def payloadverify(self, plug, host): '''插件验证''' #logging.info('check %s-%s-%s'%(plug.__class__,host.host,host.port)) filter = bool(self.args.get('filter', 1)) #是否需要过滤、 try: socket.setdefaulttimeout(360) if not filter or plug.filter(host): logging.info( 'filter %s-%s-%s-%s' % (plug.__class__, host.service, host.host, host.port)) for user, pwd in self.auths if plug.BRUTE else [(None, '123456')]: if user: verify = plug.verify(host, user=user, pwd=pwd) else: verify = plug.verify(host, pwd=pwd) if verify: logging.warn( 'verify %s-%s-%s-%s-%s' % (plug.__class__, host.host, host.port, user, pwd)) return self.callback_bug(plug) except Exception as e: type, value, tb = sys.exc_info() e = '\n'.join(set(traceback.format_exception(type, value, tb))) logging.error(str(e))
def scan(self): result = {} try: result = self.parse_report(self.do_scan()) except NmapParserException as e: logging.error("Exception raised while parsing scan: {0}".format( e.msg)) return result
def httpscan(self): while self.crawle.ISSTART or not self.crawle.ResQueue.empty(): try: req, res = self.crawle.ResQueue.get(block=False) req = copy.deepcopy(req) res = copy.deepcopy(res) for payload in BaseHttpPlugin.payloads(): payload.filter(self.crawle,req,res) \ and payload.verify(self.crawle,req,res) \ and self.callback_bug(payload) except queue.Empty: pass except Exception as e: logging.error(str(e))
def start(self): self.Q.task_code = 'working' self.Q.task_pid = str(os.getpid()) self.Q.save() try: self.auths = self.get_auth() self.scan() except Exception as e: type,value,tb = sys.exc_info() e = '\n'.join(set(traceback.format_exception(type,value,tb))) logging.error(str(e)) finally: self.Q.finishdate = datetime.datetime.now() self.Q.task_pid = '0' self.Q.task_code = 'finish' self.Q.save()
def load(cls, path=None, not_import=[], newtable=True): path = path or cls.__pluginpath not_import = not_import or cls.__not_import plugins = [p.split(os.sep)[-1] for p in glob.glob(path + '/' + '*.py')] for plugin in plugins: if plugin not in not_import: fn = None plug_name = '.'.join(plugin.split('.')[:-1]) try: acquire_lock() fn, filename, desc = find_module(plug_name, [path]) load_module(plug_name, fn, filename, desc) except Exception as e: logging.error(u"Plugin:%s Error:%s" % (plugin, e)) finally: if fn: fn.close() release_lock()
def httpscan(self): while self.crawle.ISSTART or not self.crawle.ResQueue.empty(): try: req, res = self.crawle.ResQueue.get(block=False) #print(res.status_code,req.url) req = copy.deepcopy(req) res = copy.deepcopy(res) for payload in BaseHttpPlugin.payloads(): payload.filter(self.crawle,req,res) \ and payload.verify(self.crawle,req,res) \ and self.callback_bug(payload) except queue.Empty: pass except Exception as e: type, value, tb = sys.exc_info() e = '\n'.join(set(traceback.format_exception(type, value, tb))) logging.error(str(e))
def request(self, req): #req = self.session.prepare_request(req.prepare()) req = self.reqhook(req) try: #res = self.session.send(req, # verify=False, # proxies=self.settings['proxy'], # timeout=self.settings['timeout']) res = req.response() self.ResQueue.put((req, res)) self.parse(res) #app 识别 #for app in APP.find(res): # self.website.content = app except ConnectionError as e: logging.warn(str(e)) time.sleep(self.settings['sleep']) except Exception as e: type, value, tb = sys.exc_info() e = '\n'.join(set(traceback.format_exception(type, value, tb))) logging.error(str(e))
def payloadverify(self, plug, host): '''插件验证''' logging.info('check %s-%s-%s' % (plug.__class__, host.host, host.port)) filter = int(self.args.get('filter', 1)) #是否需要过滤、 try: socket.setdefaulttimeout(360) if not filter or plug.filter(host): logging.info('filter %s-%s-%s-%s-%s' % (plug.__class__, host.host, host.port)) for user, pwd in self.auths if plug.BRUTE else [(None, '123456')]: if user: verify = plug.verify(host, user=user, pwd=pwd) else: verify = plug.verify(host, pwd=pwd) if verify: logging.warn( 'verify %s-%s-%s-%s-%s' % (plug.__class__, host.host, host.port, user, pwd)) return self.callback_bug(plug) except Exception as e: logging.error(str(e))