コード例 #1
0
 def __init__(self, hostname, protocol, username=None, password=None):
     self.db = Db()
     self.connection = Connection()
     self.hostname = protocol + hostname
     self.username = username
     self.password = password
     self.is_logged_in = False
     self.exploit_results = {}
     self.connection.reset_session()
コード例 #2
0
ファイル: exploit.py プロジェクト: cinno/vulnpress
 def __init__(self, hostname, protocol, username=None, password=None):
     self.db = Db()
     self.connection = Connection()
     self.hostname = protocol + hostname
     self.username = username
     self.password = password
     self.is_logged_in = False
     self.exploit_results = {}
     self.connection.reset_session()
コード例 #3
0
class Exploit(object):
    def __init__(self, hostname, protocol, username=None, password=None):
        self.db = Db()
        self.connection = Connection()
        self.hostname = protocol + hostname
        self.username = username
        self.password = password
        self.is_logged_in = False
        self.exploit_results = {}
        self.connection.reset_session()

    def exploit(self, short_name=None):
        if self.connection.verify_socket(self.hostname) is False:
            results = {"error": "Could not connect to host."}
        elif self.username and self.password is not None and not self.login(
                self.hostname, self.username, self.password):
            results = {
                "error": "Unable to login with the credentials provided."
            }
        else:
            if short_name is not None:
                for exploit in self.db.get_exploits_by_exploit_type_short_name(
                        short_name):
                    self.run_exploit(exploit)
            else:
                for exploit_type in self.db.get_exploit_types():
                    for exploit in self.db.get_exploits_by_exploit_type_id(
                            exploit_type.id):
                        self.run_exploit(exploit)
            results = self.get_exploit_results()

        return results

    def run_exploit(self, exploit: DBExploit):
        if exploit.is_authenticated and not self.is_logged_in:
            pass
        else:
            self.validate_response(
                exploit,
                self.do_request(
                    exploit, exploit.exploit_body
                    if exploit.exploit_body is not None else ''))

    def validate_response(self, exploit: DBExploit, response):
        if self.get_validator_by_id(exploit.validator_id).validate(response):
            self.exploit_found(exploit)

    def do_request(self, exploit: DBExploit, data):
        url = self.hostname + exploit.exploit_url
        if self.connection.verify_url(url) is False:
            return None

        return self.connection.request(
            hostname=url,
            data=data,
            headers=eval(exploit.exploit_headers)
            if exploit.exploit_headers is not None else {},
            method=exploit.request_method,
            urlencode=exploit.is_url_encode)

    def exploit_found(self, exploit: DBExploit):
        self.exploit_results.update({
            exploit.id: {
                "name": exploit.name,
                "version": exploit.version,
                "exploiturl": exploit.exploit_url
            }
        })

    def login(self, hostname, username, password):
        self.is_logged_in = self.connection.login(hostname, username, password)

        return self.is_logged_in

    def get_exploit_results(self):
        exploits = self.exploit_results.copy()
        self.exploit_results.clear()

        return exploits

    @staticmethod
    def check_file(file):
        if not os.path.isfile(file) and not os.access(file, os.R_OK):
            print('[X] ' + file + ' file is missing or not readable')
            sys.exit(1)
        else:
            return file

    @staticmethod
    def get_validator_by_id(validator_id):
        attribute = '__validator_id__'
        for name, obj in inspect.getmembers(sys.modules[__name__]):
            if hasattr(obj, attribute) and getattr(obj,
                                                   attribute) == validator_id:
                return obj()
        raise ValueError('Could not find Validator with validator id %d' %
                         validator_id)
コード例 #4
0
ファイル: exploit.py プロジェクト: cinno/vulnpress
class Exploit(object):
    def __init__(self, hostname, protocol, username=None, password=None):
        self.db = Db()
        self.connection = Connection()
        self.hostname = protocol + hostname
        self.username = username
        self.password = password
        self.is_logged_in = False
        self.exploit_results = {}
        self.connection.reset_session()

    def exploit(self, short_name=None):
        if self.connection.verify_socket(self.hostname) is False:
            results = {"error": "Could not connect to host."}
        elif self.username and self.password is not None and not self.login(self.hostname, self.username,
                                                                            self.password):
            results = {"error": "Unable to login with the credentials provided."}
        else:
            if short_name is not None:
                for exploit in self.db.get_exploits_by_exploit_type_short_name(short_name):
                    self.run_exploit(exploit)
            else:
                for exploit_type in self.db.get_exploit_types():
                    for exploit in self.db.get_exploits_by_exploit_type_id(exploit_type.id):
                        self.run_exploit(exploit)
            results = self.get_exploit_results()

        return results

    def run_exploit(self, exploit: DBExploit):
        if exploit.is_authenticated and not self.is_logged_in:
            pass
        else:
            self.validate_response(
                exploit, self.do_request(exploit, exploit.exploit_body if exploit.exploit_body is not None else '')
            )

    def validate_response(self, exploit: DBExploit, response):
        if self.get_validator_by_id(exploit.validator_id).validate(response):
            self.exploit_found(exploit)

    def do_request(self, exploit: DBExploit, data):
        url = self.hostname + exploit.exploit_url
        if self.connection.verify_url(url) is False:
            return None

        return self.connection.request(hostname=url, data=data,
                                       headers=eval(
                                           exploit.exploit_headers) if exploit.exploit_headers is not None else {},
                                       method=exploit.request_method,
                                       urlencode=exploit.is_url_encode)

    def exploit_found(self, exploit: DBExploit):
        self.exploit_results.update({
            exploit.id: {
                "name": exploit.name,
                "version": exploit.version,
                "exploiturl": exploit.exploit_url
            }
        })

    def login(self, hostname, username, password):
        self.is_logged_in = self.connection.login(hostname, username, password)

        return self.is_logged_in

    def get_exploit_results(self):
        exploits = self.exploit_results.copy()
        self.exploit_results.clear()

        return exploits

    @staticmethod
    def check_file(file):
        if not os.path.isfile(file) and not os.access(file, os.R_OK):
            print('[X] ' + file + ' file is missing or not readable')
            sys.exit(1)
        else:
            return file

    @staticmethod
    def get_validator_by_id(validator_id):
        attribute = '__validator_id__'
        for name, obj in inspect.getmembers(sys.modules[__name__]):
            if hasattr(obj, attribute) and getattr(obj, attribute) == validator_id:
                return obj()
        raise ValueError('Could not find Validator with validator id %d' % validator_id)