def open_by_yaml(self, path, url_name, func_name='url'):
"""
打开连接
Args:
path:yml文件路径
url_name:路径名
func_name:路径所在的方法名
Returns:
"""
env = self.get_env
with open(path, encoding='UTF-8') as f:
datas = yaml.safe_load(f)
data_env = datas['env']
if env in data_env:
url_base = data_env[env]
logger.debug(f'在配置中找到环境{env},开始运行')
else:
logger.error(f'在配置中未找到环境{env},请配置该环境活动确认环境是否正确')
raise Exception('环境有误!')
steps = datas[func_name]
for step in steps:
if url_name in step:
url_relative = step[url_name]
url = url_base + url_relative
logger.debug(f'打开链接:{url}')
return self.driver.get(url)
else:
logger.error(f'链接打开失败,请检查链接名{url_name}是否正确!')
raise Exception(f'链接打开失败,请检查链接名{url_name}是否正确!')
def batch_work(args):
if args.METHOD not in ['verify', 'exploit']:
logger.error('Error method, please check out...')
sys.exit()
if args.PROXY:
init_proxy(args.PROXY)
if args.poc != 'all':
poc = import_module_with_path(args.poc)
logger.info('Batch startting with "%s"' % ('verify' if args.METHOD == 'verify' else 'exploit'))
start_time = time.time()
bt = BatchTest(seed_file=args.targets,
funcs2run=(poc.__name__, (poc.MyPoc.verify if args.METHOD == 'verify' else poc.MyPoc.exploit)),
result_file='batch_%s_result_' % args.METHOD
+ os.path.splitext(os.path.basename(args.poc))[0] + '.txt',
thread_num=args.THREADS,
verbose=False)
bt.start(norm_target_func=normalize_url)
logger.info('total number: %d, success number: %d, failed number: %d'
% (bt.total_num, bt.success_num, (bt.total_num - bt.success_num)))
logger.info('cost %f seconds.' % (time.time() - start_time))
else:
# Add
pass
def handle_result(self, request, result):
result = deepcopy(request.args[0])
if result['success']:
self.success_num += 1
logger.critical('Target: %s [Success] (%s)'
% (request.args[0]['options']['target'], result['poc_name']))
else:
logger.error('Target: %s [Failed] (%s)'
% (request.args[0]['options']['target'], result['poc_name']))
self.result_fobj.write(json.dumps(result) + '\n')
def batch_work(args):
if args.METHOD not in ['verify', 'exploit']:
logger.error('Error method, please check out...')
sys.exit()
if args.PROXY:
init_proxy(args.PROXY)
if args.poc != 'all':
poc = import_module_with_path(args.poc)
funcs = (poc.__name__, (poc.MyPoc.verify if args.METHOD == 'verify'
else poc.MyPoc.exploit))
outfile = 'batch_%s_result_' % args.METHOD + os.path.splitext(
os.path.basename(args.poc))[0] + '.txt'
logger.info('Batch startting with "%s"' %
('verify' if args.METHOD == 'verify' else 'exploit'))
start_time = time.time()
bt = BatchTest(seed_file=args.targets,
funcs2run=funcs,
result_file=outfile,
thread_num=args.THREADS,
verbose=False)
bt.start(norm_target_func=normalize_url)
logger.info('total number: %d, success number: %d, failed number: %d' %
(bt.total_num, bt.success_num,
(bt.total_num - bt.success_num)))
logger.info('cost %f seconds.' % (time.time() - start_time))
else:
# Add
path = args.MODULE_DIR
module_path = _default_module_path if not path else os.path.expanduser(
path)
pocs = import_all_modules_with_dirname(module_path)
funcs = [(poc.__name__, poc.MyPoc.verify
if args.METHOD == 'verify' else poc.MyPoc.exploit)
for poc in pocs]
outfile = 'batch_%s_result_all' % args.METHOD + '.txt'
logger.info('Batch all startting with "%s"' %
('verify' if args.METHOD == 'verify' else 'exploit'))
start_time = time.time()
bt = BatchTest(seed_file=args.targets,
funcs2run=funcs,
result_file=outfile,
thread_num=args.THREADS,
verbose=False)
bt.start(norm_target_func=normalize_url)
logger.info('total number: %d, success number: %d, failed number: %d' %
(bt.total_num, bt.success_num,
(bt.total_num - bt.success_num)))
logger.info('cost %f seconds.' % (time.time() - start_time))
def handle_result(self, request, result):
result = deepcopy(request.args[0])
if result['success']:
self.success_num += 1
logger.critical(
'Target: %s [Success] (%s)' %
(request.args[0]['options']['target'], result['poc_name']))
else:
logger.error(
'Target: %s [Failed] (%s)' %
(request.args[0]['options']['target'], result['poc_name']))
self.result_fobj.write(json.dumps(result) + '\n')
def download_work(args):
if args.PROXY:
init_proxy(args.PROXY)
cookie = args.COOKIE if args.COOKIE else None
n_success = 0
n_fail = 0
if args.poc != 'all':
poc_id = args.poc
if not re.search(_ID_REGEX, poc_id):
logger.error('Error format on poc id, please reinput.')
else:
if download_poc(poc_id, cookie):
n_success += 1
else:
n_fail += 1
else:
logger.info('Download all pocs from "beebeeto.com"')
logger.warning(
'PoC existed will be overwrite, type [Enter] to continue.')
raw_input()
if True:
crawl_dic = {'http://beebeeto.com/pdb/?page=1': False}
while False in crawl_dic.values():
crawl_url = choice([
link for link, crawled in crawl_dic.items() if not crawled
])
try:
content = requests.get(crawl_url).content
crawl_dic[crawl_url] = True
except Exception, e:
logger.error('Exception occured "%s" (%s)' %
(Exception, e))
break
if content:
crawl_dic = parse_page_from_content(content, crawl_dic)
ids = parse_poc_id_from_content(content)
for poc_id in ids:
if download_poc(poc_id, cookie):
n_success += 1
else:
n_fail += 1
else:
def download_poc(poc_id, cookie):
link = download_link % poc_id
try:
poc_file = requests.get(link, headers={'Cookie': cookie} if cookie else None, timeout=10)
except Exception:
logger.error('Download "%s" [Failed] (Connection Error)' % poc_id)
return False
if _KEYWORDS not in poc_file.content:
logger.error('Download "%s" [Failed] (Permission denied or POC not exist)' % poc_id)
return False
ext = '.py'
restore_path = module_path + poc_id.replace('-', '_') + ext
open(restore_path, 'wb').write(poc_file.content)
logger.critical('Download "%s" [Success]' % poc_id)
return True
def download_work(args):
if args.PROXY:
init_proxy(args.PROXY)
cookie = args.COOKIE if args.COOKIE else None
n_success = 0
n_fail = 0
if args.poc != 'all':
poc_id = args.poc
if not re.search(_ID_REGEX, poc_id):
logger.error('Error format on poc id, please reinput.')
else:
if download_poc(poc_id, cookie):
n_success += 1
else:
n_fail += 1
else:
logger.info('Download all pocs from "beebeeto.com"')
logger.warning('PoC existed will be overwrite, type [Enter] to continue.')
raw_input()
if True:
crawl_dic = {'http://beebeeto.com/pdb/?page=1': False}
while False in crawl_dic.values():
crawl_url = choice([link for link, crawled in crawl_dic.items() if not crawled])
try:
content = requests.get(crawl_url).content
crawl_dic[crawl_url] = True
except Exception, e:
logger.error('Exception occured "%s" (%s)' % (Exception, e))
break
if content:
crawl_dic = parse_page_from_content(content, crawl_dic)
ids = parse_poc_id_from_content(content)
for poc_id in ids:
if download_poc(poc_id, cookie):
n_success += 1
else:
n_fail += 1
else:
def fetch_results(self, query):
url_collection = []
#host_collection = []
start = 0
logger.info('Starting search with google: %s' % query)
logger.warning('You can interrupt this process with [Ctrl+c]')
next_url = None
while True:
try:
if next_url:
content = self.access(next_url)
else:
content = self.search(query, page_num=100, start=start)
except GoogleSearchLimitError, e:
logger.error('%s' % e)
return url_collection
except GoogleSearchInitError, e:
logger.error('%s' % e)
return url_collection
def fetch_results(self, query):
url_collection = []
#host_collection = []
start = 0
logger.info('Starting search with google: %s' % query)
logger.warning('You can interrupt this process with [Ctrl+c]')
next_url = None
while True:
try:
if next_url:
content = self.access(next_url)
else:
content = self.search(query, page_num=100, start=start)
except GoogleSearchLimitError, e:
logger.error('%s' % e)
return url_collection
except GoogleSearchInitError, e:
logger.error('%s' % e)
return url_collection
def download_poc(poc_id, cookie):
link = download_link % poc_id
try:
poc_file = requests.get(link,
headers={'Cookie': cookie} if cookie else None,
timeout=10)
except Exception:
logger.error('Download "%s" [Failed] (Connection Error)' % poc_id)
return False
if _KEYWORDS not in poc_file.content:
logger.error(
'Download "%s" [Failed] (Permission denied or POC not exist)' %
poc_id)
return False
ext = '.py'
restore_path = module_path + poc_id.replace('-', '_') + ext
open(restore_path, 'wb').write(poc_file.content)
logger.critical('Download "%s" [Success]' % poc_id)
return True
def setPaths():
"""
设置全局绝对路径
"""
# 根目录
root_path = paths.ROOT_PATH
# 文件目录
paths.DATA_PATH = os.path.join(root_path, "data")
paths.OUTPUT_PATH = os.path.join(root_path, "output")
paths.CONFIG_PATH = os.path.join(root_path, "LalalaScan.conf")
paths.UA_LIST_PATH = os.path.join(paths.DATA_PATH, "user-agents.txt")
if not os.path.exists(paths.OUTPUT_PATH):
os.mkdir(paths.OUTPUT_PATH)
if not os.path.exists(paths.DATA_PATH):
os.mkdir(paths.DATA_PATH)
if os.path.isfile(paths.CONFIG_PATH):
pass
else:
msg = 'Config files missing!'
logger.error(msg)
sys.exit(0)