def portscan(self,target): '''端口扫描''' write = bool(self.args.get('write',1)) ping = bool(self.args.get('ping',0)) threads = int(self.args.get('threads',100)) timeout = int(self.args.get('timeout',5)) isfilter = bool(self.args.get('isfilter',0)) ports = self.args.get('port',None) block = self.args.get('block',[]) logging.info('[portscan][host:%s][port:%s][write:%s][ping:%s][threads:%s][timeout:%s]'%(target,ports,write,ping,threads,timeout)) target = set(gethosts(target)) target = target.difference(set(block)) if isfilter: H = models.HostResult hosts = set([(h.host_ip) for h in H.select().where(H.projectid == self.Q.projectid)]) target = target.difference(hosts) ps = PortScan( target, ports = ports, neping = ping, threads = threads, timeout = timeout) self.writehost(ps.scan())
def payloadverify(self, plug, host): '''插件验证''' #logging.info('check %s-%s-%s'%(plug.__class__,host.host,host.port)) filter = bool(self.args.get('filter', 1)) #是否需要过滤、 try: socket.setdefaulttimeout(360) if not filter or plug.filter(host): logging.info( 'filter %s-%s-%s-%s' % (plug.__class__, host.service, host.host, host.port)) for user, pwd in self.auths if plug.BRUTE else [(None, '123456')]: if user: verify = plug.verify(host, user=user, pwd=pwd) else: verify = plug.verify(host, pwd=pwd) if verify: logging.warn( 'verify %s-%s-%s-%s-%s' % (plug.__class__, host.host, host.port, user, pwd)) return self.callback_bug(plug) except Exception as e: type, value, tb = sys.exc_info() e = '\n'.join(set(traceback.format_exception(type, value, tb))) logging.error(str(e))
def writewebsite(self,w): logging.info("Writewebsite %s %s %s %s "%(w.status_code,w.host,w.port,w.domain)) r,cd = models.HttpResult.get_or_create(host=w.host,port=w.port) r.state = w.status_code r.banner = w.server r.domain = w.domain r.xpoweredby= w.xpoweredby r.title = w.title r.headers = w.headers r.content = w.content r.updatedate= datetime.datetime.now() r.save()
def addtask(self, Q, cel=True): name = Q.tasktype.task_name taskid = str(Q.task_id) if name: # in self.tasklist.keys(): if cel: nodeid = Q.tasknode.node_id if Q.tasknode else 'tasks' #没有指定任务节点就随机 task = app.send_task('%s.%s' % (nodeid, name), args=[taskid]) Q.task_pid = task.id Q.task_code = task.status Q.save() else: logging.info('Runing-Task:[%s]-[%s]' % (str(Q.tasktype.task_name), str(Q.task_host))) self.tasklist[name]['handler'](taskid)
def scan(self): MP = models.Project MH = models.HostResult MR = models.PortResult plug_names = self.args.get('plug', '').split(',') for plug_name in plug_names: logging.info('Scan plug name: %s' % plug_name) hosts = self.target ret = [] try: R = MP.get(MP.project_id == hosts) for H in MH.select().where(MH.projectid == R): ret.append(str(H.host_ip)) except MP.DoesNotExist: for H in gethosts(self.target): ret.append(H) wret = [] hret = [] for H in ret: for P in MR.select().join(MH).where( (MH.host_ip == H) & (MH.projectid == self.Q.projectid)): if str(P.service_name) == 'http': hp = 'https' if '443' in str(P.port) else 'http' url = '%s://%s:%s/' % (hp, str(P.host), str(P.port)) host = BaseWebSite(url) wret.append(host) else: host = BaseHost(str(P.host), str(P.port), service=str(P.service_name)) hret.append(host) ret = [] for plug in PluginsManage.get_plugins(plug_name): if isinstance(plug, BaseHostPlugin): for host in hret: ret.append((plug, host)) elif isinstance(plug, BaseWebPlugin): for host in wret: ret.append((plug, host)) pool = CoroutinePool(10) for plug, host in ret: pool.spawn(self.payloadverify, plug, host) pool.join()
def response(self): self.url = '%s://%s%s'%( self.scheme, self.netloc, '%s?%s'%(self.path, '&'.join(['%s=%s'%(k,v) for k,v in self.query.items()])) \ if self.query else self.path) req = self.session.request(self.method, self.url, data=self.data, headers=self.headers, timeout=self.timeout, proxies=self.proxies, verify=False) #self.session.close() logging.info('%s %s %s' % (req.status_code, self.method, self.url)) return req
def portscan(self, target): '''端口扫描''' write = int(self.args.get('write', 1)) ping = int(self.args.get('ping', 0)) threads = int(self.args.get('threads', 100)) timeout = int(self.args.get('timeout', 5)) ports = self.args.get('port', None) logging.info( '[portscan][host:%s][port:%s][write:%s][ping:%s][threads:%s][timeout:%s]' % (target, ports, write, ping, threads, timeout)) ps = PortScan(target, ports=ports, neping=ping, threads=threads, timeout=timeout) self.writehost(ps.scan())
def payloadverify(self, plug, host): '''插件验证''' logging.info('check %s-%s-%s' % (plug.__class__, host.host, host.port)) filter = int(self.args.get('filter', 1)) #是否需要过滤、 try: socket.setdefaulttimeout(360) if not filter or plug.filter(host): logging.info('filter %s-%s-%s-%s-%s' % (plug.__class__, host.host, host.port)) for user, pwd in self.auths if plug.BRUTE else [(None, '123456')]: if user: verify = plug.verify(host, user=user, pwd=pwd) else: verify = plug.verify(host, pwd=pwd) if verify: logging.warn( 'verify %s-%s-%s-%s-%s' % (plug.__class__, host.host, host.port, user, pwd)) return self.callback_bug(plug) except Exception as e: logging.error(str(e))