def init(self):
try:
if self.action == 'restart':
logger.debug('restart to scan weak pwd')
self.dao.deleteData('weak_pwd_result', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId
})
self.dao.updateData('host_infos', {'weak_pwd_scan_state': 0}, {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId
})
self.dao.updateData('task', {'weak_pwd_scan_state': 0},
{'id': self.taskId})
#end if
self.taskCnf = self.dao.getTaskData(self.taskId)
if self.taskCnf == False:
return False
#end if
self.assetTaskId = self.taskCnf['asset_task_id']
self.thread = self.taskCnf['weak_pwd_scan_thread']
self.timeout = self.taskCnf['weak_pwd_scan_timeout']
self.policy = self.taskCnf['weak_pwd_scan_policy'].split(',')
return True
except Exception, e:
logger.error(e)
return False
def finish(self):
try:
currentTime = time.strftime("%Y-%m-%d %X", time.localtime())
if self.dao.getDataCount(
'host_infos', {
'state': 1,
'port_scan_state': 0,
'task_id': self.taskId,
'asset_task_id': self.assetTaskId
}) == 0:
self.dao.updateData('task', {'port_scan_state': 1},
{'id': self.taskId})
#end if
self.dao.updateData('task', {
'state': 3,
'end_time': currentTime
}, {
'id': self.taskId,
'init_state': 1,
'prescan_state': 1,
'host_scan_state': 1,
'web_scan_state': 1,
'weak_pwd_scan_state': 1
})
#sendEmail(self.taskId)
except Exception, e:
logger.error(e)
def checkIp(self,ip):
try:
cmd = "nmap -sP %s --host_scan-timeout 60s" % (ip)
lines = popen(cmd)
for row in lines:
if row.find('#') < 0:
if row.find('MAC Address') >= 0 or row.find("appears to be up") >= 0 or row.find("1 host_scan up") >= 0:
return True
#end if
#end if
#end for
cmd = "nmap -Pn %s --host_scan-timeout 60s" % (ip)
lines = popen(cmd)
for row in lines:
if row.find('#') < 0:
if row.find('/tcp') > 0 and row.find('open') > 0:
return True
#end if
#end if
#end for
cmd = "nmap -sS %s -p 21,23,25,80,135,139,445,2121,3389,3306,1433,7777,2433,5631,4899,5800,5900,8000,8080,16433 --host_scan-timeout 30s -P0" % (ip)
lines = popen(cmd)
for row in lines:
if (row.find('/tcp') > 0 and row.find('open') > 0) or row.find('MAC Address') >= 0:
return True
#end if
#end for
return False
except Exception, e:
logger.error(e)
return False
def updateResult(self, ip, vulName, username, password):
try:
if vulName == "RDP":
vulName = "远程协助"
#end if
if self.dao.getDataCount(
'weak_pwd_result', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'ip': ip,
'vul_name': vulName,
'username': username,
'password': password
}) > 0:
return
#end if
insert = {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'ip': ip,
'vul_name': vulName,
'username': username,
'password': password
}
self.dao.insertData('weak_pwd_result', insert)
except Exception, e:
logger.error(e)
def updateWeakPwdResult(self, ip, vul_name, username, password, port,
proto):
try:
if self.dao.getDataCount(
'weak_pwd_result', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'ip': ip,
'vul_name': vul_name,
'username': username,
'password': password,
'port': port,
'proto': proto
}) > 0:
return
#end if
insert = {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'ip': ip,
'vul_name': vul_name,
'username': username,
'password': password,
'port': port,
'proto': proto
}
self.dao.insertData('weak_pwd_result', insert)
except Exception, e:
logger.error(e)
def run(self):
try:
while True:
try:
if self.target.empty() == False:
try:
ip = self.target.get_nowait()
except Exception, e2:
continue
#end try
scriptThreads = []
for vulIds in self.vulList:
scriptThreads.append(
ScriptScanThread(self.taskCnf, ip, vulIds))
#end for
for t in scriptThreads:
t.start()
#end for
for t in scriptThreads:
t.join()
#end for
self.dao.updateData(
'host_infos', {'host_scan_state': 1}, {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'ip': ip
})
else:
break
#end if
except Exception, e1:
logger.error(e1)
def __init__(self, scanCnf):
try:
self.module = self.__class__.__name__
self.scanCnf = scanCnf
self.taskId = scanCnf['taskId']
self.assetTaskId = scanCnf['assetTaskId']
self.siteId = scanCnf['siteId']
self.vulId = scanCnf['vulId']
self.scriptThread = scanCnf['scriptThread']
self.ip = scanCnf['ip']
self.scheme = scanCnf['scheme']
self.domain = scanCnf['domain']
self.path = scanCnf['path']
self.cookie = scanCnf['cookie']
self.endTime = scanCnf['endTime']
self.maxTimeoutCount = scanCnf['maxTimeoutCount']
self.level = scanCnf['level']
self.script = scanCnf['script']
self.webTimeout = scanCnf['webTimeout']
self.dao = MysqlDao()
self.urlQueue = scanCnf.get('queue')
self.threadLock = threading.Lock()
self.timeoutCount = 0
except Exception, e:
logger.error(e)
def getOs(self, ip, timeout):
msg_dict = dict()
msg_dict['flag'] = False
msg_dict['os'] = ''
msg_dict['runningos'] = ''
msg_dict['osversion'] = ''
msg_dict['macaddress'] = ''
msg_dict['motherboard'] = ''
msg_dict['devicetype'] = ''
msg_dict['networkdistance'] = ''
try:
cmd = "nmap -O %s -P0 --host_scan-timeout %ss " % (ip,
str(timeout))
lines = popen(cmd)
if lines and len(lines) > 0:
for row in lines:
row = row.replace("\n", "")
if row.find("Device type") >= 0 and row.find(":") >= 0:
temp = row.split(":")
if len(temp) >= 2:
msg_dict['devicetype'] = temp[1].strip()
#end if
#end if
if row.find("Running") >= 0 and row.find(":") >= 0:
temp = row.split(":")
if len(temp) >= 2:
msg_dict['runningos'] = temp[1].strip()
#end if
#end if
if row.find("OS details") >= 0 or row.find(
"Aggressive OS guesses") >= 0:
temp = row.split(":")
if len(temp) >= 2:
msg_dict['os'] = temp[1].strip()
msg_dict['osversion'] = msg_dict['os']
#end if
#end if
if row.find("MAC Address") >= 0 and row.find(":") >= 0:
temp = row.split(":")
if len(temp) >= 4:
msg_dict['macaddress'] = ":".join(
row.split(":")[1:]).strip()
#end if
#end if
if row.find("Network Distance") >= 0 and row.find(
":") >= 0:
temp = row.split(":")
if len(temp) >= 2:
msg_dict['networkdistance'] = row.split(
":")[1].strip()
#end if
#end if
#end for
msg_dict['flag'] = True
#end if
return msg_dict
except Exception, e:
logger.error(e)
return msg_dict
def updateResult(self, resList):
try:
for item in resList:
try:
url = item['url']
if item.has_key('vul_id'):
vulId = item['vul_id']
elif item.has_key('vulId'):
vulId = item['vulId']
else:
vulId = self.vulId
level = item['level']
detail = item['detail']
output = item['output']
searchObj = {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'site_id': self.siteId,
'url': url,
'vul_id': vulId,
'level': level,
'detail': detail
}
if self.dao.getDataCount('web_result', searchObj) > 0:
continue
resDb = {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'site_id': self.siteId,
'url': url,
'level': level,
'detail': detail,
'output': output,
'vul_id': vulId
}
resId = self.dao.insertData('web_result', resDb)
if resId < 1:
continue
#resDataDb = {'web_result_id':resId,'task_id':self.taskId,'asset_task_id':self.assetTaskId,'site_id':self.siteId,'request':item['request'],'response':item['response']}
resDataDb = {
'web_result_id': resId,
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'site_id': self.siteId,
'request': item['request'],
'response': item['response'],
'payload': item['payload'],
'params': item['params']
}
self.dao.insertData('web_result_data', resDataDb)
except Exception, e1:
logger.error(e1)
except Exception, e:
logger.error(e)
def checkExcludeItemUrl(self, modUrl, url):
try:
if modUrl.find("?") > 0:
r1 = re.compile(modUrl.split("?")[0].replace("*", "(.*?)"))
res = re.findall(r1, url.split("?")[0])
if res and len(res) > 0:
mod_params = modUrl.split("?")[1]
if modUrl == "*" and url.find("?") < 0:
return True
if url.find("?") > 0:
params = url.split("?")[1]
mod_params_list = mod_params.split("&")
for row in mod_params_list:
r2 = re.compile(row.replace("*", "(.*?)"))
res = re.findall(r2, params)
if res and len(res) > 0:
pass
else:
return False
return True
else:
r1 = re.compile(modUrl.replace("*", "(.*?)"))
res = re.findall(r1, url.split("?")[0])
if res and len(res) > 0:
return True
return False
except Exception, e:
logger.error(e)
return False
def main(argv):
#获取命令行参数
if len(argv) < 2:
Usage()
sys.exit()
#处理action
action = argv[1]
if action not in ['start', 'restart', 'help', 'version']:
Usage()
sys.exit()
if action == "help":
Usage()
sys.exit()
if action == "version":
Version()
sys.exit()
if len(argv) < 3:
Usage()
sys.exit()
try:
opts, args = getopt.getopt(argv[2:], 't:', ['task='])
except getopt.GetoptError, err:
logger.error(err)
Usage()
sys.exit(2)
def outputDecode(self, data):
try:
p = re.compile("#YB64#([\s\S]*?)#YB64#")
return p.sub(self.func, data)
except Exception, e:
logger.error(e)
return ''
def main(argv):
#获取命令行参数
try:
opts, args = getopt.getopt(argv[1:], 'hvt:a:', ['help', 'version' 'task=', 'action='])
except getopt.GetoptError, err:
logger.error(err)
Usage()
sys.exit(2)
def PreSiteScan(self, url):
try:
http = HttpRequest({'timeout': 10, 'follow_redirects': False})
res, content = http.request(url)
return True, res, content
except socket.timeout, e:
logger.error(e)
return False, {}, ''
def getPorts(self, ip, ports, timeout):
port_list = []
try:
cmd = "nmap -sV %s -p %s -P0 --host_scan-timeout %ss " % (
ip, str(ports), str(timeout))
lines = popen(cmd)
state_num = 0
service_num = 0
version_num = 0
if lines and len(lines) > 0:
for row in lines:
row = row.replace("\n", "")
if row.find("PORT") >= 0 and row.find(
"STATE") >= 0 and row.find(
"SERVICE") >= 0 and row.find("VERSION") >= 0:
state_num = row.find("STATE")
service_num = row.find("SERVICE")
version_num = row.find("VERSION")
#end if
if row.find("/tcp") >= 0 and row.find("closed") < 0:
port_dict = dict()
port_dict['port'] = row.split("/")[0]
port_dict['proto'] = "tcp"
if service_num > len(row):
port_dict['state'] = row[state_num:].strip()
else:
port_dict['state'] = row[state_num:service_num -
1].strip()
#end if
if service_num > len(row):
port_dict['service'] = ""
else:
if version_num > len(row):
port_dict['service'] = row[service_num:].strip(
)
else:
port_dict['service'] = row[
service_num:version_num - 1].strip()
#end if
#end if
if version_num > len(row):
port_dict['version'] = ""
else:
port_dict['version'] = row[version_num:].strip()
#end if
port_list.append(port_dict)
#end if
#end for
#end if
return port_list
except Exception, e:
logger.error(e)
return port_list
def checkSiteId(self, siteId):
try:
if int(siteId) > 0:
return True
else:
return False
except Exception, e:
logger.error(e)
return False
def run(self):
try:
logger.debug('Host scan is start')
if self.init() == False:
return
#end if
logger.debug('Host scan init is success')
if self.taskCnf['host_scan_enable'] == 0:
self.finish()
return
#end if
logger.debug('Host scan is enable')
if self.taskCnf['host_scan_enable'] == 1 and self.taskCnf[
'host_scan_state'] == 1:
self.finish()
return
#end if
logger.debug('Host scan is not finished')
res = self.dao.getData(
'host_infos', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'host_scan_state': 0
})
if not res or len(res) <= 0:
self.finish()
return
#end if
logger.debug('find host_scan target to scan')
for row in res:
self.target.put(row['ip'])
#end for
threadList = []
for i in range(self.thread):
t = HostScanThread(self.taskCnf, self.target)
threadList.append(t)
#end for
for t in threadList:
t.start()
#end for
for t in threadList:
t.join()
#end for
self.finish()
except Exception, e:
logger.error(e)
def run(self):
try:
if self.init() == False:
return
#end if
if self.taskCnf['init_state'] == 0:
return
#end if
if self.taskCnf['weak_pwd_scan_enable'] == 0:
self.updateData('host_infos', {'weak_pwd_scan_state': 1}, {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'state': 1
})
self.finish()
#end if
res = self.dao.getData(
'host_infos', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'weak_pwd_scan_state': 0
})
if res and len(res) > 0:
for row in res:
self.target.put(row['ip'])
self.dao.deleteData(
'weak_pwd_result', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'ip': row['ip']
})
#end for
#end if
threadList = []
for i in range(self.thread):
threadList.append(Thread(target=self.scanMain, args=()))
#end for
for t in threadList:
t.start()
#end for
for t in threadList:
t.join()
#end for
self.finish()
#clear oracle log
os.system("rm -rf /root/oradiag_root")
os.system("rm -rf /root/hydra.restore")
os.system("rm -rf /oradiag_root")
except Exception, e:
logger.error(e)
def checkIpPort(self, ip):
try:
res = []
portList = []
cmd = ''
if '1' in self.policy:
portList.append('21')
#end if
if '2' in self.policy:
portList.append('22')
#end if
if '3' in self.policy:
portList.append('3389')
#end if
if '4' in self.policy:
portList.append('23')
#end if
if '5' in self.policy:
portList.append('1443')
#end if
if '6' in self.policy:
portList.append('3306')
#end if
if '7' in self.policy:
portList.append('1521')
#end if
if '8' in self.policy:
portList.append('445')
portList.append('139')
#end if
if '9' in self.policy:
portList.append('5900')
#end if
if len(portList) > 0:
cmd = "nmap -sS %s -p %s --host_scan-timeout 30s -P0" % (
ip, ','.join(portList))
#logger.debug(cmd)
lines = popen(cmd)
for row in lines:
if row.find('/tcp') > 0 and row.find('open') > 0:
port = row.split('/tcp')[0]
if cmp(port, '139') == 0 and ('smb' in res):
continue
#end if
res.append(self.portDic.get(port))
#end if
#end for
return res
else:
return []
#end if
except Exception, e:
logger.error(e)
return []
def checkProgress(self):
try:
pid = "%sHostScanEngine-%s" % (SCANER_TEMP_DIR, self.taskId)
if os.path.exists(pid):
return False
#end if
return True
except Exception, e:
logger.error(e)
return False
def getSiteCode(self, content):
try:
match = re.findall(r"<meta(.+?)charset(.*?)=(.+?)(\"|')", content,
re.I)
if match and len(match) > 0:
code = match[0][2]
else:
code = "utf8"
return code
except Exception, e:
logger.error(e)
def run(self):
try:
cmd = "%s -sS -p 1-9999 -V -i %s %s" % (NASL_EXE, self.vulIds,
self.ip)
logger.debug(cmd)
popenData = popen(cmd)
res = self.handleResult(popenData)
self.updateHostResult(res)
except Exception, e:
logger.error(e)
def checkExcludeUrl(self, excludeUrl, url):
try:
for row in excludeUrl:
if row.find("http://") < 0 and row.find("https://") < 0:
continue
if self.checkExcludeItemUrl(row, url):
return True
return False
except Exception, e:
logger.error(e)
return False
def __init__(self, target, taskId, assetTaskId, ports, timeout):
try:
threading.Thread.__init__(self)
self.module = self.__class__.__name__
self.target = target
self.taskId = taskId
self.assetTaskId = assetTaskId
self.ports = ports
self.timeout = timeout
self.dao = MysqlDao()
except Exception, e:
logger.error(e)
def run(self):
try:
if self.init():
while True:
taskCnf = self.dao.getTaskData(self.taskId)
prescanState = taskCnf['prescan_state']
ret = self.dao.getData(
'host_infos', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'state': 1,
'port_scan_state': 0
})
if ret and len(ret) > 0:
for row in ret:
self.target.put(row['ip'])
#end for
if self.target.qsize() > 0:
list = []
i = 0
for i in range(self.thread):
temp = PortScanThread(self.target, self.taskId,
self.assetTaskId,
self.ports, self.timeout)
list.append(temp)
#end for
i = 0
for i in range(len(list)):
list[i].start()
#end for
i = 0
for i in range(len(list)):
list[i].join()
#end for
#end if
#end if
if prescanState == 1:
break
else:
time.sleep(5)
continue
#end if
#end while
#end if
self.finish()
except Exception, e:
logger.error(e)
self.finish()
def finish(self):
try:
currentTime = time.strftime("%Y-%m-%d %X", time.localtime())
#检查网站是否都已经扫描完成
where = {
'state': '0',
'task_id': self.taskId,
'asset_task_id': self.assetTaskId
}
if self.dao.getDataCount('sites', where) > 0:
return False
#end if
self.dao.updateData('task', {'web_scan_state': '1'},
{'id': self.taskId})
#更新主机表的状态
where = {'task_id': self.taskId, 'asset_task_id': self.assetTaskId}
self.dao.updateData('host_infos', {'web_scan_state': 1}, where)
#更新扫描任务表
update = {'state': '3', 'end_time': currentTime}
where = {
'id': self.taskId,
'init_state': '1',
'prescan_state': '1',
'port_scan_state': '1',
'host_scan_state': '1',
'web_scan_state': '1',
'weak_pwd_scan_state': '1'
}
self.dao.updateData('task', update, where)
#清理Web扫描缓存目录
#remove_web_tmp(self.taskId)
#发送扫描完成邮件
#sendEmail(self.taskId)
#更新漏洞统计
#updateTaskManage()
#check_if_all_end(self.taskId)
#更新资产管理漏洞统计
#updateAssetCount(self.taskId,self.assetTaskId)
return True
except Exception, e:
logger.error(e)
return False
def __init__(self, taskId, assetTaskId, taskCnf, threadLock):
try:
threading.Thread.__init__(self)
self.module = self.__class__.__name__
self.taskId = taskId
self.assetTaskId = assetTaskId
self.taskCnf = taskCnf
self.threadLock = threadLock
self.threadName = threading.currentThread().getName()
self.dao = MysqlDao()
self.count = 0
except Exception, e:
logger.error(e)
def start(self):
try:
if self.script == "":
return
list = []
for i in range(self.scriptThread):
list.append(Thread(target=self.main, args=()))
for t in list:
t.start()
for t in list:
t.join()
except Exception, e:
logger.error(e)
def init(self):
try:
if self.action == 'restart':
self.dao.updateData('host_infos', {'host_scan_state': 0}, {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'state': 1
})
self.dao.updateData('task', {'host_scan_state': 0}, {
'id': self.taskId,
'asset_task_id': self.assetTaskId
})
self.dao.deleteData('host_result', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId
})
#end if
self.taskCnf = self.dao.getTaskData(self.taskId)
if self.taskCnf == False:
return False
#end if
self.assetTaskId = self.taskCnf['asset_task_id']
self.timeout = self.taskCnf['host_scan_timeout']
self.policy = self.taskCnf['host_scan_policy']
self.taskName = self.taskCnf['name']
self.thread = self.taskCnf['host_scan_thread']
self.maxScript = self.taskCnf['host_scan_max_script']
self.startTime = time.time()
res = self.dao.getData('host_vul_policy_ref',
{'policy_id': self.policy}, 'vul_id')
t = []
for vul in res:
t.append(str(vul['vul_id']))
if len(t) > self.maxScript:
self.vulList.append(','.join(t))
t = []
#end if
#end for
if len(t) > 0:
self.vulList.append(','.join(t))
#end if
self.taskCnf['vulList'] = self.vulList
return True
except Exception, e:
logger.error(e)
return False
def init(self):
try:
if self.action == 'restart':
logger.debug('restart to scan port')
self.dao.deleteData('host_ports', {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId
})
self.dao.updateData('host_infos', {'port_scan_state': 0}, {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId
})
self.dao.updateData('task', {'port_scan_state': 0},
{'id': self.taskId})
#end if
self.taskCnf = self.dao.getTaskData(self.taskId)
if self.taskCnf == False:
return False
#end if
logger.debug('get task config success')
self.assetTaskId = self.taskCnf['asset_task_id']
self.thread = self.taskCnf['port_scan_thread']
self.timeout = self.taskCnf['port_scan_timeout']
self.policy = self.taskCnf['port_scan_policy']
res = self.dao.getRowData('port_scan_policy', {'id': self.policy})
if res and len(res) > 0:
self.ports = res['ports']
logger.debug('get port scan policy success')
#end if
if self.taskCnf['port_scan_enable'] == 1 and self.taskCnf[
'port_scan_state'] == 0:
logger.debug('port scan init success')
return True
#end if
logger.debug('port scan is finished')
self.dao.updateData('host_infos', {'port_scan_state': 1}, {
'task_id': self.taskId,
'asset_task_id': self.assetTaskId,
'state': 1
})
return False
except Exception, e:
logger.error(e)
return False