def masscan_scan(hostname, ip, task_name, task_id, ports, tag_name): """ masscan扫描端口,获取开放的端口 :param url: :return: str "22,80" 开放的端口列表 """ args = [MASSCAN.PATH, '-p', ports, '--rate', MASSCAN.RATE, ip] try: p = subprocess.Popen(args,stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) output, error = p.communicate() if output: pattern = re.compile(r"port (\d+)/") match = re.findall(pattern, decode_text(output)) elif "Permission denied" in decode_text(error): log.error("You Must Use Root To Run Masscan", exc_info=True) sys.exit(0) else: match = None except Exception: log.error("Masscan Scan Ports Failed", exc_info=True) match = None log.info("Masscan Success: %s: %s",ip, match) nmap_object = { "task_id": task_id, "task_name": task_name, "tag_name": tag_name, "hostname": hostname, "ip": ip, "ports": match } redis_conn.lpush("Nmap_Second", json.dumps(nmap_object))
def vuln_scan(hostname, port, service, poc, task_id, task_name, tag_name): """ :param url 要扫描的URL :param poc 需要扫描的poc """ if poc.find(".py") < 0: poc += ".py" log.info("target host is %s and port is %s, service is %s" % (hostname, port, service)) obj = load_code_to_obj(poc) result, response = None, None try: result, response = obj.poc(hostname, port, service) except Exception: log.error("[Error]: POC Processing Error") if result: vul_info = obj.plugin_info() if response: if not isinstance(response, str): response = decode_text(response) response = response if response else " " vul_level = vul_info['level'] if vul_info else None # 漏洞等级 vul_type = vul_info['category'] if vul_info else None # 漏洞类型 vul_name = vul_info['info'] if vul_info else None # 漏洞描述 first_find_date = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") query = { 'url': hostname, 'port': port, 'poc': poc, 'task_id': task_id, 'tag_name': tag_name } # print(query) if db.vulBlack.find_one({"vul_url": result, "poc": poc}): log.error("Vul in Black List, ignore: %s", result) return if db.vulPoc.find_one(query): log.info("Vul exist, Update Find Date") db.vulPoc.update(query, {"$set": { "last_find_date": first_find_date }}) #如果已存在记录,更新最新发现时间 else: payload = { 'task_id': task_id, 'task_name': task_name, 'tag_name': tag_name, 'name': vul_name, 'level': vul_level, 'type': vul_type, 'vul_url': result, 'vul_response': response, 'vul_desc': ' ', 'black_flag': 0, 'first_find_date': first_find_date, 'last_find_date': first_find_date } db.vulPoc.insert(dict(query, **payload)) log.info("find Vul %s, %s", hostname + ':' + str(port), poc)
def bbscan(url, tag, status_to_match, content_type, content_type_no, vul_type, status_404, len_404_content, task_name, task_id, tag_name): status_to_match = int(status_to_match) status_404 = int(status_404) try: status_code, headers, content = http_request(url) cur_content_type = headers['Content-Type'] status = status_code content = decode_text(content) cur_content_length = len(content) if check_black_list(content): # 在黑名单的的url返回 return if 0 <= int(cur_content_length) <= 10: # text too short return if cur_content_type.find('image/') >= 0: # exclude image return if content_type != 'application/json' and cur_content_type.find('application/json') >= 0 and \ not url.endswith('.json'): # invalid json return if content_type and cur_content_type.find(content_type) < 0 \ or content_type_no and cur_content_type.find(content_type_no) >= 0: return # content type mismatch if tag and content.find(tag) < 0: return # tag mismatch if check_white_list(content): valid_item = True else: if status_to_match == 206 and status != 206: return if status_to_match in (200, 206) and status in (200, 206): valid_item = True elif status_to_match and status != status_to_match: return elif status in (403, 404) and status != status_to_match: return else: valid_item = True if status == status_404 and url != '/': len_doc = len(content) len_sum = int(len_404_content) + len_doc # print("bool is %s" % bool(0.4 <= float(len_doc) / len_sum <= 0.6)) if len_sum == 0 or (0.4 <= float(len_doc) / len_sum <= 0.6): return if valid_item: vul_type = vul_type.replace('_', ' ') m = re.search('<title>(.*?)</title>', content) title = m.group(1) if m else '' scheme, host, port = get_hostname_port(url) vul_url = "%s://%s:%s" % (scheme, host, port) first_find_date = datetime.datetime.now().strftime( "%Y-%m-%d %H:%M:%S") # log.info(bool(db.bbscan.find_one({"task_id": task_id, "url": url}))) if db.bbscan.find_one({ "task_id": task_id, "tag_name": tag_name, "vul_url": url }): # 以task_id和url为主键查询条件 log.info("Get Vul Repeat %s", {"task_id": task_id, "url": url}) db.bbscan.update({ "task_id": task_id, "url": url }, {"$set": { "last_find_date": first_find_date }}) else: log.info("Get Vul Success %s", { "task_id": task_id, "url": url }) result = { "task_name": task_name, "task_id": task_id, "tag_name": tag_name, "vul_url": url, "url": vul_url, "vul_Type": vul_type, "status": status, "title": title, "first_find_date": first_find_date, "last_find_date": first_find_date } db.bbscan.insert(result) except TypeError: pass except KeyError: pass except: log.error("BBScan::process_request error %s", url, exc_info=True)