def target_parse(target_list):
new_target_list = []
for target in target_list:
if target in new_target_list:
continue
target = target.strip()
re_ip = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$')
re_ips = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$')
re_url = re.compile('[^\s]*.[a-zA-Z]')
re_ip_port = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}$')
re_url_port = re.compile('[^\s]*.[a-zA-Z]:\d{1,5}')
if re_ip.match(target):
new_target_list.append(target)
# 如果是网络段 转换成IP
elif re_ips.match(target):
try:
ip_list = ipaddress.ip_network(target)
for ip in ip_list.hosts():
new_target_list.append(str(ip))
except Exception as e:
logger.error("IP address is not standardized: " + str(e))
logger.error("Example: 192.168.111.0/24")
elif re_url.match(target):
new_target_list.append(url_parse(target))
elif re_ip_port.match(target):
new_target_list.append(target)
elif re_url_port.match(target):
new_target_list.append(target)
return new_target_list
def start(options):
logger.data(VIEW_DATA.BANNER)
logger.data(VIEW_DATA.VERSION)
logger.data(VIEW_DATA.POWERED)
logger.data(VIEW_DATA.START_DATE)
task_list = []
target_list, poc_list, thread = options
class_list = []
target_list = target_parse(target_list)
for poc in poc_list:
for poc_class in LoadPoC(poc).load_poc():
class_list.append(poc_class)
for scanner in class_list:
for target in target_list:
task_list.append((target, scanner))
try:
logger.data("")
logger.info("Scanning")
logger.info("Concurrent: {}".format(thread))
logger.info("Total tasks: {}".format(len(task_list)))
logger.data("")
coroutine(task_list, thread)
except Exception as e:
logger.error("start coroutine error: " + str(e))
logger.data("")
logger.data(res_table_print(SCAN_RESULT.RESULT))
logger.data("success: {} / {}".format(SCAN_RESULT.SUCCESS_COUNT,
len(task_list)))
logger.data("\n[*] shutting down at {}".format(
strftime("%H:%M:%S", localtime())))
result = SCAN_RESULT.RESULT
SCAN_RESULT.RESULT = []
return result
def task_run(task):
target, scanner = task
logger.info("Testing: {} {}".format(target, scanner.name))
try:
scanner(target).run()
except Exception as e:
logger.error(e)
logger.info("Done: {} {}".format(target, scanner.name))
async def async_run(task, semaphore):
# 获取当前事件循环
async_task = asyncio.get_event_loop()
try:
async with semaphore:
# 新建一个线程来执行函数 防止阻塞
await async_task.run_in_executor(None, task_run, task)
except Exception as e:
logger.error("async start error: " + str(e))
def _get_poc_class_name(self):
"""
正则匹配出 PoC 的 class 名,如: TestPoC
:return:
"""
try:
class_name = re.search(RE_POC_CHECK, self.poc_str).group(1)
except Exception as e:
class_name = ""
logger.error("Illegal poc: " + str(e))
return class_name
def coroutine(task_list, thread):
try:
# 将扫描任务协程 打包为一个 Task 排入日程准备执行 返回 Task 对象
loop = asyncio.new_event_loop()
asyncio.set_event_loop(loop)
# 控制携程数量
semaphore = asyncio.Semaphore(thread)
tasks = [
asyncio.ensure_future(async_run(task, semaphore))
for task in task_list
]
loop.run_until_complete(asyncio.wait(tasks))
except Exception as e:
logger.error(e)
def __init__(self, poc_file):
# 先判断文件是否存在
if os.path.exists(poc_file):
self.poc_file = poc_file
try:
# 根据文件名获取插件的 Path
self.module_path = "/".join(self.poc_file.split('/')[0:-1])
# 获取包名: 2018_12_12_redis_all_unauthorized
self.pack_name = self.poc_file.split('/')[-1][0:-3]
# PoC 文件内容
self.poc_str = open(self.poc_file).read()
except Exception as e:
logger.error("load poc error: " + str(e))
else:
logger.error("load poc error: Not Found " + poc_file)
sys.exit(0)
def load_poc(self):
"""
加载 PoC 文件
:return: 返回 PoC 函数 (list)
"""
class_list = []
try:
# 将 PoC 路径加入到环境变量
sys.path.append(self.module_path)
class_name = self._get_poc_class_name()
# 加载模块
__import__(self.pack_name)
tmp_module = sys.modules[self.pack_name]
class_list.append(getattr(tmp_module, class_name))
logger.info("load poc " + self.pack_name + " success")
except ImportError as e:
logger.error("load poc " + self.pack_name + " error")
logger.error("load poc error: " + str(e))
except Exception as e:
logger.error("load poc " + self.pack_name + " error")
logger.error("load poc error: " + str(e))
return class_list