openvas-scanner restart" out = Utils.cmd_block(self.client, cmd).split("\n") print "1", out cmd = "sudo service openvas-manager restart" out = Utils.cmd_block(self.client, cmd).split("\n") print "2", out cmd = "sudo openvasmd --rebuild --progress" out = Utils.cmd_block(self.client, cmd).split("\n") print "3", out
def creat_target(self): cmd = 'omp -X "<create_target><name>' + self.target_name + '</name><hosts>' + self.ip + '</hosts></create_target>"' out = Utils.cmd_block(self.client, cmd).split("\n") print "4", out[0] status = ET.fromstring(out[0]).attrib['status'] print status if status == "400": cmd = "omp -T | grep " + self.target_name out = Utils.cmd_block(self.client, cmd).split("\n") self.target_id = out[0].split(" ")[0] if status == "201": self.target_id = ET.fromstring(out[0]).attrib['id'] print self.target_id
def crashed(self): cmd = 'find {} -type f | grep {}'.format(data.crash_report_folder, self.app) if Utils.cmd_block(data.client, cmd).split("\n")[0]: return True else: return False
def get_files(): files = [] dirs = [data.metadata['bundle_directory'], data.metadata['data_directory']] dirs_str = ' '.join(dirs) cmd = '{bin} {dirs_str} -type f -name "*.sqlite"'.format( bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str) temp = Utils.cmd_block(data.client, cmd).split("\n") cmd = '{bin} {dirs_str} -type f -name "*.db"'.format( bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str) temp.extend(Utils.cmd_block(data.client, cmd).split("\n")) for db in temp: if db != '': files.append(db) return files
def __run_otool(self, query, grep=None): """Run otool against a specific architecture.""" cmd = '{bin} {query} {app}'.format(bin=data.DEVICE_TOOLS['OTOOL'], query=query, app=data.metadata['binary_path']) if grep: cmd = '%s | grep -Ei "%s"' % (cmd, grep) out = Utils.cmd_block(self.client, cmd).split("\n") return out
def parse_plist(self, plist): """Given a plist file, copy it to temp folder, convert it to XML, and run plutil on it.""" # Copy the plist plist_temp = self.build_temp_path_for_file(plist.strip("'")) plist_copy = Utils.escape_path(plist_temp) self.file_copy(plist, plist_copy) # Convert to xml cmd = '{plutil} -convert xml1 {plist}'.format( plutil=data.DEVICE_TOOLS['PLUTIL'], plist=plist_copy) Utils.cmd_block(self.client, cmd) # Cat the content cmd = 'cat {}'.format(plist_copy) out = Utils.cmd_block(self.client, cmd) # Parse it with plistlib out = str(''.join(out).encode('utf-8')) pl = plistlib.readPlistFromString(out) return pl
def dump_binary(): target_doc_path = data.metadata['data_directory'] + '/Documents' target_doc_file = target_doc_path + '/dumpdecrypted.dylib' Utils.sftp_put(ip=config.mobile_ip, port=config.ssh_port, username=config.mobile_user, password=config.mobile_password, remote_path=target_doc_file, local_file='./tools/dumpdecrypted.dylib') target_bin_path = data.metadata['binary_path'] dump_cmd = 'DYLD_INSERT_LIBRARIES={} {}'.format(target_doc_file, target_bin_path) Utils.cmd_block(data.client, dump_cmd) # get decrypted file from iphone remote_file = './{}.decrypted'.format(data.metadata['binary_name']) data.static_file_path = bin_get.via_sftp(remote_file)
def clutch(): client = data.client clutch_i = Utils.cmd_block(client, 'clutch -i') pat = re.compile(r'.+<(.+)>') clutch_app_id = -1 for line in clutch_i.split('\n'): # print line m = pat.match(line) if m: if m.group(1) == data.app_bundleID: clutch_app_id = int(line[0]) if clutch_app_id != -1: clutch_success = False print 'the application is encrypted, and use clutch to decrypt' # clean the decrypted ipas already done by clutch cmd = 'rm /private/var/mobile/Documents/Dumped/*.ipa' Utils.cmd_block(client, cmd) # Only dump binary files from the specified bundleID cmd = 'clutch -b ' + str(clutch_app_id) out = Utils.cmd_block(client, cmd) pat = re.compile(r'.+Finished.+to (.+)\[0m') for line in out.split('\n'): m = pat.match(line) if m: clutch_success = True # print m.group(1) source = '{path}/{bundle_id}/{binary}'.format( path=m.group(1), bundle_id=data.metadata['bundle_id'], binary=data.metadata['binary_name']) data.static_file_path = bin_get.via_sftp(source) if not clutch_success: Utils.printy( 'Failed to clutch! Try to dump the decrypted app into a file. ', 2) DumpDecrypted.dump_binary() else: # print 'the application is not encrypted' data.static_file_path = bin_get.via_sftp(data.metadata['binary_path'])
def _detect_architectures(self, binary): """Use lipo to detect supported architectures.""" # Run lipo cmd = '{lipo} -info {binary}'.format(lipo=data.DEVICE_TOOLS['LIPO'], binary=binary) out = Utils.cmd_block(self.client, cmd) # Parse output msg = out.strip() res = msg.rsplit(': ')[-1].split(' ') return res
def get_files(self): files = [] dirs = [data.metadata['bundle_directory'], data.metadata['data_directory']] dirs_str = ' '.join(dirs) cmd = '{bin} {dirs_str} -type f -name "*.plist"'.format(bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str) temp = Utils.cmd_block(self.client, cmd).split("\n") for f in temp: if f != '': files.append(f) return files
def dump(self): cmd = './keychain_dumper' out = Utils.cmd_block(self.client, cmd) lines = out.split('\n') for line in lines: if line.startswith('Keychain Data:') and not '(null)' in line: content = line[15:] if content: self.all_keychain_values.append(content) self.filter() Utils.printy_result('Keychain Dump', 1) return self.results
def get(self): cmd = '{bin} -L {app}'.format(bin=data.DEVICE_TOOLS['OTOOL'], app=data.metadata['binary_path']) out = Utils.cmd_block(self.client, cmd).split("\n") if out: try: data.shared_lib = out print "--------------------shared_library-------------------" for l in out: print l return True except AttributeError: return False else: return False
def get(self): cmd = '{bin} -L {app}'.format(bin=data.DEVICE_TOOLS['OTOOL'], app=data.metadata['binary_path']) out = Utils.cmd_block(self.client, cmd).split("\n") if out: try: del out[0] for i in out: i = i.strip('\t') if len(i) > 0: data.shared_lib.append(i) # print "--------------------shared_library-------------------" return True except AttributeError: return False else: return False
def get(self): # Compose cmd string dirs = [data.metadata['bundle_directory'], data.metadata['data_directory']] dirs_str = ' '.join(dirs) cmd = '{bin} {dirs_str} -type f -name "*sql*"'.format(bin=data.DEVICE_TOOLS['FIND'], dirs_str=dirs_str) out = Utils.cmd_block(self.client, cmd).split("\n") # No files found if not out: print("No SQL files found") return # Add data protection class retrieved_files = Utils.get_dataprotection(out) for file_lable in retrieved_files: print file_lable[0], "protection:", file_lable[1]
def file_copy(self, src, dst): src, dst = Utils.escape_path(src), Utils.escape_path(dst) cmd = "cp {} {}".format(src, dst) Utils.cmd_block(self.client, cmd)
def delete_old_reports(self): cmd = 'rm -f `find {} -type f | grep {}`'.format( data.crash_report_folder, self.app) Utils.cmd_block(data.client, cmd)